pax_global_header00006660000000000000000000000064130477061540014521gustar00rootroot0000000000000052 comment=a6e54e9bdd57dd4e98a2fbf984fe7fe4a9d60171 pkcs11-helper-pkcs11-helper-1.22/000077500000000000000000000000001304770615400164015ustar00rootroot00000000000000pkcs11-helper-pkcs11-helper-1.22/.gitignore000066400000000000000000000007661304770615400204020ustar00rootroot00000000000000.deps .libs *.bz2 *.gz *.o *.obj *.exe *.dll *.lib *.a *.def *.exp *.idb *.manifest *.out *.in *.lo *.la *~ ltsugar.m4 libtool.m4 ltversion.m4 lt~obsolete.m4 ltoptions.m4 test-* *.[0-9].html Makefile aclocal.m4 autom4te.cache compile config.guess config.h config.log config.status config.sub configure depcomp install-sh libtool ltmain.sh missing stamp-h1 pkcs11h-version.h config-w32-vc.h pkcs11-helper.exports libpkcs11-helper-1.pc versioninfo.rc copyright pkcs11-helper.spec doc/api/Doxyfile pkcs11-helper-pkcs11-helper-1.22/AUTHORS000066400000000000000000000000451304770615400174500ustar00rootroot00000000000000Alon Bar-Lev pkcs11-helper-pkcs11-helper-1.22/COPYING000066400000000000000000000111441304770615400174350ustar00rootroot00000000000000 pkcs11-helper License Copyright (c) 2005-2011 Alon Bar-Lev All rights reserved. This software is available to you under a choice of one of two licenses. You may choose to be licensed under the terms of the GNU General Public License (GPL) Version 2, or the BSD license. GNU General Public License (GPL) Version 2 =========================================== This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program (see the file COPYING.GPL included with this distribution); if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. BSD License ============ Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: o Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. o Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. o Neither the name of the Alon Bar-Lev nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Packeging License RPM Copyright (c) 2006-2007 Eddy Nigg Debian Copyright (c) 2007 Sandro Wefel m4 Macros License autoconf/automake Copyright (C) 2002, 2003 Free Software Foundation, Inc. pkg.m4 Copyright © 2004 Scott James Remnant . AX_CPP_VARARG* Copyright (c) James Yonan Copyright (c) Matthias Andree pkcs11.h License Copyright 2006, 2007 g10 Code GmbH Copyright 2006 Andreas Jellinghaus OpenSSL License (Optional component, parsing certificates, engine) This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.OpenSSL.org/) This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). GnuTLS License (Optional component, for a complete GPLed license, replaces OpenSSL) Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Nikos Mavroyanopoulos See the end for copying conditions. The copyright holder for Gnutls is Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. NSS License (Optional component, parsing certificates, engine) The Original Code is Mozilla Communicator client code, released March 31, 1998. The Initial Developer of the Original Code is Netscape Communications Corporation. Portions created by Netscape are Copyright (C) 1998-1999 Netscape Communications Corporation. All Rights Reserved. Doxygen License (Optional component, documentation) Copyright © 1997-2006 by Dimitri van Heesch. Permission to use, copy, modify, and distribute this software and its documentation under the terms of the GNU General Public License is hereby granted. No representations are made about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. See the GNU General Public License for more details. Documents produced by doxygen are derivative works derived from the input used in their production; they are not affected by this license. pkcs11-helper-pkcs11-helper-1.22/COPYING.BSD000066400000000000000000000030101304770615400200350ustar00rootroot00000000000000Copyright (c) 2005-2006, Alon Bar-Lev All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: o Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. o Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. o Neither the name of the Alon Bar-Lev nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. pkcs11-helper-pkcs11-helper-1.22/COPYING.GPL000066400000000000000000000431051304770615400200600ustar00rootroot00000000000000 GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License. pkcs11-helper-pkcs11-helper-1.22/ChangeLog000066400000000000000000000062241304770615400201570ustar00rootroot00000000000000pkcs11-helper Copyright (c) 2005-2017 Alon Bar-Lev 2017-02-12 - Version 1.22 * spec: minor cleanups. 2017-01-06 - Version 1.21 * mbedtls: fix missing logic if issur certificate, thanks to Steffan Karger 2016-12-08 - Version 1.20 * polarssl: support polarssl-1.3, thanks to Steffan Karger. * certificate: ignore certificate object without CKA_ID. * openssl: fix memory leak, thanks to ASPj. * openssl: support 1.1 and libressl, thanks to Daiki Ueno. 2013-10-11 - Version 1.11 * openssl: support generic pkey. * openssl: add dsa support. * openssl: add ecdsa support, thanks for Sanaullah for testing. 2012-02-29 - Version 1.10 * PolarSSL crypto engine by Adriaan de Jong * build: --disable-crypto-engine-win32 renamed to --disable-crypto-engine-cryptoapi * api: PKCS11H_FEATURE_MASK_ENGINE_CRYPTO_WIN32 renamed to PKCS11H_FEATURE_MASK_ENGINE_CRYPTO_CRYPTOAPI. * api: PKCS11H_ENGINE_CRYPTO_WIN32 renamed to PKCS11H_ENGINE_CRYPTO_CRYPTOAPI 2011-08-16 - Version 1.09 * Do not retry if CKR_BUFFER_TOO_SMALL and none NULL target. * Fixup OpenSSL engine's rsa_priv_enc to use RSA size output buffer. 2011-02-23 - Version 1.08 * Do not attempt to logout if uninitialized, thanks to Jan Just Keijser. * Use OpenSSL engine's rsa_priv_enc instead of rsa_sign, thanks to Markus Friedl. 2009-02-27 - Version 1.07 * Minor Win64 fixup. 2008-07-31 - Version 1.06 * Some MinGW build fixups. * Some BSD build fixups. * Fix some VC6 issues thanks to Justin Karneges. * Add version resource for Windows. 2007-10-12 - Version 1.05 * Export pkcs11h_logout(). 2007-10-05 - Version 1.04 * Added NSS crypto enigne. * Added new slotevent mode (poll vs fetch). * Add more invalid characters to serialization string. * Fix openssl decrypt return code. 2007-06-13 - Version 1.03 * Autoconf fixups. * RPM packaging is available, thank to Eddy Nigg. * Debian packaging is available, thank to Sandro Wefel. * size_t printf 64bit fixups (debug). * Certificate session period fixup, thank to Leo Pohl for reporting. * Block signals for own threads using pthread calls. * Fixup compilation error when using GnuTLS only environment, thank to Simon Josefsson. * Allow several engines to co-exist, so application may select its favorite. * Add logout verb. 2007-10-05 - Version 1.02 * Switch to free implementation of PKCS#11 headers. * First standalone version. * Fix invalid certificate max size handling (Zeljko Vrba). * Added object serialization. * Added user data to hooks. * Added a force login method. * Added support for gnutls in addition to openssl. * Fixup threading lock issues. * Added support for duplicate serial tokens, based on label. * Added workaround for OpenSC cards, OpenSC bug#108, thanks to Kaupo Arulo. * Added a methods to lock session between two sign/decrypt operations. * Modified openssl interface. * Added engines for system and crypto to minimize dependencies. * Added win32 crypto engine. * Added decrypt option using C_UnwrapKey, thanks for Christoph Neerfeld. 2006-06-26 - Version 1.01 * Fix handling multiple providers. 2006-05-14 - Version 1.00 * First stable release. pkcs11-helper-pkcs11-helper-1.22/INSTALL000066400000000000000000000030131304770615400174270ustar00rootroot00000000000000pkcs11-helper -- PKCS#11 simplification. Copyright (c) 2005-2007 Alon Bar-Lev POSIX Dependencies: dl threading: (Optional) pthread (nptl) engine-crypt: (Optional, usually must choose) OpenSSL>=0.9.7 || GNUTLS>=1.4.4 openssl: (Optional) OpenSSL>=0.9.7 doc: (Optional) doxygen>=1.4 Build: $ ./configure $ make $ make install Cross-MinGW32 Dependencies: man2html openssl: (Optional) OpenSSL>=0.9.7 doc: (Optional) doxygen>=1.4 Build: w32root=/tmp/w32root Without openssl engine: ./configure \ --prefix=/ --host=mingw32 \ --disable-openssl \ --disable-crypto-engine-openssl \ --disable-crypto-engine-gnutls With openssl engine: ./configure --prefix=/ --host=mingw32 \ --disable-crypto-engine-gnutls \ --disable-crypto-engine-nss \ PKG_CONFIG=true \ OPENSSL_CFLAGS="-I${w32root}/include" \ OPENSSL_LIBS="-L${w32root}/lib -lcrypto" make make install DESTDIR="${w32root}" Create Microsoft LIB file (Optional): [[Must use Microsoft lib utility]] lib /def:libpkcs11-helper-1.dll.def \ /name:libpkcs11-helper-1.dll \ /out:pkcs11-helper.dll.lib Native-Cygwin Dependencies: Same as Cross-MinGW32 Build: Same as Cross-MinGW32, replace --host=mingw32 with --with-cygwin-native. Visual Studio Dependencies: None. Build: Without openssl engine: cd lib nmake -f Makefile.w32-vc With openssl engine: cd lib nmake -f Makefile.w32-vc OPENSSL=1 OPENSSL_HOME= pkcs11-helper-pkcs11-helper-1.22/Makefile.am000066400000000000000000000063531304770615400204440ustar00rootroot00000000000000# # Copyright (c) 2005-2011 Alon Bar-Lev # All rights reserved. # # This software is available to you under a choice of one of two # licenses. You may choose to be licensed under the terms of the GNU # General Public License (GPL) Version 2, or the BSD license. # # GNU General Public License (GPL) Version 2 # =========================================== # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program (see the file COPYING.GPL included with this # distribution); if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # # BSD License # ============ # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: # # o Redistributions of source code must retain the above copyright notice, # this list of conditions and the following disclaimer. # o Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # o Neither the name of the Alon Bar-Lev nor the names of its # contributors may be used to endorse or promote products derived from # this software without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # AUTOMAKE_OPTIONS=foreign dist-bzip2 1.10 ACLOCAL_AMFLAGS = -I m4 MAINTAINERCLEANFILES= \ config.log config.status \ $(srcdir)/Makefile.in \ $(srcdir)/config.h.in $(srcdir)/config.h.in~ $(srcdir)/configure \ $(srcdir)/install-sh $(srcdir)/ltmain.sh $(srcdir)/missing \ $(srcdir)/depcomp $(srcdir)/aclocal.m4 \ $(srcdir)/config.guess $(srcdir)/config.sub \ $(srcdir)/m4/ltsugar.m4 $(srcdir)/m4/libtool.m4 \ $(srcdir)/m4/ltversion.m4 $(srcdir)/m4/lt~obsolete.m4 \ $(srcdir)/m4/ltoptions.m4 \ $(srcdir)/pkcs11-helper.spec $(srcdir)/config-w32-vc.h SUBDIRS=man include lib m4dir doc distro tests dist_doc_DATA=README COPYING.GPL COPYING.BSD COPYING noinst_HEADERS=config-w32-vc.h pkcs11-helper-pkcs11-helper-1.22/README000066400000000000000000000022731304770615400172650ustar00rootroot00000000000000pkcs11-helper -- PKCS#11 simplification. Copyright (c) 2005-2011 Alon Bar-Lev ABOUT PKCS#11 is published standard. PKCS#11 is the de-facto standard to access cryptographic devices. pkcs11-helper is a library that simplifies the interaction with PKCS#11 providers for end-user applications. FEATURES pkcs11-helper allows using multiple PKCS#11 providers at the same time, enumerating available token certificates, or selecting a certificate directly by serialized id, handling card removal and card insert events, handling card re-insert to a different slot, supporting session expiration and much more all using a simple API. pkcs11-helper is not designed to manage card content, since object attributes are usually vendor specific, and 99% of application need to access existing objects in order to perform signature and decryption. COMPATIBILITY - The pkcs11-helper library is available in POSIX and WIN32 compliant systems. - The pkcs11-helper library should work with almost any PKCS#11 provider, since it uses the minimum required features of the PKCS#11 standard. SUPPORT http://www.opensc-project.org AUTHORS Alon Bar-Lev pkcs11-helper-pkcs11-helper-1.22/THANKS000066400000000000000000000014401304770615400173130ustar00rootroot00000000000000 James Yonan - Supported the initial development of pkcs11-helper as part of OpenVPN. - Provided the user base to work with. Brad Hards - For his help in getting pkcs11-helper into QCA. Justin Karneges - For integrating qca-pkcs11 into QCA. - For a lot of patience for my crazy requirements from QCA. Zeljko Vrba - pkcs11-helper was improved as a result of our work on gnupg-pkcs11-scd project. - Some bug fixes. Andreas Jellinghaus - For setting up the infrastructure required in OpenSC project. - For helping in the complex task of licenses. Eddy Nigg - For maintaining RPM support. Sandro Wefel - For maintaining Debian packaging. PolarSSL crypto engine by Adriaan de Jong - For PolarSSL support. Apologies to anyone I have missed. Alon Bar-Lev pkcs11-helper-pkcs11-helper-1.22/config-w32-vc.h.in000066400000000000000000000122061304770615400214440ustar00rootroot00000000000000/* config.h. Generated from config.h.in by configure. */ /* config.h.in. Generated from configure.ac by autoheader. */ /* Enable certificate interface */ #define ENABLE_PKCS11H_CERTIFICATE 1 /* Enable data interface */ #define ENABLE_PKCS11H_DATA 1 /* Enable debug support */ #define ENABLE_PKCS11H_DEBUG 1 /* Use GNUTLS cryto engine */ /* #undef ENABLE_PKCS11H_ENGINE_GNUTLS */ /* Use OpenSSL crypto engine */ /* #undef ENABLE_PKCS11H_ENGINE_OPENSSL */ /* Use win32 crypto engine */ #define ENABLE_PKCS11H_ENGINE_CRYPTOAPI 1 /* Enable openssl interface */ /* #undef ENABLE_PKCS11H_OPENSSL */ /* Enable slotevent interface */ #define ENABLE_PKCS11H_SLOTEVENT 1 /* Enable threading */ #define ENABLE_PKCS11H_THREADING 1 /* Enable token interface */ #define ENABLE_PKCS11H_TOKEN 1 /* Define to 1 if you have the `alarm' function. */ /* #undef HAVE_ALARM */ /* Define to 1 if you have the header file. */ /* #undef HAVE_DLFCN_H */ /* Define to 1 if you don't have `vprintf' but do have `_doprnt.' */ /* #undef HAVE_DOPRNT */ /* Define to 1 if you have the `gettimeofday' function. */ /* #undef HAVE_GETTIMEOFDAY */ /* Define to 1 if you have the header file. */ #define HAVE_INTTYPES_H 1 /* Define to 1 if you have the `dl' library (-ldl). */ /* #undef HAVE_LIBDL */ /* Define to 1 if you have the `pthread' library (-lpthread). */ /* #undef HAVE_LIBPTHREAD */ /* Define to 1 if you have the `memmove' function. */ #define HAVE_MEMMOVE 1 /* Define to 1 if you have the header file. */ #define HAVE_MEMORY_H 1 /* Define to 1 if you have the `memset' function. */ #define HAVE_MEMSET 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_PTHREAD_H */ /* Define to 1 if you have the header file. */ /* #undef HAVE_SIGNAL_H */ /* Define to 1 if you have the `snprintf' function. */ #define HAVE_SNPRINTF 1 /* Define to 1 if you have the `socket' function. */ /* #undef HAVE_SOCKET */ /* Define to 1 if you have the header file. */ #define HAVE_STDINT_H 1 /* Define to 1 if you have the header file. */ #define HAVE_STDLIB_H 1 /* Define to 1 if you have the `strchr' function. */ #define HAVE_STRCHR 1 /* Define to 1 if you have the `strdup' function. */ #define HAVE_STRDUP 1 /* Define to 1 if you have the `strerror' function. */ #define HAVE_STRERROR 1 /* Define to 1 if you have the header file. */ #define HAVE_STRINGS_H 1 /* Define to 1 if you have the header file. */ #define HAVE_STRING_H 1 /* Define to 1 if you have the `strrchr' function. */ #define HAVE_STRRCHR 1 /* Define to 1 if you have the header file. */ #define HAVE_SYS_STAT_H 1 /* Define to 1 if you have the header file. */ #define HAVE_SYS_TIME_H 1 /* Define to 1 if you have the header file. */ #define HAVE_SYS_TYPES_H 1 /* Define to 1 if you have the header file. */ #define HAVE_UNISTD_H 1 /* Define to 1 if you have the `vprintf' function. */ #define HAVE_VPRINTF 1 /* Define to 1 if you have the <[], [stdio.h], [stdlib.h], [stdargs.h], [malloc.h], [ctype.h], [string.h], [errno.h], [assert.h], [time.h], []> header file. */ /* #undef HAVE______STDIO_H____STDLIB_H____STDARGS_H____MALLOC_H____CTYPE_H____STRING_H____ERRNO_H____ASSERT_H____TIME_H_____ */ /* Name of package */ #define PACKAGE "@PACKAGE@" /* Define to the address where bug reports for this package should be sent. */ #define PACKAGE_BUGREPORT "@PACKAGE_BUGREPORT@" /* Define to the full name of this package. */ #define PACKAGE_NAME "@PACKAGE_NAME@" /* Define to the full name and version of this package. */ #define PACKAGE_STRING "@PACKAGE_STRING@" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "@PACKAGE_TARNAME@" /* Define to the version of this package. */ #define PACKAGE_VERSION "@PACKAGE_VERSION@" /* Define if you are on Cygwin */ /* #undef PKCS11H_USE_CYGWIN */ /* Define printf format for size_t */ #define PRINTF_Z_FORMAT "%x" /* Define as the return type of signal handlers (`int' or `void'). */ #define RETSIGTYPE void /* Define to 1 if you have the ANSI C header files. */ #define STDC_HEADERS 1 /* Test log level */ #define TEST_LOG_LEVEL 3 /* Test provider */ #define TEST_PROVIDER "@TEST_PROVIDER@" /* Define to 1 if you can safely include both and . */ #define TIME_WITH_SYS_TIME 1 /* Define to 1 if your declares `struct tm'. */ /* #undef TM_IN_SYS_TIME */ /* Use valgrind memory debugging library */ /* #undef USE_VALGRIND */ /* Version number of package */ #define VERSION "@VERSION@" /* Define to empty if `const' does not conform to ANSI C. */ /* #undef const */ /* Define to `long int' if does not define. */ /* #undef off_t */ /* Define to `int' if does not define. */ /* #undef pid_t */ /* Define to `unsigned int' if does not define. */ /* #undef size_t */ /* Define to empty if the keyword `volatile' does not work. Warning: valid code using `volatile' can become incorrect without. Disable with care. */ /* #undef volatile */ /* Visual Studio 2005 supports vararg macros */ #if _MSC_VER >= 1400 #define HAVE_CPP_VARARG_MACRO_ISO 1 #endif pkcs11-helper-pkcs11-helper-1.22/configure.ac000066400000000000000000000420751304770615400206770ustar00rootroot00000000000000# # Copyright (c) 2005-2011 Alon Bar-Lev # All rights reserved. # # This software is available to you under a choice of one of two # licenses. You may choose to be licensed under the terms of the GNU # General Public License (GPL) Version 2, or the BSD license. # # GNU General Public License (GPL) Version 2 # =========================================== # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program (see the file COPYING.GPL included with this # distribution); if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # # BSD License # ============ # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: # # o Redistributions of source code must retain the above copyright notice, # this list of conditions and the following disclaimer. # o Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # o Neither the name of the Alon Bar-Lev nor the names of its # contributors may be used to endorse or promote products derived from # this software without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # AC_PREREQ(2.60) define([PACKAGE_VERSION_MAJOR], [1]) define([PACKAGE_VERSION_MINOR], [22]) define([PACKAGE_VERSION_FIX], [0]) define([PACKAGE_SUFFIX], []) AC_INIT([pkcs11-helper],[PACKAGE_VERSION_MAJOR.PACKAGE_VERSION_MINOR[]PACKAGE_SUFFIX]) AC_CONFIG_AUX_DIR([.]) AC_CONFIG_HEADERS([config.h]) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_SRCDIR([lib/common.h]) AM_INIT_AUTOMAKE PKCS11H_VERSION_MAJOR="PACKAGE_VERSION_MAJOR" PKCS11H_VERSION_MINOR="$(echo PACKAGE_VERSION_MINOR | sed 's/^0*//')" PKCS11H_VERSION_FIX="PACKAGE_VERSION_FIX" AC_SUBST([PKCS11H_VERSION_MAJOR]) AC_SUBST([PKCS11H_VERSION_MINOR]) AC_SUBST([PKCS11H_VERSION_FIX]) LIBPKCS11_HELPER_LT_CURRENT="1" LIBPKCS11_HELPER_LT_OLDEST="1" LIBPKCS11_HELPER_LT_REVISION="0" LIBPKCS11_HELPER_LT_AGE="$((${LIBPKCS11_HELPER_LT_CURRENT}-${LIBPKCS11_HELPER_LT_OLDEST}))" AC_CANONICAL_HOST AC_ARG_WITH( [cygwin-native], [AS_HELP_STRING([--with-cygwin-native],[compile native win32])], , [with_cygwin_native="no"] ) test -z "${WIN32}" && WIN32="no" test -z "${CYGWIN}" && CYGWIN="no" case "${host}" in *-mingw*|*-winnt*) WIN32="yes" WIN_LIBPREFIX="lib" ;; *-cygwin*) AC_MSG_CHECKING([cygwin mode to use]) CYGWIN="yes" if test "${with_cygwin_native}" = "yes"; then AC_MSG_RESULT([Using native win32]) CFLAGS="${CFLAGS} -mno-cygwin" WIN32="yes" else AC_MSG_RESULT([Using cygwin]) WIN_LIBPREFIX="cyg" AC_DEFINE([PKCS11H_USE_CYGWIN], [1], [Define if you are on Cygwin]) fi ;; *) ;; esac AC_ARG_ENABLE( [doc], [AS_HELP_STRING([--enable-doc],[enable documantation])], , [enable_doc="no"] ) AC_ARG_ENABLE( [debug], [AS_HELP_STRING([--disable-debug],[disable debug support])], , [enable_debug="yes"] ) AC_ARG_ENABLE( [threading], [AS_HELP_STRING([--disable-threading],[disable threading])], , [enable_threading="yes"] ) AC_ARG_ENABLE( [token], [AS_HELP_STRING([--disable-token],[disable token support])], , [enable_token="yes"] ) AC_ARG_ENABLE( [data], [AS_HELP_STRING([--disable-data],[disable data objects support])], , [enable_data="yes"] ) AC_ARG_ENABLE( [certificate], [AS_HELP_STRING([--disable-certificate],[disable certificate support])], , [enable_certificate="yes"] ) AC_ARG_ENABLE( [slotevent], [AS_HELP_STRING([--disable-slotevent],[disable slotevent support])], , [enable_slotevent="yes"] ) AC_ARG_ENABLE( [openssl], [AS_HELP_STRING([--disable-openssl],[disable openssl interface])], , [enable_openssl="yes"] ) AC_ARG_ENABLE( [strict], [AS_HELP_STRING([--enable-strict],[enable strict compiler warnings])], , [enable_strict="no"] ) AC_ARG_ENABLE( [pedantic], [AS_HELP_STRING([--enable-pedantic],[enable pedantic compiler warnings])], , [enable_pedantic="no"] ) AC_ARG_ENABLE( [crypto-engine-openssl], [AS_HELP_STRING([--disable-crypto-engine-openssl],[disable OpenSSL crypto engine)])], , [enable_crypto_engine_openssl="yes"] ) AC_ARG_ENABLE( [crypto-engine-gnutls], [AS_HELP_STRING([--disable-crypto-engine-gnutls],[disable GnuTLS crypto engine])], , [enable_crypto_engine_gnutls="yes"] ) AC_ARG_ENABLE( [crypto-engine-nss], [AS_HELP_STRING([--disable-crypto-engine-nss],[disable NSS crypto engine])], , [enable_crypto_engine_nss="yes"] ) AC_ARG_ENABLE( [crypto-engine-polarssl], [AS_HELP_STRING([--disable-crypto-engine-polarssl],[disable mbed TLS crypto engine])], , [enable_crypto_engine_mbedtls="yes"] ) AC_ARG_ENABLE( [crypto-engine-mbedtls], [AS_HELP_STRING([--disable-crypto-engine-mbedtls],[disable mbed TLS crypto engine])], , [enable_crypto_engine_mbedtls="yes"] ) AC_ARG_ENABLE( [crypto-engine-cryptoapi], [AS_HELP_STRING([--disable-crypto-engine-cryptoapi],[disable cryptoapi native crypto engine on windows systems])], , [enable_crypto_engine_cryptoapi="yes"] ) AC_ARG_ENABLE( [tests], [AS_HELP_STRING([--enable-tests],[enable tests])], , [enable_tests="no"] ) AC_ARG_WITH( [apidocdir], [AS_HELP_STRING([--with-apidocdir],[put API documents at this directory, default HTMLDIR/api])], [apidocdir="${with_apidocdir}"], [apidocdir="\$(htmldir)/api"] ) AC_ARG_WITH( [test-provider], [AS_HELP_STRING([--with-test-provider=lib],[specify providers for test phase])], [AC_DEFINE_UNQUOTED([TEST_PROVIDER], ["${withval}"], [Test provider])], [AC_DEFINE_UNQUOTED([TEST_PROVIDER], ["/usr/lib/pkcs11/provider.so"], [Test provider])] ) AC_ARG_WITH( [test-log-level], [AS_HELP_STRING([--with-test-log-level=level],[specify log level for test phase])], [AC_DEFINE_UNQUOTED([TEST_LOG_LEVEL], [${withval}], [Test log level])], [AC_DEFINE_UNQUOTED([TEST_LOG_LEVEL], [3], [Test log level])] ) AC_PROG_CC AC_PROG_INSTALL PKG_PROG_PKG_CONFIG AC_ARG_VAR([M4], [m4 utility]) AC_CHECK_PROGS([M4], [m4]) ifdef( [LT_INIT], [ LT_INIT([win32-dll]) LT_LANG([Windows Resource]) ], [ AC_LIBTOOL_WIN32_DLL AC_LIBTOOL_RC AC_PROG_LIBTOOL ] ) if test "${enable_doc}" = "yes"; then AC_ARG_VAR([DOXYGEN], [doxygen utility]) AC_CHECK_PROGS([DOXYGEN], [doxygen]) test -z "${DOXYGEN}" && AC_MSG_ERROR([doxygen is required for docs]) fi if test "${WIN32}" = "yes"; then AC_ARG_VAR([MAN2HTML], [man2html utility]) AC_CHECK_PROGS([MAN2HTML], [man2html]) test -z "${MAN2HTML}" && AC_MSG_ERROR([man2html is required for win32]) fi AC_FUNC_MKTIME AC_FUNC_VPRINTF AC_CHECK_FUNCS([ \ gettimeofday memmove memset socket strchr strdup strerror strrchr \ snprintf \ ]) # Checks for libraries. AC_CHECK_LIB([dl], [dlopen]) if test "${enable_threading}" = "yes" -a "${WIN32}" != "yes"; then AC_CHECK_LIB([pthread], [pthread_create]) fi PKG_CHECK_MODULES([OPENSSL], [libcrypto >= 0.9.7], [have_openssl="yes"], [have_openssl="no"]) if test "${have_openssl}" = "no"; then PKG_CHECK_MODULES([OPENSSL], [openssl >= 0.9.7], [have_openssl="yes"], [have_openssl="no"]) fi if test "${have_openssl}" = "yes"; then old_LIBS="${LIBS}" LIBS="${LIBS} ${OPENSSL_LIBS}" AC_CHECK_FUNC( [ECDSA_METHOD_new], [ openssl_ec="yes" AC_DEFINE([ENABLE_PKCS11H_OPENSSL_EC], [1], [Enable openssl EC]) ], [ openssl_ec="hack" old_CFLAGS="${CFLAGS}" old_CPPFLAGS="${CPPFLAGS}" CPPFLAGS="${CPPFLAGS} -I." CFLAGS="${CFLAGS} ${OPENSSL_CFLAGS}" AC_CHECK_HEADER( [ecs_locl.h], [ AC_DEFINE([ENABLE_PKCS11H_OPENSSL_EC], [1], [Enable openssl EC]) AC_DEFINE([ENABLE_PKCS11H_OPENSSL_EC_HACK], [1], [Enable openssl EC]) AC_DEFINE_UNQUOTED( [ECDSA_METHOD_new(ecdsa)], [(ECDSA_METHOD *)memmove(malloc(sizeof(ECDSA_METHOD)), ecdsa, sizeof(ECDSA_METHOD))], [emulation], ) AC_DEFINE_UNQUOTED( [ECDSA_METHOD_free(ecdsa)], [free(ecdsa)], [emulation], ) AC_DEFINE_UNQUOTED( [ECDSA_METHOD_set_name(ecdsa, n)], [ecdsa->name = n], [emulation], ) AC_DEFINE_UNQUOTED( [ECDSA_METHOD_set_sign(ecdsa, s)], [ecdsa->ecdsa_do_sign = s], [emulation], ) ], [openssl_ec="none"] ) CPPFLAGS="${old_CPPFLAGS}" CFLAGS="${old_CFLAGS}" ], ) LIBS="${old_LIBS}" AC_MSG_CHECKING([for OpenSSL ec support]) AC_MSG_RESULT([${openssl_ec}]) fi PKG_CHECK_MODULES([GNUTLS], [gnutls >= 1.4], [have_gnutls="yes"], [have_gnutls="no"]) PKG_CHECK_MODULES([NSS], [nss >= 3.11], [have_nss="yes"], [have_nss="no"]) AC_ARG_VAR([MBEDTLS_CFLAGS], [C compiler flags for mbed TLS]) AC_ARG_VAR([MBEDTLS_LIBS], [linker flags for mbed TLS]) if test -z "${MBEDTLS_LIBS}"; then AC_CHECK_LIB( [mbedtls], [mbedtls_x509_crt_init], [ AC_CHECK_HEADERS( [mbedtls/x509_crt.h], , [AC_MSG_ERROR([Cannot find mbed TLS headers])] ) MBEDTLS_LIBS="-lmbedtls -lmbedx509 -lmbedcrypto" have_mbedtls="yes" ], [AC_CHECK_LIB( [polarssl], [x509_crt_parse], [ AC_CHECK_HEADERS( [polarssl/x509_crt.h], , [AC_MSG_ERROR([Cannot find PolarSSL headers])] ) MBEDTLS_LIBS="-lpolarssl" have_mbedtls="yes" ], [have_mbedtls="no"] )], [-lmbedx509 -lmbedcrypto] ) else have_mbedtls="yes" fi if test -n "${MBEDTLS_CFLAGS}" -a "${have_mbedtls}" = "yes"; then old_CFLAGS="${CFLAGS}" CFLAGS="${CFLAGS} ${MBEDTLS_CFLAGS}" AC_CHECK_HEADERS([mbedtls/x509_crt.h]) AC_CHECK_HEADERS([polarssl/x509_crt.h]) CFLAGS="${old_CFLAGS}" fi if test "${enable_pedantic}" = "yes"; then enable_strict="yes" CFLAGS="${CFLAGS} -ansi -pedantic -D__STRICT_ANSI__ -D_ISOC99_SOURCE -D_DEFAULT_SOURCE" fi if test "${enable_strict}" = "yes"; then CFLAGS="${CFLAGS} -Wall -Wextra -Wpointer-arith -Wsign-compare -Wno-unused-parameter -Wno-unused-function -Wno-variadic-macros -Wno-long-long" fi # Checks for header files. AC_HEADER_STDC AX_CPP_VARARG_MACRO_ISO AX_CPP_VARARG_MACRO_GCC AC_C_CONST AC_C_INLINE AC_C_VOLATILE AC_TYPE_OFF_T AC_TYPE_PID_T AC_TYPE_SIZE_T AC_HEADER_TIME AC_STRUCT_TM AX_SIZE_T_PRINTF AC_CHECK_HEADERS([ \ stdio.h \ stdlib.h \ stdargs.h \ malloc.h \ ctype.h \ string.h \ errno.h \ assert.h \ time.h \ ]) if test "${WIN32}" != "yes"; then AC_CHECK_HEADERS([ \ signal.h \ dlfcn.h \ unistd.h \ sys/time.h \ pthread.h \ ]) fi AC_MSG_CHECKING([OpenSSL interface]) if test "${enable_openssl}" = "yes"; then if test "${have_openssl}" != "yes"; then AC_MSG_ERROR([OpenSSL enabled but cannot be found]) fi AC_MSG_RESULT([yes]) CFLAGS="${CFLAGS} ${OPENSSL_CFLAGS}" LIBS="${LIBS} ${OPENSSL_LIBS}" else AC_MSG_RESULT([no]) fi AC_MSG_CHECKING([Win32 crypto engine]) if test "${WIN32}" = "yes" -a "${enable_crypto_engine_cryptoapi}" = "yes"; then AC_MSG_RESULT([yes]) AC_DEFINE([ENABLE_PKCS11H_ENGINE_CRYPTOAPI], [1], [Enable cryptoapi crypto engine]) else AC_MSG_RESULT([no]) fi AC_MSG_CHECKING([OpenSSL crypto engine]) if test "${enable_crypto_engine_openssl}" = "yes"; then if test "${have_openssl}" = "yes"; then AC_MSG_RESULT([yes]) AC_DEFINE([ENABLE_PKCS11H_ENGINE_OPENSSL], [1], [Enable OpenSSL crypto engine]) # don't add this twice if test "${enable_openssl}" != "yes"; then CFLAGS="${CFLAGS} ${OPENSSL_CFLAGS}" LIBS="${LIBS} ${OPENSSL_LIBS}" fi else AC_MSG_RESULT([no]) fi else AC_MSG_RESULT([no]) fi AC_MSG_CHECKING([GnuTLS crypto engine]) if test "${enable_crypto_engine_gnutls}" = "yes"; then if test "${have_gnutls}" = "yes"; then AC_MSG_RESULT([yes]) AC_DEFINE([ENABLE_PKCS11H_ENGINE_GNUTLS], [1], [Enable GnuTLS crypto engine]) CFLAGS="${CFLAGS} ${GNUTLS_CFLAGS}" LIBS="${LIBS} ${GNUTLS_LIBS}" else AC_MSG_RESULT([no]) fi else AC_MSG_RESULT([no]) fi AC_MSG_CHECKING([NSS crypto engine]) if test "${enable_crypto_engine_nss}" = "yes"; then if test "${have_nss}" = "yes"; then AC_MSG_RESULT([yes]) AC_DEFINE([ENABLE_PKCS11H_ENGINE_NSS], [1], [Enable NSS crypto engine]) CFLAGS="${CFLAGS} ${NSS_CFLAGS}" LIBS="${LIBS} ${NSS_LIBS}" else AC_MSG_RESULT([no]) fi else AC_MSG_RESULT([no]) fi AC_MSG_CHECKING([mbed TLS crypto engine]) if test "${enable_crypto_engine_mbedtls}" = "yes"; then if test "${have_mbedtls}" = "yes"; then AC_MSG_RESULT([yes]) AC_DEFINE([ENABLE_PKCS11H_ENGINE_MBEDTLS], [1], [Enable mbed TLS crypto engine]) CFLAGS="${CFLAGS} ${MBEDTLS_CFLAGS}" LIBS="${LIBS} ${MBEDTLS_LIBS}" else AC_MSG_RESULT([no]) fi else AC_MSG_RESULT([no]) fi if test "${enable_threading}" != "yes" -a "${enable_slotevent}" = "yes"; then AC_MSG_ERROR([Threading must be enabled for slotevent to be enabled]) fi if test "${enable_openssl}" = "yes" -a "${enable_certificate}" != "yes"; then AC_MSG_ERROR([OpenSSL interface requires certificate interface]) fi if test "${enable_debug}" = "yes"; then AC_DEFINE([ENABLE_PKCS11H_DEBUG], [1], [Enable debug support]) PKCS11H_FEATURES="${PKCS11H_FEATURES} debug" fi if test "${enable_threading}" = "yes"; then AC_DEFINE([ENABLE_PKCS11H_THREADING], [1], [Enable threading]) PKCS11H_FEATURES="${PKCS11H_FEATURES} threading" fi if test "${enable_token}" = "yes"; then AC_DEFINE([ENABLE_PKCS11H_TOKEN], [1], [Enable token interface]) PKCS11H_FEATURES="${PKCS11H_FEATURES} token" fi if test "${enable_data}" = "yes"; then AC_DEFINE([ENABLE_PKCS11H_DATA], [1], [Enable data interface]) PKCS11H_FEATURES="${PKCS11H_FEATURES} data" fi if test "${enable_certificate}" = "yes"; then AC_DEFINE([ENABLE_PKCS11H_CERTIFICATE], [1], [Enable certificate interface]) PKCS11H_FEATURES="${PKCS11H_FEATURES} certificate" fi if test "${enable_slotevent}" = "yes"; then AC_DEFINE([ENABLE_PKCS11H_SLOTEVENT], [1], [Enable slotevent interface]) PKCS11H_FEATURES="${PKCS11H_FEATURES} slotevent" fi if test "${enable_openssl}" = "yes"; then AC_DEFINE([ENABLE_PKCS11H_OPENSSL], [1], [Enable openssl interface]) PKCS11H_FEATURES="${PKCS11H_FEATURES} openssl" fi if test "${enable_crypto_engine_openssl}" = "yes"; then crypto_engine=1 PKCS11H_FEATURES="${PKCS11H_FEATURES} engine_crypto_openssl" fi if test "${enable_crypto_engine_nss}" = "yes"; then crypto_engine=1 PKCS11H_FEATURES="${PKCS11H_FEATURES} engine_crypto_nss" fi if test "${enable_crypto_engine_mbedtls}" = "yes"; then crypto_engine=1 PKCS11H_FEATURES="${PKCS11H_FEATURES} engine_crypto_mbedtls" fi if test "${enable_crypto_engine_cryptoapi}" = "yes"; then crypto_engine=1 PKCS11H_FEATURES="${PKCS11H_FEATURES} engine_crypto_cryptoapi" fi if test "${enable_crypto_engine_gnutls}" = "yes"; then crypto_engine=1 PKCS11H_FEATURES="${PKCS11H_FEATURES} engine_crypto_gnutls" fi if test -n "${crypto_engine}"; then PKCS11H_FEATURES="${PKCS11H_FEATURES} engine_crypto" fi pkgconfigdir="\$(libdir)/pkgconfig" m4dir="\$(datadir)/aclocal" pkcs11hincludedir="\$(includedir)/pkcs11-helper-1.0" AC_SUBST([apidocdir]) AC_SUBST([pkgconfigdir]) AC_SUBST([m4dir]) AC_SUBST([pkcs11hincludedir]) AC_SUBST([LIBPKCS11_HELPER_LT_CURRENT]) AC_SUBST([LIBPKCS11_HELPER_LT_REVISION]) AC_SUBST([LIBPKCS11_HELPER_LT_AGE]) AC_SUBST([LIBPKCS11_HELPER_LT_OLDEST]) AC_SUBST([WIN_LIBPREFIX]) AC_SUBST([PKCS11H_FEATURES]) AM_CONDITIONAL([WIN32], [test "${WIN32}" = "yes"]) AM_CONDITIONAL([CYGWIN], [test "${CYGWIN}" = "yes"]) AM_CONDITIONAL([ENABLE_DOC], [test "${enable_doc}" = "yes"]) AM_CONDITIONAL([ENABLE_PKCS11H_TOKEN], [test "${enable_token}" = "yes"]) AM_CONDITIONAL([ENABLE_PKCS11H_DATA], [test "${enable_data}" = "yes"]) AM_CONDITIONAL([ENABLE_PKCS11H_CERTIFICATE], [test "${enable_certificate}" = "yes"]) AM_CONDITIONAL([ENABLE_PKCS11H_SLOTEVENT], [test "${enable_slotevent}" = "yes"]) AM_CONDITIONAL([ENABLE_PKCS11H_OPENSSL], [test "${enable_openssl}" = "yes"]) AM_CONDITIONAL([ENABLE_TESTS], [test "${enable_tests}" = "yes"]) AC_CONFIG_FILES([ Makefile config-w32-vc.h include/Makefile include/pkcs11-helper-1.0/Makefile include/pkcs11-helper-1.0/pkcs11h-version.h man/Makefile doc/Makefile doc/api/Makefile doc/api/Doxyfile lib/Makefile lib/libpkcs11-helper-1.pc lib/versioninfo.rc m4dir/Makefile distro/Makefile distro/rpm/Makefile distro/rpm/pkcs11-helper.spec distro/debian/Makefile tests/Makefile tests/test-basic/Makefile tests/test-certificate/Makefile tests/test-slotevent/Makefile ]) AC_OUTPUT pkcs11-helper-pkcs11-helper-1.22/distro/000077500000000000000000000000001304770615400177055ustar00rootroot00000000000000pkcs11-helper-pkcs11-helper-1.22/distro/Makefile.am000066400000000000000000000051721304770615400217460ustar00rootroot00000000000000# # Copyright (c) 2005-2011 Alon Bar-Lev # All rights reserved. # # This software is available to you under a choice of one of two # licenses. You may choose to be licensed under the terms of the GNU # General Public License (GPL) Version 2, or the BSD license. # # GNU General Public License (GPL) Version 2 # =========================================== # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program (see the file COPYING.GPL included with this # distribution); if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # # BSD License # ============ # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: # # o Redistributions of source code must retain the above copyright notice, # this list of conditions and the following disclaimer. # o Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # o Neither the name of the Alon Bar-Lev nor the names of its # contributors may be used to endorse or promote products derived from # this software without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # MAINTAINERCLEANFILES=$(srcdir)/Makefile.in SUBDIRS=rpm debian pkcs11-helper-pkcs11-helper-1.22/distro/debian/000077500000000000000000000000001304770615400211275ustar00rootroot00000000000000pkcs11-helper-pkcs11-helper-1.22/distro/debian/Makefile.am000066400000000000000000000056101304770615400231650ustar00rootroot00000000000000# # Copyright (c) 2005-2011 Alon Bar-Lev # All rights reserved. # # This software is available to you under a choice of one of two # licenses. You may choose to be licensed under the terms of the GNU # General Public License (GPL) Version 2, or the BSD license. # # GNU General Public License (GPL) Version 2 # =========================================== # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program (see the file COPYING.GPL included with this # distribution); if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # # BSD License # ============ # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: # # o Redistributions of source code must retain the above copyright notice, # this list of conditions and the following disclaimer. # o Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # o Neither the name of the Alon Bar-Lev nor the names of its # contributors may be used to endorse or promote products derived from # this software without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # SUFFIXES=.m4 MAINTAINERCLEANFILES=$(srcdir)/Makefile.in CLEANFILES=copyright BUILT_SOURCES=copyright dist_noinst_DATA= \ changelog \ README.build \ compat \ control \ copyright.m4 \ copyright \ rules \ watch \ libpkcs11-helper1-dev.install \ libpkcs11-helper1.install .m4: $(M4) -Dtop_srcdir="$(top_srcdir)" "$^" > "$@" pkcs11-helper-pkcs11-helper-1.22/distro/debian/README.build000066400000000000000000000004751304770615400231130ustar00rootroot00000000000000pkcs11-helper1 for Debian ------------------------- To build pkcs11-helper follow these steps 1) unpack the tarball 2) cd pkcs11-helper- 3) ln -s distro/debian 4) invoke your build tool, e.g. dpkg-buildpackage -rfakeroot -- S. Wefel Mon, 29 Jan 2007 16:56:30 +0100 pkcs11-helper-pkcs11-helper-1.22/distro/debian/changelog000066400000000000000000000021771304770615400230100ustar00rootroot00000000000000libpkcs11-helper1 (1.03-0) unstable; urgency=low * New maintainer * New upstream release * renamed to libpkcs11-helper1 (lintian check) * removed *.la * size_t printf 64bit fixups (debug). * Certificate session period fixup, thank to Leo Pohl for reporting. -- Sandro Wefel (testlaeufer) Mon, 23 Apr 2007 08:59:16 +0200 pkcs11-helper (1.02-99.0saw0) unstable; urgency=low * Non-maintainer upload. * upgrade to version 1.03 beta 1 - use --with-apidocdir for the path to the api docs -- Sandro Wefel (testlaeufer) Fri, 16 Feb 2007 15:54:41 +0100 pkcs11-helper (1.02-1.0saw1) unstable; urgency=low * Non-maintainer upload. * api docs added to pkcs11-helper-dev * license information updated * fix dependencies -- Sandro Wefel (testlaeufer) Sun, 11 Feb 2007 17:44:13 +0100 pkcs11-helper (1.02-1.0saw0) unstable; urgency=low * Initial release - based on version 1.02 from 2007-10-05 -- Sandro Wefel (testlaeufer) Mon, 29 Jan 2007 16:56:30 +0100 pkcs11-helper-pkcs11-helper-1.22/distro/debian/compat000066400000000000000000000000021304770615400223250ustar00rootroot000000000000005 pkcs11-helper-pkcs11-helper-1.22/distro/debian/control000066400000000000000000000037401304770615400225360ustar00rootroot00000000000000Source: libpkcs11-helper1 Priority: extra Maintainer: Sandro Wefel Build-Depends: cdbs (>= 0.4.27-1), debhelper (>= 5), autotools-dev, libssl-dev, pkg-config, doxygen Standards-Version: 3.7.2 Section: libs Package: libpkcs11-helper1-dev Section: libdevel Architecture: any Provides: libpkcs11-helper-dev Conflicts: libpkcs11-helper-dev Depends: libpkcs11-helper1 (= ${Source-Version}), libssl-dev Description: library that simplifies the interaction with PKCS#11 libpkcs11-helper is a library that simplifies the interaction with PKCS#11 providers for end-user applications. . libpkcs11-helper allows using multiple PKCS#11 providers at the same time, enumerating available token certificates, or selecting a certificate directly by serialized id, handling card removal and card insert events, handling card re-insert to a different slot, supporting session expiration and much more all using a simple API. . libpkcs11-helper is not designed to manage card content, since object attributes are usually vendor specific, and 99% of application need to access existing objects in order to perform signature and decryption. Package: libpkcs11-helper1 Section: libs Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: library that simplifies the interaction with PKCS#11 libpkcs11-helper is a library that simplifies the interaction with PKCS#11 providers for end-user applications. . libpkcs11-helper allows using multiple PKCS#11 providers at the same time, enumerating available token certificates, or selecting a certificate directly by serialized id, handling card removal and card insert events, handling card re-insert to a different slot, supporting session expiration and much more all using a simple API. . libpkcs11-helper is not designed to manage card content, since object attributes are usually vendor specific, and 99% of application need to access existing objects in order to perform signature and decryption. pkcs11-helper-pkcs11-helper-1.22/distro/debian/copyright.m4000066400000000000000000000007011304770615400233770ustar00rootroot00000000000000This package was debianized by S. Wefel on Mon, 29 Jan 2007 16:56:30 +0100. It was downloaded from http://www.opensc-project.org/files/pkcs11-helper/ Upstream Author: Alon Bar-Lev Copyright: Copyright (c) 2005-2006 Alon Bar-Lev include(top_srcdir/COPYING) On Debian GNU/Linux systems, the complete text of the GNU General Public License can be found in `/usr/share/common-licenses/GPL'. pkcs11-helper-pkcs11-helper-1.22/distro/debian/libpkcs11-helper1-dev.install000066400000000000000000000001671304770615400264260ustar00rootroot00000000000000usr/lib/lib*.a usr/lib/lib*.so usr/lib/pkgconfig usr/share/aclocal usr/share/doc/libpkcs11-helper1-dev/api usr/include pkcs11-helper-pkcs11-helper-1.22/distro/debian/libpkcs11-helper1.install000066400000000000000000000000401304770615400256400ustar00rootroot00000000000000usr/lib/lib*.so.* usr/share/man pkcs11-helper-pkcs11-helper-1.22/distro/debian/rules000077500000000000000000000004601304770615400222070ustar00rootroot00000000000000#!/usr/bin/make -f include /usr/share/cdbs/1/class/autotools.mk include /usr/share/cdbs/1/rules/debhelper.mk DEB_CONFIGURE_EXTRA_FLAGS := --enable-doc --docdir=${prefix}/usr/share/doc/libpkcs11-helper1-dev DEB_INSTALL_DOCS_ALL := README AUTHORS THANKS DEB_DH_INSTALL_ARGS := --sourcedir=debian/tmp pkcs11-helper-pkcs11-helper-1.22/distro/debian/watch000066400000000000000000000001271304770615400221600ustar00rootroot00000000000000version=3 http://www.opensc-project.org/files/pkcs11-helper/pkcs11-helper-(.*).tar.bz2 pkcs11-helper-pkcs11-helper-1.22/distro/rpm/000077500000000000000000000000001304770615400205035ustar00rootroot00000000000000pkcs11-helper-pkcs11-helper-1.22/distro/rpm/Makefile.am000066400000000000000000000052131304770615400225400ustar00rootroot00000000000000# # Copyright (c) 2005-2011 Alon Bar-Lev # All rights reserved. # # This software is available to you under a choice of one of two # licenses. You may choose to be licensed under the terms of the GNU # General Public License (GPL) Version 2, or the BSD license. # # GNU General Public License (GPL) Version 2 # =========================================== # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program (see the file COPYING.GPL included with this # distribution); if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # # BSD License # ============ # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: # # o Redistributions of source code must retain the above copyright notice, # this list of conditions and the following disclaimer. # o Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # o Neither the name of the Alon Bar-Lev nor the names of its # contributors may be used to endorse or promote products derived from # this software without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # MAINTAINERCLEANFILES=$(srcdir)/Makefile.in dist_noinst_DATA=pkcs11-helper.spec pkcs11-helper-pkcs11-helper-1.22/distro/rpm/pkcs11-helper.spec.in000066400000000000000000000044531304770615400243510ustar00rootroot00000000000000# doc support %bcond_with doc %define name @PACKAGE@ %define version @VERSION@ %define release 2 %define prefix /usr Summary: A helper library for the use with smart cards and the PKCS#11 API Name: %{name} Version: %{version} Release: %{release} License: GPLv2 or BSD Vendor: The OpenSC Project, https://github.com/OpenSC Packager: Alon Bar-Lev Group: System/Crypto Url: https://github.com/OpenSC/pkcs11-helper Source: https://github.com/OpenSC/pkcs11-helper/releases/download/%{name}-%{version}/%{name}-%{version}.tar.bz2 %if %{with doc} BuildRequires: doxygen %endif BuildRequires: openssl-devel >= 0.9.7a Requires: openssl >= 0.9.7a %description The pkcs11-helper library allows using multiple PKCS#11 providers at the same time, selecting keys by id, label or certificate subject, handling card removal and card insert events, handling card re-insert to a different slot, supporting session expiration serialization and much more, all using a simple API. %package devel Summary: pkcs11-helper development files Group: Development/Libraries Requires: %{name} >= %{version} Requires: pkgconfig %description devel pkcs11-helper development files. %prep %setup -q %build %configure -q \ %{?with_doc:--enable-doc} \ %{nil} %{__make} %{?_smp_mflags} %install %makeinstall %post -p /sbin/ldconfig %postun -p /sbin/ldconfig %files %{_docdir}/%{name}/COPYING* %{_docdir}/%{name}/README %{_libdir}/libpkcs11-helper.so.* %{_mandir}/*/* %files devel %{_datadir}/aclocal/* %{_includedir}/* %{_libdir}/libpkcs11-helper.a %{_libdir}/libpkcs11-helper.la %{_libdir}/libpkcs11-helper.so %{_libdir}/pkgconfig/* %if %{with doc} %{_docdir}/%{name}/api/* %endif %changelog * Sat Jan 14 2017 Alon Bar-Lev - Cleanups. * Fri Nov 11 2011 Alon Bar-Lev - Cleanups. * Thu Feb 15 2007 Alon Bar-Lev - Modify docs location. * Mon Jan 15 2007 Eddy Nigg - Make doxygen dependency only for doc builds * Tue Jan 9 2007 Eddy Nigg - Build new version 1.03 * Sun Jan 7 2007 Eddy Nigg - Fix for pkgconfig. * Mon Nov 27 2006 Eddy Nigg - Fix documentation. * Sun Nov 26 2006 Eddy Nigg - Initial build for StartCom Linux 5.0.x pkcs11-helper-pkcs11-helper-1.22/doc/000077500000000000000000000000001304770615400171465ustar00rootroot00000000000000pkcs11-helper-pkcs11-helper-1.22/doc/Makefile.am000066400000000000000000000051631304770615400212070ustar00rootroot00000000000000# # Copyright (c) 2005-2011 Alon Bar-Lev # All rights reserved. # # This software is available to you under a choice of one of two # licenses. You may choose to be licensed under the terms of the GNU # General Public License (GPL) Version 2, or the BSD license. # # GNU General Public License (GPL) Version 2 # =========================================== # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program (see the file COPYING.GPL included with this # distribution); if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # # BSD License # ============ # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: # # o Redistributions of source code must retain the above copyright notice, # this list of conditions and the following disclaimer. # o Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # o Neither the name of the Alon Bar-Lev nor the names of its # contributors may be used to endorse or promote products derived from # this software without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # MAINTAINERCLEANFILES=$(srcdir)/Makefile.in SUBDIRS=api pkcs11-helper-pkcs11-helper-1.22/doc/api/000077500000000000000000000000001304770615400177175ustar00rootroot00000000000000pkcs11-helper-pkcs11-helper-1.22/doc/api/Doxyfile.in000066400000000000000000001456431304770615400220470ustar00rootroot00000000000000# Doxyfile 1.5.2 # This file describes the settings to be used by the documentation system # doxygen (www.doxygen.org) for a project # # All text after a hash (#) is considered a comment and will be ignored # The format is: # TAG = value [value, ...] # For lists items can also be appended using: # TAG += value [value, ...] # Values that contain spaces should be placed between quotes (" ") #--------------------------------------------------------------------------- # Project related configuration options #--------------------------------------------------------------------------- # This tag specifies the encoding used for all characters in the config file that # follow. The default is UTF-8 which is also the encoding used for all text before # the first occurrence of this tag. Doxygen uses libiconv (or the iconv built into # libc) for the transcoding. See http://www.gnu.org/software/libiconv for the list of # possible encodings. DOXYFILE_ENCODING = UTF-8 # The PROJECT_NAME tag is a single word (or a sequence of words surrounded # by quotes) that should identify the project. PROJECT_NAME = pkcs11-helper # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or # if some version control system is used. PROJECT_NUMBER = # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. # If a relative path is entered, it will be relative to the location # where doxygen was started. If left blank the current directory will be used. OUTPUT_DIRECTORY = api.out # If the CREATE_SUBDIRS tag is set to YES, then doxygen will create # 4096 sub-directories (in 2 levels) under the output directory of each output # format and will distribute the generated files over these directories. # Enabling this option can be useful when feeding doxygen a huge amount of # source files, where putting all generated files in the same directory would # otherwise cause performance problems for the file system. CREATE_SUBDIRS = NO # The OUTPUT_LANGUAGE tag is used to specify the language in which all # documentation generated by doxygen is written. Doxygen will use this # information to generate all constant output in the proper language. # The default language is English, other supported languages are: # Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional, # Croatian, Czech, Danish, Dutch, Finnish, French, German, Greek, Hungarian, # Italian, Japanese, Japanese-en (Japanese with English messages), Korean, # Korean-en, Lithuanian, Norwegian, Polish, Portuguese, Romanian, Russian, # Serbian, Slovak, Slovene, Spanish, Swedish, and Ukrainian. OUTPUT_LANGUAGE = English # If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will # include brief member descriptions after the members that are listed in # the file and class documentation (similar to JavaDoc). # Set to NO to disable this. BRIEF_MEMBER_DESC = YES # If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend # the brief description of a member or function before the detailed description. # Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the # brief descriptions will be completely suppressed. REPEAT_BRIEF = YES # This tag implements a quasi-intelligent brief description abbreviator # that is used to form the text in various listings. Each string # in this list, if found as the leading text of the brief description, will be # stripped from the text and the result after processing the whole list, is # used as the annotated text. Otherwise, the brief description is used as-is. # If left blank, the following values are used ("$name" is automatically # replaced with the name of the entity): "The $name class" "The $name widget" # "The $name file" "is" "provides" "specifies" "contains" # "represents" "a" "an" "the" ABBREVIATE_BRIEF = # If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then # Doxygen will generate a detailed section even if there is only a brief # description. ALWAYS_DETAILED_SEC = NO # If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all # inherited members of a class in the documentation of that class as if those # members were ordinary class members. Constructors, destructors and assignment # operators of the base classes will not be shown. INLINE_INHERITED_MEMB = NO # If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full # path before files name in the file list and in the header files. If set # to NO the shortest path that makes the file name unique will be used. FULL_PATH_NAMES = YES # If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag # can be used to strip a user-defined part of the path. Stripping is # only done if one of the specified strings matches the left-hand part of # the path. The tag can be used to show relative paths in the file list. # If left blank the directory from which doxygen is run is used as the # path to strip. STRIP_FROM_PATH = @top_srcdir@/include @srcdir@ # The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of # the path mentioned in the documentation of a class, which tells # the reader which header file to include in order to use a class. # If left blank only the name of the header file containing the class # definition is used. Otherwise one should specify the include paths that # are normally passed to the compiler using the -I flag. STRIP_FROM_INC_PATH = # If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter # (but less readable) file names. This can be useful is your file systems # doesn't support long names like on DOS, Mac, or CD-ROM. SHORT_NAMES = NO # If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen # will interpret the first line (until the first dot) of a JavaDoc-style # comment as the brief description. If set to NO, the JavaDoc # comments will behave just like the Qt-style comments (thus requiring an # explicit @brief command for a brief description. JAVADOC_AUTOBRIEF = NO # The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen # treat a multi-line C++ special comment block (i.e. a block of //! or /// # comments) as a brief description. This used to be the default behaviour. # The new default is to treat a multi-line C++ comment block as a detailed # description. Set this tag to YES if you prefer the old behaviour instead. MULTILINE_CPP_IS_BRIEF = NO # If the DETAILS_AT_TOP tag is set to YES then Doxygen # will output the detailed description near the top, like JavaDoc. # If set to NO, the detailed description appears after the member # documentation. DETAILS_AT_TOP = NO # If the INHERIT_DOCS tag is set to YES (the default) then an undocumented # member inherits the documentation from any documented member that it # re-implements. INHERIT_DOCS = YES # If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce # a new page for each member. If set to NO, the documentation of a member will # be part of the file/class/namespace that contains it. SEPARATE_MEMBER_PAGES = NO # The TAB_SIZE tag can be used to set the number of spaces in a tab. # Doxygen uses this value to replace tabs by spaces in code fragments. TAB_SIZE = 8 # This tag can be used to specify a number of aliases that acts # as commands in the documentation. An alias has the form "name=value". # For example adding "sideeffect=\par Side Effects:\n" will allow you to # put the command \sideeffect (or @sideeffect) in the documentation, which # will result in a user-defined paragraph with heading "Side Effects:". # You can put \n's in the value part of an alias to insert newlines. ALIASES = # Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C # sources only. Doxygen will then generate output that is more tailored for C. # For instance, some of the names that are used will be different. The list # of all members will be omitted, etc. OPTIMIZE_OUTPUT_FOR_C = NO # Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java # sources only. Doxygen will then generate output that is more tailored for Java. # For instance, namespaces will be presented as packages, qualified scopes # will look different, etc. OPTIMIZE_OUTPUT_JAVA = NO # If you use STL classes (i.e. std::string, std::vector, etc.) but do not want to # include (a tag file for) the STL sources as input, then you should # set this tag to YES in order to let doxygen match functions declarations and # definitions whose arguments contain STL classes (e.g. func(std::string); v.s. # func(std::string) {}). This also make the inheritance and collaboration # diagrams that involve STL classes more complete and accurate. BUILTIN_STL_SUPPORT = NO # If you use Microsoft's C++/CLI language, you should set this option to YES to # enable parsing support. CPP_CLI_SUPPORT = NO # If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC # tag is set to YES, then doxygen will reuse the documentation of the first # member in the group (if any) for the other members of the group. By default # all members of a group must be documented explicitly. DISTRIBUTE_GROUP_DOC = NO # Set the SUBGROUPING tag to YES (the default) to allow class member groups of # the same type (for instance a group of public functions) to be put as a # subgroup of that type (e.g. under the Public Functions section). Set it to # NO to prevent subgrouping. Alternatively, this can be done per class using # the \nosubgrouping command. SUBGROUPING = YES #--------------------------------------------------------------------------- # Build related configuration options #--------------------------------------------------------------------------- # If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in # documentation are documented, even if no documentation was available. # Private class members and static file members will be hidden unless # the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES EXTRACT_ALL = NO # If the EXTRACT_PRIVATE tag is set to YES all private members of a class # will be included in the documentation. EXTRACT_PRIVATE = NO # If the EXTRACT_STATIC tag is set to YES all static members of a file # will be included in the documentation. EXTRACT_STATIC = NO # If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) # defined locally in source files will be included in the documentation. # If set to NO only classes defined in header files are included. EXTRACT_LOCAL_CLASSES = NO # This flag is only useful for Objective-C code. When set to YES local # methods, which are defined in the implementation section but not in # the interface are included in the documentation. # If set to NO (the default) only methods in the interface are included. EXTRACT_LOCAL_METHODS = NO # If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all # undocumented members of documented classes, files or namespaces. # If set to NO (the default) these members will be included in the # various overviews, but no documentation section is generated. # This option has no effect if EXTRACT_ALL is enabled. HIDE_UNDOC_MEMBERS = YES # If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all # undocumented classes that are normally visible in the class hierarchy. # If set to NO (the default) these classes will be included in the various # overviews. This option has no effect if EXTRACT_ALL is enabled. HIDE_UNDOC_CLASSES = YES # If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all # friend (class|struct|union) declarations. # If set to NO (the default) these declarations will be included in the # documentation. HIDE_FRIEND_COMPOUNDS = NO # If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any # documentation blocks found inside the body of a function. # If set to NO (the default) these blocks will be appended to the # function's detailed documentation block. HIDE_IN_BODY_DOCS = NO # The INTERNAL_DOCS tag determines if documentation # that is typed after a \internal command is included. If the tag is set # to NO (the default) then the documentation will be excluded. # Set it to YES to include the internal documentation. INTERNAL_DOCS = NO # If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate # file names in lower-case letters. If set to YES upper-case letters are also # allowed. This is useful if you have classes or files whose names only differ # in case and if your file system supports case sensitive file names. Windows # and Mac users are advised to set this option to NO. CASE_SENSE_NAMES = YES # If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen # will show members with their full class and namespace scopes in the # documentation. If set to YES the scope will be hidden. HIDE_SCOPE_NAMES = NO # If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen # will put a list of the files that are included by a file in the documentation # of that file. SHOW_INCLUDE_FILES = NO # If the INLINE_INFO tag is set to YES (the default) then a tag [inline] # is inserted in the documentation for inline members. INLINE_INFO = YES # If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen # will sort the (detailed) documentation of file and class members # alphabetically by member name. If set to NO the members will appear in # declaration order. SORT_MEMBER_DOCS = YES # If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the # brief documentation of file, namespace and class members alphabetically # by member name. If set to NO (the default) the members will appear in # declaration order. SORT_BRIEF_DOCS = NO # If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be # sorted by fully-qualified names, including namespaces. If set to # NO (the default), the class list will be sorted only by class name, # not including the namespace part. # Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES. # Note: This option applies only to the class list, not to the # alphabetical list. SORT_BY_SCOPE_NAME = NO # The GENERATE_TODOLIST tag can be used to enable (YES) or # disable (NO) the todo list. This list is created by putting \todo # commands in the documentation. GENERATE_TODOLIST = YES # The GENERATE_TESTLIST tag can be used to enable (YES) or # disable (NO) the test list. This list is created by putting \test # commands in the documentation. GENERATE_TESTLIST = YES # The GENERATE_BUGLIST tag can be used to enable (YES) or # disable (NO) the bug list. This list is created by putting \bug # commands in the documentation. GENERATE_BUGLIST = YES # The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or # disable (NO) the deprecated list. This list is created by putting # \deprecated commands in the documentation. GENERATE_DEPRECATEDLIST= YES # The ENABLED_SECTIONS tag can be used to enable conditional # documentation sections, marked by \if sectionname ... \endif. ENABLED_SECTIONS = # The MAX_INITIALIZER_LINES tag determines the maximum number of lines # the initial value of a variable or define consists of for it to appear in # the documentation. If the initializer consists of more lines than specified # here it will be hidden. Use a value of 0 to hide initializers completely. # The appearance of the initializer of individual variables and defines in the # documentation can be controlled using \showinitializer or \hideinitializer # command in the documentation regardless of this setting. MAX_INITIALIZER_LINES = 30 # Set the SHOW_USED_FILES tag to NO to disable the list of files generated # at the bottom of the documentation of classes and structs. If set to YES the # list will mention the files that were used to generate the documentation. SHOW_USED_FILES = YES # If the sources in your project are distributed over multiple directories # then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy # in the documentation. The default is NO. SHOW_DIRECTORIES = NO # The FILE_VERSION_FILTER tag can be used to specify a program or script that # doxygen should invoke to get the current version for each file (typically from the # version control system). Doxygen will invoke the program by executing (via # popen()) the command , where is the value of # the FILE_VERSION_FILTER tag, and is the name of an input file # provided by doxygen. Whatever the program writes to standard output # is used as the file version. See the manual for examples. FILE_VERSION_FILTER = #--------------------------------------------------------------------------- # configuration options related to warning and progress messages #--------------------------------------------------------------------------- # The QUIET tag can be used to turn on/off the messages that are generated # by doxygen. Possible values are YES and NO. If left blank NO is used. QUIET = NO # The WARNINGS tag can be used to turn on/off the warning messages that are # generated by doxygen. Possible values are YES and NO. If left blank # NO is used. WARNINGS = YES # If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings # for undocumented members. If EXTRACT_ALL is set to YES then this flag will # automatically be disabled. WARN_IF_UNDOCUMENTED = YES # If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for # potential errors in the documentation, such as not documenting some # parameters in a documented function, or documenting parameters that # don't exist or using markup commands wrongly. WARN_IF_DOC_ERROR = YES # This WARN_NO_PARAMDOC option can be abled to get warnings for # functions that are documented, but have no documentation for their parameters # or return value. If set to NO (the default) doxygen will only warn about # wrong or incomplete parameter documentation, but not about the absence of # documentation. WARN_NO_PARAMDOC = YES # The WARN_FORMAT tag determines the format of the warning messages that # doxygen can produce. The string should contain the $file, $line, and $text # tags, which will be replaced by the file and line number from which the # warning originated and the warning text. Optionally the format may contain # $version, which will be replaced by the version of the file (if it could # be obtained via FILE_VERSION_FILTER) WARN_FORMAT = "$file:$line: $text" # The WARN_LOGFILE tag can be used to specify a file to which warning # and error messages should be written. If left blank the output is written # to stderr. WARN_LOGFILE = #--------------------------------------------------------------------------- # configuration options related to the input files #--------------------------------------------------------------------------- # The INPUT tag can be used to specify the files and/or directories that contain # documented source files. You may enter file names like "myfile.cpp" or # directories like "/usr/src/myproject". Separate the files or directories # with spaces. INPUT = @top_srcdir@/include @srcdir@ # This tag can be used to specify the character encoding of the source files that # doxygen parses. Internally doxygen uses the UTF-8 encoding, which is also the default # input encoding. Doxygen uses libiconv (or the iconv built into libc) for the transcoding. # See http://www.gnu.org/software/libiconv for the list of possible encodings. INPUT_ENCODING = UTF-8 # If the value of the INPUT tag contains directories, you can use the # FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp # and *.h) to filter out the source-files in the directories. If left # blank the following patterns are tested: # *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx # *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.py FILE_PATTERNS = *.h *.c *.dox # The RECURSIVE tag can be used to turn specify whether or not subdirectories # should be searched for input files as well. Possible values are YES and NO. # If left blank NO is used. RECURSIVE = YES # The EXCLUDE tag can be used to specify files and/or directories that should # excluded from the INPUT source files. This way you can easily exclude a # subdirectory from a directory tree whose root is specified with the INPUT tag. EXCLUDE = # The EXCLUDE_SYMLINKS tag can be used select whether or not files or # directories that are symbolic links (a Unix filesystem feature) are excluded # from the input. EXCLUDE_SYMLINKS = NO # If the value of the INPUT tag contains directories, you can use the # EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude # certain files from those directories. Note that the wildcards are matched # against the file with absolute path, so to exclude all test directories # for example use the pattern */test/* EXCLUDE_PATTERNS = */.svn/* # The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names # (namespaces, classes, functions, etc.) that should be excluded from the output. # The symbol name can be a fully qualified name, a word, or if the wildcard * is used, # a substring. Examples: ANamespace, AClass, AClass::ANamespace, ANamespace::*Test EXCLUDE_SYMBOLS = # The EXAMPLE_PATH tag can be used to specify one or more files or # directories that contain example code fragments that are included (see # the \include command). EXAMPLE_PATH = @top_srcdir@ # If the value of the EXAMPLE_PATH tag contains directories, you can use the # EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp # and *.h) to filter out the source-files in the directories. If left # blank all files are included. EXAMPLE_PATTERNS = # If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be # searched for input files to be used with the \include or \dontinclude # commands irrespective of the value of the RECURSIVE tag. # Possible values are YES and NO. If left blank NO is used. EXAMPLE_RECURSIVE = NO # The IMAGE_PATH tag can be used to specify one or more files or # directories that contain image that are included in the documentation (see # the \image command). IMAGE_PATH = # The INPUT_FILTER tag can be used to specify a program that doxygen should # invoke to filter for each input file. Doxygen will invoke the filter program # by executing (via popen()) the command , where # is the value of the INPUT_FILTER tag, and is the name of an # input file. Doxygen will then use the output that the filter program writes # to standard output. If FILTER_PATTERNS is specified, this tag will be # ignored. INPUT_FILTER = # The FILTER_PATTERNS tag can be used to specify filters on a per file pattern # basis. Doxygen will compare the file name with each pattern and apply the # filter if there is a match. The filters are a list of the form: # pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further # info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER # is applied to all files. FILTER_PATTERNS = # If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using # INPUT_FILTER) will be used to filter the input files when producing source # files to browse (i.e. when SOURCE_BROWSER is set to YES). FILTER_SOURCE_FILES = NO #--------------------------------------------------------------------------- # configuration options related to source browsing #--------------------------------------------------------------------------- # If the SOURCE_BROWSER tag is set to YES then a list of source files will # be generated. Documented entities will be cross-referenced with these sources. # Note: To get rid of all source code in the generated output, make sure also # VERBATIM_HEADERS is set to NO. SOURCE_BROWSER = NO # Setting the INLINE_SOURCES tag to YES will include the body # of functions and classes directly in the documentation. INLINE_SOURCES = NO # Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct # doxygen to hide any special comment blocks from generated source code # fragments. Normal C and C++ comments will always remain visible. STRIP_CODE_COMMENTS = YES # If the REFERENCED_BY_RELATION tag is set to YES (the default) # then for each documented function all documented # functions referencing it will be listed. REFERENCED_BY_RELATION = YES # If the REFERENCES_RELATION tag is set to YES (the default) # then for each documented function all documented entities # called/used by that function will be listed. REFERENCES_RELATION = YES # If the REFERENCES_LINK_SOURCE tag is set to YES (the default) # and SOURCE_BROWSER tag is set to YES, then the hyperlinks from # functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will # link to the source code. Otherwise they will link to the documentstion. REFERENCES_LINK_SOURCE = YES # If the USE_HTAGS tag is set to YES then the references to source code # will point to the HTML generated by the htags(1) tool instead of doxygen # built-in source browser. The htags tool is part of GNU's global source # tagging system (see http://www.gnu.org/software/global/global.html). You # will need version 4.8.6 or higher. USE_HTAGS = NO # If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen # will generate a verbatim copy of the header file for each class for # which an include is specified. Set to NO to disable this. VERBATIM_HEADERS = YES #--------------------------------------------------------------------------- # configuration options related to the alphabetical class index #--------------------------------------------------------------------------- # If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index # of all compounds will be generated. Enable this if the project # contains a lot of classes, structs, unions or interfaces. ALPHABETICAL_INDEX = NO # If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then # the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns # in which this list will be split (can be a number in the range [1..20]) COLS_IN_ALPHA_INDEX = 5 # In case all classes in a project start with a common prefix, all # classes will be put under the same header in the alphabetical index. # The IGNORE_PREFIX tag can be used to specify one or more prefixes that # should be ignored while generating the index headers. IGNORE_PREFIX = #--------------------------------------------------------------------------- # configuration options related to the HTML output #--------------------------------------------------------------------------- # If the GENERATE_HTML tag is set to YES (the default) Doxygen will # generate HTML output. GENERATE_HTML = YES # The HTML_OUTPUT tag is used to specify where the HTML docs will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `html' will be used as the default path. HTML_OUTPUT = html # The HTML_FILE_EXTENSION tag can be used to specify the file extension for # each generated HTML page (for example: .htm,.php,.asp). If it is left blank # doxygen will generate files with .html extension. HTML_FILE_EXTENSION = .html # The HTML_HEADER tag can be used to specify a personal HTML header for # each generated HTML page. If it is left blank doxygen will generate a # standard header. HTML_HEADER = # The HTML_FOOTER tag can be used to specify a personal HTML footer for # each generated HTML page. If it is left blank doxygen will generate a # standard footer. HTML_FOOTER = @srcdir@/Doxyfile_footer.html # The HTML_STYLESHEET tag can be used to specify a user-defined cascading # style sheet that is used by each HTML page. It can be used to # fine-tune the look of the HTML output. If the tag is left blank doxygen # will generate a default style sheet. Note that doxygen will try to copy # the style sheet file to the HTML output directory, so don't put your own # stylesheet in the HTML output directory as well, or it will be erased! HTML_STYLESHEET = # If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes, # files or namespaces will be aligned in HTML using tables. If set to # NO a bullet list will be used. HTML_ALIGN_MEMBERS = YES # If the GENERATE_HTMLHELP tag is set to YES, additional index files # will be generated that can be used as input for tools like the # Microsoft HTML help workshop to generate a compressed HTML help file (.chm) # of the generated HTML documentation. GENERATE_HTMLHELP = NO # If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can # be used to specify the file name of the resulting .chm file. You # can add a path in front of the file if the result should not be # written to the html output directory. CHM_FILE = # If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can # be used to specify the location (absolute path including file name) of # the HTML help compiler (hhc.exe). If non-empty doxygen will try to run # the HTML help compiler on the generated index.hhp. HHC_LOCATION = # If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag # controls if a separate .chi index file is generated (YES) or that # it should be included in the master .chm file (NO). GENERATE_CHI = NO # If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag # controls whether a binary table of contents is generated (YES) or a # normal table of contents (NO) in the .chm file. BINARY_TOC = NO # The TOC_EXPAND flag can be set to YES to add extra items for group members # to the contents of the HTML help documentation and to the tree view. TOC_EXPAND = NO # The DISABLE_INDEX tag can be used to turn on/off the condensed index at # top of each HTML page. The value NO (the default) enables the index and # the value YES disables it. DISABLE_INDEX = NO # This tag can be used to set the number of enum values (range [1..20]) # that doxygen will group on one line in the generated HTML documentation. ENUM_VALUES_PER_LINE = 4 # If the GENERATE_TREEVIEW tag is set to YES, a side panel will be # generated containing a tree-like index structure (just like the one that # is generated for HTML Help). For this to work a browser that supports # JavaScript, DHTML, CSS and frames is required (for instance Mozilla 1.0+, # Netscape 6.0+, Internet explorer 5.0+, or Konqueror). Windows users are # probably better off using the HTML help feature. GENERATE_TREEVIEW = NO # If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be # used to set the initial width (in pixels) of the frame in which the tree # is shown. TREEVIEW_WIDTH = 250 #--------------------------------------------------------------------------- # configuration options related to the LaTeX output #--------------------------------------------------------------------------- # If the GENERATE_LATEX tag is set to YES (the default) Doxygen will # generate Latex output. GENERATE_LATEX = NO # The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `latex' will be used as the default path. LATEX_OUTPUT = latex # The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be # invoked. If left blank `latex' will be used as the default command name. LATEX_CMD_NAME = latex # The MAKEINDEX_CMD_NAME tag can be used to specify the command name to # generate index for LaTeX. If left blank `makeindex' will be used as the # default command name. MAKEINDEX_CMD_NAME = makeindex # If the COMPACT_LATEX tag is set to YES Doxygen generates more compact # LaTeX documents. This may be useful for small projects and may help to # save some trees in general. COMPACT_LATEX = NO # The PAPER_TYPE tag can be used to set the paper type that is used # by the printer. Possible values are: a4, a4wide, letter, legal and # executive. If left blank a4wide will be used. PAPER_TYPE = a4wide # The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX # packages that should be included in the LaTeX output. EXTRA_PACKAGES = # The LATEX_HEADER tag can be used to specify a personal LaTeX header for # the generated latex document. The header should contain everything until # the first chapter. If it is left blank doxygen will generate a # standard header. Notice: only use this tag if you know what you are doing! LATEX_HEADER = # If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated # is prepared for conversion to pdf (using ps2pdf). The pdf file will # contain links (just like the HTML output) instead of page references # This makes the output suitable for online browsing using a pdf viewer. PDF_HYPERLINKS = NO # If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of # plain latex in the generated Makefile. Set this option to YES to get a # higher quality PDF documentation. USE_PDFLATEX = NO # If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode. # command to the generated LaTeX files. This will instruct LaTeX to keep # running if errors occur, instead of asking the user for help. # This option is also used when generating formulas in HTML. LATEX_BATCHMODE = NO # If LATEX_HIDE_INDICES is set to YES then doxygen will not # include the index chapters (such as File Index, Compound Index, etc.) # in the output. LATEX_HIDE_INDICES = NO #--------------------------------------------------------------------------- # configuration options related to the RTF output #--------------------------------------------------------------------------- # If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output # The RTF output is optimized for Word 97 and may not look very pretty with # other RTF readers or editors. GENERATE_RTF = NO # The RTF_OUTPUT tag is used to specify where the RTF docs will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `rtf' will be used as the default path. RTF_OUTPUT = rtf # If the COMPACT_RTF tag is set to YES Doxygen generates more compact # RTF documents. This may be useful for small projects and may help to # save some trees in general. COMPACT_RTF = NO # If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated # will contain hyperlink fields. The RTF file will # contain links (just like the HTML output) instead of page references. # This makes the output suitable for online browsing using WORD or other # programs which support those fields. # Note: wordpad (write) and others do not support links. RTF_HYPERLINKS = NO # Load stylesheet definitions from file. Syntax is similar to doxygen's # config file, i.e. a series of assignments. You only have to provide # replacements, missing definitions are set to their default value. RTF_STYLESHEET_FILE = # Set optional variables used in the generation of an rtf document. # Syntax is similar to doxygen's config file. RTF_EXTENSIONS_FILE = #--------------------------------------------------------------------------- # configuration options related to the man page output #--------------------------------------------------------------------------- # If the GENERATE_MAN tag is set to YES (the default) Doxygen will # generate man pages GENERATE_MAN = NO # The MAN_OUTPUT tag is used to specify where the man pages will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `man' will be used as the default path. MAN_OUTPUT = man # The MAN_EXTENSION tag determines the extension that is added to # the generated man pages (default is the subroutine's section .3) MAN_EXTENSION = .3 # If the MAN_LINKS tag is set to YES and Doxygen generates man output, # then it will generate one additional man file for each entity # documented in the real man page(s). These additional files # only source the real man page, but without them the man command # would be unable to find the correct page. The default is NO. MAN_LINKS = YES #--------------------------------------------------------------------------- # configuration options related to the XML output #--------------------------------------------------------------------------- # If the GENERATE_XML tag is set to YES Doxygen will # generate an XML file that captures the structure of # the code including all documentation. GENERATE_XML = NO # The XML_OUTPUT tag is used to specify where the XML pages will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `xml' will be used as the default path. XML_OUTPUT = xml # The XML_SCHEMA tag can be used to specify an XML schema, # which can be used by a validating XML parser to check the # syntax of the XML files. XML_SCHEMA = # The XML_DTD tag can be used to specify an XML DTD, # which can be used by a validating XML parser to check the # syntax of the XML files. XML_DTD = # If the XML_PROGRAMLISTING tag is set to YES Doxygen will # dump the program listings (including syntax highlighting # and cross-referencing information) to the XML output. Note that # enabling this will significantly increase the size of the XML output. XML_PROGRAMLISTING = YES #--------------------------------------------------------------------------- # configuration options for the AutoGen Definitions output #--------------------------------------------------------------------------- # If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will # generate an AutoGen Definitions (see autogen.sf.net) file # that captures the structure of the code including all # documentation. Note that this feature is still experimental # and incomplete at the moment. GENERATE_AUTOGEN_DEF = NO #--------------------------------------------------------------------------- # configuration options related to the Perl module output #--------------------------------------------------------------------------- # If the GENERATE_PERLMOD tag is set to YES Doxygen will # generate a Perl module file that captures the structure of # the code including all documentation. Note that this # feature is still experimental and incomplete at the # moment. GENERATE_PERLMOD = NO # If the PERLMOD_LATEX tag is set to YES Doxygen will generate # the necessary Makefile rules, Perl scripts and LaTeX code to be able # to generate PDF and DVI output from the Perl module output. PERLMOD_LATEX = NO # If the PERLMOD_PRETTY tag is set to YES the Perl module output will be # nicely formatted so it can be parsed by a human reader. This is useful # if you want to understand what is going on. On the other hand, if this # tag is set to NO the size of the Perl module output will be much smaller # and Perl will parse it just the same. PERLMOD_PRETTY = YES # The names of the make variables in the generated doxyrules.make file # are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX. # This is useful so different doxyrules.make files included by the same # Makefile don't overwrite each other's variables. PERLMOD_MAKEVAR_PREFIX = #--------------------------------------------------------------------------- # Configuration options related to the preprocessor #--------------------------------------------------------------------------- # If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will # evaluate all C-preprocessor directives found in the sources and include # files. ENABLE_PREPROCESSING = YES # If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro # names in the source code. If set to NO (the default) only conditional # compilation will be performed. Macro expansion can be done in a controlled # way by setting EXPAND_ONLY_PREDEF to YES. MACRO_EXPANSION = NO # If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES # then the macro expansion is limited to the macros specified with the # PREDEFINED and EXPAND_AS_DEFINED tags. EXPAND_ONLY_PREDEF = NO # If the SEARCH_INCLUDES tag is set to YES (the default) the includes files # in the INCLUDE_PATH (see below) will be search if a #include is found. SEARCH_INCLUDES = YES # The INCLUDE_PATH tag can be used to specify one or more directories that # contain include files that are not input files but should be processed by # the preprocessor. INCLUDE_PATH = # You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard # patterns (like *.h and *.hpp) to filter out the header-files in the # directories. If left blank, the patterns specified with FILE_PATTERNS will # be used. INCLUDE_FILE_PATTERNS = # The PREDEFINED tag can be used to specify one or more macro names that # are defined before the preprocessor is started (similar to the -D option of # gcc). The argument of the tag is a list of macros of the form: name # or name=definition (no spaces). If the definition and the = are # omitted =1 is assumed. To prevent a macro definition from being # undefined via #undef or recursively expanded use the := operator # instead of the = operator. PREDEFINED = # If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then # this tag can be used to specify a list of macro names that should be expanded. # The macro definition that is found in the sources will be used. # Use the PREDEFINED tag if you want to use a different macro definition. EXPAND_AS_DEFINED = # If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then # doxygen's preprocessor will remove all function-like macros that are alone # on a line, have an all uppercase name, and do not end with a semicolon. Such # function macros are typically used for boiler-plate code, and will confuse # the parser if not removed. SKIP_FUNCTION_MACROS = YES #--------------------------------------------------------------------------- # Configuration::additions related to external references #--------------------------------------------------------------------------- # The TAGFILES option can be used to specify one or more tagfiles. # Optionally an initial location of the external documentation # can be added for each tagfile. The format of a tag file without # this location is as follows: # TAGFILES = file1 file2 ... # Adding location for the tag files is done as follows: # TAGFILES = file1=loc1 "file2 = loc2" ... # where "loc1" and "loc2" can be relative or absolute paths or # URLs. If a location is present for each tag, the installdox tool # does not have to be run to correct the links. # Note that each tag file must have a unique name # (where the name does NOT include the path) # If a tag file is not located in the directory in which doxygen # is run, you must also specify the path to the tagfile here. TAGFILES = # When a file name is specified after GENERATE_TAGFILE, doxygen will create # a tag file that is based on the input files it reads. GENERATE_TAGFILE = # If the ALLEXTERNALS tag is set to YES all external classes will be listed # in the class index. If set to NO only the inherited external classes # will be listed. ALLEXTERNALS = NO # If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed # in the modules index. If set to NO, only the current project's groups will # be listed. EXTERNAL_GROUPS = NO # The PERL_PATH should be the absolute path and name of the perl script # interpreter (i.e. the result of `which perl'). PERL_PATH = /usr/bin/perl #--------------------------------------------------------------------------- # Configuration options related to the dot tool #--------------------------------------------------------------------------- # If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will # generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base # or super classes. Setting the tag to NO turns the diagrams off. Note that # this option is superseded by the HAVE_DOT option below. This is only a # fallback. It is recommended to install and use dot, since it yields more # powerful graphs. CLASS_DIAGRAMS = YES # You can define message sequence charts within doxygen comments using the \msc # command. Doxygen will then run the mscgen tool (see http://www.mcternan.me.uk/mscgen/) to # produce the chart and insert it in the documentation. The MSCGEN_PATH tag allows you to # specify the directory where the mscgen tool resides. If left empty the tool is assumed to # be found in the default search path. MSCGEN_PATH = # If set to YES, the inheritance and collaboration graphs will hide # inheritance and usage relations if the target is undocumented # or is not a class. HIDE_UNDOC_RELATIONS = YES # If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is # available from the path. This tool is part of Graphviz, a graph visualization # toolkit from AT&T and Lucent Bell Labs. The other options in this section # have no effect if this option is set to NO (the default) HAVE_DOT = NO # If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen # will generate a graph for each documented class showing the direct and # indirect inheritance relations. Setting this tag to YES will force the # the CLASS_DIAGRAMS tag to NO. CLASS_GRAPH = YES # If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen # will generate a graph for each documented class showing the direct and # indirect implementation dependencies (inheritance, containment, and # class references variables) of the class with other documented classes. COLLABORATION_GRAPH = YES # If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen # will generate a graph for groups, showing the direct groups dependencies GROUP_GRAPHS = YES # If the UML_LOOK tag is set to YES doxygen will generate inheritance and # collaboration diagrams in a style similar to the OMG's Unified Modeling # Language. UML_LOOK = NO # If set to YES, the inheritance and collaboration graphs will show the # relations between templates and their instances. TEMPLATE_RELATIONS = NO # If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT # tags are set to YES then doxygen will generate a graph for each documented # file showing the direct and indirect include dependencies of the file with # other documented files. INCLUDE_GRAPH = YES # If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and # HAVE_DOT tags are set to YES then doxygen will generate a graph for each # documented header file showing the documented files that directly or # indirectly include this file. INCLUDED_BY_GRAPH = YES # If the CALL_GRAPH and HAVE_DOT tags are set to YES then doxygen will # generate a call dependency graph for every global function or class method. # Note that enabling this option will significantly increase the time of a run. # So in most cases it will be better to enable call graphs for selected # functions only using the \callgraph command. CALL_GRAPH = NO # If the CALLER_GRAPH and HAVE_DOT tags are set to YES then doxygen will # generate a caller dependency graph for every global function or class method. # Note that enabling this option will significantly increase the time of a run. # So in most cases it will be better to enable caller graphs for selected # functions only using the \callergraph command. CALLER_GRAPH = NO # If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen # will graphical hierarchy of all classes instead of a textual one. GRAPHICAL_HIERARCHY = YES # If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES # then doxygen will show the dependencies a directory has on other directories # in a graphical way. The dependency relations are determined by the #include # relations between the files in the directories. DIRECTORY_GRAPH = YES # The DOT_IMAGE_FORMAT tag can be used to set the image format of the images # generated by dot. Possible values are png, jpg, or gif # If left blank png will be used. DOT_IMAGE_FORMAT = png # The tag DOT_PATH can be used to specify the path where the dot tool can be # found. If left blank, it is assumed the dot tool can be found in the path. DOT_PATH = # The DOTFILE_DIRS tag can be used to specify one or more directories that # contain dot files that are included in the documentation (see the # \dotfile command). DOTFILE_DIRS = # The MAX_DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of # nodes that will be shown in the graph. If the number of nodes in a graph # becomes larger than this value, doxygen will truncate the graph, which is # visualized by representing a node as a red box. Note that doxygen will always # show the root nodes and its direct children regardless of this setting. DOT_GRAPH_MAX_NODES = 50 # Set the DOT_TRANSPARENT tag to YES to generate images with a transparent # background. This is disabled by default, which results in a white background. # Warning: Depending on the platform used, enabling this option may lead to # badly anti-aliased labels on the edges of a graph (i.e. they become hard to # read). DOT_TRANSPARENT = NO # Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output # files in one run (i.e. multiple -o and -T options on the command line). This # makes dot run faster, but since only newer versions of dot (>1.8.10) # support this, this feature is disabled by default. DOT_MULTI_TARGETS = NO # If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will # generate a legend page explaining the meaning of the various boxes and # arrows in the dot generated graphs. GENERATE_LEGEND = YES # If the DOT_CLEANUP tag is set to YES (the default) Doxygen will # remove the intermediate dot files that are used to generate # the various graphs. DOT_CLEANUP = YES #--------------------------------------------------------------------------- # Configuration::additions related to the search engine #--------------------------------------------------------------------------- # The SEARCHENGINE tag specifies whether or not a search engine should be # used. If set to NO the values of all tags below this one will be ignored. SEARCHENGINE = NO pkcs11-helper-pkcs11-helper-1.22/doc/api/Doxyfile_footer.html000066400000000000000000000004031304770615400237430ustar00rootroot00000000000000
pkcs11-helper, Copyright (C) Alon Bar-Lev <alon.barlev@gmail.com>OpenSC-Project.org Logo
pkcs11-helper-pkcs11-helper-1.22/doc/api/Makefile.am000066400000000000000000000056701304770615400217630ustar00rootroot00000000000000# # Copyright (c) 2005-2011 Alon Bar-Lev # All rights reserved. # # This software is available to you under a choice of one of two # licenses. You may choose to be licensed under the terms of the GNU # General Public License (GPL) Version 2, or the BSD license. # # GNU General Public License (GPL) Version 2 # =========================================== # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program (see the file COPYING.GPL included with this # distribution); if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # # BSD License # ============ # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: # # o Redistributions of source code must retain the above copyright notice, # this list of conditions and the following disclaimer. # o Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # o Neither the name of the Alon Bar-Lev nor the names of its # contributors may be used to endorse or promote products derived from # this software without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # MAINTAINERCLEANFILES=$(srcdir)/Makefile.in dist_noinst_DATA=Doxyfile $(srcdir)/Doxyfile_footer.html $(srcdir)/*.dox $(srcdir)/*.gif if ENABLE_DOC apidoc_DATA=api.out/html/* api.out/html/*: \ $(EXTRA_DIST) \ $(top_srcdir)/include/pkcs11-helper-1.0/*.h \ $(srcdir)/*.gif -rm -fr api.out $(DOXYGEN) cp "$(srcdir)"/*.gif api.out/html endif clean-local: -rm -fr api.out pkcs11-helper-pkcs11-helper-1.22/doc/api/main.dox000066400000000000000000000036401304770615400213620ustar00rootroot00000000000000/** @mainpage pkcs11-helper-1.0 @section about About @par PKCS#11 is RSA Security published standard. PKCS#11 is the de-facto standard to access cryptographic devices. @par pkcs11-helper is a library that simplifies the interaction with PKCS#11 providers for end-user applications. @section features Features @par pkcs11-helper allows using multiple PKCS#11 providers at the same time, enumerating available token certificates, or selecting a certificate directly by serialized id, handling card removal and card insert events, handling card re-insert to a different slot, supporting session expiration and much more all using a simple API. @par pkcs11-helper is not designed to manage card content, since object attributes are usually vendor specific, and 99% of application need to access existing objects in order to perform signature and decryption. @section compatibility Compatibility - The pkcs11-helper library is available in POSIX and WIN32 compliant systems. - The pkcs11-helper library should work with almost any PKCS#11 provider, since it uses the minimum required features of the PKCS#11 standard. @section support Support @par pkcs11-helper support is available via the OpenSC Project. @section license License @par @ref License is dual BSD or GPL. @section modules Modules - @ref pkcs11h_core - Initialize library, adding providers, hooks. - @ref pkcs11h_token - Handle tokens. - @ref pkcs11h_certificate - Handle certificate objects. - @ref pkcs11h_data - Handle data objects. - @ref pkcs11h_openssl - OpenSSL engine support. @page License pkcs11-helper license @verbinclude COPYING */ /** @example test-basic.c The following example shows some basic usage of the library. */ /** @example test-slotevent.c The following example shows how to use the slot event interface. */ pkcs11-helper-pkcs11-helper-1.22/doc/api/opensc-logo.gif000066400000000000000000000110671304770615400226400ustar00rootroot00000000000000GIF89a2XKJL (+4cba $j̱5 14fr!ȩQȴQ˔{z{3賀uZ'4ɴ#zx$f$ӵ77btF cֵ naHR1Dpm+a  CsJ ZoDON"ǭ<@( Љ@!?, j AqŖ ,1\"d8mlE):Pc ]@GCpC] i!1`@8K\r@xhVB!ad8+㎳yCP05L矟nyӄY$yhD6`s r|:B T(|F{9K:5DW>Bw+qol5 ,t?(a^ } Q}Vmf \8:D¼!B0>@ڃ,H؂1$vb=? S@I& r\ے^iC>ew9h1K SC$'j@m@e7 |P{\uJ,  3)9x@kpi4! T 9!SwTxM~6hP&,{lZ, 2T5i ]@ψ08L&Z(9*Jf}bkkR > tc YS-^{JT@{:B#@w@-F!:(lʤ{@*hRpo1 ,:2YyF <[ C._k -0؆/;o@@@хbUmr%@ZFXh0,[L)Y1$jPq|M 䍁`ي+m #1+vSk7>r("+g=|yW tpAh='>*IG - 8dA(Bun.If@)7f1 >ax#|*L Ĉid"y P@tQ15ӅfTꕿ՚! $Z14=eu:@&>Jxķ.;3OYO O4D^A8yv$\ uŤ)M0+6Fp Dqh5@A}f VЬG &n P?p^j9C>5@ȼ1V_6rusj r & OHz0Xb0huMV+ /xk0J}NyA X#YKd^B  @s?rѤPa >9c}u]{W|~|]p8r Mx xחsGFYogofY4T YG.k~Uwk ) />ZAA[Q$l 2$2+  s6|G^#3w|۰ PBDp BPdSi}'jއDjUyL%Ё2~5iӳKat:O Ar`:575ME*4(>h0  ~Cw1cŗ(-R)" @V[4dtJ%R3)H@@ U5h2A 2 jC6 Wt0 Bb{} ۠0dQ Z  _@0 ezY0U PrZ YpTpꇋD4?`#˰4>76l !b:#nP0g0m0 p f0o a/< wp~4yySJH2vH%*)0 ԀJAIzv+W@ 2ʁY9pŦ w:Peh+ B?)P1x4S|| F1ay7U`UAV0jZG0  R3@%`*v Fn/ )ޢrp P#&L$-HaЂGG$J'^#| pyfZ@_ki_Dp( PYR$8~f(uy'( Jya۷\7^񁁥hCA| IPpm 빟뷰qL"Ycƺ;&# ̀]{⸽,KP 8W ©[u8 k(;pkcs11-helper-pkcs11-helper-1.22/include/000077500000000000000000000000001304770615400200245ustar00rootroot00000000000000pkcs11-helper-pkcs11-helper-1.22/include/Makefile.am000066400000000000000000000052011304770615400220560ustar00rootroot00000000000000# # Copyright (c) 2005-2011 Alon Bar-Lev # All rights reserved. # # This software is available to you under a choice of one of two # licenses. You may choose to be licensed under the terms of the GNU # General Public License (GPL) Version 2, or the BSD license. # # GNU General Public License (GPL) Version 2 # =========================================== # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program (see the file COPYING.GPL included with this # distribution); if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # # BSD License # ============ # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: # # o Redistributions of source code must retain the above copyright notice, # this list of conditions and the following disclaimer. # o Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # o Neither the name of the Alon Bar-Lev nor the names of its # contributors may be used to endorse or promote products derived from # this software without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # MAINTAINERCLEANFILES=$(srcdir)/Makefile.in SUBDIRS=pkcs11-helper-1.0 pkcs11-helper-pkcs11-helper-1.22/include/pkcs11-helper-1.0/000077500000000000000000000000001304770615400226775ustar00rootroot00000000000000pkcs11-helper-pkcs11-helper-1.22/include/pkcs11-helper-1.0/Makefile.am000066400000000000000000000063611304770615400247410ustar00rootroot00000000000000# # Copyright (c) 2005-2011 Alon Bar-Lev # All rights reserved. # # This software is available to you under a choice of one of two # licenses. You may choose to be licensed under the terms of the GNU # General Public License (GPL) Version 2, or the BSD license. # # GNU General Public License (GPL) Version 2 # =========================================== # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program (see the file COPYING.GPL included with this # distribution); if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # # BSD License # ============ # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: # # o Redistributions of source code must retain the above copyright notice, # this list of conditions and the following disclaimer. # o Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # o Neither the name of the Alon Bar-Lev nor the names of its # contributors may be used to endorse or promote products derived from # this software without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # MAINTAINERCLEANFILES=$(srcdir)/Makefile.in pkcs11hinclude_HEADERS= \ pkcs11.h \ pkcs11h-def.h \ pkcs11h-engines.h \ pkcs11h-core.h noinst_HEADERS= # # For win32 vc, add this into # dist as well # pkcs11hinclude_HEADERS+=pkcs11h-version.h if ENABLE_PKCS11H_CERTIFICATE pkcs11hinclude_HEADERS+=pkcs11h-certificate.h else noinst_HEADERS+=pkcs11h-certificate.h endif if ENABLE_PKCS11H_DATA pkcs11hinclude_HEADERS+=pkcs11h-data.h else noinst_HEADERS+=pkcs11h-data.h endif if ENABLE_PKCS11H_OPENSSL pkcs11hinclude_HEADERS+=pkcs11h-openssl.h else noinst_HEADERS+=pkcs11h-openssl.h endif if ENABLE_PKCS11H_TOKEN pkcs11hinclude_HEADERS+=pkcs11h-token.h else noinst_HEADERS+=pkcs11h-token.h endif pkcs11-helper-pkcs11-helper-1.22/include/pkcs11-helper-1.0/pkcs11.h000066400000000000000000001227121304770615400241570ustar00rootroot00000000000000/* pkcs11.h Copyright 2006, 2007 g10 Code GmbH Copyright 2006 Andreas Jellinghaus This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without modifications, as long as this notice is preserved. This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ /* Please submit changes back to the Scute project at http://www.scute.org/ (or send them to marcus@g10code.com), so that they can be picked up by other projects from there as well. */ /* This file is a modified implementation of the PKCS #11 standard by RSA Security Inc. It is mostly a drop-in replacement, with the following change: This header file does not require any macro definitions by the user (like CK_DEFINE_FUNCTION etc). In fact, it defines those macros for you (if useful, some are missing, let me know if you need more). There is an additional API available that does comply better to the GNU coding standard. It can be switched on by defining CRYPTOKI_GNU before including this header file. For this, the following changes are made to the specification: All structure types are changed to a "struct ck_foo" where CK_FOO is the type name in PKCS #11. All non-structure types are changed to ck_foo_t where CK_FOO is the lowercase version of the type name in PKCS #11. The basic types (CK_ULONG et al.) are removed without substitute. All members of structures are modified in the following way: Type indication prefixes are removed, and underscore characters are inserted before words. Then the result is lowercased. Note that function names are still in the original case, as they need for ABI compatibility. CK_FALSE, CK_TRUE and NULL_PTR are removed without substitute. Use . If CRYPTOKI_COMPAT is defined before including this header file, then none of the API changes above take place, and the API is the one defined by the PKCS #11 standard. */ #ifndef PKCS11_H #define PKCS11_H 1 #if defined(__cplusplus) extern "C" { #endif /* The version of cryptoki we implement. The revision is changed with each modification of this file. If you do not use the "official" version of this file, please consider deleting the revision macro (you may use a macro with a different name to keep track of your versions). */ #define CRYPTOKI_VERSION_MAJOR 2 #define CRYPTOKI_VERSION_MINOR 20 #define CRYPTOKI_VERSION_REVISION 6 /* Compatibility interface is default, unless CRYPTOKI_GNU is given. */ #ifndef CRYPTOKI_GNU #ifndef CRYPTOKI_COMPAT #define CRYPTOKI_COMPAT 1 #endif #endif /* System dependencies. */ #if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32) /* There is a matching pop below. */ #pragma pack(push, cryptoki, 1) #ifdef CRYPTOKI_EXPORTS #define CK_SPEC __declspec(dllexport) #else #define CK_SPEC __declspec(dllimport) #endif #else #define CK_SPEC #endif #ifdef CRYPTOKI_COMPAT /* If we are in compatibility mode, switch all exposed names to the PKCS #11 variant. There are corresponding #undefs below. */ #define ck_flags_t CK_FLAGS #define ck_version _CK_VERSION #define ck_info _CK_INFO #define cryptoki_version cryptokiVersion #define manufacturer_id manufacturerID #define library_description libraryDescription #define library_version libraryVersion #define ck_notification_t CK_NOTIFICATION #define ck_slot_id_t CK_SLOT_ID #define ck_slot_info _CK_SLOT_INFO #define slot_description slotDescription #define hardware_version hardwareVersion #define firmware_version firmwareVersion #define ck_token_info _CK_TOKEN_INFO #define serial_number serialNumber #define max_session_count ulMaxSessionCount #define session_count ulSessionCount #define max_rw_session_count ulMaxRwSessionCount #define rw_session_count ulRwSessionCount #define max_pin_len ulMaxPinLen #define min_pin_len ulMinPinLen #define total_public_memory ulTotalPublicMemory #define free_public_memory ulFreePublicMemory #define total_private_memory ulTotalPrivateMemory #define free_private_memory ulFreePrivateMemory #define utc_time utcTime #define ck_session_handle_t CK_SESSION_HANDLE #define ck_user_type_t CK_USER_TYPE #define ck_state_t CK_STATE #define ck_session_info _CK_SESSION_INFO #define slot_id slotID #define device_error ulDeviceError #define ck_object_handle_t CK_OBJECT_HANDLE #define ck_object_class_t CK_OBJECT_CLASS #define ck_hw_feature_type_t CK_HW_FEATURE_TYPE #define ck_key_type_t CK_KEY_TYPE #define ck_certificate_type_t CK_CERTIFICATE_TYPE #define ck_attribute_type_t CK_ATTRIBUTE_TYPE #define ck_attribute _CK_ATTRIBUTE #define value pValue #define value_len ulValueLen #define ck_date _CK_DATE #define ck_mechanism_type_t CK_MECHANISM_TYPE #define ck_mechanism _CK_MECHANISM #define parameter pParameter #define parameter_len ulParameterLen #define ck_mechanism_info _CK_MECHANISM_INFO #define min_key_size ulMinKeySize #define max_key_size ulMaxKeySize #define ck_rv_t CK_RV #define ck_notify_t CK_NOTIFY #define ck_function_list _CK_FUNCTION_LIST #define ck_createmutex_t CK_CREATEMUTEX #define ck_destroymutex_t CK_DESTROYMUTEX #define ck_lockmutex_t CK_LOCKMUTEX #define ck_unlockmutex_t CK_UNLOCKMUTEX #define ck_c_initialize_args _CK_C_INITIALIZE_ARGS #define create_mutex CreateMutex #define destroy_mutex DestroyMutex #define lock_mutex LockMutex #define unlock_mutex UnlockMutex #define reserved pReserved #endif /* CRYPTOKI_COMPAT */ typedef unsigned long ck_flags_t; struct ck_version { unsigned char major; unsigned char minor; }; struct ck_info { struct ck_version cryptoki_version; unsigned char manufacturer_id[32]; ck_flags_t flags; unsigned char library_description[32]; struct ck_version library_version; }; typedef unsigned long ck_notification_t; #define CKN_SURRENDER (0) typedef unsigned long ck_slot_id_t; struct ck_slot_info { unsigned char slot_description[64]; unsigned char manufacturer_id[32]; ck_flags_t flags; struct ck_version hardware_version; struct ck_version firmware_version; }; #define CKF_TOKEN_PRESENT (1 << 0) #define CKF_REMOVABLE_DEVICE (1 << 1) #define CKF_HW_SLOT (1 << 2) #define CKF_ARRAY_ATTRIBUTE (1 << 30) struct ck_token_info { unsigned char label[32]; unsigned char manufacturer_id[32]; unsigned char model[16]; unsigned char serial_number[16]; ck_flags_t flags; unsigned long max_session_count; unsigned long session_count; unsigned long max_rw_session_count; unsigned long rw_session_count; unsigned long max_pin_len; unsigned long min_pin_len; unsigned long total_public_memory; unsigned long free_public_memory; unsigned long total_private_memory; unsigned long free_private_memory; struct ck_version hardware_version; struct ck_version firmware_version; unsigned char utc_time[16]; }; #define CKF_RNG (1 << 0) #define CKF_WRITE_PROTECTED (1 << 1) #define CKF_LOGIN_REQUIRED (1 << 2) #define CKF_USER_PIN_INITIALIZED (1 << 3) #define CKF_RESTORE_KEY_NOT_NEEDED (1 << 5) #define CKF_CLOCK_ON_TOKEN (1 << 6) #define CKF_PROTECTED_AUTHENTICATION_PATH (1 << 8) #define CKF_DUAL_CRYPTO_OPERATIONS (1 << 9) #define CKF_TOKEN_INITIALIZED (1 << 10) #define CKF_SECONDARY_AUTHENTICATION (1 << 11) #define CKF_USER_PIN_COUNT_LOW (1 << 16) #define CKF_USER_PIN_FINAL_TRY (1 << 17) #define CKF_USER_PIN_LOCKED (1 << 18) #define CKF_USER_PIN_TO_BE_CHANGED (1 << 19) #define CKF_SO_PIN_COUNT_LOW (1 << 20) #define CKF_SO_PIN_FINAL_TRY (1 << 21) #define CKF_SO_PIN_LOCKED (1 << 22) #define CKF_SO_PIN_TO_BE_CHANGED (1 << 23) #define CK_UNAVAILABLE_INFORMATION ((unsigned long) -1) #define CK_EFFECTIVELY_INFINITE (0) typedef unsigned long ck_session_handle_t; #define CK_INVALID_HANDLE (0) typedef unsigned long ck_user_type_t; #define CKU_SO (0) #define CKU_USER (1) #define CKU_CONTEXT_SPECIFIC (2) typedef unsigned long ck_state_t; #define CKS_RO_PUBLIC_SESSION (0) #define CKS_RO_USER_FUNCTIONS (1) #define CKS_RW_PUBLIC_SESSION (2) #define CKS_RW_USER_FUNCTIONS (3) #define CKS_RW_SO_FUNCTIONS (4) struct ck_session_info { ck_slot_id_t slot_id; ck_state_t state; ck_flags_t flags; unsigned long device_error; }; #define CKF_RW_SESSION (1 << 1) #define CKF_SERIAL_SESSION (1 << 2) typedef unsigned long ck_object_handle_t; typedef unsigned long ck_object_class_t; #define CKO_DATA (0) #define CKO_CERTIFICATE (1) #define CKO_PUBLIC_KEY (2) #define CKO_PRIVATE_KEY (3) #define CKO_SECRET_KEY (4) #define CKO_HW_FEATURE (5) #define CKO_DOMAIN_PARAMETERS (6) #define CKO_MECHANISM (7) #define CKO_VENDOR_DEFINED ((unsigned long) (1 << 31)) typedef unsigned long ck_hw_feature_type_t; #define CKH_MONOTONIC_COUNTER (1) #define CKH_CLOCK (2) #define CKH_USER_INTERFACE (3) #define CKH_VENDOR_DEFINED ((unsigned long) (1 << 31)) typedef unsigned long ck_key_type_t; #define CKK_RSA (0) #define CKK_DSA (1) #define CKK_DH (2) #define CKK_ECDSA (3) #define CKK_EC (3) #define CKK_X9_42_DH (4) #define CKK_KEA (5) #define CKK_GENERIC_SECRET (0x10) #define CKK_RC2 (0x11) #define CKK_RC4 (0x12) #define CKK_DES (0x13) #define CKK_DES2 (0x14) #define CKK_DES3 (0x15) #define CKK_CAST (0x16) #define CKK_CAST3 (0x17) #define CKK_CAST128 (0x18) #define CKK_RC5 (0x19) #define CKK_IDEA (0x1a) #define CKK_SKIPJACK (0x1b) #define CKK_BATON (0x1c) #define CKK_JUNIPER (0x1d) #define CKK_CDMF (0x1e) #define CKK_AES (0x1f) #define CKK_BLOWFISH (0x20) #define CKK_TWOFISH (0x21) #define CKK_VENDOR_DEFINED ((unsigned long) (1 << 31)) typedef unsigned long ck_certificate_type_t; #define CKC_X_509 (0) #define CKC_X_509_ATTR_CERT (1) #define CKC_WTLS (2) #define CKC_VENDOR_DEFINED ((unsigned long) (1 << 31)) typedef unsigned long ck_attribute_type_t; #define CKA_CLASS (0) #define CKA_TOKEN (1) #define CKA_PRIVATE (2) #define CKA_LABEL (3) #define CKA_APPLICATION (0x10) #define CKA_VALUE (0x11) #define CKA_OBJECT_ID (0x12) #define CKA_CERTIFICATE_TYPE (0x80) #define CKA_ISSUER (0x81) #define CKA_SERIAL_NUMBER (0x82) #define CKA_AC_ISSUER (0x83) #define CKA_OWNER (0x84) #define CKA_ATTR_TYPES (0x85) #define CKA_TRUSTED (0x86) #define CKA_CERTIFICATE_CATEGORY (0x87) #define CKA_JAVA_MIDP_SECURITY_DOMAIN (0x88) #define CKA_URL (0x89) #define CKA_HASH_OF_SUBJECT_PUBLIC_KEY (0x8a) #define CKA_HASH_OF_ISSUER_PUBLIC_KEY (0x8b) #define CKA_CHECK_VALUE (0x90) #define CKA_KEY_TYPE (0x100) #define CKA_SUBJECT (0x101) #define CKA_ID (0x102) #define CKA_SENSITIVE (0x103) #define CKA_ENCRYPT (0x104) #define CKA_DECRYPT (0x105) #define CKA_WRAP (0x106) #define CKA_UNWRAP (0x107) #define CKA_SIGN (0x108) #define CKA_SIGN_RECOVER (0x109) #define CKA_VERIFY (0x10a) #define CKA_VERIFY_RECOVER (0x10b) #define CKA_DERIVE (0x10c) #define CKA_START_DATE (0x110) #define CKA_END_DATE (0x111) #define CKA_MODULUS (0x120) #define CKA_MODULUS_BITS (0x121) #define CKA_PUBLIC_EXPONENT (0x122) #define CKA_PRIVATE_EXPONENT (0x123) #define CKA_PRIME_1 (0x124) #define CKA_PRIME_2 (0x125) #define CKA_EXPONENT_1 (0x126) #define CKA_EXPONENT_2 (0x127) #define CKA_COEFFICIENT (0x128) #define CKA_PRIME (0x130) #define CKA_SUBPRIME (0x131) #define CKA_BASE (0x132) #define CKA_PRIME_BITS (0x133) #define CKA_SUB_PRIME_BITS (0x134) #define CKA_VALUE_BITS (0x160) #define CKA_VALUE_LEN (0x161) #define CKA_EXTRACTABLE (0x162) #define CKA_LOCAL (0x163) #define CKA_NEVER_EXTRACTABLE (0x164) #define CKA_ALWAYS_SENSITIVE (0x165) #define CKA_KEY_GEN_MECHANISM (0x166) #define CKA_MODIFIABLE (0x170) #define CKA_ECDSA_PARAMS (0x180) #define CKA_EC_PARAMS (0x180) #define CKA_EC_POINT (0x181) #define CKA_SECONDARY_AUTH (0x200) #define CKA_AUTH_PIN_FLAGS (0x201) #define CKA_ALWAYS_AUTHENTICATE (0x202) #define CKA_WRAP_WITH_TRUSTED (0x210) #define CKA_HW_FEATURE_TYPE (0x300) #define CKA_RESET_ON_INIT (0x301) #define CKA_HAS_RESET (0x302) #define CKA_PIXEL_X (0x400) #define CKA_PIXEL_Y (0x401) #define CKA_RESOLUTION (0x402) #define CKA_CHAR_ROWS (0x403) #define CKA_CHAR_COLUMNS (0x404) #define CKA_COLOR (0x405) #define CKA_BITS_PER_PIXEL (0x406) #define CKA_CHAR_SETS (0x480) #define CKA_ENCODING_METHODS (0x481) #define CKA_MIME_TYPES (0x482) #define CKA_MECHANISM_TYPE (0x500) #define CKA_REQUIRED_CMS_ATTRIBUTES (0x501) #define CKA_DEFAULT_CMS_ATTRIBUTES (0x502) #define CKA_SUPPORTED_CMS_ATTRIBUTES (0x503) #define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x211) #define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x212) #define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE | 0x600) #define CKA_VENDOR_DEFINED ((unsigned long) (1 << 31)) struct ck_attribute { ck_attribute_type_t type; void *value; unsigned long value_len; }; struct ck_date { unsigned char year[4]; unsigned char month[2]; unsigned char day[2]; }; typedef unsigned long ck_mechanism_type_t; #define CKM_RSA_PKCS_KEY_PAIR_GEN (0) #define CKM_RSA_PKCS (1) #define CKM_RSA_9796 (2) #define CKM_RSA_X_509 (3) #define CKM_MD2_RSA_PKCS (4) #define CKM_MD5_RSA_PKCS (5) #define CKM_SHA1_RSA_PKCS (6) #define CKM_RIPEMD128_RSA_PKCS (7) #define CKM_RIPEMD160_RSA_PKCS (8) #define CKM_RSA_PKCS_OAEP (9) #define CKM_RSA_X9_31_KEY_PAIR_GEN (0xa) #define CKM_RSA_X9_31 (0xb) #define CKM_SHA1_RSA_X9_31 (0xc) #define CKM_RSA_PKCS_PSS (0xd) #define CKM_SHA1_RSA_PKCS_PSS (0xe) #define CKM_DSA_KEY_PAIR_GEN (0x10) #define CKM_DSA (0x11) #define CKM_DSA_SHA1 (0x12) #define CKM_DH_PKCS_KEY_PAIR_GEN (0x20) #define CKM_DH_PKCS_DERIVE (0x21) #define CKM_X9_42_DH_KEY_PAIR_GEN (0x30) #define CKM_X9_42_DH_DERIVE (0x31) #define CKM_X9_42_DH_HYBRID_DERIVE (0x32) #define CKM_X9_42_MQV_DERIVE (0x33) #define CKM_SHA256_RSA_PKCS (0x40) #define CKM_SHA384_RSA_PKCS (0x41) #define CKM_SHA512_RSA_PKCS (0x42) #define CKM_SHA256_RSA_PKCS_PSS (0x43) #define CKM_SHA384_RSA_PKCS_PSS (0x44) #define CKM_SHA512_RSA_PKCS_PSS (0x45) #define CKM_RC2_KEY_GEN (0x100) #define CKM_RC2_ECB (0x101) #define CKM_RC2_CBC (0x102) #define CKM_RC2_MAC (0x103) #define CKM_RC2_MAC_GENERAL (0x104) #define CKM_RC2_CBC_PAD (0x105) #define CKM_RC4_KEY_GEN (0x110) #define CKM_RC4 (0x111) #define CKM_DES_KEY_GEN (0x120) #define CKM_DES_ECB (0x121) #define CKM_DES_CBC (0x122) #define CKM_DES_MAC (0x123) #define CKM_DES_MAC_GENERAL (0x124) #define CKM_DES_CBC_PAD (0x125) #define CKM_DES2_KEY_GEN (0x130) #define CKM_DES3_KEY_GEN (0x131) #define CKM_DES3_ECB (0x132) #define CKM_DES3_CBC (0x133) #define CKM_DES3_MAC (0x134) #define CKM_DES3_MAC_GENERAL (0x135) #define CKM_DES3_CBC_PAD (0x136) #define CKM_CDMF_KEY_GEN (0x140) #define CKM_CDMF_ECB (0x141) #define CKM_CDMF_CBC (0x142) #define CKM_CDMF_MAC (0x143) #define CKM_CDMF_MAC_GENERAL (0x144) #define CKM_CDMF_CBC_PAD (0x145) #define CKM_MD2 (0x200) #define CKM_MD2_HMAC (0x201) #define CKM_MD2_HMAC_GENERAL (0x202) #define CKM_MD5 (0x210) #define CKM_MD5_HMAC (0x211) #define CKM_MD5_HMAC_GENERAL (0x212) #define CKM_SHA_1 (0x220) #define CKM_SHA_1_HMAC (0x221) #define CKM_SHA_1_HMAC_GENERAL (0x222) #define CKM_RIPEMD128 (0x230) #define CKM_RIPEMD128_HMAC (0x231) #define CKM_RIPEMD128_HMAC_GENERAL (0x232) #define CKM_RIPEMD160 (0x240) #define CKM_RIPEMD160_HMAC (0x241) #define CKM_RIPEMD160_HMAC_GENERAL (0x242) #define CKM_SHA256 (0x250) #define CKM_SHA256_HMAC (0x251) #define CKM_SHA256_HMAC_GENERAL (0x252) #define CKM_SHA384 (0x260) #define CKM_SHA384_HMAC (0x261) #define CKM_SHA384_HMAC_GENERAL (0x262) #define CKM_SHA512 (0x270) #define CKM_SHA512_HMAC (0x271) #define CKM_SHA512_HMAC_GENERAL (0x272) #define CKM_CAST_KEY_GEN (0x300) #define CKM_CAST_ECB (0x301) #define CKM_CAST_CBC (0x302) #define CKM_CAST_MAC (0x303) #define CKM_CAST_MAC_GENERAL (0x304) #define CKM_CAST_CBC_PAD (0x305) #define CKM_CAST3_KEY_GEN (0x310) #define CKM_CAST3_ECB (0x311) #define CKM_CAST3_CBC (0x312) #define CKM_CAST3_MAC (0x313) #define CKM_CAST3_MAC_GENERAL (0x314) #define CKM_CAST3_CBC_PAD (0x315) #define CKM_CAST5_KEY_GEN (0x320) #define CKM_CAST128_KEY_GEN (0x320) #define CKM_CAST5_ECB (0x321) #define CKM_CAST128_ECB (0x321) #define CKM_CAST5_CBC (0x322) #define CKM_CAST128_CBC (0x322) #define CKM_CAST5_MAC (0x323) #define CKM_CAST128_MAC (0x323) #define CKM_CAST5_MAC_GENERAL (0x324) #define CKM_CAST128_MAC_GENERAL (0x324) #define CKM_CAST5_CBC_PAD (0x325) #define CKM_CAST128_CBC_PAD (0x325) #define CKM_RC5_KEY_GEN (0x330) #define CKM_RC5_ECB (0x331) #define CKM_RC5_CBC (0x332) #define CKM_RC5_MAC (0x333) #define CKM_RC5_MAC_GENERAL (0x334) #define CKM_RC5_CBC_PAD (0x335) #define CKM_IDEA_KEY_GEN (0x340) #define CKM_IDEA_ECB (0x341) #define CKM_IDEA_CBC (0x342) #define CKM_IDEA_MAC (0x343) #define CKM_IDEA_MAC_GENERAL (0x344) #define CKM_IDEA_CBC_PAD (0x345) #define CKM_GENERIC_SECRET_KEY_GEN (0x350) #define CKM_CONCATENATE_BASE_AND_KEY (0x360) #define CKM_CONCATENATE_BASE_AND_DATA (0x362) #define CKM_CONCATENATE_DATA_AND_BASE (0x363) #define CKM_XOR_BASE_AND_DATA (0x364) #define CKM_EXTRACT_KEY_FROM_KEY (0x365) #define CKM_SSL3_PRE_MASTER_KEY_GEN (0x370) #define CKM_SSL3_MASTER_KEY_DERIVE (0x371) #define CKM_SSL3_KEY_AND_MAC_DERIVE (0x372) #define CKM_SSL3_MASTER_KEY_DERIVE_DH (0x373) #define CKM_TLS_PRE_MASTER_KEY_GEN (0x374) #define CKM_TLS_MASTER_KEY_DERIVE (0x375) #define CKM_TLS_KEY_AND_MAC_DERIVE (0x376) #define CKM_TLS_MASTER_KEY_DERIVE_DH (0x377) #define CKM_SSL3_MD5_MAC (0x380) #define CKM_SSL3_SHA1_MAC (0x381) #define CKM_MD5_KEY_DERIVATION (0x390) #define CKM_MD2_KEY_DERIVATION (0x391) #define CKM_SHA1_KEY_DERIVATION (0x392) #define CKM_PBE_MD2_DES_CBC (0x3a0) #define CKM_PBE_MD5_DES_CBC (0x3a1) #define CKM_PBE_MD5_CAST_CBC (0x3a2) #define CKM_PBE_MD5_CAST3_CBC (0x3a3) #define CKM_PBE_MD5_CAST5_CBC (0x3a4) #define CKM_PBE_MD5_CAST128_CBC (0x3a4) #define CKM_PBE_SHA1_CAST5_CBC (0x3a5) #define CKM_PBE_SHA1_CAST128_CBC (0x3a5) #define CKM_PBE_SHA1_RC4_128 (0x3a6) #define CKM_PBE_SHA1_RC4_40 (0x3a7) #define CKM_PBE_SHA1_DES3_EDE_CBC (0x3a8) #define CKM_PBE_SHA1_DES2_EDE_CBC (0x3a9) #define CKM_PBE_SHA1_RC2_128_CBC (0x3aa) #define CKM_PBE_SHA1_RC2_40_CBC (0x3ab) #define CKM_PKCS5_PBKD2 (0x3b0) #define CKM_PBA_SHA1_WITH_SHA1_HMAC (0x3c0) #define CKM_KEY_WRAP_LYNKS (0x400) #define CKM_KEY_WRAP_SET_OAEP (0x401) #define CKM_SKIPJACK_KEY_GEN (0x1000) #define CKM_SKIPJACK_ECB64 (0x1001) #define CKM_SKIPJACK_CBC64 (0x1002) #define CKM_SKIPJACK_OFB64 (0x1003) #define CKM_SKIPJACK_CFB64 (0x1004) #define CKM_SKIPJACK_CFB32 (0x1005) #define CKM_SKIPJACK_CFB16 (0x1006) #define CKM_SKIPJACK_CFB8 (0x1007) #define CKM_SKIPJACK_WRAP (0x1008) #define CKM_SKIPJACK_PRIVATE_WRAP (0x1009) #define CKM_SKIPJACK_RELAYX (0x100a) #define CKM_KEA_KEY_PAIR_GEN (0x1010) #define CKM_KEA_KEY_DERIVE (0x1011) #define CKM_FORTEZZA_TIMESTAMP (0x1020) #define CKM_BATON_KEY_GEN (0x1030) #define CKM_BATON_ECB128 (0x1031) #define CKM_BATON_ECB96 (0x1032) #define CKM_BATON_CBC128 (0x1033) #define CKM_BATON_COUNTER (0x1034) #define CKM_BATON_SHUFFLE (0x1035) #define CKM_BATON_WRAP (0x1036) #define CKM_ECDSA_KEY_PAIR_GEN (0x1040) #define CKM_EC_KEY_PAIR_GEN (0x1040) #define CKM_ECDSA (0x1041) #define CKM_ECDSA_SHA1 (0x1042) #define CKM_ECDH1_DERIVE (0x1050) #define CKM_ECDH1_COFACTOR_DERIVE (0x1051) #define CKM_ECMQV_DERIVE (0x1052) #define CKM_JUNIPER_KEY_GEN (0x1060) #define CKM_JUNIPER_ECB128 (0x1061) #define CKM_JUNIPER_CBC128 (0x1062) #define CKM_JUNIPER_COUNTER (0x1063) #define CKM_JUNIPER_SHUFFLE (0x1064) #define CKM_JUNIPER_WRAP (0x1065) #define CKM_FASTHASH (0x1070) #define CKM_AES_KEY_GEN (0x1080) #define CKM_AES_ECB (0x1081) #define CKM_AES_CBC (0x1082) #define CKM_AES_MAC (0x1083) #define CKM_AES_MAC_GENERAL (0x1084) #define CKM_AES_CBC_PAD (0x1085) #define CKM_DSA_PARAMETER_GEN (0x2000) #define CKM_DH_PKCS_PARAMETER_GEN (0x2001) #define CKM_X9_42_DH_PARAMETER_GEN (0x2002) #define CKM_VENDOR_DEFINED ((unsigned long) (1 << 31)) struct ck_mechanism { ck_mechanism_type_t mechanism; void *parameter; unsigned long parameter_len; }; struct ck_mechanism_info { unsigned long min_key_size; unsigned long max_key_size; ck_flags_t flags; }; #define CKF_HW (1 << 0) #define CKF_ENCRYPT (1 << 8) #define CKF_DECRYPT (1 << 9) #define CKF_DIGEST (1 << 10) #define CKF_SIGN (1 << 11) #define CKF_SIGN_RECOVER (1 << 12) #define CKF_VERIFY (1 << 13) #define CKF_VERIFY_RECOVER (1 << 14) #define CKF_GENERATE (1 << 15) #define CKF_GENERATE_KEY_PAIR (1 << 16) #define CKF_WRAP (1 << 17) #define CKF_UNWRAP (1 << 18) #define CKF_DERIVE (1 << 19) #define CKF_EXTENSION ((unsigned long) (1 << 31)) /* Flags for C_WaitForSlotEvent. */ #define CKF_DONT_BLOCK (1) typedef unsigned long ck_rv_t; typedef ck_rv_t (*ck_notify_t) (ck_session_handle_t session, ck_notification_t event, void *application); /* Forward reference. */ struct ck_function_list; #define _CK_DECLARE_FUNCTION(name, args) \ typedef ck_rv_t (*CK_ ## name) args; \ ck_rv_t CK_SPEC name args _CK_DECLARE_FUNCTION (C_Initialize, (void *init_args)); _CK_DECLARE_FUNCTION (C_Finalize, (void *reserved)); _CK_DECLARE_FUNCTION (C_GetInfo, (struct ck_info *info)); _CK_DECLARE_FUNCTION (C_GetFunctionList, (struct ck_function_list **function_list)); _CK_DECLARE_FUNCTION (C_GetSlotList, (unsigned char token_present, ck_slot_id_t *slot_list, unsigned long *count)); _CK_DECLARE_FUNCTION (C_GetSlotInfo, (ck_slot_id_t slot_id, struct ck_slot_info *info)); _CK_DECLARE_FUNCTION (C_GetTokenInfo, (ck_slot_id_t slot_id, struct ck_token_info *info)); _CK_DECLARE_FUNCTION (C_WaitForSlotEvent, (ck_flags_t flags, ck_slot_id_t *slot, void *reserved)); _CK_DECLARE_FUNCTION (C_GetMechanismList, (ck_slot_id_t slot_id, ck_mechanism_type_t *mechanism_list, unsigned long *count)); _CK_DECLARE_FUNCTION (C_GetMechanismInfo, (ck_slot_id_t slot_id, ck_mechanism_type_t type, struct ck_mechanism_info *info)); _CK_DECLARE_FUNCTION (C_InitToken, (ck_slot_id_t slot_id, unsigned char *pin, unsigned long pin_len, unsigned char *label)); _CK_DECLARE_FUNCTION (C_InitPIN, (ck_session_handle_t session, unsigned char *pin, unsigned long pin_len)); _CK_DECLARE_FUNCTION (C_SetPIN, (ck_session_handle_t session, unsigned char *old_pin, unsigned long old_len, unsigned char *new_pin, unsigned long new_len)); _CK_DECLARE_FUNCTION (C_OpenSession, (ck_slot_id_t slot_id, ck_flags_t flags, void *application, ck_notify_t notify, ck_session_handle_t *session)); _CK_DECLARE_FUNCTION (C_CloseSession, (ck_session_handle_t session)); _CK_DECLARE_FUNCTION (C_CloseAllSessions, (ck_slot_id_t slot_id)); _CK_DECLARE_FUNCTION (C_GetSessionInfo, (ck_session_handle_t session, struct ck_session_info *info)); _CK_DECLARE_FUNCTION (C_GetOperationState, (ck_session_handle_t session, unsigned char *operation_state, unsigned long *operation_state_len)); _CK_DECLARE_FUNCTION (C_SetOperationState, (ck_session_handle_t session, unsigned char *operation_state, unsigned long operation_state_len, ck_object_handle_t encryption_key, ck_object_handle_t authentiation_key)); _CK_DECLARE_FUNCTION (C_Login, (ck_session_handle_t session, ck_user_type_t user_type, unsigned char *pin, unsigned long pin_len)); _CK_DECLARE_FUNCTION (C_Logout, (ck_session_handle_t session)); _CK_DECLARE_FUNCTION (C_CreateObject, (ck_session_handle_t session, struct ck_attribute *templ, unsigned long count, ck_object_handle_t *object)); _CK_DECLARE_FUNCTION (C_CopyObject, (ck_session_handle_t session, ck_object_handle_t object, struct ck_attribute *templ, unsigned long count, ck_object_handle_t *new_object)); _CK_DECLARE_FUNCTION (C_DestroyObject, (ck_session_handle_t session, ck_object_handle_t object)); _CK_DECLARE_FUNCTION (C_GetObjectSize, (ck_session_handle_t session, ck_object_handle_t object, unsigned long *size)); _CK_DECLARE_FUNCTION (C_GetAttributeValue, (ck_session_handle_t session, ck_object_handle_t object, struct ck_attribute *templ, unsigned long count)); _CK_DECLARE_FUNCTION (C_SetAttributeValue, (ck_session_handle_t session, ck_object_handle_t object, struct ck_attribute *templ, unsigned long count)); _CK_DECLARE_FUNCTION (C_FindObjectsInit, (ck_session_handle_t session, struct ck_attribute *templ, unsigned long count)); _CK_DECLARE_FUNCTION (C_FindObjects, (ck_session_handle_t session, ck_object_handle_t *object, unsigned long max_object_count, unsigned long *object_count)); _CK_DECLARE_FUNCTION (C_FindObjectsFinal, (ck_session_handle_t session)); _CK_DECLARE_FUNCTION (C_EncryptInit, (ck_session_handle_t session, struct ck_mechanism *mechanism, ck_object_handle_t key)); _CK_DECLARE_FUNCTION (C_Encrypt, (ck_session_handle_t session, unsigned char *data, unsigned long data_len, unsigned char *encrypted_data, unsigned long *encrypted_data_len)); _CK_DECLARE_FUNCTION (C_EncryptUpdate, (ck_session_handle_t session, unsigned char *part, unsigned long part_len, unsigned char *encrypted_part, unsigned long *encrypted_part_len)); _CK_DECLARE_FUNCTION (C_EncryptFinal, (ck_session_handle_t session, unsigned char *last_encrypted_part, unsigned long *last_encrypted_part_len)); _CK_DECLARE_FUNCTION (C_DecryptInit, (ck_session_handle_t session, struct ck_mechanism *mechanism, ck_object_handle_t key)); _CK_DECLARE_FUNCTION (C_Decrypt, (ck_session_handle_t session, unsigned char *encrypted_data, unsigned long encrypted_data_len, unsigned char *data, unsigned long *data_len)); _CK_DECLARE_FUNCTION (C_DecryptUpdate, (ck_session_handle_t session, unsigned char *encrypted_part, unsigned long encrypted_part_len, unsigned char *part, unsigned long *part_len)); _CK_DECLARE_FUNCTION (C_DecryptFinal, (ck_session_handle_t session, unsigned char *last_part, unsigned long *last_part_len)); _CK_DECLARE_FUNCTION (C_DigestInit, (ck_session_handle_t session, struct ck_mechanism *mechanism)); _CK_DECLARE_FUNCTION (C_Digest, (ck_session_handle_t session, unsigned char *data, unsigned long data_len, unsigned char *digest, unsigned long *digest_len)); _CK_DECLARE_FUNCTION (C_DigestUpdate, (ck_session_handle_t session, unsigned char *part, unsigned long part_len)); _CK_DECLARE_FUNCTION (C_DigestKey, (ck_session_handle_t session, ck_object_handle_t key)); _CK_DECLARE_FUNCTION (C_DigestFinal, (ck_session_handle_t session, unsigned char *digest, unsigned long *digest_len)); _CK_DECLARE_FUNCTION (C_SignInit, (ck_session_handle_t session, struct ck_mechanism *mechanism, ck_object_handle_t key)); _CK_DECLARE_FUNCTION (C_Sign, (ck_session_handle_t session, unsigned char *data, unsigned long data_len, unsigned char *signature, unsigned long *signature_len)); _CK_DECLARE_FUNCTION (C_SignUpdate, (ck_session_handle_t session, unsigned char *part, unsigned long part_len)); _CK_DECLARE_FUNCTION (C_SignFinal, (ck_session_handle_t session, unsigned char *signature, unsigned long *signature_len)); _CK_DECLARE_FUNCTION (C_SignRecoverInit, (ck_session_handle_t session, struct ck_mechanism *mechanism, ck_object_handle_t key)); _CK_DECLARE_FUNCTION (C_SignRecover, (ck_session_handle_t session, unsigned char *data, unsigned long data_len, unsigned char *signature, unsigned long *signature_len)); _CK_DECLARE_FUNCTION (C_VerifyInit, (ck_session_handle_t session, struct ck_mechanism *mechanism, ck_object_handle_t key)); _CK_DECLARE_FUNCTION (C_Verify, (ck_session_handle_t session, unsigned char *data, unsigned long data_len, unsigned char *signature, unsigned long signature_len)); _CK_DECLARE_FUNCTION (C_VerifyUpdate, (ck_session_handle_t session, unsigned char *part, unsigned long part_len)); _CK_DECLARE_FUNCTION (C_VerifyFinal, (ck_session_handle_t session, unsigned char *signature, unsigned long signature_len)); _CK_DECLARE_FUNCTION (C_VerifyRecoverInit, (ck_session_handle_t session, struct ck_mechanism *mechanism, ck_object_handle_t key)); _CK_DECLARE_FUNCTION (C_VerifyRecover, (ck_session_handle_t session, unsigned char *signature, unsigned long signature_len, unsigned char *data, unsigned long *data_len)); _CK_DECLARE_FUNCTION (C_DigestEncryptUpdate, (ck_session_handle_t session, unsigned char *part, unsigned long part_len, unsigned char *encrypted_part, unsigned long *encrypted_part_len)); _CK_DECLARE_FUNCTION (C_DecryptDigestUpdate, (ck_session_handle_t session, unsigned char *encrypted_part, unsigned long encrypted_part_len, unsigned char *part, unsigned long *part_len)); _CK_DECLARE_FUNCTION (C_SignEncryptUpdate, (ck_session_handle_t session, unsigned char *part, unsigned long part_len, unsigned char *encrypted_part, unsigned long *encrypted_part_len)); _CK_DECLARE_FUNCTION (C_DecryptVerifyUpdate, (ck_session_handle_t session, unsigned char *encrypted_part, unsigned long encrypted_part_len, unsigned char *part, unsigned long *part_len)); _CK_DECLARE_FUNCTION (C_GenerateKey, (ck_session_handle_t session, struct ck_mechanism *mechanism, struct ck_attribute *templ, unsigned long count, ck_object_handle_t *key)); _CK_DECLARE_FUNCTION (C_GenerateKeyPair, (ck_session_handle_t session, struct ck_mechanism *mechanism, struct ck_attribute *public_key_template, unsigned long public_key_attribute_count, struct ck_attribute *private_key_template, unsigned long private_key_attribute_count, ck_object_handle_t *public_key, ck_object_handle_t *private_key)); _CK_DECLARE_FUNCTION (C_WrapKey, (ck_session_handle_t session, struct ck_mechanism *mechanism, ck_object_handle_t wrapping_key, ck_object_handle_t key, unsigned char *wrapped_key, unsigned long *wrapped_key_len)); _CK_DECLARE_FUNCTION (C_UnwrapKey, (ck_session_handle_t session, struct ck_mechanism *mechanism, ck_object_handle_t unwrapping_key, unsigned char *wrapped_key, unsigned long wrapped_key_len, struct ck_attribute *templ, unsigned long attribute_count, ck_object_handle_t *key)); _CK_DECLARE_FUNCTION (C_DeriveKey, (ck_session_handle_t session, struct ck_mechanism *mechanism, ck_object_handle_t base_key, struct ck_attribute *templ, unsigned long attribute_count, ck_object_handle_t *key)); _CK_DECLARE_FUNCTION (C_SeedRandom, (ck_session_handle_t session, unsigned char *seed, unsigned long seed_len)); _CK_DECLARE_FUNCTION (C_GenerateRandom, (ck_session_handle_t session, unsigned char *random_data, unsigned long random_len)); _CK_DECLARE_FUNCTION (C_GetFunctionStatus, (ck_session_handle_t session)); _CK_DECLARE_FUNCTION (C_CancelFunction, (ck_session_handle_t session)); struct ck_function_list { struct ck_version version; CK_C_Initialize C_Initialize; CK_C_Finalize C_Finalize; CK_C_GetInfo C_GetInfo; CK_C_GetFunctionList C_GetFunctionList; CK_C_GetSlotList C_GetSlotList; CK_C_GetSlotInfo C_GetSlotInfo; CK_C_GetTokenInfo C_GetTokenInfo; CK_C_GetMechanismList C_GetMechanismList; CK_C_GetMechanismInfo C_GetMechanismInfo; CK_C_InitToken C_InitToken; CK_C_InitPIN C_InitPIN; CK_C_SetPIN C_SetPIN; CK_C_OpenSession C_OpenSession; CK_C_CloseSession C_CloseSession; CK_C_CloseAllSessions C_CloseAllSessions; CK_C_GetSessionInfo C_GetSessionInfo; CK_C_GetOperationState C_GetOperationState; CK_C_SetOperationState C_SetOperationState; CK_C_Login C_Login; CK_C_Logout C_Logout; CK_C_CreateObject C_CreateObject; CK_C_CopyObject C_CopyObject; CK_C_DestroyObject C_DestroyObject; CK_C_GetObjectSize C_GetObjectSize; CK_C_GetAttributeValue C_GetAttributeValue; CK_C_SetAttributeValue C_SetAttributeValue; CK_C_FindObjectsInit C_FindObjectsInit; CK_C_FindObjects C_FindObjects; CK_C_FindObjectsFinal C_FindObjectsFinal; CK_C_EncryptInit C_EncryptInit; CK_C_Encrypt C_Encrypt; CK_C_EncryptUpdate C_EncryptUpdate; CK_C_EncryptFinal C_EncryptFinal; CK_C_DecryptInit C_DecryptInit; CK_C_Decrypt C_Decrypt; CK_C_DecryptUpdate C_DecryptUpdate; CK_C_DecryptFinal C_DecryptFinal; CK_C_DigestInit C_DigestInit; CK_C_Digest C_Digest; CK_C_DigestUpdate C_DigestUpdate; CK_C_DigestKey C_DigestKey; CK_C_DigestFinal C_DigestFinal; CK_C_SignInit C_SignInit; CK_C_Sign C_Sign; CK_C_SignUpdate C_SignUpdate; CK_C_SignFinal C_SignFinal; CK_C_SignRecoverInit C_SignRecoverInit; CK_C_SignRecover C_SignRecover; CK_C_VerifyInit C_VerifyInit; CK_C_Verify C_Verify; CK_C_VerifyUpdate C_VerifyUpdate; CK_C_VerifyFinal C_VerifyFinal; CK_C_VerifyRecoverInit C_VerifyRecoverInit; CK_C_VerifyRecover C_VerifyRecover; CK_C_DigestEncryptUpdate C_DigestEncryptUpdate; CK_C_DecryptDigestUpdate C_DecryptDigestUpdate; CK_C_SignEncryptUpdate C_SignEncryptUpdate; CK_C_DecryptVerifyUpdate C_DecryptVerifyUpdate; CK_C_GenerateKey C_GenerateKey; CK_C_GenerateKeyPair C_GenerateKeyPair; CK_C_WrapKey C_WrapKey; CK_C_UnwrapKey C_UnwrapKey; CK_C_DeriveKey C_DeriveKey; CK_C_SeedRandom C_SeedRandom; CK_C_GenerateRandom C_GenerateRandom; CK_C_GetFunctionStatus C_GetFunctionStatus; CK_C_CancelFunction C_CancelFunction; CK_C_WaitForSlotEvent C_WaitForSlotEvent; }; typedef ck_rv_t (*ck_createmutex_t) (void **mutex); typedef ck_rv_t (*ck_destroymutex_t) (void *mutex); typedef ck_rv_t (*ck_lockmutex_t) (void *mutex); typedef ck_rv_t (*ck_unlockmutex_t) (void *mutex); struct ck_c_initialize_args { ck_createmutex_t create_mutex; ck_destroymutex_t destroy_mutex; ck_lockmutex_t lock_mutex; ck_unlockmutex_t unlock_mutex; ck_flags_t flags; void *reserved; }; #define CKF_LIBRARY_CANT_CREATE_OS_THREADS (1 << 0) #define CKF_OS_LOCKING_OK (1 << 1) #define CKR_OK (0) #define CKR_CANCEL (1) #define CKR_HOST_MEMORY (2) #define CKR_SLOT_ID_INVALID (3) #define CKR_GENERAL_ERROR (5) #define CKR_FUNCTION_FAILED (6) #define CKR_ARGUMENTS_BAD (7) #define CKR_NO_EVENT (8) #define CKR_NEED_TO_CREATE_THREADS (9) #define CKR_CANT_LOCK (0xa) #define CKR_ATTRIBUTE_READ_ONLY (0x10) #define CKR_ATTRIBUTE_SENSITIVE (0x11) #define CKR_ATTRIBUTE_TYPE_INVALID (0x12) #define CKR_ATTRIBUTE_VALUE_INVALID (0x13) #define CKR_DATA_INVALID (0x20) #define CKR_DATA_LEN_RANGE (0x21) #define CKR_DEVICE_ERROR (0x30) #define CKR_DEVICE_MEMORY (0x31) #define CKR_DEVICE_REMOVED (0x32) #define CKR_ENCRYPTED_DATA_INVALID (0x40) #define CKR_ENCRYPTED_DATA_LEN_RANGE (0x41) #define CKR_FUNCTION_CANCELED (0x50) #define CKR_FUNCTION_NOT_PARALLEL (0x51) #define CKR_FUNCTION_NOT_SUPPORTED (0x54) #define CKR_KEY_HANDLE_INVALID (0x60) #define CKR_KEY_SIZE_RANGE (0x62) #define CKR_KEY_TYPE_INCONSISTENT (0x63) #define CKR_KEY_NOT_NEEDED (0x64) #define CKR_KEY_CHANGED (0x65) #define CKR_KEY_NEEDED (0x66) #define CKR_KEY_INDIGESTIBLE (0x67) #define CKR_KEY_FUNCTION_NOT_PERMITTED (0x68) #define CKR_KEY_NOT_WRAPPABLE (0x69) #define CKR_KEY_UNEXTRACTABLE (0x6a) #define CKR_MECHANISM_INVALID (0x70) #define CKR_MECHANISM_PARAM_INVALID (0x71) #define CKR_OBJECT_HANDLE_INVALID (0x82) #define CKR_OPERATION_ACTIVE (0x90) #define CKR_OPERATION_NOT_INITIALIZED (0x91) #define CKR_PIN_INCORRECT (0xa0) #define CKR_PIN_INVALID (0xa1) #define CKR_PIN_LEN_RANGE (0xa2) #define CKR_PIN_EXPIRED (0xa3) #define CKR_PIN_LOCKED (0xa4) #define CKR_SESSION_CLOSED (0xb0) #define CKR_SESSION_COUNT (0xb1) #define CKR_SESSION_HANDLE_INVALID (0xb3) #define CKR_SESSION_PARALLEL_NOT_SUPPORTED (0xb4) #define CKR_SESSION_READ_ONLY (0xb5) #define CKR_SESSION_EXISTS (0xb6) #define CKR_SESSION_READ_ONLY_EXISTS (0xb7) #define CKR_SESSION_READ_WRITE_SO_EXISTS (0xb8) #define CKR_SIGNATURE_INVALID (0xc0) #define CKR_SIGNATURE_LEN_RANGE (0xc1) #define CKR_TEMPLATE_INCOMPLETE (0xd0) #define CKR_TEMPLATE_INCONSISTENT (0xd1) #define CKR_TOKEN_NOT_PRESENT (0xe0) #define CKR_TOKEN_NOT_RECOGNIZED (0xe1) #define CKR_TOKEN_WRITE_PROTECTED (0xe2) #define CKR_UNWRAPPING_KEY_HANDLE_INVALID (0xf0) #define CKR_UNWRAPPING_KEY_SIZE_RANGE (0xf1) #define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT (0xf2) #define CKR_USER_ALREADY_LOGGED_IN (0x100) #define CKR_USER_NOT_LOGGED_IN (0x101) #define CKR_USER_PIN_NOT_INITIALIZED (0x102) #define CKR_USER_TYPE_INVALID (0x103) #define CKR_USER_ANOTHER_ALREADY_LOGGED_IN (0x104) #define CKR_USER_TOO_MANY_TYPES (0x105) #define CKR_WRAPPED_KEY_INVALID (0x110) #define CKR_WRAPPED_KEY_LEN_RANGE (0x112) #define CKR_WRAPPING_KEY_HANDLE_INVALID (0x113) #define CKR_WRAPPING_KEY_SIZE_RANGE (0x114) #define CKR_WRAPPING_KEY_TYPE_INCONSISTENT (0x115) #define CKR_RANDOM_SEED_NOT_SUPPORTED (0x120) #define CKR_RANDOM_NO_RNG (0x121) #define CKR_DOMAIN_PARAMS_INVALID (0x130) #define CKR_BUFFER_TOO_SMALL (0x150) #define CKR_SAVED_STATE_INVALID (0x160) #define CKR_INFORMATION_SENSITIVE (0x170) #define CKR_STATE_UNSAVEABLE (0x180) #define CKR_CRYPTOKI_NOT_INITIALIZED (0x190) #define CKR_CRYPTOKI_ALREADY_INITIALIZED (0x191) #define CKR_MUTEX_BAD (0x1a0) #define CKR_MUTEX_NOT_LOCKED (0x1a1) #define CKR_FUNCTION_REJECTED (0x200) #define CKR_VENDOR_DEFINED ((unsigned long) (1 << 31)) /* Compatibility layer. */ #ifdef CRYPTOKI_COMPAT #undef CK_DEFINE_FUNCTION #define CK_DEFINE_FUNCTION(retval, name) retval CK_SPEC name /* For NULL. */ #include typedef unsigned char CK_BYTE; typedef unsigned char CK_CHAR; typedef unsigned char CK_UTF8CHAR; typedef unsigned char CK_BBOOL; typedef unsigned long int CK_ULONG; typedef long int CK_LONG; typedef CK_BYTE *CK_BYTE_PTR; typedef CK_CHAR *CK_CHAR_PTR; typedef CK_UTF8CHAR *CK_UTF8CHAR_PTR; typedef CK_ULONG *CK_ULONG_PTR; typedef void *CK_VOID_PTR; typedef void **CK_VOID_PTR_PTR; #define CK_FALSE 0 #define CK_TRUE 1 #ifndef CK_DISABLE_TRUE_FALSE #ifndef FALSE #define FALSE 0 #endif #ifndef TRUE #define TRUE 1 #endif #endif typedef struct ck_version CK_VERSION; typedef struct ck_version *CK_VERSION_PTR; typedef struct ck_info CK_INFO; typedef struct ck_info *CK_INFO_PTR; typedef ck_slot_id_t *CK_SLOT_ID_PTR; typedef struct ck_slot_info CK_SLOT_INFO; typedef struct ck_slot_info *CK_SLOT_INFO_PTR; typedef struct ck_token_info CK_TOKEN_INFO; typedef struct ck_token_info *CK_TOKEN_INFO_PTR; typedef ck_session_handle_t *CK_SESSION_HANDLE_PTR; typedef struct ck_session_info CK_SESSION_INFO; typedef struct ck_session_info *CK_SESSION_INFO_PTR; typedef ck_object_handle_t *CK_OBJECT_HANDLE_PTR; typedef ck_object_class_t *CK_OBJECT_CLASS_PTR; typedef struct ck_attribute CK_ATTRIBUTE; typedef struct ck_attribute *CK_ATTRIBUTE_PTR; typedef struct ck_date CK_DATE; typedef struct ck_date *CK_DATE_PTR; typedef ck_mechanism_type_t *CK_MECHANISM_TYPE_PTR; typedef struct ck_mechanism CK_MECHANISM; typedef struct ck_mechanism *CK_MECHANISM_PTR; typedef struct ck_mechanism_info CK_MECHANISM_INFO; typedef struct ck_mechanism_info *CK_MECHANISM_INFO_PTR; typedef struct ck_function_list CK_FUNCTION_LIST; typedef struct ck_function_list *CK_FUNCTION_LIST_PTR; typedef struct ck_function_list **CK_FUNCTION_LIST_PTR_PTR; typedef struct ck_c_initialize_args CK_C_INITIALIZE_ARGS; typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR; #define NULL_PTR NULL /* Delete the helper macros defined at the top of the file. */ #undef ck_flags_t #undef ck_version #undef ck_info #undef cryptoki_version #undef manufacturer_id #undef library_description #undef library_version #undef ck_notification_t #undef ck_slot_id_t #undef ck_slot_info #undef slot_description #undef hardware_version #undef firmware_version #undef ck_token_info #undef serial_number #undef max_session_count #undef session_count #undef max_rw_session_count #undef rw_session_count #undef max_pin_len #undef min_pin_len #undef total_public_memory #undef free_public_memory #undef total_private_memory #undef free_private_memory #undef utc_time #undef ck_session_handle_t #undef ck_user_type_t #undef ck_state_t #undef ck_session_info #undef slot_id #undef device_error #undef ck_object_handle_t #undef ck_object_class_t #undef ck_hw_feature_type_t #undef ck_key_type_t #undef ck_certificate_type_t #undef ck_attribute_type_t #undef ck_attribute #undef value #undef value_len #undef ck_date #undef ck_mechanism_type_t #undef ck_mechanism #undef parameter #undef parameter_len #undef ck_mechanism_info #undef min_key_size #undef max_key_size #undef ck_rv_t #undef ck_notify_t #undef ck_function_list #undef ck_createmutex_t #undef ck_destroymutex_t #undef ck_lockmutex_t #undef ck_unlockmutex_t #undef ck_c_initialize_args #undef create_mutex #undef destroy_mutex #undef lock_mutex #undef unlock_mutex #undef reserved #endif /* CRYPTOKI_COMPAT */ /* System dependencies. */ #if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32) #pragma pack(pop, cryptoki) #endif #if defined(__cplusplus) } #endif #endif /* PKCS11_H */ pkcs11-helper-pkcs11-helper-1.22/include/pkcs11-helper-1.0/pkcs11h-certificate.h000066400000000000000000000402751304770615400266120ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ /** * @addtogroup pkcs11h_certificate Certificate interface * * X.509 certificate interface, provides signature and decryption. * * @{ */ /** * @file pkcs11h-certificate.h * @brief pkcs11-helper certificate functions. * @author Alon Bar-Lev * @see pkcs11h_certificate. */ /** * @example test-certificate.c * * The following example shows some basic usage of the certificate interface. */ #ifndef __PKCS11H_CERTIFICATE_H #define __PKCS11H_CERTIFICATE_H #include #if defined(__cplusplus) extern "C" { #endif struct pkcs11h_certificate_id_s; struct pkcs11h_certificate_s; /** * @brief Certificate id reference. */ typedef struct pkcs11h_certificate_id_s *pkcs11h_certificate_id_t; /** * @brief Certificate object. */ typedef struct pkcs11h_certificate_s *pkcs11h_certificate_t; struct pkcs11h_certificate_id_list_s; /** * @brief Certificate id list. */ typedef struct pkcs11h_certificate_id_list_s *pkcs11h_certificate_id_list_t; /** * @brief Certificate id reference */ struct pkcs11h_certificate_id_s { /** Token id */ pkcs11h_token_id_t token_id; /** displayName for users */ char displayName[1024]; /** CKA_ID of object */ CK_BYTE_PTR attrCKA_ID; /** CKA_ID size */ size_t attrCKA_ID_size; /** Certificate blob (if available) */ unsigned char *certificate_blob; /** Certificate blob size */ size_t certificate_blob_size; }; /** * @brief Certificate id list */ struct pkcs11h_certificate_id_list_s { /** Next element */ pkcs11h_certificate_id_list_t next; /** Certificate id */ pkcs11h_certificate_id_t certificate_id; }; /** * @brief Free certificate_id object. * @param certificate_id Certificate id. * @return CK_RV. */ CK_RV pkcs11h_certificate_freeCertificateId ( IN pkcs11h_certificate_id_t certificate_id ); /** * @brief Duplicate certificate_id object. * @param to Target. * @param from Source. * @return CK_RV. * @note Caller must free result. * @see pkcs11h_certificate_freeCertificateId(). */ CK_RV pkcs11h_certificate_duplicateCertificateId ( OUT pkcs11h_certificate_id_t * const to, IN const pkcs11h_certificate_id_t from ); /** * @brief Sets internal certificate_id blob. * @param certificate_id Certificate id object. * @param blob Certificate blob. * @param blob_size Certificate blob size. * @return CK_RV. * @remarks * Useful to set after deserialization so certificate is available and not read from token. */ CK_RV pkcs11h_certificate_setCertificateIdCertificateBlob ( IN const pkcs11h_certificate_id_t certificate_id, IN const unsigned char * const blob, IN const size_t blob_size ); /** * @brief Free certificate object. * @param certificate Certificate object. * @return CK_RV. */ CK_RV pkcs11h_certificate_freeCertificate ( IN pkcs11h_certificate_t certificate ); /** * @brief Create a certificate object out of certificate_id. * @param certificate_id Certificate id object to be based on. * @param user_data Optional user data, to be passed to hooks. * @param mask_prompt Allow prompt @ref PKCS11H_PROMPT_MASK. * @param pin_cache_period Session specific cache period. * @param p_certificate Receives certificate object. * @note Caller must free result. * @see pkcs11h_certificate_freeCertificate(). * @remarks * The certificate id object may not specify the certificate blob. */ CK_RV pkcs11h_certificate_create ( IN const pkcs11h_certificate_id_t certificate_id, IN void * const user_data, IN const unsigned mask_prompt, IN const int pin_cache_period, OUT pkcs11h_certificate_t * const p_certificate ); /** * @brief Extract user data out of certificate. * @param certificate Certificate object. * @return Mask prompt @ref PKCS11H_PROMPT_MASK. */ unsigned pkcs11h_certificate_getPromptMask ( IN const pkcs11h_certificate_t certificate ); /** * @brief Extract user data out of certificate. * @param certificate Certificate object. * @param mask_prompt Allow prompt @ref PKCS11H_PROMPT_MASK. */ void pkcs11h_certificate_setPromptMask ( IN const pkcs11h_certificate_t certificate, IN const unsigned mask_prompt ); /** * @brief Extract user data out of certificate. * @param certificate Certificate object. * @return User data. */ void * pkcs11h_certificate_getUserData ( IN const pkcs11h_certificate_t certificate ); /** * @brief Extract user data out of certificate. * @param certificate Certificate object. * @param user_data Optional user data, to be passed to hooks. */ void pkcs11h_certificate_setUserData ( IN const pkcs11h_certificate_t certificate, IN void * const user_data ); /** * @brief Get certifiate id object out of a certifiate. * @param certificate Certificate object. * @param p_certificate_id Certificate id object pointer. * @return CK_RV. * @note Caller must free result. * @see pkcs11h_certificate_freeCertificateId(). */ CK_RV pkcs11h_certificate_getCertificateId ( IN const pkcs11h_certificate_t certificate, OUT pkcs11h_certificate_id_t * const p_certificate_id ); /** * @brief Get the certificate blob out of the certificate object. * @param certificate Certificate object. * @param certificate_blob Buffer. * @param p_certificate_blob_size Buffer size. * @return CK_RV. * @note certificate_blob may be NULL in order to get size. */ CK_RV pkcs11h_certificate_getCertificateBlob ( IN const pkcs11h_certificate_t certificate, OUT unsigned char * const certificate_blob, IN OUT size_t * const p_certificate_blob_size ); /** * @brief Serialize certificate_id into a string * @param sz Output string. * @param max Max buffer size. * @param certificate_id id to serialize * @return CK_RV. * @note sz may be NULL in order to get size. */ CK_RV pkcs11h_certificate_serializeCertificateId ( OUT char * const sz, IN OUT size_t *max, IN const pkcs11h_certificate_id_t certificate_id ); /** * @brief Deserialize certificate_id out of string. * @param p_certificate_id id. * @param sz Inut string * @return CK_RV. * @note Caller must free result. * @see pkcs11h_certificate_freeCertificateId(). */ CK_RV pkcs11h_certificate_deserializeCertificateId ( OUT pkcs11h_certificate_id_t * const p_certificate_id, IN const char * const sz ); /** * @brief Ensure certificate is accessible. * @param certificate Certificate object. * @return CK_RV. */ CK_RV pkcs11h_certificate_ensureCertificateAccess ( IN const pkcs11h_certificate_t certificate ); /** * @brief Ensure key is accessible. * @param certificate Certificate object. * @return CK_RV. */ CK_RV pkcs11h_certificate_ensureKeyAccess ( IN const pkcs11h_certificate_t certificate ); /** * @brief Lock session for threded environment. * @param certificate Certificate object. * @return CK_RV. * @remarks * This must be called on threaded environment, so both calls to _sign and * _signRecover and _decrypt will be from the same source. * Failing to lock session, will result with CKR_OPERATION_ACTIVE if * provider is good, or unexpected behaviour for others. * @remarks * It is save to call this also in none threaded environment, it will do nothing. * Call this also if you are doing one stage operation, since locking is not * done by method. */ CK_RV pkcs11h_certificate_lockSession ( IN const pkcs11h_certificate_t certificate ); /** * @brief Releases session lock. * @param certificate Certificate object. * @return CK_RV. * @see pkcs11h_certificate_lockSession(). */ CK_RV pkcs11h_certificate_releaseSession ( IN const pkcs11h_certificate_t certificate ); /** * @brief Sign data. * @param certificate Certificate object. * @param mech_type PKCS#11 mechanism. * @param source Buffer to sign. * @param source_size Buffer size. * @param target Target buffer. * @param p_target_size Target buffer size. * @return CK_RV. * @note target may be NULL to get size. * @attention When using in threaded environment session must be locked. * @see pkcs11h_certificate_lockSession(). * @see pkcs11h_certificate_signAny(). */ CK_RV pkcs11h_certificate_sign ( IN const pkcs11h_certificate_t certificate, IN const CK_MECHANISM_TYPE mech_type, IN const unsigned char * const source, IN const size_t source_size, OUT unsigned char * const target, IN OUT size_t * const p_target_size ); /** * @brief Sign data. * @param certificate Certificate object. * @param mech_type PKCS#11 mechanism. * @param source Buffer to sign. * @param source_size Buffer size. * @param target Target buffer. * @param p_target_size Target buffer size. * @return CK_RV. * @note target may be NULL to get size. * @attention When using in threaded environment session must be locked. * @see pkcs11h_certificate_lockSession(). * @see pkcs11h_certificate_signAny(). */ CK_RV pkcs11h_certificate_signRecover ( IN const pkcs11h_certificate_t certificate, IN const CK_MECHANISM_TYPE mech_type, IN const unsigned char * const source, IN const size_t source_size, OUT unsigned char * const target, IN OUT size_t * const p_target_size ); /** * @brief Decrypt data. * @param certificate Certificate object. * @param mech_type PKCS#11 mechanism. * @param source Buffer to sign. * @param source_size Buffer size. * @param target Target buffer. * @param p_target_size Target buffer size. * @return CK_RV. * @note target may be NULL to get size. * @attention When using in threaded environment session must be locked. * @see pkcs11h_certificate_lockSession(). */ CK_RV pkcs11h_certificate_decrypt ( IN const pkcs11h_certificate_t certificate, IN const CK_MECHANISM_TYPE mech_type, IN const unsigned char * const source, IN const size_t source_size, OUT unsigned char * const target, IN OUT size_t * const p_target_size ); /** * @brief Decrypt data. * @param certificate Certificate object. * @param mech_type PKCS#11 mechanism. * @param source Buffer to sign. * @param source_size Buffer size. * @param target Target buffer. * @param p_target_size Target buffer size. * @return CK_RV. * @note target may be NULL to get size. * @attention When using in threaded environment session must be locked. * @see pkcs11h_certificate_lockSession(). */ CK_RV pkcs11h_certificate_unwrap ( IN const pkcs11h_certificate_t certificate, IN const CK_MECHANISM_TYPE mech_type, IN const unsigned char * const source, IN const size_t source_size, OUT unsigned char * const target, IN OUT size_t * const p_target_size ); /** * @brief Sign data mechanism determined by key attributes. * @param certificate Certificate object. * @param mech_type PKCS#11 mechanism. * @param source Buffer to sign. * @param source_size Buffer size. * @param target Target buffer. * @param p_target_size Target buffer size. * @return CK_RV. * @note target may be NULL to get size. * @attention When using in threaded environment session must be locked. * @see pkcs11h_certificate_lockSession(). */ CK_RV pkcs11h_certificate_signAny ( IN const pkcs11h_certificate_t certificate, IN const CK_MECHANISM_TYPE mech_type, IN const unsigned char * const source, IN const size_t source_size, OUT unsigned char * const target, IN OUT size_t * const p_target_size ); /** * @brief Decrypt data mechanism determined by key attributes. * @param certificate Certificate object. * @param mech_type PKCS#11 mechanism. * @param source Buffer to sign. * @param source_size Buffer size. * @param target Target buffer. * @param p_target_size Target buffer size. * @return CK_RV. * @note target may be NULL to get size. * @attention When using in threaded environment session must be locked. * @see pkcs11h_certificate_lockSession(). */ CK_RV pkcs11h_certificate_decryptAny ( IN const pkcs11h_certificate_t certificate, IN const CK_MECHANISM_TYPE mech_type, IN const unsigned char * const source, IN const size_t source_size, OUT unsigned char * const target, IN OUT size_t * const p_target_size ); /** * @brief Free certificate_id list. * @param cert_id_list List. * @return CK_RV. */ CK_RV pkcs11h_certificate_freeCertificateIdList ( IN const pkcs11h_certificate_id_list_t cert_id_list ); /** * @brief Enumerate available certificates on specific token * @param token_id Token id to enum. * @param method How to fetch certificates @ref PKCS11H_ENUM_METHOD. * @param user_data Some user specific data. * @param mask_prompt Allow prompt @ref PKCS11H_PROMPT_MASK. * @param p_cert_id_issuers_list Receives issues list. * @param p_cert_id_end_list Receives end certificates list. * @return CK_RV. * @note p_cert_id_issuers_list may be NULL. * @note Caller must free result. * @note This function will likely take long time. * @see pkcs11h_certificate_freeCertificateIdList(). */ CK_RV pkcs11h_certificate_enumTokenCertificateIds ( IN const pkcs11h_token_id_t token_id, IN const unsigned method, IN void * const user_data, IN const unsigned mask_prompt, OUT pkcs11h_certificate_id_list_t * const p_cert_id_issuers_list, OUT pkcs11h_certificate_id_list_t * const p_cert_id_end_list ); /** * @brief Enumerate available certificates. * @param method How to fetch certificates @ref PKCS11H_ENUM_METHOD. * @param user_data Some user specific data. * @param mask_prompt Allow prompt @ref PKCS11H_PROMPT_MASK. * @param p_cert_id_issuers_list Receives issues list. * @param p_cert_id_end_list Receives end certificates list. * @note p_cert_id_issuers_list may be NULL. * @note Caller must free result. * @note This function will likely take long time. * @see pkcs11h_certificate_freeCertificateIdList(). */ CK_RV pkcs11h_certificate_enumCertificateIds ( IN const unsigned method, IN void * const user_data, IN const unsigned mask_prompt, OUT pkcs11h_certificate_id_list_t * const p_cert_id_issuers_list, OUT pkcs11h_certificate_id_list_t * const p_cert_id_end_list ); #ifdef __cplusplus } #endif /** @} */ #endif /* __PKCS11H_CERTIFICATE_H */ pkcs11-helper-pkcs11-helper-1.22/include/pkcs11-helper-1.0/pkcs11h-core.h000066400000000000000000000346501304770615400252600ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ /** * @addtogroup pkcs11h_core pkcs11-helper core interface * * Core functionality. * * @{ */ /** * @file pkcs11h-core.h * @brief pkcs11-helper core. * @author Alon Bar-Lev * @see pkcs11h_core. */ #ifndef __PKCS11H_BASE_H #define __PKCS11H_BASE_H #include #include #include #include #include #if defined(__cplusplus) extern "C" { #endif /** * @brief pkcs11-helper features mask. * @addtogroup PKCS11H_FEATURE_MASK * @see pkcs11h_getFeatures(). * @{ */ /** Engine OpenSSL is enabled. */ #define PKCS11H_FEATURE_MASK_ENGINE_CRYPTO_OPENSSL (1<< 0) /** Engine GNUTLS is enabled. */ #define PKCS11H_FEATURE_MASK_ENGINE_CRYPTO_GNUTLS (1<< 1) /** Engine CryptoAPI is enabled. */ #define PKCS11H_FEATURE_MASK_ENGINE_CRYPTO_CRYPTOAPI (1<< 2) /** * Engine CryptoAPI is enabled. * @deprecated */ #define PKCS11H_FEATURE_MASK_ENGINE_CRYPTO_WIN32 (1<< 2) /** Debugging (logging) is enabled. */ #define PKCS11H_FEATURE_MASK_DEBUG (1<< 3) /** Threading support is enabled. */ #define PKCS11H_FEATURE_MASK_THREADING (1<< 4) /** Token interface is enabled. */ #define PKCS11H_FEATURE_MASK_TOKEN (1<< 5) /** Data interface is enabled. */ #define PKCS11H_FEATURE_MASK_DATA (1<< 6) /** Certificate interface is enabled, */ #define PKCS11H_FEATURE_MASK_CERTIFICATE (1<< 7) /** Slotevent interface is enabled. */ #define PKCS11H_FEATURE_MASK_SLOTEVENT (1<< 8) /** OpenSSL interface is enabled. */ #define PKCS11H_FEATURE_MASK_OPENSSL (1<< 9) /** Engine mbed TLS is enabled. */ #define PKCS11H_FEATURE_MASK_ENGINE_CRYPTO_POLARSSL (1<< 10) /** Engine mbed TLS is enabled. */ #define PKCS11H_FEATURE_MASK_ENGINE_CRYPTO_MBEDTLS (1<< 10) /** @} */ /** * @brief pkcs11-helper log level. * @addtogroup PKCS11H_LOG * @see pkcs11h_getLogLevel(). * @see pkcs11h_setLogLevel(). * @{ */ /** Most verbose log (entry/return). */ #define PKCS11H_LOG_DEBUG2 5 /** Important logic log. */ #define PKCS11H_LOG_DEBUG1 4 /** Information messages. */ #define PKCS11H_LOG_INFO 3 /** Warning messages, */ #define PKCS11H_LOG_WARN 2 /** Error messages. */ #define PKCS11H_LOG_ERROR 1 /** Used in order to turn off logging. */ #define PKCS11H_LOG_QUIET 0 /** @} */ /** Inifite session limit */ #define PKCS11H_PIN_CACHE_INFINITE -1 /** * @brief Signature mask selection. * @addtogroup PKCS11H_PRIVATEMODE_MASK * @{ */ /** Auto select by private key attributes. */ #define PKCS11H_PRIVATEMODE_MASK_AUTO (0) /** Force signature. */ #define PKCS11H_PRIVATEMODE_MASK_SIGN (1<<0) /** Force recover. */ #define PKCS11H_PRIVATEMODE_MASK_RECOVER (1<<1) /** Force decrypt. */ #define PKCS11H_PRIVATEMODE_MASK_DECRYPT (1<<2) /** Force unwrap. */ #define PKCS11H_PRIVATEMODE_MASK_UNWRAP (1<<3) /** @} */ /** * @brief Slotevent mode selection. * @addtogroup PKCS11H_SLOTEVENT_METHOD * @{ */ /* Auto select by provider information. */ #define PKCS11H_SLOTEVENT_METHOD_AUTO 0 /** Force trigger. */ #define PKCS11H_SLOTEVENT_METHOD_TRIGGER 1 /** Force poll. */ #define PKCS11H_SLOTEVENT_METHOD_POLL 2 /** Force fetch. */ #define PKCS11H_SLOTEVENT_METHOD_FETCH 3 /** @} */ /** * @brief Prompt mask selection. * @addtogroup PKCS11H_PROMPT_MASK * @{ */ /** Allow PIN prompt. */ #define PKCS11H_PROMPT_MASK_ALLOW_PIN_PROMPT (1<<0) /** Allow token prompt. */ #define PKCS11H_PROMPT_MASK_ALLOW_TOKEN_PROMPT (1<<1) /** Allow all prompt. */ #define PKCS11H_PROMPT_MASK_ALLOW_ALL ( \ PKCS11H_PROMPT_MASK_ALLOW_PIN_PROMPT | \ PKCS11H_PROMPT_MASK_ALLOW_TOKEN_PROMPT \ ) /** @} */ /** * @brief Enumeration mode selection. * @addtogroup PKCS11H_ENUM_METHOD * @{ */ /** Get from cache, if available. */ #define PKCS11H_ENUM_METHOD_CACHE 0 /** Get from cache, but only available objects. */ #define PKCS11H_ENUM_METHOD_CACHE_EXIST 1 /** Reload objects. */ #define PKCS11H_ENUM_METHOD_RELOAD 2 /** @} */ struct pkcs11h_token_id_s; /** * @brief Token identifier. */ typedef struct pkcs11h_token_id_s *pkcs11h_token_id_t; /** * @brief Log hook. * @param global_data Hook data. * @param flags Log flags. * @param format printf style format. * @param args stdargs */ typedef void (*pkcs11h_hook_log_t)( IN void * const global_data, IN const unsigned flags, IN const char * const format, IN va_list args ); /** * @brief Slotevent hook. * @param global_data Hook data. */ typedef void (*pkcs11h_hook_slotevent_t)( IN void * const global_data ); /** * @brief Token prompt hook. * @param global_data Hook data. * @param user_data Local data. * @param token Token. * @param retry Retry counter. * @return TRUE success. */ typedef PKCS11H_BOOL (*pkcs11h_hook_token_prompt_t)( IN void * const global_data, IN void * const user_data, IN const pkcs11h_token_id_t token, IN const unsigned retry ); /** * @brief PIN prompt hook. * @param global_data Hook data. * @param user_data Local data. * @param token Token. * @param retry Retry counter. * @param pin PIN buffer. * @param pin_max PIN buffer size. * @return TRUE success. */ typedef PKCS11H_BOOL (*pkcs11h_hook_pin_prompt_t)( IN void * const global_data, IN void * const user_data, IN const pkcs11h_token_id_t token, IN const unsigned retry, OUT char * const pin, IN const size_t pin_max ); /** * @brief Token identifier. */ struct pkcs11h_token_id_s { /** Display for user. */ char display[1024]; /** NULL terminated manufacturerID */ char manufacturerID[sizeof (((CK_TOKEN_INFO *)NULL)->manufacturerID)+1]; /** NULL terminated model */ char model[sizeof (((CK_TOKEN_INFO *)NULL)->model)+1]; /** NULL terminated serialNumber */ char serialNumber[sizeof (((CK_TOKEN_INFO *)NULL)->serialNumber)+1]; /** NULL terminated label */ char label[sizeof (((CK_TOKEN_INFO *)NULL)->label)+1]; }; /** * @brief Get message by return value. * @param rv Return value. * @return CK_RV. */ const char * pkcs11h_getMessage ( IN const CK_RV rv ); /** * @brief Get version of library. * @return version identifier. */ unsigned int pkcs11h_getVersion (void); /** * @brief Get features of library. * @return feature mask @ref PKCS11H_FEATURE_MASK. */ unsigned int pkcs11h_getFeatures (void); /** * @brief Inititalize helper interface. * @return CK_RV. * @see pkcs11h_terminate(). * @attention This function must be called from the main thread. */ CK_RV pkcs11h_initialize (void); /** * @brief Terminate helper interface. * @return CK_RV. * @attention This function must be called from the main thread. */ CK_RV pkcs11h_terminate (void); /** * @brief Set current log level of the helper. * @param flags Current log level @ref PKCS11H_LOG. */ void pkcs11h_setLogLevel ( IN const unsigned flags ); /** * @brief Get current log level. * @return Log level @ref PKCS11H_LOG. */ unsigned pkcs11h_getLogLevel (void); /** * @brief How does the foked process bahaves after POSIX fork() * @param safe Safe mode, default is false. * @return CK_RV. * @attention * This function should be called after @ref pkcs11h_initialize() * @note * This funciton is releavant if @ref PKCS11H_FEATURE_MASK_THREADING is set. * If safe mode is on, the child process can use the loaded PKCS#11 providers * but it cannot use fork(), while it is in one of the hooks functions, since * locked mutexes cannot be released. */ CK_RV pkcs11h_setForkMode ( IN const PKCS11H_BOOL safe ); /** * @brief Set a log callback. * @param hook Callback. * @param global_data Data to send to callback. * @return CK_RV. */ CK_RV pkcs11h_setLogHook ( IN const pkcs11h_hook_log_t hook, IN void * const global_data ); /** * @brief Set a slot event callback. * @param hook Callback. * @param global_data Data to send to callback. * @return CK_RV. * @see pkcs11h_terminate(). * @attention * Calling this function initialize slot event notifications, these * notifications can be started, but never terminate due to PKCS#11 limitation. * @note In order to use slot events you must have threading @ref PKCS11H_FEATURE_MASK_THREADING enabled. */ CK_RV pkcs11h_setSlotEventHook ( IN const pkcs11h_hook_slotevent_t hook, IN void * const global_data ); /** * @brief Set a token prompt callback. * @param hook Callback. * @param global_data Data to send to callback. * @return CK_RV. * @attention * If @ref pkcs11h_setForkMode() is true, you cannot fork while in hook. */ CK_RV pkcs11h_setTokenPromptHook ( IN const pkcs11h_hook_token_prompt_t hook, IN void * const global_data ); /** * @brief Set a pin prompt callback. * @param hook Callback. * @param global_data Data to send to callback. * @return CK_RV. * @attention * If @ref pkcs11h_setForkMode() is true, you cannot fork while in hook. */ CK_RV pkcs11h_setPINPromptHook ( IN const pkcs11h_hook_pin_prompt_t hook, IN void * const global_data ); /** * @brief Set global protected authentication mode. * @param allow_protected_auth Allow protected authentication if enabled by token. * @return CK_RV. * @note Default is on. */ CK_RV pkcs11h_setProtectedAuthentication ( IN const PKCS11H_BOOL allow_protected_auth ); /** * @brief Set global PIN cache timeout. * @param pin_cache_period Cache period in seconds, or @ref PKCS11H_PIN_CACHE_INFINITE. * @return CK_RV. * @note Default is infinite. */ CK_RV pkcs11h_setPINCachePeriod ( IN const int pin_cache_period ); /** * @brief Set global login retries attempts. * @param max_retries Login retries handled by the helper. * @return CK_RV. * @note Default is 3. */ CK_RV pkcs11h_setMaxLoginRetries ( IN const unsigned max_retries ); /** * @brief Add a PKCS#11 provider. * @param reference Reference name for this provider. * @param provider_location Provider library location. * @param allow_protected_auth Allow this provider to use protected authentication. * @param mask_private_mode Provider private mode @ref PKCS11H_PRIVATEMODE_MASK override. * @param slot_event_method Provider slot event @ref PKCS11H_SLOTEVENT_METHOD method. * @param slot_poll_interval Slot event poll interval (If in polling mode), specify 0 for default. * @param cert_is_private Provider's certificate access should be done after login. * @return CK_RV. * @attention This function must be called from the main thread. * @note The global allow_protected_auth must be enabled in order to allow provider specific. */ CK_RV pkcs11h_addProvider ( IN const char * const reference, IN const char * const provider_location, IN const PKCS11H_BOOL allow_protected_auth, IN const unsigned mask_private_mode, IN const unsigned slot_event_method, IN const unsigned slot_poll_interval, IN const PKCS11H_BOOL cert_is_private ); /** * @brief Delete a PKCS#11 provider. * @param reference Reference name for this provider. * @return CK_RV. * @attention This function must be called from the main thread. */ CK_RV pkcs11h_removeProvider ( IN const char * const reference ); /** * @brief Handle special case of POSIX fork() * @return CK_RV. * @attention This function must be called from the main thread. * @attention * This function should be called after fork is called. This is required * due to a limitation of the PKCS#11 standard. * @note The helper library handles fork automatically if @ref PKCS11H_FEATURE_MASK_THREADING * is set by use of pthread_atfork. * When @ref PKCS11H_FEATURE_MASK_THREADING is enabled this function does nothing. */ CK_RV pkcs11h_forkFixup (void); /** * @brief Handle slot rescan. * @return CK_RV. * @attention This function must be called from the main thread. * @remarks * PKCS#11 providers do not allow plug&play, plug&play can be established by * finalizing all providers and initializing them again. * @remarks * The cost of this process is invalidating all sessions, and require user * login at the next access. */ CK_RV pkcs11h_plugAndPlay (void); /** * @brief Logout from all sessions. * @return CK_RV. */ CK_RV pkcs11h_logout (void); #ifdef __cplusplus } #endif /** @} */ #endif /* __PKCS11H_BASE_H */ pkcs11-helper-pkcs11-helper-1.22/include/pkcs11-helper-1.0/pkcs11h-data.h000066400000000000000000000142431304770615400252350ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ /** * @addtogroup pkcs11h_data Data object interface * * Data object manipulation. * * @{ */ /** * @file pkcs11h-data.h * @brief pkcs11-helper data object support. * @author Alon Bar-Lev * @see pkcs11h_data. */ #ifndef __PKCS11H_DATA_H #define __PKCS11H_DATA_H #include #if defined(__cplusplus) extern "C" { #endif struct pkcs11h_data_id_list_s; /** * @brief Data identifier list. */ typedef struct pkcs11h_data_id_list_s *pkcs11h_data_id_list_t; /** * @brief Data identifier list. */ struct pkcs11h_data_id_list_s { /** Next element */ pkcs11h_data_id_list_t next; /** Application string */ char *application; /** Label string */ char *label; }; /** * @brief Get data object. * @param token_id Token id object. * @param is_public Object is public. * @param application Object application attribute. * @param label Object label attribute. * @param user_data Optional user data, to be passed to hooks. * @param mask_prompt Allow prompt @ref PKCS11H_PROMPT_MASK. * @param blob Blob, set to NULL to get size. * @param p_blob_size Blob size. * @return CK_RV. * @note blob may be NULL to get size. */ CK_RV pkcs11h_data_get ( IN const pkcs11h_token_id_t token_id, IN const PKCS11H_BOOL is_public, IN const char * const application, IN const char * const label, IN void * const user_data, IN const unsigned mask_prompt, OUT unsigned char * const blob, IN OUT size_t * const p_blob_size ); /** * @brief Put data object. * @param token_id Token id object. * @param is_public Object is public. * @param application Object application attribute. * @param label Object label attribute. * @param user_data Optional user data, to be passed to hooks. * @param mask_prompt Allow prompt @ref PKCS11H_PROMPT_MASK. * @param blob Blob, set to NULL to get size. * @param blob_size Blob size. * @return CK_RV. */ CK_RV pkcs11h_data_put ( IN const pkcs11h_token_id_t token_id, IN const PKCS11H_BOOL is_public, IN const char * const application, IN const char * const label, IN void * const user_data, IN const unsigned mask_prompt, OUT unsigned char * const blob, IN const size_t blob_size ); /** * @brief Delete data object. * @param token_id Token id object. * @param is_public Object is public. * @param application Object application attribute. * @param label Object label attribute. * @param user_data Optional user data, to be passed to hooks. * @param mask_prompt Allow prompt @ref PKCS11H_PROMPT_MASK. * @return CK_RV. */ CK_RV pkcs11h_data_del ( IN const pkcs11h_token_id_t token_id, IN const PKCS11H_BOOL is_public, IN const char * const application, IN const char * const label, IN void * const user_data, IN const unsigned mask_prompt ); /** * @brief Free data object list. * @param data_id_list List to free. * @return CK_RV. */ CK_RV pkcs11h_data_freeDataIdList ( IN const pkcs11h_data_id_list_t data_id_list ); /** * @brief Get list of data objects. * @param token_id Token id object. * @param is_public Get a list of public objects. * @param user_data Optional user data, to be passed to hooks. * @param mask_prompt Allow prompt @ref PKCS11H_PROMPT_MASK. * @param p_data_id_list List location. * @see pkcs11h_data_freeDataIdList(). * @return CK_RV. */ CK_RV pkcs11h_data_enumDataObjects ( IN const pkcs11h_token_id_t token_id, IN const PKCS11H_BOOL is_public, IN void * const user_data, IN const unsigned mask_prompt, OUT pkcs11h_data_id_list_t * const p_data_id_list ); #ifdef __cplusplus } #endif /** @} */ #endif /* __PKCS11H_DATA_H */ pkcs11-helper-pkcs11-helper-1.22/include/pkcs11-helper-1.0/pkcs11h-def.h000066400000000000000000000062301304770615400250570ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ /** * @file pkcs11h-def.h * @brief pkcs11-helper core definitions. * @author Alon Bar-Lev */ #ifndef __PKCS11H_DEF_H #define __PKCS11H_DEF_H #include #if !defined(_WIN32) #include #endif #if defined(__cplusplus) extern "C" { #endif #if !defined(IN) #define IN #endif #if !defined(OUT) #define OUT #endif #if defined(PKCS11H_USE_CYGWIN) #define CRYPTOKI_FORCE_WIN32 #endif #include typedef int PKCS11H_BOOL; #ifdef __cplusplus } #endif #endif /* __PKCS11H_DEF_H */ pkcs11-helper-pkcs11-helper-1.22/include/pkcs11-helper-1.0/pkcs11h-engines.h000066400000000000000000000162771304770615400257650ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ /** * @addtogroup pkcs11h_engines Engines interface * * External dependencies. * * @{ */ /** * @file pkcs11h-engines.h * @brief pkcs11-helper engines definitions. * @author Alon Bar-Lev * @see pkcs11h_engines. */ #ifndef __PKCS11H_ENGINES_H #define __PKCS11H_ENGINES_H #include #if !defined(_WIN32) #include #endif #include #if defined(__cplusplus) extern "C" { #endif /** * @brief System engine. */ typedef struct pkcs11h_sys_engine_s { /** * @brief malloc provider. * @param size Block size. * @return Pointer. */ void *(*malloc) (size_t size); /** * @brief free provider. * @param ptr Pointer. */ void (*free) (void *ptr); /** * @brief time provider. * @return time_t. */ time_t (*time) (void); /** * @brief usleep provider. * @param usec Microseconds. */ void (*usleep) (unsigned long usec); /** * @brief gettimeofday provider (unix). * @param rv timeval. */ #if defined(_WIN32) void *gettimeofday; #else int (*gettimeofday) (struct timeval *tv); #endif } pkcs11h_engine_system_t; /** * @brief Crypto engine. */ typedef struct pkcs11h_crypto_engine_s { void *global_data; /** * @brief Initialize engine. * @param global_data Engine data. * @return None zero - Sucess. */ int (*initialize) ( IN void * const global_data ); /** * @brief Uninitialize engine. * @param global_data Engine data. * @return None zero - Sucess. */ int (*uninitialize) ( IN void * const global_data ); /** * @brief Get exportation date out of certificate. * @param global_data Engine data. * @param blob Certificate blob. * @param blob_size Certificate blob size. * @param expiration Certificate expiration time. * @return None zero - Sucess. */ int (*certificate_get_expiration) ( IN void * const global_data, IN const unsigned char * const blob, IN const size_t blob_size, OUT time_t * const expiration ); /** * @brief Get certificate distinguished name. * @param global_data Engine data. * @param blob Certificate blob. * @param blob_size Certificate blob size. * @param dn dn buffer. * @param dn_max dn buffer size. * @return None zero - Sucess. */ int (*certificate_get_dn) ( IN void * const global_data, IN const unsigned char * const blob, IN const size_t blob_size, OUT char * const dn, IN const size_t dn_max ); /** * @brief Determine if one certificate is an issuer of another. * @param global_data Engine data. * @param issuer_blob Issuer's certificate blob. * @param issuer_blob_size Issuer's certificate blob size. * @param cert_blob Certificate blob. * @param cert_blob_size Certificate blob size. * @return None zero - Sucess. */ int (*certificate_is_issuer) ( IN void * const global_data, IN const unsigned char * const issuer_blob, IN const size_t issuer_blob_size, IN const unsigned char * const cert_blob, IN const size_t cert_blob_size ); } pkcs11h_engine_crypto_t; /** * @brief pkcs11-helper built-in engines. * @addtogroup PKCS11H_ENGINE_CRYPTO * @see pkcs11h_engine_setCrypto(). * @{ */ /** Auto select. */ #define PKCS11H_ENGINE_CRYPTO_AUTO ((pkcs11h_engine_crypto_t *)0) /** Select OpenSSL. */ #define PKCS11H_ENGINE_CRYPTO_OPENSSL ((pkcs11h_engine_crypto_t *)1) /** Select GnuTLS. */ #define PKCS11H_ENGINE_CRYPTO_GNUTLS ((pkcs11h_engine_crypto_t *)2) /** Select CryptoAPI. */ #define PKCS11H_ENGINE_CRYPTO_CRYPTOAPI ((pkcs11h_engine_crypto_t *)3) /** * Select CryptoAPI. * @deprecated */ #define PKCS11H_ENGINE_CRYPTO_WIN32 ((pkcs11h_engine_crypto_t *)3) /** Select NSS. */ #define PKCS11H_ENGINE_CRYPTO_NSS ((pkcs11h_engine_crypto_t *)4) /** Select mbed TLS. */ #define PKCS11H_ENGINE_CRYPTO_POLARSSL ((pkcs11h_engine_crypto_t *)5) /** Select mbed TLS. */ #define PKCS11H_ENGINE_CRYPTO_MBEDTLS ((pkcs11h_engine_crypto_t *)5) /** Auto select GPL enigne. */ #define PKCS11H_ENGINE_CRYPTO_GPL ((pkcs11h_engine_crypto_t *)10) /** @} */ /** * @brief Set system engine to be used. * @param engine Engine to use. * @return CK_RV. * @note Must be called before pkcs11h_initialize. * @note Default engine is libc functions. */ CK_RV pkcs11h_engine_setSystem ( IN const pkcs11h_engine_system_t * const engine ); /** * @brief Set crypto engine to be used. * @param engine Engine to use. * @return CK_RV. * @note Must be called before pkcs11h_initialize. * @note Default is provided at configuration time. * @see PKCS11H_ENGINE_CRYPTO */ CK_RV pkcs11h_engine_setCrypto ( IN const pkcs11h_engine_crypto_t * const engine ); #ifdef __cplusplus } #endif /** @} */ #endif /* __PKCS11H_ENGINES_H */ pkcs11-helper-pkcs11-helper-1.22/include/pkcs11-helper-1.0/pkcs11h-openssl.h000066400000000000000000000131061304770615400260040ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ /** * @addtogroup pkcs11h_openssl OpenSSL interface * * OpenSSL engine to be used by OpenSSL enabled applications. * * @{ */ /** * @file pkcs11h-openssl.h * @brief pkcs11-helper OpenSSL interface. * @author Alon Bar-Lev * @see pkcs11h_openssl. */ #ifndef __PKCS11H_HELPER_H #define __PKCS11H_HELPER_H #include #include #include #if defined(__cplusplus) extern "C" { #endif /** * @brief OpenSSL RSA cleanup hook. * @param certificate Certificate attached to the RSA object. */ typedef void (*pkcs11h_hook_openssl_cleanup_t) ( IN const pkcs11h_certificate_t certificate ); struct pkcs11h_openssl_session_s; /** * @brief OpenSSL session reference. */ typedef struct pkcs11h_openssl_session_s *pkcs11h_openssl_session_t; /** * @brief Returns an X509 object out of the openssl_session object. * @param certificate Certificate object. * @return X509. */ X509 * pkcs11h_openssl_getX509 ( IN const pkcs11h_certificate_t certificate ); /** * @brief Create OpenSSL session based on a certificate object. * @param certificate Certificate object. * @return OpenSSL session reference. * @note The certificate object will be freed by the OpenSSL interface on session end. * @see pkcs11h_openssl_freeSession(). */ pkcs11h_openssl_session_t pkcs11h_openssl_createSession ( IN const pkcs11h_certificate_t certificate ); /** * @brief Sets cleanup hook * @param openssl_session OpenSSL session reference. * @return Current hook. */ pkcs11h_hook_openssl_cleanup_t pkcs11h_openssl_getCleanupHook ( IN const pkcs11h_openssl_session_t openssl_session ); /** * @brief Sets cleanup hook * @param openssl_session OpenSSL session reference. * @param cleanup hook. */ void pkcs11h_openssl_setCleanupHook ( IN const pkcs11h_openssl_session_t openssl_session, IN const pkcs11h_hook_openssl_cleanup_t cleanup ); /** * @brief Free OpenSSL session. * @param openssl_session OpenSSL session reference. * @note The openssl_session object has a reference count just like other OpenSSL objects. */ void pkcs11h_openssl_freeSession ( IN const pkcs11h_openssl_session_t openssl_session ); /** * @brief Returns an RSA object out of the openssl_session object. * @param openssl_session OpenSSL session reference. * @return RSA. */ RSA * pkcs11h_openssl_session_getRSA ( IN const pkcs11h_openssl_session_t openssl_session ); /** * @brief Returns an EVP_PKEY out of the openssl_session object. * @param openssl_session OpenSSL session reference. * @return EVP_PKEY. */ EVP_PKEY * pkcs11h_openssl_session_getEVP ( IN const pkcs11h_openssl_session_t openssl_session ); /** * @brief Returns an X509 object out of the openssl_session object. * @param openssl_session OpenSSL session reference. * @return X509. */ X509 * pkcs11h_openssl_session_getX509 ( IN const pkcs11h_openssl_session_t openssl_session ); #ifdef __cplusplus } #endif /** @} */ #endif /* __PKCS11H_OPENSSL_H */ pkcs11-helper-pkcs11-helper-1.22/include/pkcs11-helper-1.0/pkcs11h-token.h000066400000000000000000000137721304770615400254520ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ /** * @addtogroup pkcs11h_token Token interface * * Token related functions. * * @{ */ /** * @file pkcs11h-token.h * @brief pkcs11-helper token interface. * @author Alon Bar-Lev * @see pkcs11h_token. */ #ifndef __PKCS11H_TOKEN_H #define __PKCS11H_TOKEN_H #include #if defined(__cplusplus) extern "C" { #endif struct pkcs11h_token_id_list_s; /** * @brief Token identifier list. */ typedef struct pkcs11h_token_id_list_s *pkcs11h_token_id_list_t; /** * @brief Token identifier list. */ struct pkcs11h_token_id_list_s { /** Next element. */ pkcs11h_token_id_list_t next; /** Token id element. */ pkcs11h_token_id_t token_id; }; /** * @brief Free token_id object. * @param token_id Token reference. * @return CK_RV. */ CK_RV pkcs11h_token_freeTokenId ( IN pkcs11h_token_id_t token_id ); /** * @brief Duplicate token_id object. * @param to Target. * @param from Source. * @return CK_RV. * @see pkcs11h_token_freeTokenId(). */ CK_RV pkcs11h_token_duplicateTokenId ( OUT pkcs11h_token_id_t * const to, IN const pkcs11h_token_id_t from ); /** * @brief Returns TRUE if same token id * @param a a. * @param b b. * @return TRUE if same token identifier. */ PKCS11H_BOOL pkcs11h_token_sameTokenId ( IN const pkcs11h_token_id_t a, IN const pkcs11h_token_id_t b ); /** * @brief Force logout. * @param token_id Token to login into. * @return CK_RV. */ CK_RV pkcs11h_token_logout ( IN const pkcs11h_token_id_t token_id ); /** * @brief Force login, avoid hooks. * @param token_id Token to login into. * @param readonly Should session be readonly. * @param pin PIN to login, NULL for protected authentication. * @return CK_RV. */ CK_RV pkcs11h_token_login ( IN const pkcs11h_token_id_t token_id, IN const PKCS11H_BOOL readonly, IN const char * const pin ); /** * @brief Ensure token is accessible. * @param token_id Token id object. * @param user_data Optional user data, to be passed to hooks. * @param mask_prompt Allow prompt @ref PKCS11H_PROMPT_MASK. * @return CK_RV. */ CK_RV pkcs11h_token_ensureAccess ( IN const pkcs11h_token_id_t token_id, IN void * const user_data, IN const unsigned mask_prompt ); /** * @brief Free certificate_id list. * @param token_id_list List. * @return CK_RV. */ CK_RV pkcs11h_token_freeTokenIdList ( IN const pkcs11h_token_id_list_t token_id_list ); /** * @brief Enumerate available tokens. * @param method Enum method @ref PKCS11H_ENUM_METHOD. * @param p_token_id_list List. * @return CK_RV. * @note Caller must free result. * @see pkcs11h_token_freeTokenIdList(). */ CK_RV pkcs11h_token_enumTokenIds ( IN const unsigned method, OUT pkcs11h_token_id_list_t * const p_token_id_list ); /** * @brief Serialize token_id into string. * @param sz Output string. * @param max Maximum string size. * @param token_id id to serialize * @return CK_RV. * @note sz may be NULL to get size. */ CK_RV pkcs11h_token_serializeTokenId ( OUT char * const sz, IN OUT size_t *max, IN const pkcs11h_token_id_t token_id ); /** * @brief Deserialize token_id from string. * @param p_token_id id. * @param sz Input string. * @return CK_RV. * @note Caller must free result. * @see pkcs11h_token_freeTokenId(). */ CK_RV pkcs11h_token_deserializeTokenId ( OUT pkcs11h_token_id_t *p_token_id, IN const char * const sz ); #ifdef __cplusplus } #endif /** @} */ #endif /* __PKCS11H_TOKEN_H */ pkcs11-helper-pkcs11-helper-1.22/include/pkcs11-helper-1.0/pkcs11h-version.h.in000066400000000000000000000061471304770615400264220ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #ifndef __PKCS11H_VERSION_H #define __PKCS11H_VERSION_H /** * @file pkcs11h-version.h * @brief pkcs11-helper core. * @author Alon Bar-Lev * @see pkcs11h_core. */ /** * @addtogroup pkcs11h_core pkcs11-helper core interface * * Core functionality. * * @{ */ /** * @brief Library version. */ #define PKCS11H_VERSION ( \ (@PKCS11H_VERSION_MAJOR@<<16) | \ (@PKCS11H_VERSION_MINOR@<<8) | \ (@PKCS11H_VERSION_FIX@<<0) \ ) /** @} */ #endif /* __PKCS11H_VERSION_H */ pkcs11-helper-pkcs11-helper-1.22/lib/000077500000000000000000000000001304770615400171475ustar00rootroot00000000000000pkcs11-helper-pkcs11-helper-1.22/lib/Makefile.am000066400000000000000000000122101304770615400211770ustar00rootroot00000000000000# # Copyright (c) 2005-2011 Alon Bar-Lev # All rights reserved. # # This software is available to you under a choice of one of two # licenses. You may choose to be licensed under the terms of the GNU # General Public License (GPL) Version 2, or the BSD license. # # GNU General Public License (GPL) Version 2 # =========================================== # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program (see the file COPYING.GPL included with this # distribution); if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # # BSD License # ============ # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: # # o Redistributions of source code must retain the above copyright notice, # this list of conditions and the following disclaimer. # o Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # o Neither the name of the Alon Bar-Lev nor the names of its # contributors may be used to endorse or promote products derived from # this software without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # MAINTAINERCLEANFILES=\ $(srcdir)/Makefile.in $(srcdir)/versioninfo.rc CLEANFILES=pkcs11-helper.exports dist_noinst_DATA= \ Makefile.w32-vc \ certificate.exports \ core.exports \ data.exports \ openssl.exports \ slotevent.exports \ token.exports BUILT_SOURCES=pkcs11-helper.exports pkgconfig_DATA=libpkcs11-helper-1.pc lib_LTLIBRARIES=libpkcs11-helper.la AM_CPPFLAGS= \ -I$(top_srcdir)/include \ -I$(top_builddir)/include nodist_libpkcs11_helper_la_SOURCES= \ pkcs11-helper.exports libpkcs11_helper_la_SOURCES= \ common.h \ _pkcs11h-mem.h pkcs11h-mem.c \ _pkcs11h-sys.h pkcs11h-sys.c \ _pkcs11h-crypto.h pkcs11h-crypto.c \ _pkcs11h-crypto-openssl.c _pkcs11h-crypto-nss.c \ _pkcs11h-crypto-gnutls.c _pkcs11h-crypto-mbedtls.c \ _pkcs11h-crypto-cryptoapi.c \ _pkcs11h-threading.h pkcs11h-threading.c \ _pkcs11h-util.h pkcs11h-util.c \ _pkcs11h-session.h pkcs11h-session.c \ _pkcs11h-token.h pkcs11h-token.c \ _pkcs11h-certificate.h pkcs11h-certificate.c \ _pkcs11h-slotevent.h pkcs11h-slotevent.c \ _pkcs11h-core.h pkcs11h-core.c \ pkcs11h-data.c \ pkcs11h-serialization.c \ _pkcs11h-openssl.h pkcs11h-openssl.c \ $(NULL) libpkcs11_helper_la_LDFLAGS= \ $(AM_LDFLAGS) \ -version-info @LIBPKCS11_HELPER_LT_CURRENT@:@LIBPKCS11_HELPER_LT_REVISION@:@LIBPKCS11_HELPER_LT_AGE@ \ -export-symbols "pkcs11-helper.exports" \ -no-undefined if WIN32 libpkcs11_helper_la_SOURCES+=versioninfo.rc else dist_noinst_DATA+=versioninfo.rc endif pkcs11-helper.exports: \ $(top_builddir)/config.h \ $(srcdir)/certificate.exports \ $(srcdir)/core.exports \ $(srcdir)/data.exports \ $(srcdir)/openssl.exports \ $(srcdir)/slotevent.exports \ $(srcdir)/token.exports cat "$(srcdir)/core.exports" > pkcs11-helper.exports if ENABLE_PKCS11H_CERTIFICATE cat "$(srcdir)/certificate.exports" >> pkcs11-helper.exports endif if ENABLE_PKCS11H_DATA cat "$(srcdir)/data.exports" >> pkcs11-helper.exports endif if ENABLE_PKCS11H_OPENSSL cat "$(srcdir)/openssl.exports" >> pkcs11-helper.exports endif if ENABLE_PKCS11H_SLOTEVENT cat "$(srcdir)/slotevent.exports" >> pkcs11-helper.exports endif if ENABLE_PKCS11H_TOKEN cat "$(srcdir)/token.exports" >> pkcs11-helper.exports endif if WIN32 mylibdir=$(libdir) mylib_DATA=.libs/@WIN_LIBPREFIX@pkcs11-helper-@LIBPKCS11_HELPER_LT_OLDEST@.dll.def .libs/@WIN_LIBPREFIX@pkcs11-helper-@LIBPKCS11_HELPER_LT_OLDEST@.dll.def: libpkcs11-helper.la endif RCCOMPILE = $(RC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) LTRCCOMPILE = $(LIBTOOL) --mode=compile --tag=RC $(RCCOMPILE) .rc.lo: $(LTRCCOMPILE) -i "$<" -o "$@" .rc.o: $(RCCOMPILE) -i "$<" -o "$@" pkcs11-helper-pkcs11-helper-1.22/lib/Makefile.w32-vc000066400000000000000000000127401304770615400216330ustar00rootroot00000000000000# # Copyright (c) 2005-2011 Alon Bar-Lev # All rights reserved. # # This software is available to you under a choice of one of two # licenses. You may choose to be licensed under the terms of the GNU # General Public License (GPL) Version 2, or the BSD license. # # GNU General Public License (GPL) Version 2 # =========================================== # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program (see the file COPYING.GPL included with this # distribution); if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # # BSD License # ============ # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: # # o Redistributions of source code must retain the above copyright notice, # this list of conditions and the following disclaimer. # o Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # o Neither the name of the Alon Bar-Lev nor the names of its # contributors may be used to endorse or promote products derived from # this software without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # # # If you wish openssl interface # Provide OPENSSL=1 OPENSSL_HOME= as nmake argument. # #OPENSSL=1 !ifdef OPENSSL !ifndef OPENSSL_HOME OPENSSL_HOME = ..\..\openssl-0.9.8a !endif !endif !ifdef OPENSSL OPENSSL_STATIC = libeay32.lib #OPENSSL_STATIC = libeay32sd.lib OPENSSL_DYNAMIC = libeay32.lib #OPENSSL_DYNAMIC = libeay32d.lib OPENSSL_INC=$(OPENSSL_HOME)\include OPENSSL_LIB=$(OPENSSL_HOME)\lib OPENSSL_CFLAGS=-I$(OPENSSL_INC) -DENABLE_PKCS11H_OPENSSL OPENSSL_LIBS=-LIBPATH:$(OPENSSL_LIB) user32.lib advapi32.lib $(OPENSSL_STATIC) !endif CFLAGS = -I../include $(OPENSSL_CFLAGS) -DWIN32 -DWIN32_LEAN_AND_MEAN -D_MBCS -D_CRT_SECURE_NO_DEPRECATE -D_WIN32_WINNT=0x0400 CC=cl.exe RC=rc.exe CCPARAMS=/nologo /W3 /O2 /FD /c CCPARAMS=$(CCPARAMS) /MD CFLAGS=$(CFLAGS) -DNDEBUG LINK32=link.exe LIB32=lib.exe LINK32_FLAGS=/nologo /subsystem:windows /dll /incremental:no LIB32_FLAGS=/nologo HEADERS = \ config.h \ common.h \ _pkcs11h-core.h \ _pkcs11h-certificate.h \ _pkcs11h-crypto.h \ _pkcs11h-mem.h \ _pkcs11h-session.h \ _pkcs11h-slotevent.h \ _pkcs11h-sys.h \ _pkcs11h-threading.h \ _pkcs11h-token.h \ _pkcs11h-util.h \ ../include/pkcs11-helper-1.0/cryptoki.h \ ../include/pkcs11-helper-1.0/cryptoki-win32.h \ ../include/pkcs11-helper-1.0/pkcs11h-core.h \ ../include/pkcs11-helper-1.0/pkcs11h-certificate.h \ ../include/pkcs11-helper-1.0/pkcs11h-data.h \ ../include/pkcs11-helper-1.0/pkcs11h-def.h \ ../include/pkcs11-helper-1.0/pkcs11h-engines.h \ ../include/pkcs11-helper-1.0/pkcs11h-openssl.h \ ../include/pkcs11-helper-1.0/pkcs11h-token.h OBJS = \ pkcs11h-core.obj \ pkcs11h-certificate.obj \ pkcs11h-crypto.obj \ _pkcs11h-crypto-cryptoapi.obj \ pkcs11h-data.obj \ pkcs11h-mem.obj \ pkcs11h-openssl.obj \ pkcs11h-serialization.obj \ pkcs11h-session.obj \ pkcs11h-slotevent.obj \ pkcs11h-sys.obj \ pkcs11h-threading.obj \ pkcs11h-token.obj \ pkcs11h-util.obj RES = \ versioninfo.res all: libpkcs11-helper-1.dll pkcs11-helper.lib pkcs11-helper-1.dll.def: echo LIBRARY libpkcs11-helper-1 > pkcs11-helper-1.dll.def echo EXPORTS >> pkcs11-helper-1.dll.def type core.exports >> pkcs11-helper-1.dll.def type certificate.exports >> pkcs11-helper-1.dll.def type data.exports >> pkcs11-helper-1.dll.def type slotevent.exports >> pkcs11-helper-1.dll.def type token.exports >> pkcs11-helper-1.dll.def !ifdef OPENSSL type openssl.exports >> pkcs11-helper-1.dll.def !endif libpkcs11-helper-1.dll: pkcs11-helper-1.dll.def $(OBJS) $(RES) $(LINK32) @<< $(LINK32_FLAGS) /out:"libpkcs11-helper-1.dll" /def:pkcs11-helper-1.dll.def kernel32.lib gdi32.lib $(OPENSSL_LIBS) $(OBJS) $(RES) << move libpkcs11-helper-1.lib pkcs11-helper.dll.lib pkcs11-helper.lib: $(OBJS) $(LIB32) @<< $(LIB32_FLAGS) /out:"pkcs11-helper.lib" $(OBJS) << clean: -del /Q $(OBJS) $(RES) libpkcs11-helper-1.dll *.lib *.exp *.manifest *.idb *.pdb pkcs11-helper-1.dll.def .rc.res:: $(RC) $(CFLAGS) $< .c.obj:: $(CC) @<< $(CCPARAMS) $(CFLAGS) $< << pkcs11-helper-pkcs11-helper-1.22/lib/_pkcs11h-certificate.h000066400000000000000000000076541304770615400232250ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #ifndef ___PKCS11H_CERTIFICATE_H #define ___PKCS11H_CERTIFICATE_H #include "common.h" #if defined(ENABLE_PKCS11H_CERTIFICATE) #include "_pkcs11h-core.h" #include struct pkcs11h_certificate_s { pkcs11h_certificate_id_t id; int pin_cache_period; unsigned mask_private_mode; _pkcs11h_session_t session; CK_OBJECT_HANDLE key_handle; PKCS11H_BOOL operation_active; #if defined(ENABLE_PKCS11H_THREADING) _pkcs11h_mutex_t mutex; #endif unsigned mask_prompt; void * user_data; }; PKCS11H_BOOL _pkcs11h_certificate_isBetterCertificate ( IN const unsigned char * const current, IN const size_t current_size, IN const unsigned char * const newone, IN const size_t newone_size ); CK_RV _pkcs11h_certificate_newCertificateId ( OUT pkcs11h_certificate_id_t * const certificate_id ); CK_RV _pkcs11h_certificate_validateSession ( IN const pkcs11h_certificate_t certificate ); CK_RV _pkcs11h_certificate_resetSession ( IN const pkcs11h_certificate_t certificate, IN const PKCS11H_BOOL public_only, IN const PKCS11H_BOOL session_mutex_locked ); CK_RV _pkcs11h_certificate_enumSessionCertificates ( IN const _pkcs11h_session_t session, IN void * const user_data, IN const unsigned mask_prompt ); #endif /* ENABLE_PKCS11H_CERTIFICATE */ #endif /* ___PKCS11H_CERTIFICATE_H */ pkcs11-helper-pkcs11-helper-1.22/lib/_pkcs11h-core.h000066400000000000000000000151771304770615400216720ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #ifndef ___PKCS11H_BASE_H #define ___PKCS11H_BASE_H #include "common.h" #include #include #include "_pkcs11h-threading.h" #if !defined(_WIN32) #include #endif #define _PKCS11H_INVALID_SLOT_ID ((CK_SLOT_ID)-1) #define _PKCS11H_INVALID_SESSION_HANDLE ((CK_SESSION_HANDLE)-1) #define _PKCS11H_INVALID_OBJECT_HANDLE ((CK_OBJECT_HANDLE)-1) #define _PKCS11H_DEFAULT_SLOTEVENT_POLL 5000 #define _PKCS11H_DEFAULT_MAX_LOGIN_RETRY 3 #define _PKCS11H_DEFAULT_PIN_CACHE_PERIOD PKCS11H_PIN_CACHE_INFINITE /*=========================================== * Macros */ #define __PKCS11H_MSG_LEVEL_TEST(flags) (((unsigned int)flags) <= _g_pkcs11h_loglevel) #if defined(HAVE_CPP_VARARG_MACRO_ISO) && !defined(__LCLINT__) # define _PKCS11H_LOG(flags, ...) do { if (__PKCS11H_MSG_LEVEL_TEST(flags)) _pkcs11h_log((flags), __VA_ARGS__); } while (FALSE) # ifdef ENABLE_PKCS11H_DEBUG # define _PKCS11H_DEBUG(flags, ...) do { if (__PKCS11H_MSG_LEVEL_TEST(flags)) _pkcs11h_log((flags), __VA_ARGS__); } while (FALSE) # else # define _PKCS11H_DEBUG(flags, ...) # endif #elif defined(HAVE_CPP_VARARG_MACRO_GCC) && !defined(__LCLINT__) # define _PKCS11H_LOG(flags, args...) do { if (__PKCS11H_MSG_LEVEL_TEST(flags)) _pkcs11h_log((flags), args); } while (FALSE) # ifdef ENABLE_PKCS11H_DEBUG # define _PKCS11H_DEBUG(flags, args...) do { if (__PKCS11H_MSG_LEVEL_TEST(flags)) _pkcs11h_log((flags), args); } while (FALSE) # else # define _PKCS11H_DEBUG(flags, args...) # endif #else # define _PKCS11H_LOG _pkcs11h_log # define _PKCS11H_DEBUG _pkcs11h_log #endif /*=========================================== * Types */ struct _pkcs11h_provider_s; struct _pkcs11h_session_s; struct _pkcs11h_data_s; typedef struct _pkcs11h_provider_s *_pkcs11h_provider_t; typedef struct _pkcs11h_session_s *_pkcs11h_session_t; typedef struct _pkcs11h_data_s *_pkcs11h_data_t; struct _pkcs11h_provider_s { _pkcs11h_provider_t next; PKCS11H_BOOL enabled; char reference[1024]; char manufacturerID[sizeof (((CK_TOKEN_INFO *)NULL)->manufacturerID)+1]; #if defined(_WIN32) HANDLE handle; #else void *handle; #endif CK_FUNCTION_LIST_PTR f; PKCS11H_BOOL should_finalize; PKCS11H_BOOL allow_protected_auth; PKCS11H_BOOL cert_is_private; unsigned mask_private_mode; unsigned mask_decrypt_mode; unsigned slot_event_method; unsigned slot_poll_interval; #if defined(ENABLE_PKCS11H_SLOTEVENT) _pkcs11h_thread_t slotevent_thread; #endif }; struct _pkcs11h_session_s { _pkcs11h_session_t next; int reference_count; PKCS11H_BOOL valid; _pkcs11h_provider_t provider; pkcs11h_token_id_t token_id; CK_SESSION_HANDLE session_handle; PKCS11H_BOOL allow_protected_auth_supported; int pin_cache_period; time_t pin_expire_time; #if defined(ENABLE_PKCS11H_CERTIFICATE) pkcs11h_certificate_id_list_t cached_certs; PKCS11H_BOOL touch; #endif #if defined(ENABLE_PKCS11H_THREADING) _pkcs11h_mutex_t mutex; #endif }; struct _pkcs11h_data_s { PKCS11H_BOOL initialized; int pin_cache_period; _pkcs11h_provider_t providers; _pkcs11h_session_t sessions; struct { void * log_data; void * slotevent_data; void * token_prompt_data; void * pin_prompt_data; pkcs11h_hook_log_t log; pkcs11h_hook_slotevent_t slotevent; pkcs11h_hook_token_prompt_t token_prompt; pkcs11h_hook_pin_prompt_t pin_prompt; } hooks; PKCS11H_BOOL allow_protected_auth; unsigned max_retries; #if defined(ENABLE_PKCS11H_THREADING) struct { _pkcs11h_mutex_t global; _pkcs11h_mutex_t session; _pkcs11h_mutex_t cache; } mutexes; #if !defined(_WIN32) PKCS11H_BOOL safefork; #endif #endif #if defined(ENABLE_PKCS11H_SLOTEVENT) struct { PKCS11H_BOOL initialized; PKCS11H_BOOL should_terminate; PKCS11H_BOOL skip_event; _pkcs11h_cond_t cond_event; _pkcs11h_thread_t thread; } slotevent; #endif }; void _pkcs11h_log ( IN const unsigned flags, IN const char * const format, IN ... ) #ifdef __GNUC__ __attribute__ ((format (printf, 2, 3))) #endif ; extern _pkcs11h_data_t _g_pkcs11h_data; extern unsigned int _g_pkcs11h_loglevel; #endif pkcs11-helper-pkcs11-helper-1.22/lib/_pkcs11h-crypto-cryptoapi.c000066400000000000000000000233641304770615400242620ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #include "common.h" #include "_pkcs11h-sys.h" #include "_pkcs11h-crypto.h" #if defined(ENABLE_PKCS11H_ENGINE_CRYPTOAPI) #include #if !defined(CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT) #define CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT 0x02 #endif #if !defined(CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT) #define CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT 0x02 #endif #if !defined(CERT_NAME_STR_REVERSE_FLAG) #define CERT_NAME_STR_REVERSE_FLAG 0x02000000 #endif typedef PCCERT_CONTEXT (WINAPI *__CertCreateCertificateContext_t) ( DWORD dwCertEncodingType, const BYTE *pbCertEncoded, DWORD cbCertEncoded ); typedef BOOL (WINAPI *__CertFreeCertificateContext_t) ( PCCERT_CONTEXT pCertContext ); typedef DWORD (WINAPI *CertNameToStrW_t) ( DWORD dwCertEncodingType, PCERT_NAME_BLOB pName, DWORD dwStrType, LPWSTR psz, DWORD csz ); typedef BOOL (WINAPI *__CryptVerifyCertificateSignatureEx_t) ( void *hCryptProv, DWORD dwCertEncodingType, DWORD dwSubjectType, void* pvSubject, DWORD dwIssuerType, void* pvIssuer, DWORD dwFlags, void* pvReserved ); typedef struct __crypto_cryptoapi_data_s { HMODULE handle; __CertCreateCertificateContext_t p_CertCreateCertificateContext; __CertFreeCertificateContext_t p_CertFreeCertificateContext; CertNameToStrW_t p_CertNameToStrW; __CryptVerifyCertificateSignatureEx_t p_CryptVerifyCertificateSignatureEx; } *__crypto_cryptoapi_data_t; static int __pkcs11h_crypto_cryptoapi_uninitialize ( IN void * const global_data ) { __crypto_cryptoapi_data_t data = (__crypto_cryptoapi_data_t)global_data; _PKCS11H_ASSERT (global_data!=NULL); if (data->handle != NULL) { FreeLibrary (data->handle); data->handle = NULL; } memset (data, 0, sizeof (struct __crypto_cryptoapi_data_s)); return 1; } static int __pkcs11h_crypto_cryptoapi_initialize ( IN void * const global_data ) { __crypto_cryptoapi_data_t data = (__crypto_cryptoapi_data_t)global_data; _PKCS11H_ASSERT (global_data!=NULL); __pkcs11h_crypto_cryptoapi_uninitialize (data); data->handle = LoadLibraryA ("crypt32.dll"); if (data->handle == NULL) { return 0; } data->p_CertCreateCertificateContext = (__CertCreateCertificateContext_t)GetProcAddress ( data->handle, "CertCreateCertificateContext" ); data->p_CertFreeCertificateContext = (__CertFreeCertificateContext_t)GetProcAddress ( data->handle, "CertFreeCertificateContext" ); data->p_CertNameToStrW = (CertNameToStrW_t)GetProcAddress ( data->handle, "CertNameToStrW" ); data->p_CryptVerifyCertificateSignatureEx = (__CryptVerifyCertificateSignatureEx_t)GetProcAddress ( data->handle, "CryptVerifyCertificateSignatureEx" ); if ( data->p_CertCreateCertificateContext == NULL || data->p_CertFreeCertificateContext == NULL || data->p_CertNameToStrW == NULL || data->p_CryptVerifyCertificateSignatureEx == NULL ) { __pkcs11h_crypto_cryptoapi_uninitialize (data); return 0; } return 1; } static int __pkcs11h_crypto_cryptoapi_certificate_get_expiration ( IN void * const global_data, IN const unsigned char * const blob, IN const size_t blob_size, OUT time_t * const expiration ) { __crypto_cryptoapi_data_t data = (__crypto_cryptoapi_data_t)global_data; PCCERT_CONTEXT cert = NULL; PKCS11H_BOOL ok = FALSE; SYSTEMTIME ust, st; struct tm tm1; _PKCS11H_ASSERT (global_data!=NULL); _PKCS11H_ASSERT (blob!=NULL); _PKCS11H_ASSERT (expiration!=NULL); *expiration = (time_t)0; if ( (cert = data->p_CertCreateCertificateContext ( PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, blob, blob_size )) == NULL || !FileTimeToSystemTime ( &cert->pCertInfo->NotAfter, &ust ) ) { goto cleanup; } SystemTimeToTzSpecificLocalTime (NULL, &ust, &st); memset (&tm1, 0, sizeof (tm1)); tm1.tm_year = st.wYear - 1900; tm1.tm_mon = st.wMonth - 1; tm1.tm_mday = st.wDay; tm1.tm_hour = st.wHour; tm1.tm_min = st.wMinute; tm1.tm_sec = st.wSecond; *expiration = mktime (&tm1); ok = TRUE; cleanup: if (cert != NULL) { data->p_CertFreeCertificateContext (cert); cert = NULL; } return ok != FALSE; } static int __pkcs11h_crypto_cryptoapi_certificate_get_dn ( IN void * const global_data, IN const unsigned char * const blob, IN const size_t blob_size, OUT char * const dn, IN const size_t dn_max ) { __crypto_cryptoapi_data_t data = (__crypto_cryptoapi_data_t)global_data; PCCERT_CONTEXT cert = NULL; PKCS11H_BOOL ok = TRUE; DWORD wsize; WCHAR *wstr = NULL; _PKCS11H_ASSERT (global_data!=NULL); _PKCS11H_ASSERT (blob!=NULL); _PKCS11H_ASSERT (dn!=NULL); _PKCS11H_ASSERT (dn_max>0); dn[0] = '\x0'; if ( (cert = data->p_CertCreateCertificateContext ( PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, blob, blob_size )) == NULL || (wsize = data->p_CertNameToStrW ( X509_ASN_ENCODING, &cert->pCertInfo->Subject, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, NULL, 0 )) == 0 ) { goto cleanup; } if ((wstr = (WCHAR *)_g_pkcs11h_sys_engine.malloc (wsize * sizeof (WCHAR))) == NULL) { goto cleanup; } if ( (wsize = data->p_CertNameToStrW ( X509_ASN_ENCODING, &cert->pCertInfo->Subject, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, wstr, wsize )) == 0 || WideCharToMultiByte ( CP_UTF8, 0, wstr, -1, dn, dn_max, NULL, NULL ) == 0 ) { goto cleanup; } ok = TRUE; cleanup: if (wstr != NULL) { _g_pkcs11h_sys_engine.free (wstr); wstr = NULL; } if (cert != NULL) { data->p_CertFreeCertificateContext (cert); cert = NULL; } return ok != FALSE; } static int __pkcs11h_crypto_cryptoapi_certificate_is_issuer ( IN void * const global_data, IN const unsigned char * const issuer_blob, IN const size_t issuer_blob_size, IN const unsigned char * const cert_blob, IN const size_t cert_blob_size ) { __crypto_cryptoapi_data_t data = (__crypto_cryptoapi_data_t)global_data; PCCERT_CONTEXT cert_issuer = NULL; PCCERT_CONTEXT cert_cert = NULL; PKCS11H_BOOL issuer = FALSE; _PKCS11H_ASSERT (global_data!=NULL); _PKCS11H_ASSERT (issuer_blob!=NULL); _PKCS11H_ASSERT (cert_blob!=NULL); if ( (cert_issuer = data->p_CertCreateCertificateContext ( PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, issuer_blob, issuer_blob_size )) == NULL || (cert_cert = data->p_CertCreateCertificateContext ( PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, cert_blob, cert_blob_size )) == NULL ) { goto cleanup; } if ( data->p_CryptVerifyCertificateSignatureEx ( NULL, X509_ASN_ENCODING, CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT, (void *)cert_cert, CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, (void *)cert_issuer, 0, NULL ) ) { issuer = TRUE; } cleanup: if (cert_issuer != NULL) { data->p_CertFreeCertificateContext (cert_issuer); cert_issuer = NULL; } if (cert_cert != NULL) { data->p_CertFreeCertificateContext (cert_cert); cert_cert = NULL; } return issuer != FALSE; } static struct __crypto_cryptoapi_data_s s_cryptoapi_data; const pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine_cryptoapi = { &s_cryptoapi_data, __pkcs11h_crypto_cryptoapi_initialize, __pkcs11h_crypto_cryptoapi_uninitialize, __pkcs11h_crypto_cryptoapi_certificate_get_expiration, __pkcs11h_crypto_cryptoapi_certificate_get_dn, __pkcs11h_crypto_cryptoapi_certificate_is_issuer }; #endif /* ENABLE_PKCS11H_ENGINE_CRYPTOAPI */ pkcs11-helper-pkcs11-helper-1.22/lib/_pkcs11h-crypto-gnutls.c000066400000000000000000000161711304770615400235620ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #include "common.h" #include "_pkcs11h-crypto.h" #if defined(ENABLE_PKCS11H_ENGINE_GNUTLS) #include static int __pkcs11h_crypto_gnutls_initialize ( IN void * const global_data ) { (void)global_data; /*_PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/ if (gnutls_global_init () != GNUTLS_E_SUCCESS) { return FALSE; } else { return TRUE; } } static int __pkcs11h_crypto_gnutls_uninitialize ( IN void * const global_data ) { (void)global_data; /*_PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/ gnutls_global_deinit (); return TRUE; } static int __pkcs11h_crypto_gnutls_certificate_get_expiration ( IN void * const global_data, IN const unsigned char * const blob, IN const size_t blob_size, OUT time_t * const expiration ) { gnutls_x509_crt_t cert = NULL; gnutls_datum_t datum; time_t now = time (NULL); time_t notBefore; time_t notAfter; (void)global_data; /*_PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/ _PKCS11H_ASSERT (blob!=NULL); _PKCS11H_ASSERT (expiration!=NULL); *expiration = (time_t)0; if (gnutls_x509_crt_init (&cert) != GNUTLS_E_SUCCESS) { /* gnutls sets output */ cert = NULL; goto cleanup; } datum.data = (unsigned char *)blob; datum.size = blob_size; if (gnutls_x509_crt_import (cert, &datum, GNUTLS_X509_FMT_DER) != GNUTLS_E_SUCCESS) { goto cleanup; } notBefore = gnutls_x509_crt_get_activation_time (cert); notAfter = gnutls_x509_crt_get_expiration_time (cert); if ( now >= notBefore && now <= notAfter ) { *expiration = notAfter; } cleanup: if (cert != NULL) { gnutls_x509_crt_deinit (cert); cert = NULL; } return *expiration != (time_t)0; } static int __pkcs11h_crypto_gnutls_certificate_get_dn ( IN void * const global_data, IN const unsigned char * const blob, IN const size_t blob_size, OUT char * const dn, IN const size_t dn_max ) { gnutls_x509_crt_t cert = NULL; gnutls_datum_t datum; size_t s; (void)global_data; /*_PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/ _PKCS11H_ASSERT (blob!=NULL); _PKCS11H_ASSERT (dn!=NULL); _PKCS11H_ASSERT (dn_max>0); dn[0] = '\x0'; if (gnutls_x509_crt_init (&cert) != GNUTLS_E_SUCCESS) { /* gnutls sets output */ cert = NULL; goto cleanup; } datum.data = (unsigned char *)blob; datum.size = blob_size; if (gnutls_x509_crt_import (cert, &datum, GNUTLS_X509_FMT_DER) != GNUTLS_E_SUCCESS) { goto cleanup; } s = dn_max; if ( gnutls_x509_crt_get_dn ( cert, dn, &s ) != GNUTLS_E_SUCCESS ) { /* gnutls sets output */ dn[0] = '\x0'; goto cleanup; } cleanup: if (cert != NULL) { gnutls_x509_crt_deinit (cert); cert = NULL; } return dn[0] != '\x0'; } static int __pkcs11h_crypto_gnutls_certificate_is_issuer ( IN void * const global_data, IN const unsigned char * const issuer_blob, IN const size_t issuer_blob_size, IN const unsigned char * const cert_blob, IN const size_t cert_blob_size ) { gnutls_x509_crt_t cert_issuer = NULL; gnutls_x509_crt_t cert_cert = NULL; gnutls_datum_t datum; PKCS11H_BOOL is_issuer = FALSE; unsigned int result = 0; (void)global_data; /*_PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/ _PKCS11H_ASSERT (issuer_blob!=NULL); _PKCS11H_ASSERT (cert_blob!=NULL); if (gnutls_x509_crt_init (&cert_issuer) != GNUTLS_E_SUCCESS) { /* gnutls sets output */ cert_issuer = NULL; goto cleanup; } if (gnutls_x509_crt_init (&cert_cert) != GNUTLS_E_SUCCESS) { /* gnutls sets output */ cert_cert = NULL; goto cleanup; } datum.data = (unsigned char *)issuer_blob; datum.size = issuer_blob_size; if ( gnutls_x509_crt_import ( cert_issuer, &datum, GNUTLS_X509_FMT_DER ) != GNUTLS_E_SUCCESS ) { goto cleanup; } datum.data = (unsigned char *)cert_blob; datum.size = cert_blob_size; if ( gnutls_x509_crt_import ( cert_cert, &datum, GNUTLS_X509_FMT_DER ) != GNUTLS_E_SUCCESS ) { goto cleanup; } if ( gnutls_x509_crt_verify ( cert_cert, &cert_issuer, 1, 0, &result ) && (result & GNUTLS_CERT_INVALID) == 0 ) { is_issuer = TRUE; } cleanup: if (cert_cert != NULL) { gnutls_x509_crt_deinit (cert_cert); cert_cert = NULL; } if (cert_issuer != NULL) { gnutls_x509_crt_deinit (cert_issuer); cert_issuer = NULL; } return is_issuer; } const pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine_gnutls = { NULL, __pkcs11h_crypto_gnutls_initialize, __pkcs11h_crypto_gnutls_uninitialize, __pkcs11h_crypto_gnutls_certificate_get_expiration, __pkcs11h_crypto_gnutls_certificate_get_dn, __pkcs11h_crypto_gnutls_certificate_is_issuer }; #endif /* ENABLE_PKCS11H_ENGINE_GNUTLS */ pkcs11-helper-pkcs11-helper-1.22/lib/_pkcs11h-crypto-mbedtls.c000066400000000000000000000140271304770615400236760ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #include "common.h" #include "_pkcs11h-crypto.h" #if defined(ENABLE_PKCS11H_ENGINE_MBEDTLS) #ifdef HAVE_MBEDTLS_X509_CRT_H #include #include #else #include #endif static int __pkcs11h_crypto_mbedtls_initialize ( IN void * const global_data ) { (void)global_data; return TRUE; } static int __pkcs11h_crypto_mbedtls_uninitialize ( IN void * const global_data ) { (void)global_data; return TRUE; } static int __pkcs11h_crypto_mbedtls_certificate_get_expiration ( IN void * const global_data, IN const unsigned char * const blob, IN const size_t blob_size, OUT time_t * const expiration ) { x509_crt x509; (void)global_data; /*_PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/ _PKCS11H_ASSERT (blob!=NULL); _PKCS11H_ASSERT (expiration!=NULL); *expiration = (time_t)0; memset(&x509, 0, sizeof(x509)); if (0 != x509_crt_parse (&x509, blob, blob_size)) { goto cleanup; } if (0 == x509_time_expired(&x509.valid_to)) { struct tm tm1; memset (&tm1, 0, sizeof (tm1)); tm1.tm_year = x509.valid_to.year - 1900; tm1.tm_mon = x509.valid_to.mon - 1; tm1.tm_mday = x509.valid_to.day; tm1.tm_hour = x509.valid_to.hour - 1; tm1.tm_min = x509.valid_to.min - 1; tm1.tm_sec = x509.valid_to.sec - 1; *expiration = mktime (&tm1); *expiration += (int)(mktime (localtime (expiration)) - mktime (gmtime (expiration))); } cleanup: x509_crt_free(&x509); return *expiration != (time_t)0; } static int __pkcs11h_crypto_mbedtls_certificate_get_dn ( IN void * const global_data, IN const unsigned char * const blob, IN const size_t blob_size, OUT char * const dn, IN const size_t dn_max ) { x509_crt x509; int ret = FALSE; (void)global_data; /*_PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/ _PKCS11H_ASSERT (blob!=NULL); _PKCS11H_ASSERT (dn!=NULL); _PKCS11H_ASSERT (dn_max>0); dn[0] = '\x0'; memset(&x509, 0, sizeof(x509)); if (0 != x509_crt_parse (&x509, blob, blob_size)) { goto cleanup; } if (-1 == x509_dn_gets(dn, dn_max, &x509.subject)) { goto cleanup; } ret = TRUE; cleanup: x509_crt_free(&x509); return ret; } static int __pkcs11h_crypto_mbedtls_certificate_is_issuer ( IN void * const global_data, IN const unsigned char * const issuer_blob, IN const size_t issuer_blob_size, IN const unsigned char * const cert_blob, IN const size_t cert_blob_size ) { x509_crt x509_issuer; x509_crt x509_cert; uint32_t verify_flags = 0; PKCS11H_BOOL is_issuer = FALSE; (void)global_data; /*_PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/ _PKCS11H_ASSERT (issuer_blob!=NULL); _PKCS11H_ASSERT (cert_blob!=NULL); memset(&x509_issuer, 0, sizeof(x509_issuer)); if (0 != x509_crt_parse (&x509_issuer, issuer_blob, issuer_blob_size)) { goto cleanup; } memset(&x509_cert, 0, sizeof(x509_cert)); if (0 != x509_crt_parse (&x509_cert, cert_blob, cert_blob_size)) { goto cleanup; } if ( 0 == x509_crt_verify(&x509_cert, &x509_issuer, NULL, NULL, &verify_flags, NULL, NULL )) { is_issuer = TRUE; } cleanup: x509_crt_free(&x509_cert); x509_crt_free(&x509_issuer); return is_issuer; } const pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine_mbedtls = { NULL, __pkcs11h_crypto_mbedtls_initialize, __pkcs11h_crypto_mbedtls_uninitialize, __pkcs11h_crypto_mbedtls_certificate_get_expiration, __pkcs11h_crypto_mbedtls_certificate_get_dn, __pkcs11h_crypto_mbedtls_certificate_is_issuer }; #endif /* ENABLE_PKCS11H_ENGINE_MBEDTLS */ pkcs11-helper-pkcs11-helper-1.22/lib/_pkcs11h-crypto-nss.c000066400000000000000000000146551304770615400230560ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #include "common.h" #include "_pkcs11h-crypto.h" #if defined(ENABLE_PKCS11H_ENGINE_NSS) #define _PKCS11T_H_ /* required so no conflict with ours */ #include #include static int __pkcs11h_crypto_nss_initialize ( IN void * const global_data ) { int ret = FALSE; if (NSS_IsInitialized ()) { *(int *)global_data = FALSE; } else { if (NSS_NoDB_Init (NULL) != SECSuccess) { goto cleanup; } *(int *)global_data = TRUE; } ret = TRUE; cleanup: return ret; } static int __pkcs11h_crypto_nss_uninitialize ( IN void * const global_data ) { if (*(int *)global_data != FALSE) { NSS_Shutdown (); } return TRUE; } static int __pkcs11h_crypto_nss_certificate_get_expiration ( IN void * const global_data, IN const unsigned char * const blob, IN const size_t blob_size, OUT time_t * const expiration ) { CERTCertificate *cert = NULL; PRTime pr_notBefore, pr_notAfter; time_t notBefore, notAfter; time_t now = time (NULL); (void)global_data; *expiration = (time_t)0; /*_PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/ _PKCS11H_ASSERT (blob!=NULL); _PKCS11H_ASSERT (expiration!=NULL); if ((cert = CERT_DecodeCertFromPackage ((char *)blob, blob_size)) == NULL) { goto cleanup; } if (CERT_GetCertTimes (cert, &pr_notBefore, &pr_notAfter) != SECSuccess) { goto cleanup; } notBefore = pr_notBefore/1000000; notAfter = pr_notAfter/1000000; notBefore = mktime (gmtime (¬Before)); notBefore += (int)(mktime (localtime (¬Before)) - mktime (gmtime (¬Before))); notAfter = mktime (gmtime (¬After)); notAfter += (int)(mktime (localtime (¬After)) - mktime (gmtime (¬After))); if ( now >= notBefore && now <= notAfter ) { *expiration = notAfter; } cleanup: if (cert != NULL) { CERT_DestroyCertificate (cert); } return *expiration != (time_t)0; } static int __pkcs11h_crypto_nss_certificate_get_dn ( IN void * const global_data, IN const unsigned char * const blob, IN const size_t blob_size, OUT char * const dn, IN const size_t dn_max ) { CERTCertificate *cert = NULL; (void)global_data; /*_PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/ _PKCS11H_ASSERT (blob!=NULL); _PKCS11H_ASSERT (dn!=NULL); _PKCS11H_ASSERT (dn_max>0); dn[0] = '\x0'; if ((cert = CERT_DecodeCertFromPackage ((char *)blob, blob_size)) == NULL) { goto cleanup; } if (strlen (cert->subjectName) >= dn_max) { goto cleanup; } strcpy (dn, cert->subjectName); cleanup: if (cert != NULL) { CERT_DestroyCertificate (cert); } return dn[0] != '\x0'; } static int __pkcs11h_crypto_nss_certificate_is_issuer ( IN void * const global_data, IN const unsigned char * const issuer_blob, IN const size_t issuer_blob_size, IN const unsigned char * const cert_blob, IN const size_t cert_blob_size ) { PKCS11H_BOOL is_issuer = FALSE; CERTCertificate *cert = NULL; CERTCertificate *issuer = NULL; (void)global_data; /*_PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/ _PKCS11H_ASSERT (issuer_blob!=NULL); _PKCS11H_ASSERT (cert_blob!=NULL); if ((issuer = CERT_DecodeCertFromPackage ((char *)issuer_blob, issuer_blob_size)) == NULL) { goto cleanup; } if ((cert = CERT_DecodeCertFromPackage ((char *)cert_blob, cert_blob_size)) == NULL) { goto cleanup; } is_issuer = CERT_VerifySignedDataWithPublicKeyInfo ( &cert->signatureWrap, &issuer->subjectPublicKeyInfo, NULL ) == SECSuccess; cleanup: if (cert != NULL) { CERT_DestroyCertificate (cert); } if (issuer != NULL) { CERT_DestroyCertificate (issuer); } return is_issuer; } static int s_nss_data = 0; const pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine_nss = { &s_nss_data, __pkcs11h_crypto_nss_initialize, __pkcs11h_crypto_nss_uninitialize, __pkcs11h_crypto_nss_certificate_get_expiration, __pkcs11h_crypto_nss_certificate_get_dn, __pkcs11h_crypto_nss_certificate_is_issuer }; #endif /* ENABLE_PKCS11H_ENGINE_NSS */ pkcs11-helper-pkcs11-helper-1.22/lib/_pkcs11h-crypto-openssl.c000066400000000000000000000200471304770615400237260ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #include "common.h" #include "_pkcs11h-crypto.h" #if defined(ENABLE_PKCS11H_ENGINE_OPENSSL) #include #if OPENSSL_VERSION_NUMBER < 0x00907000L && defined(CRYPTO_LOCK_ENGINE) # define RSA_get_default_method RSA_get_default_openssl_method #else # ifdef HAVE_ENGINE_GET_DEFAULT_RSA # include # if OPENSSL_VERSION_NUMBER < 0x0090704fL # define BROKEN_OPENSSL_ENGINE # endif # endif #endif #if OPENSSL_VERSION_NUMBER < 0x00907000L #if !defined(RSA_PKCS1_PADDING_SIZE) #define RSA_PKCS1_PADDING_SIZE 11 #endif #endif #if OPENSSL_VERSION_NUMBER < 0x00908000L typedef unsigned char *__pkcs11_openssl_d2i_t; #else typedef const unsigned char *__pkcs11_openssl_d2i_t; #endif static int __pkcs11h_crypto_openssl_initialize ( IN void * const global_data ) { (void)global_data; OpenSSL_add_all_digests (); return TRUE; } static int __pkcs11h_crypto_openssl_uninitialize ( IN void * const global_data ) { (void)global_data; return TRUE; } static int __pkcs11h_crypto_openssl_certificate_get_expiration ( IN void * const global_data, IN const unsigned char * const blob, IN const size_t blob_size, OUT time_t * const expiration ) { X509 *x509 = NULL; __pkcs11_openssl_d2i_t d2i; ASN1_TIME *notBefore; ASN1_TIME *notAfter; (void)global_data; /*_PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/ _PKCS11H_ASSERT (blob!=NULL); _PKCS11H_ASSERT (expiration!=NULL); *expiration = (time_t)0; if ((x509 = X509_new ()) == NULL) { goto cleanup; } d2i = (__pkcs11_openssl_d2i_t)blob; if (!d2i_X509 (&x509, &d2i, blob_size)) { goto cleanup; } notBefore = X509_get_notBefore (x509); notAfter = X509_get_notAfter (x509); if ( notBefore != NULL && notAfter != NULL && X509_cmp_current_time (notBefore) <= 0 && X509_cmp_current_time (notAfter) >= 0 && notAfter->length >= 12 ) { struct tm tm1; memset (&tm1, 0, sizeof (tm1)); tm1.tm_year = (notAfter->data[ 0] - '0') * 10 + (notAfter->data[ 1] - '0') + 100; tm1.tm_mon = (notAfter->data[ 2] - '0') * 10 + (notAfter->data[ 3] - '0') - 1; tm1.tm_mday = (notAfter->data[ 4] - '0') * 10 + (notAfter->data[ 5] - '0'); tm1.tm_hour = (notAfter->data[ 6] - '0') * 10 + (notAfter->data[ 7] - '0'); tm1.tm_min = (notAfter->data[ 8] - '0') * 10 + (notAfter->data[ 9] - '0'); tm1.tm_sec = (notAfter->data[10] - '0') * 10 + (notAfter->data[11] - '0'); *expiration = mktime (&tm1); *expiration += (int)(mktime (localtime (expiration)) - mktime (gmtime (expiration))); } cleanup: if (x509 != NULL) { X509_free (x509); x509 = NULL; } return *expiration != (time_t)0; } static int __pkcs11h_crypto_openssl_certificate_get_dn ( IN void * const global_data, IN const unsigned char * const blob, IN const size_t blob_size, OUT char * const dn, IN const size_t dn_max ) { X509 *x509 = NULL; __pkcs11_openssl_d2i_t d2i; (void)global_data; /*_PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/ _PKCS11H_ASSERT (blob!=NULL); _PKCS11H_ASSERT (dn!=NULL); _PKCS11H_ASSERT (dn_max>0); dn[0] = '\x0'; if ((x509 = X509_new ()) == NULL) { goto cleanup; } d2i = (__pkcs11_openssl_d2i_t)blob; if (!d2i_X509 (&x509, &d2i, blob_size)) { goto cleanup; } X509_NAME_oneline ( X509_get_subject_name (x509), dn, dn_max ); cleanup: if (x509 != NULL) { X509_free (x509); x509 = NULL; } return dn[0] != '\x0'; } static int __pkcs11h_crypto_openssl_certificate_is_issuer ( IN void * const global_data, IN const unsigned char * const issuer_blob, IN const size_t issuer_blob_size, IN const unsigned char * const cert_blob, IN const size_t cert_blob_size ) { X509 *x509_issuer = NULL; X509 *x509_cert = NULL; EVP_PKEY *pub_issuer = NULL; __pkcs11_openssl_d2i_t d2i; PKCS11H_BOOL is_issuer = FALSE; (void)global_data; /*_PKCS11H_ASSERT (global_data!=NULL); NOT NEEDED*/ _PKCS11H_ASSERT (issuer_blob!=NULL); _PKCS11H_ASSERT (cert_blob!=NULL); if ( (x509_issuer = X509_new ()) == NULL || (x509_cert = X509_new ()) == NULL ) { goto cleanup; } d2i = (__pkcs11_openssl_d2i_t)issuer_blob; if ( !d2i_X509 ( &x509_issuer, &d2i, issuer_blob_size ) ) { goto cleanup; } d2i = (__pkcs11_openssl_d2i_t)cert_blob; if ( !d2i_X509 ( &x509_cert, &d2i, cert_blob_size ) ) { goto cleanup; } if ( (pub_issuer = X509_get_pubkey (x509_issuer)) == NULL ) { goto cleanup; } if ( !X509_NAME_cmp ( X509_get_subject_name (x509_issuer), X509_get_issuer_name (x509_cert) ) && X509_verify (x509_cert, pub_issuer) == 1 ) { is_issuer = TRUE; } cleanup: if (pub_issuer != NULL) { EVP_PKEY_free (pub_issuer); pub_issuer = NULL; } if (x509_issuer != NULL) { X509_free (x509_issuer); x509_issuer = NULL; } if (x509_cert != NULL) { X509_free (x509_cert); x509_cert = NULL; } return is_issuer; } const pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine_openssl = { NULL, __pkcs11h_crypto_openssl_initialize, __pkcs11h_crypto_openssl_uninitialize, __pkcs11h_crypto_openssl_certificate_get_expiration, __pkcs11h_crypto_openssl_certificate_get_dn, __pkcs11h_crypto_openssl_certificate_is_issuer }; /*======================================================================* * FIXUPS *======================================================================*/ #ifdef BROKEN_OPENSSL_ENGINE static void broken_openssl_init(void) __attribute__ ((constructor)); static void broken_openssl_init(void) { SSL_library_init(); ENGINE_load_openssl(); ENGINE_register_all_RSA(); } #endif #endif /* ENABLE_PKCS11H_ENGINE_OPENSSL */ pkcs11-helper-pkcs11-helper-1.22/lib/_pkcs11h-crypto.h000066400000000000000000000054561304770615400222610ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #ifndef ___PKCS11H_CRYPTO_H #define ___PKCS11H_CRYPTO_H #include "common.h" #include extern pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine; #endif pkcs11-helper-pkcs11-helper-1.22/lib/_pkcs11h-mem.h000066400000000000000000000061461304770615400215140ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #ifndef ___PKCS11H_MEM_H #define ___PKCS11H_MEM_H #include "common.h" #include CK_RV _pkcs11h_mem_malloc ( OUT const void * * const p, IN const size_t s ); CK_RV _pkcs11h_mem_free ( IN const void * * const p ); CK_RV _pkcs11h_mem_strdup ( OUT const char * * const dest, IN const char * const src ); CK_RV _pkcs11h_mem_duplicate ( OUT const void * * const dest, OUT size_t * const dest_size, IN const void * const src, IN const size_t mem_size ); #endif pkcs11-helper-pkcs11-helper-1.22/lib/_pkcs11h-openssl.h000066400000000000000000000056021304770615400224150ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #ifndef ___PKCS11H_OPENSSL_H #define ___PKCS11H_OPENSSL_H #include "common.h" #if defined(ENABLE_PKCS11H_OPENSSL) #include PKCS11H_BOOL _pkcs11h_openssl_initialize (void); PKCS11H_BOOL _pkcs11h_openssl_terminate (void); #endif #endif pkcs11-helper-pkcs11-helper-1.22/lib/_pkcs11h-session.h000066400000000000000000000106021304770615400224110ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #ifndef ___PKCS11H_SESSION_H #define ___PKCS11H_SESSION_H #include "common.h" #include "_pkcs11h-core.h" CK_RV _pkcs11h_session_getSlotList ( IN const _pkcs11h_provider_t provider, IN const CK_BBOOL token_present, OUT CK_SLOT_ID_PTR * const pSlotList, OUT CK_ULONG_PTR pulCount ); CK_RV _pkcs11h_session_getObjectAttributes ( IN const _pkcs11h_session_t session, IN const CK_OBJECT_HANDLE object, IN OUT const CK_ATTRIBUTE_PTR attrs, IN const unsigned count ); CK_RV _pkcs11h_session_freeObjectAttributes ( IN OUT const CK_ATTRIBUTE_PTR attrs, IN const unsigned count ); CK_RV _pkcs11h_session_findObjects ( IN const _pkcs11h_session_t session, IN const CK_ATTRIBUTE * const filter, IN const CK_ULONG filter_attrs, OUT CK_OBJECT_HANDLE **const p_objects, OUT CK_ULONG *p_objects_found ); CK_RV _pkcs11h_session_getSessionByTokenId ( IN const pkcs11h_token_id_t token_id, OUT _pkcs11h_session_t * const p_session ); CK_RV _pkcs11h_session_release ( IN const _pkcs11h_session_t session ); CK_RV _pkcs11h_session_reset ( IN const _pkcs11h_session_t session, IN void * const user_data, IN const unsigned mask_prompt, OUT CK_SLOT_ID * const p_slot ); CK_RV _pkcs11h_session_getObjectById ( IN const _pkcs11h_session_t session, IN const CK_OBJECT_CLASS class, IN const CK_BYTE_PTR id, IN const size_t id_size, OUT CK_OBJECT_HANDLE * const p_handle ); CK_RV _pkcs11h_session_validate ( IN const _pkcs11h_session_t session ); CK_RV __pkcs11h_session_touch ( IN const _pkcs11h_session_t session ); CK_RV _pkcs11h_session_login ( IN const _pkcs11h_session_t session, IN const PKCS11H_BOOL public_only, IN const PKCS11H_BOOL readonly, IN void * const user_data, IN const unsigned mask_prompt ); CK_RV _pkcs11h_session_logout ( IN const _pkcs11h_session_t session ); #endif pkcs11-helper-pkcs11-helper-1.22/lib/_pkcs11h-slotevent.h000066400000000000000000000060251304770615400227550ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #ifndef ___PKCS11H_SLOTEVENT_H #define ___PKCS11H_SLOTEVENT_H #include "common.h" #if defined(ENABLE_PKCS11H_SLOTEVENT) #include CK_RV _pkcs11h_slotevent_init (void); CK_RV _pkcs11h_slotevent_notify (void); CK_RV _pkcs11h_slotevent_terminate_force (void); CK_RV _pkcs11h_slotevent_terminate (void); #endif /* ENABLE_PKCS11H_SLOTEVENT */ #endif /* ___PKCS11H_SLOTEVENT_H */ pkcs11-helper-pkcs11-helper-1.22/lib/_pkcs11h-sys.h000066400000000000000000000054451304770615400215550ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #ifndef ___PKCS11H_SYS_H #define ___PKCS11H_SYS_H #include "common.h" #include extern pkcs11h_engine_system_t _g_pkcs11h_sys_engine; #endif pkcs11-helper-pkcs11-helper-1.22/lib/_pkcs11h-threading.h000066400000000000000000000104611304770615400226760ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #ifndef ___PKCS11H_THREADING_H #define ___PKCS11H_THREADING_H #include "common.h" #if defined(ENABLE_PKCS11H_THREADING) #include #if !defined(_WIN32) #include #endif #define PKCS11H_COND_INFINITE 0xffffffff #if defined(_WIN32) #define PKCS11H_THREAD_NULL NULL typedef HANDLE _pkcs11h_cond_t; typedef HANDLE _pkcs11h_mutex_t; typedef HANDLE _pkcs11h_thread_t; #else #define PKCS11H_THREAD_NULL 0l typedef pthread_mutex_t _pkcs11h_mutex_t; typedef pthread_t _pkcs11h_thread_t; typedef struct { pthread_cond_t cond; pthread_mutex_t mut; } _pkcs11h_cond_t; #endif typedef void * (*_pkcs11h_thread_start_t)(void *); void _pkcs11h_threading_sleep ( IN const unsigned milli ); CK_RV _pkcs11h_threading_mutexInit ( OUT _pkcs11h_mutex_t * const mutex ); CK_RV _pkcs11h_threading_mutexLock ( IN OUT _pkcs11h_mutex_t *const mutex ); CK_RV _pkcs11h_threading_mutexRelease ( IN OUT _pkcs11h_mutex_t *const mutex ); CK_RV _pkcs11h_threading_mutexFree ( IN OUT _pkcs11h_mutex_t *const mutex ); CK_RV _pkcs11h_threading_condSignal ( IN OUT _pkcs11h_cond_t *const cond ); CK_RV _pkcs11h_threading_condInit ( OUT _pkcs11h_cond_t * const cond ); CK_RV _pkcs11h_threading_condWait ( IN OUT _pkcs11h_cond_t *const cond, IN const unsigned milli ); CK_RV _pkcs11h_threading_condFree ( IN OUT _pkcs11h_cond_t *const cond ); CK_RV _pkcs11h_threading_threadStart ( OUT _pkcs11h_thread_t * const thread, IN _pkcs11h_thread_start_t const start, IN void * data ); CK_RV _pkcs11h_threading_threadJoin ( IN _pkcs11h_thread_t * const thread ); #if !defined(_WIN32) void _pkcs1h_threading_mutexLockAll (void); void _pkcs1h_threading_mutexReleaseAll (void); #endif #endif #endif pkcs11-helper-pkcs11-helper-1.22/lib/_pkcs11h-token.h000066400000000000000000000057131304770615400220550ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #ifndef ___PKCS11H_TOKEN_H #define ___PKCS11H_TOKEN_H #include "common.h" #include "_pkcs11h-core.h" #include CK_RV _pkcs11h_token_getTokenId ( IN const CK_TOKEN_INFO_PTR info, OUT pkcs11h_token_id_t * const p_token_id ); CK_RV _pkcs11h_token_newTokenId ( OUT pkcs11h_token_id_t * const token_id ); #endif pkcs11-helper-pkcs11-helper-1.22/lib/_pkcs11h-util.h000066400000000000000000000067541304770615400217200ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #ifndef ___PKCS11H_UTIL_H #define ___PKCS11H_UTIL_H #include "common.h" #include void _pkcs11h_util_fixupFixedString ( OUT char * const target, /* MUST BE >= length+1 */ IN const char * const source, IN const size_t length /* FIXED STRING LENGTH */ ); CK_RV _pkcs11h_util_hexToBinary ( OUT unsigned char * const target, IN const char * const source, IN OUT size_t * const p_target_size ); CK_RV _pkcs11h_util_binaryToHex ( OUT char * const target, IN const size_t target_size, IN const unsigned char * const source, IN const size_t source_size ); CK_RV _pkcs11h_util_escapeString ( IN OUT char * const target, IN const char * const source, IN size_t * const max, IN const char * const invalid_chars ); CK_RV _pkcs11h_util_unescapeString ( IN OUT char * const target, IN const char * const source, IN size_t * const max ); #endif pkcs11-helper-pkcs11-helper-1.22/lib/certificate.exports000066400000000000000000000017031304770615400230600ustar00rootroot00000000000000pkcs11h_certificate_create pkcs11h_certificate_decrypt pkcs11h_certificate_deserializeCertificateId pkcs11h_certificate_duplicateCertificateId pkcs11h_certificate_ensureCertificateAccess pkcs11h_certificate_ensureKeyAccess pkcs11h_certificate_enumCertificateIds pkcs11h_certificate_enumTokenCertificateIds pkcs11h_certificate_freeCertificate pkcs11h_certificate_freeCertificateId pkcs11h_certificate_freeCertificateIdList pkcs11h_certificate_getCertificateBlob pkcs11h_certificate_getCertificateId pkcs11h_certificate_getPromptMask pkcs11h_certificate_getUserData pkcs11h_certificate_lockSession pkcs11h_certificate_releaseSession pkcs11h_certificate_serializeCertificateId pkcs11h_certificate_setCertificateIdCertificateBlob pkcs11h_certificate_setPromptMask pkcs11h_certificate_setUserData pkcs11h_certificate_sign pkcs11h_certificate_signAny pkcs11h_certificate_signRecover pkcs11h_certificate_decrypt pkcs11h_certificate_unwrap pkcs11h_certificate_decryptAny pkcs11-helper-pkcs11-helper-1.22/lib/common.h000066400000000000000000000057341304770615400206210ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #ifndef __COMMON_H #define __COMMON_H #if defined(_MSC_VER) #include "../config-w32-vc.h" #else #include "../config.h" #endif #include #include #include #include #include #include #if defined(_WIN32) #include #endif #define P_Z PRINTF_Z_FORMAT #define _PKCS11H_ASSERT assert #endif pkcs11-helper-pkcs11-helper-1.22/lib/core.exports000066400000000000000000000007141304770615400215270ustar00rootroot00000000000000pkcs11h_addProvider pkcs11h_engine_setCrypto pkcs11h_engine_setSystem pkcs11h_forkFixup pkcs11h_getFeatures pkcs11h_getLogLevel pkcs11h_getMessage pkcs11h_getVersion pkcs11h_initialize pkcs11h_terminate pkcs11h_plugAndPlay pkcs11h_removeProvider pkcs11h_logout pkcs11h_setLogHook pkcs11h_setLogLevel pkcs11h_setForkMode pkcs11h_setMaxLoginRetries pkcs11h_setPINCachePeriod pkcs11h_setPINPromptHook pkcs11h_setProtectedAuthentication pkcs11h_setTokenPromptHook pkcs11-helper-pkcs11-helper-1.22/lib/data.exports000066400000000000000000000001541304770615400215060ustar00rootroot00000000000000pkcs11h_data_del pkcs11h_data_enumDataObjects pkcs11h_data_freeDataIdList pkcs11h_data_get pkcs11h_data_put pkcs11-helper-pkcs11-helper-1.22/lib/libpkcs11-helper-1.pc.in000066400000000000000000000004031304770615400233010ustar00rootroot00000000000000prefix=@prefix@ exec_prefix=@exec_prefix@ libdir=@libdir@ includedir=@includedir@ features=@PKCS11H_FEATURES@ Name: pkcs11-helper Description: PKCS#11 helper library Version: @PACKAGE_VERSION@ Cflags: -I${includedir} Libs: @LIBS@ -L${libdir} -lpkcs11-helper pkcs11-helper-pkcs11-helper-1.22/lib/openssl.exports000066400000000000000000000003561304770615400222640ustar00rootroot00000000000000pkcs11h_openssl_createSession pkcs11h_openssl_freeSession pkcs11h_openssl_getCleanupHook pkcs11h_openssl_getX509 pkcs11h_openssl_session_getRSA pkcs11h_openssl_session_getEVP pkcs11h_openssl_session_getX509 pkcs11h_openssl_setCleanupHook pkcs11-helper-pkcs11-helper-1.22/lib/pkcs11h-certificate.c000066400000000000000000002064451304770615400230600ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #include "common.h" #if defined(ENABLE_PKCS11H_CERTIFICATE) #include #include #include "_pkcs11h-mem.h" #include "_pkcs11h-sys.h" #include "_pkcs11h-crypto.h" #include "_pkcs11h-session.h" #include "_pkcs11h-token.h" #include "_pkcs11h-certificate.h" enum __pkcs11h_private_op_e { __pkcs11h_private_op_sign=0, __pkcs11h_private_op_sign_recover, __pkcs11h_private_op_decrypt, __pkcs11h_private_op_unwrap }; static CK_RV __pkcs11h_certificate_doPrivateOperation ( IN const pkcs11h_certificate_t certificate, IN const enum __pkcs11h_private_op_e op, IN const CK_MECHANISM_TYPE mech_type, IN const unsigned char * const source, IN const size_t source_size, OUT unsigned char * const target, IN OUT size_t * const p_target_size ); static CK_RV __pkcs11h_certificate_loadCertificate ( IN const pkcs11h_certificate_t certificate ); static CK_RV __pkcs11h_certificate_updateCertificateIdDescription ( IN OUT pkcs11h_certificate_id_t certificate_id ); static CK_RV __pkcs11h_certificate_getKeyAttributes ( IN const pkcs11h_certificate_t certificate ); static CK_RV __pkcs11h_certificate_splitCertificateIdList ( IN const pkcs11h_certificate_id_list_t cert_id_all, OUT pkcs11h_certificate_id_list_t * const p_cert_id_issuers_list, OUT pkcs11h_certificate_id_list_t * const p_cert_id_end_list ); PKCS11H_BOOL _pkcs11h_certificate_isBetterCertificate ( IN const unsigned char * const current, IN const size_t current_size, IN const unsigned char * const newone, IN const size_t newone_size ) { PKCS11H_BOOL is_better = FALSE; /*_PKCS11H_ASSERT (current!=NULL); NOT NEEDED */ _PKCS11H_ASSERT (newone!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_certificate_isBetterCertificate entry current=%p, current_size="P_Z", newone=%p, newone_size="P_Z"", current, current_size, newone, newone_size ); /* * First certificae * always select */ if (current_size == 0 || current == NULL) { is_better = TRUE; } else { time_t notAfterCurrent, notAfterNew; if ( !_g_pkcs11h_crypto_engine.certificate_get_expiration ( _g_pkcs11h_crypto_engine.global_data, current, current_size, ¬AfterCurrent ) ) { notAfterCurrent = (time_t)0; } if ( !_g_pkcs11h_crypto_engine.certificate_get_expiration ( _g_pkcs11h_crypto_engine.global_data, newone, newone_size, ¬AfterNew ) ) { notAfterCurrent = (time_t)0; } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_certificate_isBetterCertificate notAfterCurrent='%s', notAfterNew='%s'", asctime (localtime (¬AfterCurrent)), asctime (localtime (¬AfterNew)) ); is_better = notAfterNew > notAfterCurrent; } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_certificate_isBetterCertificate return is_better=%d", is_better ? 1 : 0 ); return is_better; } CK_RV _pkcs11h_certificate_newCertificateId ( OUT pkcs11h_certificate_id_t * const p_certificate_id ) { CK_RV rv = CKR_FUNCTION_FAILED; _PKCS11H_ASSERT (p_certificate_id!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_certificate_newCertificateId entry p_certificate_id=%p", (void *)p_certificate_id ); *p_certificate_id = NULL; if ( (rv = _pkcs11h_mem_malloc ( (void *)p_certificate_id, sizeof (struct pkcs11h_certificate_id_s) )) != CKR_OK ) { goto cleanup; } rv = CKR_OK; cleanup: _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_certificate_newCertificateId return rv=%lu-'%s', *p_certificate_id=%p", rv, pkcs11h_getMessage (rv), (void *)*p_certificate_id ); return rv; } static CK_RV __pkcs11h_certificate_loadCertificate ( IN const pkcs11h_certificate_t certificate ) { /* * THREADING: * certificate->mutex must be locked */ #if defined(ENABLE_PKCS11H_THREADING) PKCS11H_BOOL mutex_locked = FALSE; #endif CK_OBJECT_CLASS cert_filter_class = CKO_CERTIFICATE; CK_ATTRIBUTE cert_filter[] = { {CKA_CLASS, &cert_filter_class, sizeof (cert_filter_class)}, {CKA_ID, NULL, 0} }; CK_OBJECT_HANDLE *objects = NULL; CK_ULONG objects_found = 0; CK_RV rv = CKR_FUNCTION_FAILED; CK_ULONG i; _PKCS11H_ASSERT (certificate!=NULL); _PKCS11H_ASSERT (certificate->id!=NULL); /* Must be after assert */ cert_filter[1].pValue = certificate->id->attrCKA_ID; cert_filter[1].ulValueLen = certificate->id->attrCKA_ID_size; _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_certificate_loadCertificate entry certificate=%p", (void *)certificate ); #if defined(ENABLE_PKCS11H_THREADING) if ((rv = _pkcs11h_threading_mutexLock (&certificate->session->mutex)) != CKR_OK) { goto cleanup; } mutex_locked = TRUE; #endif if ((rv = _pkcs11h_session_validate (certificate->session)) != CKR_OK) { goto cleanup; } if ( (rv = _pkcs11h_session_findObjects ( certificate->session, cert_filter, sizeof (cert_filter) / sizeof (CK_ATTRIBUTE), &objects, &objects_found )) != CKR_OK ) { goto cleanup; } for (i=0;i < objects_found;i++) { CK_ATTRIBUTE attrs[] = { {CKA_VALUE, NULL, 0} }; if ( (rv = _pkcs11h_session_getObjectAttributes ( certificate->session, objects[i], attrs, sizeof (attrs) / sizeof (CK_ATTRIBUTE) )) != CKR_OK ) { _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Cannot get object attribute for provider '%s' object %ld rv=%lu-'%s'", certificate->session->provider->manufacturerID, objects[i], rv, pkcs11h_getMessage (rv) ); } else { if ( _pkcs11h_certificate_isBetterCertificate ( certificate->id->certificate_blob, certificate->id->certificate_blob_size, attrs[0].pValue, attrs[0].ulValueLen ) ) { if (certificate->id->certificate_blob != NULL) { _pkcs11h_mem_free ((void *)&certificate->id->certificate_blob); } if ( (rv = _pkcs11h_mem_duplicate ( (void*)&certificate->id->certificate_blob, &certificate->id->certificate_blob_size, attrs[0].pValue, attrs[0].ulValueLen )) != CKR_OK ) { goto retry1; } } } rv = CKR_OK; retry1: _pkcs11h_session_freeObjectAttributes ( attrs, sizeof (attrs) / sizeof (CK_ATTRIBUTE) ); if (rv != CKR_OK) { goto cleanup; } } if (certificate->id->certificate_blob == NULL) { rv = CKR_ATTRIBUTE_VALUE_INVALID; goto cleanup; } if ((rv = __pkcs11h_certificate_updateCertificateIdDescription (certificate->id)) != CKR_OK) { goto cleanup; } rv = CKR_OK; cleanup: #if defined(ENABLE_PKCS11H_THREADING) if (mutex_locked) { _pkcs11h_threading_mutexRelease (&certificate->session->mutex); mutex_locked = FALSE; } #endif if (objects != NULL) { _pkcs11h_mem_free ((void *)&objects); } /* * No need to free allocated objects * on error, since the certificate_id * should be free by caller. */ _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_certificate_loadCertificate return rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); return rv; } static CK_RV __pkcs11h_certificate_updateCertificateIdDescription ( IN OUT pkcs11h_certificate_id_t certificate_id ) { static const char * separator = " on "; static const char * unknown = "UNKNOWN"; _PKCS11H_ASSERT (certificate_id!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_certificate_updateCertificateIdDescription entry certificate_id=%p", (void *)certificate_id ); if ( certificate_id->certificate_blob_size != 0 && !_g_pkcs11h_crypto_engine.certificate_get_dn ( _g_pkcs11h_crypto_engine.global_data, certificate_id->certificate_blob, certificate_id->certificate_blob_size, certificate_id->displayName, sizeof (certificate_id->displayName) ) ) { certificate_id->displayName[0] = '\x0'; } if (strlen (certificate_id->displayName) == 0) { strncpy ( certificate_id->displayName, unknown, sizeof (certificate_id->displayName)-1 ); } /* * Try to avoid using snprintf, * may be unavailable */ strncat ( certificate_id->displayName, separator, sizeof (certificate_id->displayName)-1-strlen (certificate_id->displayName) ); strncat ( certificate_id->displayName, certificate_id->token_id->display, sizeof (certificate_id->displayName)-1-strlen (certificate_id->displayName) ); certificate_id->displayName[sizeof (certificate_id->displayName) - 1] = '\0'; _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_certificate_updateCertificateIdDescription return displayName='%s'", certificate_id->displayName ); return CKR_OK; } static CK_RV __pkcs11h_certificate_getKeyAttributes ( IN const pkcs11h_certificate_t certificate ) { #if defined(ENABLE_PKCS11H_THREADING) PKCS11H_BOOL mutex_locked = FALSE; #endif CK_RV rv = CKR_FUNCTION_FAILED; PKCS11H_BOOL op_succeed = FALSE; PKCS11H_BOOL login_retry = FALSE; _PKCS11H_ASSERT (certificate!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_certificate_getKeyAttributes entry certificate=%p", (void *)certificate ); #if defined(ENABLE_PKCS11H_THREADING) if ((rv = _pkcs11h_threading_mutexLock (&certificate->mutex)) != CKR_OK) { goto cleanup; } mutex_locked = TRUE; #endif certificate->mask_private_mode = 0; while (!op_succeed) { CK_ATTRIBUTE key_attrs[] = { {CKA_SIGN, NULL, 0}, {CKA_SIGN_RECOVER, NULL, 0}, {CKA_DECRYPT, NULL, 0}, {CKA_UNWRAP, NULL, 0} }; /* * Don't try invalid object */ if (certificate->key_handle == _PKCS11H_INVALID_OBJECT_HANDLE) { rv = CKR_OBJECT_HANDLE_INVALID; goto retry; } if (certificate->session->provider->mask_private_mode != 0) { certificate->mask_private_mode = certificate->session->provider->mask_private_mode; _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Key attributes enforced by provider (%08x)", certificate->mask_private_mode ); op_succeed = TRUE; } else { CK_BBOOL *key_attrs_sign; CK_BBOOL *key_attrs_sign_recover; CK_BBOOL *key_attrs_decrypt; CK_BBOOL *key_attrs_unwrap; if ( (rv = _pkcs11h_session_getObjectAttributes ( certificate->session, certificate->key_handle, key_attrs, sizeof (key_attrs) / sizeof (CK_ATTRIBUTE) )) != CKR_OK ) { goto retry; } key_attrs_sign = (CK_BBOOL *)key_attrs[0].pValue; key_attrs_sign_recover = (CK_BBOOL *)key_attrs[1].pValue; key_attrs_decrypt = (CK_BBOOL *)key_attrs[2].pValue; key_attrs_unwrap = (CK_BBOOL *)key_attrs[3].pValue; if (key_attrs_sign != NULL && *key_attrs_sign != CK_FALSE) { certificate->mask_private_mode |= PKCS11H_PRIVATEMODE_MASK_SIGN; } if (key_attrs_sign_recover != NULL && *key_attrs_sign_recover != CK_FALSE) { certificate->mask_private_mode |= PKCS11H_PRIVATEMODE_MASK_RECOVER; } if (key_attrs_decrypt != NULL && *key_attrs_decrypt != CK_FALSE) { certificate->mask_private_mode |= PKCS11H_PRIVATEMODE_MASK_DECRYPT; } if (key_attrs_unwrap != NULL && *key_attrs_unwrap != CK_FALSE) { certificate->mask_private_mode |= PKCS11H_PRIVATEMODE_MASK_UNWRAP; } if (certificate->mask_private_mode == 0) { rv = CKR_KEY_TYPE_INCONSISTENT; goto retry; } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Key attributes loaded (%08x)", certificate->mask_private_mode ); op_succeed = TRUE; } rv = CKR_OK; retry: _pkcs11h_session_freeObjectAttributes ( key_attrs, sizeof (key_attrs) / sizeof (CK_ATTRIBUTE) ); if (!op_succeed) { if (!login_retry) { _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Get private key attributes failed: %ld:'%s'", rv, pkcs11h_getMessage (rv) ); rv = _pkcs11h_certificate_resetSession ( certificate, FALSE, TRUE ); login_retry = TRUE; } if (rv != CKR_OK) { goto cleanup; } } } rv = CKR_OK; cleanup: #if defined(ENABLE_PKCS11H_THREADING) if (mutex_locked) { _pkcs11h_threading_mutexRelease (&certificate->mutex); mutex_locked = FALSE; } #endif _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_certificate_getKeyAttributes return rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); return rv; } CK_RV _pkcs11h_certificate_validateSession ( IN const pkcs11h_certificate_t certificate ) { /* * THREADING: * certificate->mutex must be locked * certificate->session->mutex must be locked */ CK_RV rv = CKR_FUNCTION_FAILED; _PKCS11H_ASSERT (certificate!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_certificate_validateSession entry certificate=%p", (void *)certificate ); if ((rv = _pkcs11h_session_validate (certificate->session)) != CKR_OK) { goto cleanup; } if (certificate->key_handle == _PKCS11H_INVALID_OBJECT_HANDLE) { rv = CKR_OBJECT_HANDLE_INVALID; goto cleanup; } rv = CKR_OK; cleanup: _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_certificate_validateSession return rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); return rv; } CK_RV _pkcs11h_certificate_resetSession ( IN const pkcs11h_certificate_t certificate, IN const PKCS11H_BOOL public_only, IN const PKCS11H_BOOL session_mutex_locked ) { /* * THREADING: * certificate->mutex must be locked */ #if defined(ENABLE_PKCS11H_THREADING) PKCS11H_BOOL mutex_locked = FALSE; #endif PKCS11H_BOOL session_valid = FALSE; CK_OBJECT_HANDLE cert_handle; CK_RV rv = CKR_FUNCTION_FAILED; _PKCS11H_ASSERT (certificate!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_certificate_resetSession entry certificate=%p, public_only=%d, session_mutex_locked=%d", (void *)certificate, public_only ? 1 : 0, session_mutex_locked ? 1 : 0 ); #if defined(ENABLE_PKCS11H_THREADING) if (!session_mutex_locked) { if ((rv = _pkcs11h_threading_mutexLock (&certificate->session->mutex)) != CKR_OK) { goto cleanup; } mutex_locked = TRUE; } #endif /* * First, if session seems to be valid * and key handle is invalid (hard-set), * try to fetch key handle, * maybe the token is already logged in */ if ( certificate->session->session_handle != _PKCS11H_INVALID_SESSION_HANDLE && certificate->key_handle == _PKCS11H_INVALID_OBJECT_HANDLE ) { if (!public_only || certificate->session->provider->cert_is_private) { if ( (rv = _pkcs11h_session_getObjectById ( certificate->session, CKO_PRIVATE_KEY, certificate->id->attrCKA_ID, certificate->id->attrCKA_ID_size, &certificate->key_handle )) == CKR_OK ) { session_valid = TRUE; } else { certificate->key_handle = _PKCS11H_INVALID_OBJECT_HANDLE; } } else { if ( (rv = _pkcs11h_session_getObjectById ( certificate->session, CKO_CERTIFICATE, certificate->id->attrCKA_ID, certificate->id->attrCKA_ID_size, &cert_handle )) == CKR_OK ) { session_valid = TRUE; } else { certificate->key_handle = _PKCS11H_INVALID_OBJECT_HANDLE; } } } if (!session_valid) { certificate->key_handle = _PKCS11H_INVALID_OBJECT_HANDLE; if ( (rv = _pkcs11h_session_login ( certificate->session, public_only, TRUE, certificate->user_data, certificate->mask_prompt )) != CKR_OK ) { goto cleanup; } } if (!public_only && certificate->key_handle == _PKCS11H_INVALID_OBJECT_HANDLE) { if ( (rv = _pkcs11h_session_getObjectById ( certificate->session, CKO_PRIVATE_KEY, certificate->id->attrCKA_ID, certificate->id->attrCKA_ID_size, &certificate->key_handle )) != CKR_OK ) { goto cleanup; } } rv = CKR_OK; cleanup: #if defined(ENABLE_PKCS11H_THREADING) if (mutex_locked) { _pkcs11h_threading_mutexRelease (&certificate->session->mutex); mutex_locked = FALSE; } #endif _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_certificate_resetSession return rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); return rv; } static CK_RV __pkcs11h_certificate_doPrivateOperation ( IN const pkcs11h_certificate_t certificate, IN const enum __pkcs11h_private_op_e op, IN const CK_MECHANISM_TYPE mech_type, IN const unsigned char * const source, IN const size_t source_size, OUT unsigned char * const target, IN OUT size_t * const p_target_size ) { #if defined(ENABLE_PKCS11H_THREADING) PKCS11H_BOOL mutex_locked = FALSE; #endif CK_MECHANISM mech = { mech_type, NULL, 0 }; /* CK_BBOOL wrap_attrs_false = CK_FALSE; */ CK_BBOOL wrap_attrs_true = CK_TRUE; CK_OBJECT_CLASS class = CKO_SECRET_KEY; CK_KEY_TYPE keytype = CKK_GENERIC_SECRET; CK_ATTRIBUTE wrap_attrs[] = { {CKA_CLASS, &class, sizeof (class)}, {CKA_KEY_TYPE, &keytype, sizeof (keytype)}, {CKA_EXTRACTABLE, &wrap_attrs_true, sizeof (wrap_attrs_true)} /* OpenSC fail! {CKA_TOKEN, &wrap_attrs_false, sizeof (wrap_attrs_false)} */ }; CK_ATTRIBUTE wrap_value[] = { {CKA_VALUE, target, 0} }; CK_OBJECT_HANDLE wrap_key = _PKCS11H_INVALID_OBJECT_HANDLE; CK_RV rv = CKR_FUNCTION_FAILED; PKCS11H_BOOL login_retry = FALSE; PKCS11H_BOOL op_succeed = FALSE; _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); _PKCS11H_ASSERT (certificate!=NULL); _PKCS11H_ASSERT (source!=NULL); /*_PKCS11H_ASSERT (target); NOT NEEDED*/ _PKCS11H_ASSERT (p_target_size!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_certificate_doPrivateOperation entry certificate=%p, op=%d, mech_type=%ld, source=%p, source_size="P_Z", target=%p, *p_target_size="P_Z"", (void *)certificate, op, mech_type, source, source_size, target, target != NULL ? *p_target_size : 0 ); if (target == NULL) { *p_target_size = 0; } #if defined(ENABLE_PKCS11H_THREADING) if ((rv = _pkcs11h_threading_mutexLock (&certificate->mutex)) != CKR_OK) { goto cleanup; } mutex_locked = TRUE; #endif while (!op_succeed) { CK_ULONG size; if (!certificate->operation_active) { if ((rv = _pkcs11h_certificate_validateSession (certificate)) != CKR_OK) { goto retry; } switch (op) { case __pkcs11h_private_op_sign: rv = certificate->session->provider->f->C_SignInit ( certificate->session->session_handle, &mech, certificate->key_handle ); break; case __pkcs11h_private_op_sign_recover: rv = certificate->session->provider->f->C_SignRecoverInit ( certificate->session->session_handle, &mech, certificate->key_handle ); break; case __pkcs11h_private_op_decrypt: rv = certificate->session->provider->f->C_DecryptInit ( certificate->session->session_handle, &mech, certificate->key_handle ); break; case __pkcs11h_private_op_unwrap: rv = certificate->session->provider->f->C_UnwrapKey ( certificate->session->session_handle, &mech, certificate->key_handle, (CK_BYTE_PTR)source, source_size, wrap_attrs, sizeof (wrap_attrs) / sizeof (CK_ATTRIBUTE), &wrap_key ); break; default: rv = CKR_ARGUMENTS_BAD; break; } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_certificate_doPrivateOperation init rv=%ld", rv ); if (rv != CKR_OK) { goto retry; } } /* * Assume one call operation */ certificate->operation_active = FALSE; size = *p_target_size; switch (op) { case __pkcs11h_private_op_sign: rv = certificate->session->provider->f->C_Sign ( certificate->session->session_handle, (CK_BYTE_PTR)source, source_size, (CK_BYTE_PTR)target, &size ); break; case __pkcs11h_private_op_sign_recover: rv = certificate->session->provider->f->C_SignRecover ( certificate->session->session_handle, (CK_BYTE_PTR)source, source_size, (CK_BYTE_PTR)target, &size ); break; case __pkcs11h_private_op_decrypt: rv = certificate->session->provider->f->C_Decrypt ( certificate->session->session_handle, (CK_BYTE_PTR)source, source_size, (CK_BYTE_PTR)target, &size ); break; case __pkcs11h_private_op_unwrap: wrap_value[0].ulValueLen = size; rv = certificate->session->provider->f->C_GetAttributeValue ( certificate->session->session_handle, wrap_key, wrap_value, sizeof (wrap_value) / sizeof (CK_ATTRIBUTE) ); size = wrap_value[0].ulValueLen; break; default: rv = CKR_ARGUMENTS_BAD; break; } /* * Must be before checking for rv. */ *p_target_size = size; _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_certificate_doPrivateOperation op rv=%ld", rv ); if (rv == CKR_BUFFER_TOO_SMALL && op != __pkcs11h_private_op_unwrap) { certificate->operation_active = TRUE; } if (target != NULL) { if (rv != CKR_OK) { goto retry; } } else { if (rv == CKR_OK) { if (op != __pkcs11h_private_op_unwrap) { certificate->operation_active = TRUE; } } else { goto retry; } } op_succeed = TRUE; rv = CKR_OK; retry: if (wrap_key != _PKCS11H_INVALID_OBJECT_HANDLE) { certificate->session->provider->f->C_DestroyObject ( certificate->session->session_handle, wrap_key ); wrap_key = _PKCS11H_INVALID_OBJECT_HANDLE; } if (!op_succeed) { if (rv == CKR_BUFFER_TOO_SMALL) { goto cleanup; } /* * OpenSC workaround * It still allows C_FindObjectsInit when * token is removed/inserted but fails * private key operation. * So we force logout. * bug#108 at OpenSC trac */ if (login_retry && rv == CKR_DEVICE_REMOVED) { login_retry = FALSE; _pkcs11h_session_logout (certificate->session); } /* End OpenSC workaround */ if (!login_retry) { _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Private key operation failed rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); login_retry = TRUE; rv = _pkcs11h_certificate_resetSession ( certificate, FALSE, TRUE ); } if (rv != CKR_OK) { goto cleanup; } } } cleanup: #if defined(ENABLE_PKCS11H_THREADING) if (mutex_locked) { _pkcs11h_threading_mutexRelease (&certificate->mutex); mutex_locked = FALSE; } #endif _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_certificate_doPrivateOperation return rv=%lu-'%s', *p_target_size="P_Z"", rv, pkcs11h_getMessage (rv), *p_target_size ); return rv; } CK_RV pkcs11h_certificate_freeCertificateId ( IN pkcs11h_certificate_id_t certificate_id ) { _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); _PKCS11H_ASSERT (certificate_id!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_freeCertificateId entry certificate_id=%p", (void *)certificate_id ); if (certificate_id->attrCKA_ID != NULL) { _pkcs11h_mem_free ((void *)&certificate_id->attrCKA_ID); } if (certificate_id->certificate_blob != NULL) { _pkcs11h_mem_free ((void *)&certificate_id->certificate_blob); } if (certificate_id->token_id != NULL) { pkcs11h_token_freeTokenId (certificate_id->token_id); certificate_id->token_id = NULL; } _pkcs11h_mem_free ((void *)&certificate_id); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_freeCertificateId return" ); return CKR_OK; } CK_RV pkcs11h_certificate_duplicateCertificateId ( OUT pkcs11h_certificate_id_t * const to, IN const pkcs11h_certificate_id_t from ) { CK_RV rv = CKR_FUNCTION_FAILED; _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); _PKCS11H_ASSERT (to!=NULL); _PKCS11H_ASSERT (from!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_duplicateCertificateId entry to=%p form=%p", (void *)to, (void *)from ); *to = NULL; if ( (rv = _pkcs11h_mem_duplicate ( (void*)to, NULL, from, sizeof (struct pkcs11h_certificate_id_s) )) != CKR_OK || (rv = _pkcs11h_mem_duplicate ( (void*)&(*to)->token_id, NULL, from->token_id, sizeof (struct pkcs11h_token_id_s) )) != CKR_OK || (rv = _pkcs11h_mem_duplicate ( (void*)&(*to)->attrCKA_ID, &(*to)->attrCKA_ID_size, from->attrCKA_ID, from->attrCKA_ID_size )) || (rv = _pkcs11h_mem_duplicate ( (void*)&(*to)->certificate_blob, &(*to)->certificate_blob_size, from->certificate_blob, from->certificate_blob_size )) ) { goto cleanup; } rv = CKR_OK; cleanup: _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_duplicateCertificateId return rv=%lu-'%s', *to=%p", rv, pkcs11h_getMessage (rv), (void *)*to ); return rv; } CK_RV pkcs11h_certificate_setCertificateIdCertificateBlob ( IN const pkcs11h_certificate_id_t certificate_id, IN const unsigned char * const blob, IN const size_t blob_size ) { CK_RV rv = CKR_FUNCTION_FAILED; _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); _PKCS11H_ASSERT (certificate_id!=NULL); _PKCS11H_ASSERT (blob!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_setCertificateIdCertificateBlob entry certificate_id=%p", (void *)certificate_id ); if (certificate_id->certificate_blob != NULL) { if ((rv = _pkcs11h_mem_free ((void *)&certificate_id->certificate_blob)) != CKR_OK) { goto cleanup; } } if ( (rv = _pkcs11h_mem_duplicate ( (void *)&certificate_id->certificate_blob, &certificate_id->certificate_blob_size, blob, blob_size )) != CKR_OK ) { goto cleanup; } if ((rv = __pkcs11h_certificate_updateCertificateIdDescription (certificate_id)) != CKR_OK) { goto cleanup; } rv = CKR_OK; cleanup: _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_setCertificateIdCertificateBlob return rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); return rv; } CK_RV pkcs11h_certificate_freeCertificate ( IN pkcs11h_certificate_t certificate ) { _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_freeCertificate entry certificate=%p", (void *)certificate ); if (certificate != NULL) { if (certificate->session != NULL) { _pkcs11h_session_release (certificate->session); certificate->session = NULL; } if (certificate->id != NULL) { pkcs11h_certificate_freeCertificateId (certificate->id); certificate->id = NULL; } #if defined(ENABLE_PKCS11H_THREADING) _pkcs11h_threading_mutexFree (&certificate->mutex); #endif _pkcs11h_mem_free ((void *)&certificate); } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_freeCertificate return" ); return CKR_OK; } CK_RV pkcs11h_certificate_lockSession ( IN const pkcs11h_certificate_t certificate ) { #if defined(ENABLE_PKCS11H_THREADING) CK_RV rv = CKR_FUNCTION_FAILED; _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); _PKCS11H_ASSERT (certificate!=NULL); if ((rv = _pkcs11h_threading_mutexLock (&certificate->session->mutex)) != CKR_OK) { goto cleanup; } rv = CKR_OK; cleanup: return rv; #else return CKR_OK; #endif } CK_RV pkcs11h_certificate_releaseSession ( IN const pkcs11h_certificate_t certificate ) { #if defined(ENABLE_PKCS11H_THREADING) CK_RV rv = CKR_FUNCTION_FAILED; _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); _PKCS11H_ASSERT (certificate!=NULL); if (certificate->session != NULL) { if ((rv = _pkcs11h_threading_mutexRelease (&certificate->session->mutex)) != CKR_OK) { goto cleanup; } } rv = CKR_OK; cleanup: return rv; #else return CKR_OK; #endif } CK_RV pkcs11h_certificate_sign ( IN const pkcs11h_certificate_t certificate, IN const CK_MECHANISM_TYPE mech_type, IN const unsigned char * const source, IN const size_t source_size, OUT unsigned char * const target, IN OUT size_t * const p_target_size ) { CK_RV rv = CKR_FUNCTION_FAILED; _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); _PKCS11H_ASSERT (certificate!=NULL); _PKCS11H_ASSERT (source!=NULL); /*_PKCS11H_ASSERT (target); NOT NEEDED*/ _PKCS11H_ASSERT (p_target_size!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_sign entry certificate=%p, mech_type=%ld, source=%p, source_size="P_Z", target=%p, *p_target_size="P_Z"", (void *)certificate, mech_type, source, source_size, target, target != NULL ? *p_target_size : 0 ); if (target == NULL) { *p_target_size = 0; } if ( (rv = __pkcs11h_certificate_doPrivateOperation ( certificate, __pkcs11h_private_op_sign, mech_type, source, source_size, target, p_target_size )) != CKR_OK ) { goto cleanup; } rv = CKR_OK; cleanup: _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_sign return rv=%lu-'%s', *p_target_size="P_Z"", rv, pkcs11h_getMessage (rv), *p_target_size ); return rv; } CK_RV pkcs11h_certificate_signRecover ( IN const pkcs11h_certificate_t certificate, IN const CK_MECHANISM_TYPE mech_type, IN const unsigned char * const source, IN const size_t source_size, OUT unsigned char * const target, IN OUT size_t * const p_target_size ) { CK_RV rv = CKR_FUNCTION_FAILED; _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); _PKCS11H_ASSERT (certificate!=NULL); _PKCS11H_ASSERT (source!=NULL); /*_PKCS11H_ASSERT (target); NOT NEEDED*/ _PKCS11H_ASSERT (p_target_size!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_signRecover entry certificate=%p, mech_type=%ld, source=%p, source_size="P_Z", target=%p, *p_target_size="P_Z"", (void *)certificate, mech_type, source, source_size, target, target != NULL ? *p_target_size : 0 ); if (target == NULL) { *p_target_size = 0; } if ( (rv = __pkcs11h_certificate_doPrivateOperation ( certificate, __pkcs11h_private_op_sign_recover, mech_type, source, source_size, target, p_target_size )) != CKR_OK ) { goto cleanup; } rv = CKR_OK; cleanup: _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_signRecover return rv=%lu-'%s', *p_target_size="P_Z"", rv, pkcs11h_getMessage (rv), *p_target_size ); return rv; } CK_RV pkcs11h_certificate_decrypt ( IN const pkcs11h_certificate_t certificate, IN const CK_MECHANISM_TYPE mech_type, IN const unsigned char * const source, IN const size_t source_size, OUT unsigned char * const target, IN OUT size_t * const p_target_size ) { CK_RV rv = CKR_FUNCTION_FAILED; _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); _PKCS11H_ASSERT (certificate!=NULL); _PKCS11H_ASSERT (source!=NULL); /*_PKCS11H_ASSERT (target); NOT NEEDED*/ _PKCS11H_ASSERT (p_target_size!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_decrypt entry certificate=%p, mech_type=%ld, source=%p, source_size="P_Z", target=%p, *p_target_size="P_Z"", (void *)certificate, mech_type, source, source_size, target, target != NULL ? *p_target_size : 0 ); if (target == NULL) { *p_target_size = 0; } if ( (rv = __pkcs11h_certificate_doPrivateOperation ( certificate, __pkcs11h_private_op_decrypt, mech_type, source, source_size, target, p_target_size )) != CKR_OK ) { goto cleanup; } rv = CKR_OK; cleanup: _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_decrypt return rv=%lu-'%s', *p_target_size="P_Z"", rv, pkcs11h_getMessage (rv), *p_target_size ); return rv; } CK_RV pkcs11h_certificate_unwrap ( IN const pkcs11h_certificate_t certificate, IN const CK_MECHANISM_TYPE mech_type, IN const unsigned char * const source, IN const size_t source_size, OUT unsigned char * const target, IN OUT size_t * const p_target_size ) { CK_RV rv = CKR_FUNCTION_FAILED; _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); _PKCS11H_ASSERT (certificate!=NULL); _PKCS11H_ASSERT (source!=NULL); /*_PKCS11H_ASSERT (target); NOT NEEDED*/ _PKCS11H_ASSERT (p_target_size!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_unwrap entry certificate=%p, mech_type=%ld, source=%p, source_size="P_Z", target=%p, *p_target_size="P_Z"", (void *)certificate, mech_type, source, source_size, target, target != NULL ? *p_target_size : 0 ); if (target == NULL) { *p_target_size = 0; } if ( (rv = __pkcs11h_certificate_doPrivateOperation ( certificate, __pkcs11h_private_op_unwrap, mech_type, source, source_size, target, p_target_size )) != CKR_OK ) { goto cleanup; } rv = CKR_OK; cleanup: _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_unwrap return rv=%lu-'%s', *p_target_size="P_Z"", rv, pkcs11h_getMessage (rv), *p_target_size ); return rv; } CK_RV pkcs11h_certificate_signAny ( IN const pkcs11h_certificate_t certificate, IN const CK_MECHANISM_TYPE mech_type, IN const unsigned char * const source, IN const size_t source_size, OUT unsigned char * const target, IN OUT size_t * const p_target_size ) { CK_RV rv = CKR_FUNCTION_FAILED; PKCS11H_BOOL acked = FALSE; _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); _PKCS11H_ASSERT (certificate!=NULL); _PKCS11H_ASSERT (source!=NULL); /*_PKCS11H_ASSERT (target); NOT NEEDED*/ _PKCS11H_ASSERT (p_target_size!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_signAny entry certificate=%p, mech_type=%ld, source=%p, source_size="P_Z", target=%p, *p_target_size="P_Z"", (void *)certificate, mech_type, source, source_size, target, target != NULL ? *p_target_size : 0 ); if (certificate->mask_private_mode == 0) { _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Getting key attributes" ); if ((rv = __pkcs11h_certificate_getKeyAttributes (certificate)) != CKR_OK) { goto cleanup; } } if ( !acked && (certificate->mask_private_mode & PKCS11H_PRIVATEMODE_MASK_SIGN) != 0 ) { switch ( (rv = pkcs11h_certificate_sign ( certificate, mech_type, source, source_size, target, p_target_size )) ) { case CKR_OK: acked = TRUE; break; case CKR_FUNCTION_NOT_SUPPORTED: case CKR_KEY_FUNCTION_NOT_PERMITTED: case CKR_KEY_TYPE_INCONSISTENT: certificate->mask_private_mode &= ~PKCS11H_PRIVATEMODE_MASK_SIGN; break; default: goto cleanup; } } if ( !acked && (certificate->mask_private_mode & PKCS11H_PRIVATEMODE_MASK_RECOVER) != 0 ) { switch ( (rv = pkcs11h_certificate_signRecover ( certificate, mech_type, source, source_size, target, p_target_size )) ) { case CKR_OK: acked = TRUE; break; case CKR_FUNCTION_NOT_SUPPORTED: case CKR_KEY_FUNCTION_NOT_PERMITTED: case CKR_KEY_TYPE_INCONSISTENT: certificate->mask_private_mode &= ~PKCS11H_PRIVATEMODE_MASK_RECOVER; break; default: goto cleanup; } } if (!acked) { rv = CKR_FUNCTION_FAILED; goto cleanup; } rv = CKR_OK; cleanup: _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_signAny return rv=%lu-'%s', *p_target_size="P_Z"", rv, pkcs11h_getMessage (rv), *p_target_size ); return rv; } CK_RV pkcs11h_certificate_decryptAny ( IN const pkcs11h_certificate_t certificate, IN const CK_MECHANISM_TYPE mech_type, IN const unsigned char * const source, IN const size_t source_size, OUT unsigned char * const target, IN OUT size_t * const p_target_size ) { CK_RV rv = CKR_FUNCTION_FAILED; PKCS11H_BOOL acked = FALSE; _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); _PKCS11H_ASSERT (certificate!=NULL); _PKCS11H_ASSERT (source!=NULL); /*_PKCS11H_ASSERT (target); NOT NEEDED*/ _PKCS11H_ASSERT (p_target_size!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_decryptAny entry certificate=%p, mech_type=%ld, source=%p, source_size="P_Z", target=%p, *p_target_size="P_Z"", (void *)certificate, mech_type, source, source_size, target, target != NULL ? *p_target_size : 0 ); if (certificate->mask_private_mode == 0) { _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Getting key attributes" ); if ((rv = __pkcs11h_certificate_getKeyAttributes (certificate)) != CKR_OK) { goto cleanup; } } if ( !acked && (certificate->mask_private_mode & PKCS11H_PRIVATEMODE_MASK_DECRYPT) != 0 ) { switch ( pkcs11h_certificate_decrypt ( certificate, mech_type, source, source_size, target, p_target_size ) ) { case CKR_OK: acked = TRUE; break; case CKR_FUNCTION_NOT_SUPPORTED: case CKR_KEY_FUNCTION_NOT_PERMITTED: case CKR_KEY_TYPE_INCONSISTENT: certificate->mask_private_mode &= ~PKCS11H_PRIVATEMODE_MASK_DECRYPT; break; default: goto cleanup; } } if ( !acked && (certificate->mask_private_mode & PKCS11H_PRIVATEMODE_MASK_UNWRAP) != 0 ) { switch ( pkcs11h_certificate_unwrap ( certificate, mech_type, source, source_size, target, p_target_size ) ) { case CKR_OK: acked = TRUE; break; case CKR_FUNCTION_NOT_SUPPORTED: case CKR_KEY_FUNCTION_NOT_PERMITTED: case CKR_KEY_TYPE_INCONSISTENT: certificate->mask_private_mode &= ~PKCS11H_PRIVATEMODE_MASK_UNWRAP; break; default: goto cleanup; } } if (!acked) { rv = CKR_FUNCTION_FAILED; goto cleanup; } rv = CKR_OK; cleanup: _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_decryptAny return rv=%lu-'%s', *p_target_size="P_Z"", rv, pkcs11h_getMessage (rv), *p_target_size ); return rv; } CK_RV pkcs11h_certificate_create ( IN const pkcs11h_certificate_id_t certificate_id, IN void * const user_data, IN const unsigned mask_prompt, IN const int pin_cache_period, OUT pkcs11h_certificate_t * const p_certificate ) { #if defined(ENABLE_PKCS11H_THREADING) PKCS11H_BOOL have_mutex = FALSE; PKCS11H_BOOL mutex_locked = FALSE; #endif pkcs11h_certificate_t certificate = NULL; CK_RV rv = CKR_FUNCTION_FAILED; _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); /*_PKCS11H_ASSERT (user_data!=NULL); NOT NEEDED */ _PKCS11H_ASSERT (p_certificate!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_create entry certificate_id=%p, user_data=%p, mask_prompt=%08x, pin_cache_period=%d, p_certificate=%p", (void *)certificate_id, user_data, mask_prompt, pin_cache_period, (void *)p_certificate ); *p_certificate = NULL; if ((rv = _pkcs11h_mem_malloc ((void*)&certificate, sizeof (struct pkcs11h_certificate_s))) != CKR_OK) { goto cleanup; } certificate->user_data = user_data; certificate->mask_prompt = mask_prompt; certificate->key_handle = _PKCS11H_INVALID_OBJECT_HANDLE; certificate->pin_cache_period = pin_cache_period; #if defined(ENABLE_PKCS11H_THREADING) if ((rv = _pkcs11h_threading_mutexInit (&certificate->mutex)) != CKR_OK) { goto cleanup; } have_mutex = TRUE; #endif if ((rv = pkcs11h_certificate_duplicateCertificateId (&certificate->id, certificate_id)) != CKR_OK) { goto cleanup; } if ( (rv = _pkcs11h_session_getSessionByTokenId ( certificate->id->token_id, &certificate->session )) != CKR_OK ) { goto cleanup; } #if defined(ENABLE_PKCS11H_THREADING) if ((rv = _pkcs11h_threading_mutexLock (&certificate->session->mutex)) != CKR_OK) { goto cleanup; } mutex_locked = TRUE; #endif if (certificate->pin_cache_period != PKCS11H_PIN_CACHE_INFINITE) { if (certificate->session->pin_cache_period == PKCS11H_PIN_CACHE_INFINITE) { certificate->session->pin_cache_period = certificate->pin_cache_period; } else { if (certificate->session->pin_cache_period > certificate->pin_cache_period) { certificate->session->pin_expire_time = ( certificate->session->pin_expire_time - (time_t)certificate->session->pin_cache_period + (time_t)certificate->pin_cache_period ); certificate->session->pin_cache_period = certificate->pin_cache_period; } } } *p_certificate = certificate; certificate = NULL; rv = CKR_OK; cleanup: #if defined(ENABLE_PKCS11H_THREADING) if (mutex_locked) { if (certificate != NULL) { _pkcs11h_threading_mutexRelease (&certificate->session->mutex); } else { _pkcs11h_threading_mutexRelease (&(*p_certificate)->session->mutex); } mutex_locked = FALSE; } #endif if (certificate != NULL) { if (certificate->session != NULL) { _pkcs11h_session_release (certificate->session); certificate->session = NULL; } if (certificate->id != NULL) { pkcs11h_certificate_freeCertificateId (certificate->id); certificate->id = NULL; } #if defined(ENABLE_PKCS11H_THREADING) if (have_mutex) { _pkcs11h_threading_mutexFree (&certificate->mutex); } #endif _pkcs11h_mem_free ((void *)&certificate); } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_create return rv=%lu-'%s' *p_certificate=%p", rv, pkcs11h_getMessage (rv), (void *)*p_certificate ); return rv; } unsigned pkcs11h_certificate_getPromptMask ( IN const pkcs11h_certificate_t certificate ) { _PKCS11H_ASSERT (certificate!=NULL); return certificate->mask_prompt; } void pkcs11h_certificate_setPromptMask ( IN const pkcs11h_certificate_t certificate, IN const unsigned mask_prompt ) { _PKCS11H_ASSERT (certificate!=NULL); certificate->mask_prompt = mask_prompt; } void * pkcs11h_certificate_getUserData ( IN const pkcs11h_certificate_t certificate ) { _PKCS11H_ASSERT (certificate!=NULL); return certificate->user_data; } void pkcs11h_certificate_setUserData ( IN const pkcs11h_certificate_t certificate, IN void * const user_data ) { _PKCS11H_ASSERT (certificate!=NULL); certificate->user_data = user_data; } CK_RV pkcs11h_certificate_getCertificateId ( IN const pkcs11h_certificate_t certificate, OUT pkcs11h_certificate_id_t * const p_certificate_id ) { CK_RV rv = CKR_FUNCTION_FAILED; _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); _PKCS11H_ASSERT (certificate!=NULL); _PKCS11H_ASSERT (p_certificate_id!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_getCertificateId entry certificate=%p, certificate_id=%p", (void *)certificate, (void *)p_certificate_id ); if ( (rv = pkcs11h_certificate_duplicateCertificateId ( p_certificate_id, certificate->id )) != CKR_OK ) { goto cleanup; } rv = CKR_OK; cleanup: _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_getCertificateId return rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); return rv; } CK_RV pkcs11h_certificate_getCertificateBlob ( IN const pkcs11h_certificate_t certificate, OUT unsigned char * const certificate_blob, IN OUT size_t * const p_certificate_blob_size ) { #if defined(ENABLE_PKCS11H_THREADING) PKCS11H_BOOL mutex_locked = FALSE; #endif CK_RV rv = CKR_FUNCTION_FAILED; size_t certifiate_blob_size_max = 0; _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); _PKCS11H_ASSERT (certificate!=NULL); /*_PKCS11H_ASSERT (certificate_blob!=NULL); NOT NEEDED */ _PKCS11H_ASSERT (p_certificate_blob_size!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_getCertificateBlob entry certificate=%p, certificate_blob=%p, *p_certificate_blob_size="P_Z"", (void *)certificate, certificate_blob, certificate_blob != NULL ? *p_certificate_blob_size : 0 ); if (certificate_blob != NULL) { certifiate_blob_size_max = *p_certificate_blob_size; } *p_certificate_blob_size = 0; #if defined(ENABLE_PKCS11H_THREADING) if ((rv = _pkcs11h_threading_mutexLock (&certificate->mutex)) != CKR_OK) { goto cleanup; } mutex_locked = TRUE; #endif if (certificate->id->certificate_blob == NULL) { PKCS11H_BOOL op_succeed = FALSE; PKCS11H_BOOL login_retry = FALSE; while (!op_succeed) { if ((rv = __pkcs11h_certificate_loadCertificate (certificate)) != CKR_OK) { goto retry; } op_succeed = TRUE; rv = CKR_OK; retry: if (!op_succeed) { if (!login_retry) { login_retry = TRUE; rv = _pkcs11h_certificate_resetSession ( certificate, TRUE, FALSE ); } if (rv != CKR_OK) { goto cleanup; } } } } if (certificate->id->certificate_blob == NULL) { rv = CKR_FUNCTION_REJECTED; goto cleanup; } *p_certificate_blob_size = certificate->id->certificate_blob_size; if (certificate_blob != NULL) { if (certificate->id->certificate_blob_size > certifiate_blob_size_max) { rv = CKR_BUFFER_TOO_SMALL; goto cleanup; } memmove ( certificate_blob, certificate->id->certificate_blob, *p_certificate_blob_size ); } rv = CKR_OK; cleanup: #if defined(ENABLE_PKCS11H_THREADING) if (mutex_locked) { _pkcs11h_threading_mutexRelease (&certificate->mutex); mutex_locked = FALSE; } #endif _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_getCertificateBlob return rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); return rv; } CK_RV pkcs11h_certificate_ensureCertificateAccess ( IN const pkcs11h_certificate_t certificate ) { #if defined(ENABLE_PKCS11H_THREADING) PKCS11H_BOOL mutex_locked_cert = FALSE; PKCS11H_BOOL mutex_locked_sess = FALSE; #endif PKCS11H_BOOL validCert = FALSE; CK_RV rv = CKR_FUNCTION_FAILED; _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); _PKCS11H_ASSERT (certificate!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_ensureCertificateAccess entry certificate=%p", (void *)certificate ); #if defined(ENABLE_PKCS11H_THREADING) if ((rv = _pkcs11h_threading_mutexLock (&certificate->mutex)) != CKR_OK) { goto cleanup; } mutex_locked_cert = TRUE; #endif if (!validCert) { CK_OBJECT_HANDLE h = _PKCS11H_INVALID_OBJECT_HANDLE; #if defined(ENABLE_PKCS11H_THREADING) if ((rv = _pkcs11h_threading_mutexLock (&certificate->session->mutex)) != CKR_OK) { goto retry1; } mutex_locked_sess = TRUE; #endif if ( (rv = _pkcs11h_session_getObjectById ( certificate->session, CKO_CERTIFICATE, certificate->id->attrCKA_ID, certificate->id->attrCKA_ID_size, &h )) != CKR_OK ) { goto retry1; } validCert = TRUE; retry1: #if defined(ENABLE_PKCS11H_THREADING) if (mutex_locked_sess) { _pkcs11h_threading_mutexRelease (&certificate->session->mutex); mutex_locked_sess = FALSE; } #endif if (!validCert) { _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Cannot access existing object rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); } } if (!validCert) { if ( (rv = _pkcs11h_certificate_resetSession ( certificate, TRUE, FALSE )) != CKR_OK ) { goto cleanup; } validCert = TRUE; } if (validCert) { rv = CKR_OK; } cleanup: #if defined(ENABLE_PKCS11H_THREADING) if (mutex_locked_cert) { _pkcs11h_threading_mutexRelease (&certificate->mutex); mutex_locked_cert = FALSE; } #endif _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_ensureCertificateAccess return rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); return rv; } CK_RV pkcs11h_certificate_ensureKeyAccess ( IN const pkcs11h_certificate_t certificate ) { #if defined(ENABLE_PKCS11H_THREADING) PKCS11H_BOOL mutex_locked_cert = FALSE; PKCS11H_BOOL mutex_locked_sess = FALSE; #endif CK_RV rv = CKR_FUNCTION_FAILED; PKCS11H_BOOL valid_key = FALSE; _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); _PKCS11H_ASSERT (certificate!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_ensureKeyAccess entry certificate=%p", (void *)certificate ); #if defined(ENABLE_PKCS11H_THREADING) if ((rv = _pkcs11h_threading_mutexLock (&certificate->mutex)) != CKR_OK) { goto cleanup; } mutex_locked_cert = TRUE; #endif if (!valid_key) { #if defined(ENABLE_PKCS11H_THREADING) if ((rv = _pkcs11h_threading_mutexLock (&certificate->session->mutex)) != CKR_OK) { goto retry1; } mutex_locked_sess = TRUE; #endif if ( (rv = _pkcs11h_session_getObjectById ( certificate->session, CKO_PRIVATE_KEY, certificate->id->attrCKA_ID, certificate->id->attrCKA_ID_size, &certificate->key_handle )) != CKR_OK ) { goto retry1; } valid_key = TRUE; retry1: #if defined(ENABLE_PKCS11H_THREADING) if (mutex_locked_sess) { _pkcs11h_threading_mutexRelease (&certificate->session->mutex); mutex_locked_sess = FALSE; } #endif if (!valid_key) { _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Cannot access existing object rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); certificate->key_handle = _PKCS11H_INVALID_OBJECT_HANDLE; } } if (!valid_key) { if ( (rv = _pkcs11h_certificate_resetSession ( certificate, FALSE, FALSE )) != CKR_OK ) { goto cleanup; } valid_key = TRUE; } if (valid_key) { rv = CKR_OK; } cleanup: #if defined(ENABLE_PKCS11H_THREADING) if (mutex_locked_cert) { _pkcs11h_threading_mutexRelease (&certificate->mutex); mutex_locked_cert = FALSE; } #endif _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_ensureKeyAccess return rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); return rv; } CK_RV _pkcs11h_certificate_enumSessionCertificates ( IN const _pkcs11h_session_t session, IN void * const user_data, IN const unsigned mask_prompt ) { #if defined(ENABLE_PKCS11H_THREADING) PKCS11H_BOOL mutex_locked = FALSE; #endif PKCS11H_BOOL op_succeed = FALSE; PKCS11H_BOOL login_retry = FALSE; CK_RV rv = CKR_FUNCTION_FAILED; _PKCS11H_ASSERT (session!=NULL); /*_PKCS11H_ASSERT (user_data) NOT NEEDED */ _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_certificate_enumSessionCertificates entry session=%p, user_data=%p, mask_prompt=%08x", (void *)session, user_data, mask_prompt ); /* THREADS: NO NEED TO LOCK, GLOBAL CACHE IS LOCKED */ #if defined(ENABLE_PKCS11H_THREADING) if ((rv = _pkcs11h_threading_mutexLock (&session->mutex)) != CKR_OK) { goto cleanup; } mutex_locked = TRUE; #endif while (!op_succeed) { CK_OBJECT_CLASS cert_filter_class = CKO_CERTIFICATE; CK_ATTRIBUTE cert_filter[] = { {CKA_CLASS, &cert_filter_class, sizeof (cert_filter_class)} }; CK_OBJECT_HANDLE *objects = NULL; CK_ULONG objects_found = 0; CK_ULONG i; if ((rv = _pkcs11h_session_validate (session)) != CKR_OK) { goto retry; } if ( (rv = _pkcs11h_session_findObjects ( session, cert_filter, sizeof (cert_filter) / sizeof (CK_ATTRIBUTE), &objects, &objects_found )) != CKR_OK ) { goto retry; } for (i=0;i < objects_found;i++) { pkcs11h_certificate_id_t certificate_id = NULL; pkcs11h_certificate_id_list_t new_element = NULL; CK_ATTRIBUTE attrs[] = { {CKA_ID, NULL, 0}, {CKA_VALUE, NULL, 0} }; if ( (rv = _pkcs11h_session_getObjectAttributes ( session, objects[i], attrs, sizeof (attrs) / sizeof (CK_ATTRIBUTE) )) != CKR_OK ) { goto retry1; } /* * skip objects without CKA_ID as we * won't be able to retrieve them. */ if ( attrs[0].pValue == NULL || attrs[0].ulValueLen == 0 ) { rv = CKR_OK; goto retry1; } if ( (rv = _pkcs11h_certificate_newCertificateId (&certificate_id)) != CKR_OK || (rv = pkcs11h_token_duplicateTokenId ( &certificate_id->token_id, session->token_id )) != CKR_OK || (rv = _pkcs11h_mem_duplicate ( (void*)&certificate_id->attrCKA_ID, &certificate_id->attrCKA_ID_size, attrs[0].pValue, attrs[0].ulValueLen )) != CKR_OK || (rv = _pkcs11h_mem_duplicate ( (void*)&certificate_id->certificate_blob, &certificate_id->certificate_blob_size, attrs[1].pValue, attrs[1].ulValueLen )) != CKR_OK || (rv = __pkcs11h_certificate_updateCertificateIdDescription ( certificate_id )) != CKR_OK || (rv = _pkcs11h_mem_malloc ( (void *)&new_element, sizeof (struct pkcs11h_certificate_id_list_s) )) != CKR_OK ) { goto retry1; } new_element->next = session->cached_certs; new_element->certificate_id = certificate_id; certificate_id = NULL; session->cached_certs = new_element; new_element = NULL; rv = CKR_OK; retry1: if (certificate_id != NULL) { pkcs11h_certificate_freeCertificateId (certificate_id); certificate_id = NULL; } if (new_element != NULL) { _pkcs11h_mem_free ((void *)&new_element); new_element = NULL; } _pkcs11h_session_freeObjectAttributes ( attrs, sizeof (attrs) / sizeof (CK_ATTRIBUTE) ); if (rv != CKR_OK) { _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Cannot get object attribute for provider '%s' object %ld rv=%lu-'%s'", session->provider->manufacturerID, objects[i], rv, pkcs11h_getMessage (rv) ); } } op_succeed = TRUE; rv = CKR_OK; retry: if (objects != NULL) { _pkcs11h_mem_free ((void *)&objects); } if (!op_succeed) { if (!login_retry) { _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Get certificate attributes failed: %ld:'%s'", rv, pkcs11h_getMessage (rv) ); rv = _pkcs11h_session_login ( session, TRUE, TRUE, user_data, (mask_prompt & PKCS11H_PROMPT_MASK_ALLOW_PIN_PROMPT) ); login_retry = TRUE; } if (rv != CKR_OK) { goto cleanup; } } } cleanup: #if defined(ENABLE_PKCS11H_THREADING) if (mutex_locked) { _pkcs11h_threading_mutexRelease (&session->mutex); mutex_locked = FALSE; } #endif _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_certificate_enumSessionCertificates return rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); return rv; } static CK_RV __pkcs11h_certificate_splitCertificateIdList ( IN const pkcs11h_certificate_id_list_t cert_id_all, OUT pkcs11h_certificate_id_list_t * const p_cert_id_issuers_list, OUT pkcs11h_certificate_id_list_t * const p_cert_id_end_list ) { typedef struct info_s { struct info_s *next; pkcs11h_certificate_id_t e; PKCS11H_BOOL is_issuer; } *info_t; pkcs11h_certificate_id_list_t cert_id_issuers_list = NULL; pkcs11h_certificate_id_list_t cert_id_end_list = NULL; pkcs11h_certificate_id_list_t entry = NULL; info_t head = NULL; info_t info = NULL; CK_RV rv = CKR_FUNCTION_FAILED; /*_PKCS11H_ASSERT (cert_id_all!=NULL); NOT NEEDED */ /*_PKCS11H_ASSERT (p_cert_id_issuers_list!=NULL); NOT NEEDED*/ _PKCS11H_ASSERT (p_cert_id_end_list!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_certificate_splitCertificateIdList entry cert_id_all=%p, p_cert_id_issuers_list=%p, p_cert_id_end_list=%p", (void *)cert_id_all, (void *)p_cert_id_issuers_list, (void *)p_cert_id_end_list ); if (p_cert_id_issuers_list != NULL) { *p_cert_id_issuers_list = NULL; } *p_cert_id_end_list = NULL; for ( entry = cert_id_all; entry != NULL; entry = entry->next ) { info_t new_info = NULL; if ((rv = _pkcs11h_mem_malloc ((void *)&new_info, sizeof (struct info_s))) != CKR_OK) { goto cleanup; } new_info->next = head; new_info->e = entry->certificate_id; head = new_info; new_info = NULL; } for ( info = head; info != NULL; info = info->next ) { info_t info2 = NULL; for ( info2 = head; info2 != NULL && !info->is_issuer; info2 = info2->next ) { if (info != info2) { info->is_issuer = _g_pkcs11h_crypto_engine.certificate_is_issuer ( _g_pkcs11h_crypto_engine.global_data, info->e->certificate_blob, info->e->certificate_blob_size, info2->e->certificate_blob, info2->e->certificate_blob_size ); } } } rv = CKR_OK; for ( info = head; info != NULL; info = info->next ) { pkcs11h_certificate_id_list_t new_entry = NULL; if ( (rv = _pkcs11h_mem_malloc ( (void *)&new_entry, sizeof (struct pkcs11h_certificate_id_list_s) )) != CKR_OK || (rv = pkcs11h_certificate_duplicateCertificateId ( &new_entry->certificate_id, info->e )) != CKR_OK ) { if (new_entry != NULL) { if (new_entry->certificate_id != NULL) { pkcs11h_certificate_freeCertificateId (new_entry->certificate_id); } _pkcs11h_mem_free ((void *)&new_entry); } goto cleanup; } /* * Should not free base list */ info->e = NULL; if (info->is_issuer) { new_entry->next = cert_id_issuers_list; cert_id_issuers_list = new_entry; new_entry = NULL; } else { new_entry->next = cert_id_end_list; cert_id_end_list = new_entry; new_entry = NULL; } } if (p_cert_id_issuers_list != NULL ) { *p_cert_id_issuers_list = cert_id_issuers_list; cert_id_issuers_list = NULL; } *p_cert_id_end_list = cert_id_end_list; cert_id_end_list = NULL; rv = CKR_OK; cleanup: while (head != NULL) { info_t entry = head; head = head->next; _pkcs11h_mem_free ((void *)&entry); } if (cert_id_issuers_list != NULL) { pkcs11h_certificate_freeCertificateIdList (cert_id_issuers_list); } if (cert_id_end_list != NULL) { pkcs11h_certificate_freeCertificateIdList (cert_id_end_list); } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_certificate_splitCertificateIdList return rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); return rv; } CK_RV pkcs11h_certificate_freeCertificateIdList ( IN const pkcs11h_certificate_id_list_t cert_id_list ) { pkcs11h_certificate_id_list_t _id = cert_id_list; _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); /*_PKCS11H_ASSERT (cert_id_list!=NULL); NOT NEEDED*/ _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_freeCertificateIdList entry cert_id_list=%p", (void *)cert_id_list ); while (_id != NULL) { pkcs11h_certificate_id_list_t x = _id; _id = _id->next; if (x->certificate_id != NULL) { pkcs11h_certificate_freeCertificateId (x->certificate_id); } x->next = NULL; _pkcs11h_mem_free ((void *)&x); } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_freeCertificateIdList return" ); return CKR_OK; } CK_RV pkcs11h_certificate_enumTokenCertificateIds ( IN const pkcs11h_token_id_t token_id, IN const unsigned method, IN void * const user_data, IN const unsigned mask_prompt, OUT pkcs11h_certificate_id_list_t * const p_cert_id_issuers_list, OUT pkcs11h_certificate_id_list_t * const p_cert_id_end_list ) { #if defined(ENABLE_PKCS11H_THREADING) PKCS11H_BOOL mutex_locked = FALSE; #endif _pkcs11h_session_t session = NULL; CK_RV rv = CKR_FUNCTION_FAILED; _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); _PKCS11H_ASSERT (token_id!=NULL); /*_PKCS11H_ASSERT (user_data) NOT NEEDED */ /*_PKCS11H_ASSERT (p_cert_id_issuers_list!=NULL); NOT NEEDED*/ _PKCS11H_ASSERT (p_cert_id_end_list!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_enumTokenCertificateIds entry token_id=%p, method=%u, user_data=%p, mask_prompt=%08x, p_cert_id_issuers_list=%p, p_cert_id_end_list=%p", (void *)token_id, method, user_data, mask_prompt, (void *)p_cert_id_issuers_list, (void *)p_cert_id_end_list ); if (p_cert_id_issuers_list != NULL) { *p_cert_id_issuers_list = NULL; } *p_cert_id_end_list = NULL; #if defined(ENABLE_PKCS11H_THREADING) if ((rv = _pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.cache)) != CKR_OK) { goto cleanup; } mutex_locked = TRUE; #endif if ( (rv = _pkcs11h_session_getSessionByTokenId ( token_id, &session )) != CKR_OK ) { goto cleanup; } if (method == PKCS11H_ENUM_METHOD_RELOAD) { pkcs11h_certificate_freeCertificateIdList (session->cached_certs); session->cached_certs = NULL; } if (session->cached_certs == NULL) { rv = _pkcs11h_certificate_enumSessionCertificates (session, user_data, mask_prompt); } if ( (rv = __pkcs11h_certificate_splitCertificateIdList ( session->cached_certs, p_cert_id_issuers_list, p_cert_id_end_list )) != CKR_OK ) { goto cleanup; } rv = CKR_OK; cleanup: if (session != NULL) { _pkcs11h_session_release (session); } #if defined(ENABLE_PKCS11H_THREADING) if (mutex_locked) { _pkcs11h_threading_mutexRelease (&_g_pkcs11h_data->mutexes.cache); mutex_locked = FALSE; } #endif _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_enumTokenCertificateIds return rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); return rv; } CK_RV pkcs11h_certificate_enumCertificateIds ( IN const unsigned method, IN void * const user_data, IN const unsigned mask_prompt, OUT pkcs11h_certificate_id_list_t * const p_cert_id_issuers_list, OUT pkcs11h_certificate_id_list_t * const p_cert_id_end_list ) { #if defined(ENABLE_PKCS11H_THREADING) PKCS11H_BOOL mutex_locked = FALSE; #endif pkcs11h_certificate_id_list_t cert_id_list = NULL; _pkcs11h_provider_t current_provider; _pkcs11h_session_t current_session; CK_RV rv = CKR_FUNCTION_FAILED; _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); /*_PKCS11H_ASSERT (user_data!=NULL); NOT NEEDED*/ /*_PKCS11H_ASSERT (p_cert_id_issuers_list!=NULL); NOT NEEDED*/ _PKCS11H_ASSERT (p_cert_id_end_list!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_enumCertificateIds entry method=%u, mask_prompt=%08x, p_cert_id_issuers_list=%p, p_cert_id_end_list=%p", method, mask_prompt, (void *)p_cert_id_issuers_list, (void *)p_cert_id_end_list ); if (p_cert_id_issuers_list != NULL) { *p_cert_id_issuers_list = NULL; } *p_cert_id_end_list = NULL; #if defined(ENABLE_PKCS11H_THREADING) if ((rv = _pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.cache)) != CKR_OK) { goto cleanup; } mutex_locked = TRUE; #endif for ( current_session = _g_pkcs11h_data->sessions; current_session != NULL; current_session = current_session->next ) { current_session->touch = FALSE; if (method == PKCS11H_ENUM_METHOD_RELOAD) { pkcs11h_certificate_freeCertificateIdList (current_session->cached_certs); current_session->cached_certs = NULL; } } for ( current_provider = _g_pkcs11h_data->providers; current_provider != NULL; current_provider = current_provider->next ) { CK_SLOT_ID_PTR slots = NULL; CK_ULONG slotnum; CK_SLOT_ID slot_index; if (!current_provider->enabled) { continue; } if ( (rv = _pkcs11h_session_getSlotList ( current_provider, CK_TRUE, &slots, &slotnum )) != CKR_OK ) { goto retry1; } for ( slot_index=0; slot_index < slotnum; slot_index++ ) { _pkcs11h_session_t session = NULL; pkcs11h_token_id_t token_id = NULL; CK_TOKEN_INFO info; if ( (rv = current_provider->f->C_GetTokenInfo ( slots[slot_index], &info )) != CKR_OK || (rv = _pkcs11h_token_getTokenId ( &info, &token_id )) != CKR_OK || (rv = _pkcs11h_session_getSessionByTokenId ( token_id, &session )) != CKR_OK ) { goto retry11; } session->touch = TRUE; if (session->cached_certs == NULL) { if ( (rv = _pkcs11h_certificate_enumSessionCertificates ( session, user_data, mask_prompt )) != CKR_OK ) { goto retry11; } } rv = CKR_OK; retry11: if (rv != CKR_OK) { _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Cannot get token information for provider '%s' slot %ld rv=%lu-'%s'", current_provider->manufacturerID, slots[slot_index], rv, pkcs11h_getMessage (rv) ); } if (session != NULL) { _pkcs11h_session_release (session); session = NULL; } if (token_id != NULL) { pkcs11h_token_freeTokenId (token_id); token_id = NULL; } } rv = CKR_OK; retry1: if (rv != CKR_OK) { _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Cannot get slot list for provider '%s' rv=%lu-'%s'", current_provider->manufacturerID, rv, pkcs11h_getMessage (rv) ); } if (slots != NULL) { _pkcs11h_mem_free ((void *)&slots); slots = NULL; } } for ( current_session = _g_pkcs11h_data->sessions; current_session != NULL; current_session = current_session->next ) { if ( method == PKCS11H_ENUM_METHOD_CACHE || ( ( method == PKCS11H_ENUM_METHOD_RELOAD || method == PKCS11H_ENUM_METHOD_CACHE_EXIST ) && current_session->touch ) ) { pkcs11h_certificate_id_list_t entry = NULL; for ( entry = current_session->cached_certs; entry != NULL; entry = entry->next ) { pkcs11h_certificate_id_list_t new_entry = NULL; if ( (rv = _pkcs11h_mem_malloc ( (void *)&new_entry, sizeof (struct pkcs11h_certificate_id_list_s) )) != CKR_OK || (rv = pkcs11h_certificate_duplicateCertificateId ( &new_entry->certificate_id, entry->certificate_id )) != CKR_OK ) { if (new_entry != NULL) { new_entry->next = NULL; pkcs11h_certificate_freeCertificateIdList (new_entry); new_entry = NULL; } goto cleanup; } new_entry->next = cert_id_list; cert_id_list = new_entry; new_entry = NULL; } } } if ( (rv = __pkcs11h_certificate_splitCertificateIdList ( cert_id_list, p_cert_id_issuers_list, p_cert_id_end_list )) != CKR_OK ) { goto cleanup; } rv = CKR_OK; cleanup: if (cert_id_list != NULL) { pkcs11h_certificate_freeCertificateIdList (cert_id_list); cert_id_list = NULL; } #if defined(ENABLE_PKCS11H_THREADING) if (mutex_locked) { _pkcs11h_threading_mutexRelease (&_g_pkcs11h_data->mutexes.cache); mutex_locked = FALSE; } #endif _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_enumCertificateIds return rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); return rv; } #endif /* ENABLE_PKCS11H_CERTIFICATE */ pkcs11-helper-pkcs11-helper-1.22/lib/pkcs11h-core.c000066400000000000000000001027541304770615400215240ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #include "common.h" #if !defined(_WIN32) #include #include #endif #include #include #include "_pkcs11h-threading.h" #include "_pkcs11h-mem.h" #include "_pkcs11h-sys.h" #include "_pkcs11h-crypto.h" #include "_pkcs11h-util.h" #include "_pkcs11h-core.h" #include "_pkcs11h-session.h" #include "_pkcs11h-slotevent.h" #include "_pkcs11h-openssl.h" /*======================================================================* * COMMON INTERNAL INTERFACE *======================================================================*/ static void __pkcs11h_hooks_default_log ( IN void * const global_data, IN const unsigned flags, IN const char * const format, IN va_list args ); static PKCS11H_BOOL __pkcs11h_hooks_default_token_prompt ( IN void * const global_data, IN void * const user_data, IN const pkcs11h_token_id_t token, IN const unsigned retry ); static PKCS11H_BOOL __pkcs11h_hooks_default_pin_prompt ( IN void * const global_data, IN void * const user_data, IN const pkcs11h_token_id_t token, IN const unsigned retry, OUT char * const pin, IN const size_t pin_max ); #if !defined(_WIN32) #if defined(ENABLE_PKCS11H_THREADING) static void __pkcs11h_threading_atfork_prepare (void); static void __pkcs11h_threading_atfork_parent (void); static void __pkcs11h_threading_atfork_child (void); #endif static CK_RV __pkcs11h_forkFixup ( IN const PKCS11H_BOOL activate_slotevent ); #endif /*========================================== * Data */ _pkcs11h_data_t _g_pkcs11h_data = NULL; unsigned int _g_pkcs11h_loglevel = PKCS11H_LOG_INFO; /*======================================================================* * PUBLIC INTERFACE *======================================================================*/ const char * pkcs11h_getMessage ( IN const CK_RV rv ) { switch (rv) { case CKR_OK: return "CKR_OK"; case CKR_CANCEL: return "CKR_CANCEL"; case CKR_HOST_MEMORY: return "CKR_HOST_MEMORY"; case CKR_SLOT_ID_INVALID: return "CKR_SLOT_ID_INVALID"; case CKR_GENERAL_ERROR: return "CKR_GENERAL_ERROR"; case CKR_FUNCTION_FAILED: return "CKR_FUNCTION_FAILED"; case CKR_ARGUMENTS_BAD: return "CKR_ARGUMENTS_BAD"; case CKR_NO_EVENT: return "CKR_NO_EVENT"; case CKR_NEED_TO_CREATE_THREADS: return "CKR_NEED_TO_CREATE_THREADS"; case CKR_CANT_LOCK: return "CKR_CANT_LOCK"; case CKR_ATTRIBUTE_READ_ONLY: return "CKR_ATTRIBUTE_READ_ONLY"; case CKR_ATTRIBUTE_SENSITIVE: return "CKR_ATTRIBUTE_SENSITIVE"; case CKR_ATTRIBUTE_TYPE_INVALID: return "CKR_ATTRIBUTE_TYPE_INVALID"; case CKR_ATTRIBUTE_VALUE_INVALID: return "CKR_ATTRIBUTE_VALUE_INVALID"; case CKR_DATA_INVALID: return "CKR_DATA_INVALID"; case CKR_DATA_LEN_RANGE: return "CKR_DATA_LEN_RANGE"; case CKR_DEVICE_ERROR: return "CKR_DEVICE_ERROR"; case CKR_DEVICE_MEMORY: return "CKR_DEVICE_MEMORY"; case CKR_DEVICE_REMOVED: return "CKR_DEVICE_REMOVED"; case CKR_ENCRYPTED_DATA_INVALID: return "CKR_ENCRYPTED_DATA_INVALID"; case CKR_ENCRYPTED_DATA_LEN_RANGE: return "CKR_ENCRYPTED_DATA_LEN_RANGE"; case CKR_FUNCTION_CANCELED: return "CKR_FUNCTION_CANCELED"; case CKR_FUNCTION_NOT_PARALLEL: return "CKR_FUNCTION_NOT_PARALLEL"; case CKR_FUNCTION_NOT_SUPPORTED: return "CKR_FUNCTION_NOT_SUPPORTED"; case CKR_KEY_HANDLE_INVALID: return "CKR_KEY_HANDLE_INVALID"; case CKR_KEY_SIZE_RANGE: return "CKR_KEY_SIZE_RANGE"; case CKR_KEY_TYPE_INCONSISTENT: return "CKR_KEY_TYPE_INCONSISTENT"; case CKR_KEY_NOT_NEEDED: return "CKR_KEY_NOT_NEEDED"; case CKR_KEY_CHANGED: return "CKR_KEY_CHANGED"; case CKR_KEY_NEEDED: return "CKR_KEY_NEEDED"; case CKR_KEY_INDIGESTIBLE: return "CKR_KEY_INDIGESTIBLE"; case CKR_KEY_FUNCTION_NOT_PERMITTED: return "CKR_KEY_FUNCTION_NOT_PERMITTED"; case CKR_KEY_NOT_WRAPPABLE: return "CKR_KEY_NOT_WRAPPABLE"; case CKR_KEY_UNEXTRACTABLE: return "CKR_KEY_UNEXTRACTABLE"; case CKR_MECHANISM_INVALID: return "CKR_MECHANISM_INVALID"; case CKR_MECHANISM_PARAM_INVALID: return "CKR_MECHANISM_PARAM_INVALID"; case CKR_OBJECT_HANDLE_INVALID: return "CKR_OBJECT_HANDLE_INVALID"; case CKR_OPERATION_ACTIVE: return "CKR_OPERATION_ACTIVE"; case CKR_OPERATION_NOT_INITIALIZED: return "CKR_OPERATION_NOT_INITIALIZED"; case CKR_PIN_INCORRECT: return "CKR_PIN_INCORRECT"; case CKR_PIN_INVALID: return "CKR_PIN_INVALID"; case CKR_PIN_LEN_RANGE: return "CKR_PIN_LEN_RANGE"; case CKR_PIN_EXPIRED: return "CKR_PIN_EXPIRED"; case CKR_PIN_LOCKED: return "CKR_PIN_LOCKED"; case CKR_SESSION_CLOSED: return "CKR_SESSION_CLOSED"; case CKR_SESSION_COUNT: return "CKR_SESSION_COUNT"; case CKR_SESSION_HANDLE_INVALID: return "CKR_SESSION_HANDLE_INVALID"; case CKR_SESSION_PARALLEL_NOT_SUPPORTED: return "CKR_SESSION_PARALLEL_NOT_SUPPORTED"; case CKR_SESSION_READ_ONLY: return "CKR_SESSION_READ_ONLY"; case CKR_SESSION_EXISTS: return "CKR_SESSION_EXISTS"; case CKR_SESSION_READ_ONLY_EXISTS: return "CKR_SESSION_READ_ONLY_EXISTS"; case CKR_SESSION_READ_WRITE_SO_EXISTS: return "CKR_SESSION_READ_WRITE_SO_EXISTS"; case CKR_SIGNATURE_INVALID: return "CKR_SIGNATURE_INVALID"; case CKR_SIGNATURE_LEN_RANGE: return "CKR_SIGNATURE_LEN_RANGE"; case CKR_TEMPLATE_INCOMPLETE: return "CKR_TEMPLATE_INCOMPLETE"; case CKR_TEMPLATE_INCONSISTENT: return "CKR_TEMPLATE_INCONSISTENT"; case CKR_TOKEN_NOT_PRESENT: return "CKR_TOKEN_NOT_PRESENT"; case CKR_TOKEN_NOT_RECOGNIZED: return "CKR_TOKEN_NOT_RECOGNIZED"; case CKR_TOKEN_WRITE_PROTECTED: return "CKR_TOKEN_WRITE_PROTECTED"; case CKR_UNWRAPPING_KEY_HANDLE_INVALID: return "CKR_UNWRAPPING_KEY_HANDLE_INVALID"; case CKR_UNWRAPPING_KEY_SIZE_RANGE: return "CKR_UNWRAPPING_KEY_SIZE_RANGE"; case CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT: return "CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT"; case CKR_USER_ALREADY_LOGGED_IN: return "CKR_USER_ALREADY_LOGGED_IN"; case CKR_USER_NOT_LOGGED_IN: return "CKR_USER_NOT_LOGGED_IN"; case CKR_USER_PIN_NOT_INITIALIZED: return "CKR_USER_PIN_NOT_INITIALIZED"; case CKR_USER_TYPE_INVALID: return "CKR_USER_TYPE_INVALID"; case CKR_USER_ANOTHER_ALREADY_LOGGED_IN: return "CKR_USER_ANOTHER_ALREADY_LOGGED_IN"; case CKR_USER_TOO_MANY_TYPES: return "CKR_USER_TOO_MANY_TYPES"; case CKR_WRAPPED_KEY_INVALID: return "CKR_WRAPPED_KEY_INVALID"; case CKR_WRAPPED_KEY_LEN_RANGE: return "CKR_WRAPPED_KEY_LEN_RANGE"; case CKR_WRAPPING_KEY_HANDLE_INVALID: return "CKR_WRAPPING_KEY_HANDLE_INVALID"; case CKR_WRAPPING_KEY_SIZE_RANGE: return "CKR_WRAPPING_KEY_SIZE_RANGE"; case CKR_WRAPPING_KEY_TYPE_INCONSISTENT: return "CKR_WRAPPING_KEY_TYPE_INCONSISTENT"; case CKR_RANDOM_SEED_NOT_SUPPORTED: return "CKR_RANDOM_SEED_NOT_SUPPORTED"; case CKR_RANDOM_NO_RNG: return "CKR_RANDOM_NO_RNG"; case CKR_DOMAIN_PARAMS_INVALID: return "CKR_DOMAIN_PARAMS_INVALID"; case CKR_BUFFER_TOO_SMALL: return "CKR_BUFFER_TOO_SMALL"; case CKR_SAVED_STATE_INVALID: return "CKR_SAVED_STATE_INVALID"; case CKR_INFORMATION_SENSITIVE: return "CKR_INFORMATION_SENSITIVE"; case CKR_STATE_UNSAVEABLE: return "CKR_STATE_UNSAVEABLE"; case CKR_CRYPTOKI_NOT_INITIALIZED: return "CKR_CRYPTOKI_NOT_INITIALIZED"; case CKR_CRYPTOKI_ALREADY_INITIALIZED: return "CKR_CRYPTOKI_ALREADY_INITIALIZED"; case CKR_MUTEX_BAD: return "CKR_MUTEX_BAD"; case CKR_MUTEX_NOT_LOCKED: return "CKR_MUTEX_NOT_LOCKED"; case CKR_FUNCTION_REJECTED: return "CKR_FUNCTION_REJECTED"; case CKR_VENDOR_DEFINED: return "CKR_VENDOR_DEFINED"; default: return "Unknown PKCS#11 error"; } } unsigned int pkcs11h_getVersion (void) { return PKCS11H_VERSION; } unsigned int pkcs11h_getFeatures (void) { unsigned int features = ( #if defined(ENABLE_PKCS11H_ENGINE_OPENSSL) PKCS11H_FEATURE_MASK_ENGINE_CRYPTO_OPENSSL | #endif #if defined(ENABLE_PKCS11H_ENGINE_GNUTLS) PKCS11H_FEATURE_MASK_ENGINE_CRYPTO_GNUTLS | #endif #if defined(ENABLE_PKCS11H_ENGINE_WIN32) PKCS11H_FEATURE_MASK_ENGINE_CRYPTO_WIN32 | #endif #if defined(ENABLE_PKCS11H_ENGINE_MBEDTLS) PKCS11H_FEATURE_MASK_ENGINE_CRYPTO_MBEDTLS | #endif #if defined(ENABLE_PKCS11H_DEBUG) PKCS11H_FEATURE_MASK_DEBUG | #endif #if defined(ENABLE_PKCS11H_THREADING) PKCS11H_FEATURE_MASK_THREADING | #endif #if defined(ENABLE_PKCS11H_TOKEN) PKCS11H_FEATURE_MASK_TOKEN | #endif #if defined(ENABLE_PKCS11H_DATA) PKCS11H_FEATURE_MASK_DATA | #endif #if defined(ENABLE_PKCS11H_CERTIFICATE) PKCS11H_FEATURE_MASK_CERTIFICATE | #endif #if defined(ENABLE_PKCS11H_SLOTEVENT) PKCS11H_FEATURE_MASK_SLOTEVENT | #endif #if defined(ENABLE_PKCS11H_OPENSSL) PKCS11H_FEATURE_MASK_OPENSSL | #endif 0 ); return features; } CK_RV pkcs11h_initialize (void) { #if defined(ENABLE_PKCS11H_THREADING) PKCS11H_BOOL has_mutex_global = FALSE; PKCS11H_BOOL has_mutex_cache = FALSE; PKCS11H_BOOL has_mutex_session = FALSE; #endif CK_RV rv = CKR_FUNCTION_FAILED; _pkcs11h_data_t data = NULL; _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_initialize entry" ); pkcs11h_terminate (); if ((rv = _pkcs11h_mem_malloc ((void*)&data, sizeof (struct _pkcs11h_data_s))) != CKR_OK) { goto cleanup; } if (_g_pkcs11h_crypto_engine.initialize == NULL) { if ((rv = pkcs11h_engine_setCrypto (PKCS11H_ENGINE_CRYPTO_AUTO)) != CKR_OK) { goto cleanup; } } if (!_g_pkcs11h_crypto_engine.initialize (_g_pkcs11h_crypto_engine.global_data)) { _PKCS11H_DEBUG ( PKCS11H_LOG_ERROR, "PKCS#11: Cannot initialize crypto engine" ); rv = CKR_FUNCTION_FAILED; goto cleanup; } #if defined(ENABLE_PKCS11H_THREADING) if ((rv = _pkcs11h_threading_mutexInit (&data->mutexes.global)) != CKR_OK) { goto cleanup; } has_mutex_global = TRUE; if ((rv = _pkcs11h_threading_mutexInit (&data->mutexes.cache)) != CKR_OK) { goto cleanup; } has_mutex_cache = TRUE; if ((rv = _pkcs11h_threading_mutexInit (&data->mutexes.session)) != CKR_OK) { goto cleanup; } has_mutex_session = TRUE; #if !defined(_WIN32) if ( pthread_atfork ( __pkcs11h_threading_atfork_prepare, __pkcs11h_threading_atfork_parent, __pkcs11h_threading_atfork_child ) ) { rv = CKR_FUNCTION_FAILED; goto cleanup; } #endif #endif data->max_retries = _PKCS11H_DEFAULT_MAX_LOGIN_RETRY; data->allow_protected_auth = TRUE; data->pin_cache_period = _PKCS11H_DEFAULT_PIN_CACHE_PERIOD; #if defined(ENABLE_PKCS11H_OPENSSL) _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Initializing openssl" ); if (!_pkcs11h_openssl_initialize()) { goto cleanup; } #endif data->initialized = TRUE; _g_pkcs11h_data = data; data = NULL; pkcs11h_setLogHook (__pkcs11h_hooks_default_log, NULL); pkcs11h_setTokenPromptHook (__pkcs11h_hooks_default_token_prompt, NULL); pkcs11h_setPINPromptHook (__pkcs11h_hooks_default_pin_prompt, NULL); rv = CKR_OK; cleanup: if (data != NULL) { #if defined(ENABLE_PKCS11H_THREADING) if (has_mutex_global) { _pkcs11h_threading_mutexFree (&data->mutexes.global); has_mutex_global = FALSE; } if (has_mutex_cache) { _pkcs11h_threading_mutexFree (&data->mutexes.cache); has_mutex_cache = FALSE; } if (has_mutex_session) { _pkcs11h_threading_mutexFree (&data->mutexes.session); has_mutex_session = FALSE; } #endif _pkcs11h_mem_free ((void *)&data); data = NULL; } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_initialize return rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); return rv; } CK_RV pkcs11h_terminate (void) { _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_terminate entry" ); if (_g_pkcs11h_data != NULL) { _pkcs11h_provider_t current_provider = NULL; #if defined(ENABLE_PKCS11H_OPENSSL) _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Terminating openssl" ); _pkcs11h_openssl_terminate(); #endif _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Removing providers" ); for ( current_provider = _g_pkcs11h_data->providers; current_provider != NULL; current_provider = current_provider->next ) { pkcs11h_removeProvider (current_provider->reference); } #if defined(ENABLE_PKCS11H_THREADING) _pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.cache); _pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.session); _pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.global); #endif _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Releasing sessions" ); while (_g_pkcs11h_data->sessions != NULL) { _pkcs11h_session_t current = _g_pkcs11h_data->sessions; _g_pkcs11h_data->sessions = _g_pkcs11h_data->sessions->next; #if defined(ENABLE_PKCS11H_THREADING) _pkcs11h_threading_mutexLock (¤t->mutex); #endif current->valid = FALSE; if (current->reference_count != 0) { _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Warning: Found session with references" ); } if (current->token_id != NULL) { pkcs11h_token_freeTokenId (current->token_id); current->token_id = NULL; } #if defined(ENABLE_PKCS11H_CERTIFICATE) pkcs11h_certificate_freeCertificateIdList (current->cached_certs); #endif current->provider = NULL; #if defined(ENABLE_PKCS11H_THREADING) _pkcs11h_threading_mutexFree (¤t->mutex); #endif _pkcs11h_mem_free ((void *)¤t); } #if defined(ENABLE_PKCS11H_SLOTEVENT) _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Terminating slotevent" ); _pkcs11h_slotevent_terminate (); #endif _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Marking as uninitialized" ); _g_pkcs11h_data->initialized = FALSE; while (_g_pkcs11h_data->providers != NULL) { _pkcs11h_provider_t current = _g_pkcs11h_data->providers; _g_pkcs11h_data->providers = _g_pkcs11h_data->providers->next; _pkcs11h_mem_free ((void *)¤t); } #if defined(ENABLE_PKCS11H_THREADING) _pkcs11h_threading_mutexFree (&_g_pkcs11h_data->mutexes.global); _pkcs11h_threading_mutexFree (&_g_pkcs11h_data->mutexes.cache); _pkcs11h_threading_mutexFree (&_g_pkcs11h_data->mutexes.session); #endif _g_pkcs11h_crypto_engine.uninitialize (_g_pkcs11h_crypto_engine.global_data); _pkcs11h_mem_free ((void *)&_g_pkcs11h_data); } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_terminate return" ); return CKR_OK; } void pkcs11h_setLogLevel ( IN const unsigned flags ) { _g_pkcs11h_loglevel = flags; } CK_RV pkcs11h_setForkMode ( IN const PKCS11H_BOOL safe ) { #if defined(ENABLE_PKCS11H_THREADING) && !defined(_WIN32) _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); _g_pkcs11h_data->safefork = safe; #endif return CKR_OK; } unsigned pkcs11h_getLogLevel (void) { _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); return _g_pkcs11h_loglevel; } CK_RV pkcs11h_setLogHook ( IN const pkcs11h_hook_log_t hook, IN void * const global_data ) { _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); _PKCS11H_ASSERT (hook!=NULL); _g_pkcs11h_data->hooks.log = hook; _g_pkcs11h_data->hooks.log_data = global_data; return CKR_OK; } CK_RV pkcs11h_setSlotEventHook ( IN const pkcs11h_hook_slotevent_t hook, IN void * const global_data ) { _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); _PKCS11H_ASSERT (hook!=NULL); #if defined(ENABLE_PKCS11H_SLOTEVENT) _g_pkcs11h_data->hooks.slotevent = hook; _g_pkcs11h_data->hooks.slotevent_data = global_data; return _pkcs11h_slotevent_init (); #else (void)global_data; return CKR_FUNCTION_NOT_SUPPORTED; #endif } CK_RV pkcs11h_setPINPromptHook ( IN const pkcs11h_hook_pin_prompt_t hook, IN void * const global_data ) { _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); _PKCS11H_ASSERT (hook!=NULL); _g_pkcs11h_data->hooks.pin_prompt = hook; _g_pkcs11h_data->hooks.pin_prompt_data = global_data; return CKR_OK; } CK_RV pkcs11h_setTokenPromptHook ( IN const pkcs11h_hook_token_prompt_t hook, IN void * const global_data ) { _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); _PKCS11H_ASSERT (hook!=NULL); _g_pkcs11h_data->hooks.token_prompt = hook; _g_pkcs11h_data->hooks.token_prompt_data = global_data; return CKR_OK; } CK_RV pkcs11h_setPINCachePeriod ( IN const int pin_cache_period ) { _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); _g_pkcs11h_data->pin_cache_period = pin_cache_period; return CKR_OK; } CK_RV pkcs11h_setMaxLoginRetries ( IN const unsigned max_retries ) { _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); _g_pkcs11h_data->max_retries = max_retries; return CKR_OK; } CK_RV pkcs11h_setProtectedAuthentication ( IN const PKCS11H_BOOL allow_protected_auth ) { _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); _g_pkcs11h_data->allow_protected_auth = allow_protected_auth; return CKR_OK; } CK_RV pkcs11h_addProvider ( IN const char * const reference, IN const char * const provider_location, IN const PKCS11H_BOOL allow_protected_auth, IN const unsigned mask_private_mode, IN const unsigned slot_event_method, IN const unsigned slot_poll_interval, IN const PKCS11H_BOOL cert_is_private ) { #if defined(ENABLE_PKCS11H_THREADING) PKCS11H_BOOL mutex_locked = FALSE; #endif #if defined(ENABLE_PKCS11H_DEBUG) #if defined(_WIN32) int mypid = 0; #else pid_t mypid = getpid (); #endif #endif #if !defined(_WIN32) void *p; #endif _pkcs11h_provider_t provider = NULL; CK_C_GetFunctionList gfl = NULL; CK_C_INITIALIZE_ARGS initargs; CK_C_INITIALIZE_ARGS_PTR pinitargs = NULL; CK_INFO info; CK_RV rv = CKR_FUNCTION_FAILED; _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); _PKCS11H_ASSERT (provider_location!=NULL); /*_PKCS11H_ASSERT (szSignMode!=NULL); NOT NEEDED*/ _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_addProvider entry version='%s', pid=%d, reference='%s', provider_location='%s', allow_protected_auth=%d, mask_private_mode=%08x, cert_is_private=%d", PACKAGE_VERSION, mypid, reference, provider_location, allow_protected_auth ? 1 : 0, mask_private_mode, cert_is_private ? 1 : 0 ); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Adding provider '%s'-'%s'", reference, provider_location ); #if defined(ENABLE_PKCS11H_THREADING) if ((rv = _pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.global)) != CKR_OK) { goto cleanup; } mutex_locked = TRUE; #endif if ((rv = _pkcs11h_mem_malloc ((void *)&provider, sizeof (struct _pkcs11h_provider_s))) != CKR_OK) { goto cleanup; } strncpy ( provider->reference, reference, sizeof (provider->reference)-1 ); provider->reference[sizeof (provider->reference)-1] = '\x0'; strncpy ( provider->manufacturerID, ( strlen (provider_location) < sizeof (provider->manufacturerID) ? provider_location : provider_location+strlen (provider_location)-sizeof (provider->manufacturerID)+1 ), sizeof (provider->manufacturerID)-1 ); provider->manufacturerID[sizeof (provider->manufacturerID)-1] = '\x0'; provider->allow_protected_auth = allow_protected_auth; provider->mask_private_mode = mask_private_mode; provider->slot_event_method = slot_event_method; provider->slot_poll_interval = slot_poll_interval; provider->cert_is_private = cert_is_private; #if defined(_WIN32) provider->handle = LoadLibraryA (provider_location); #else provider->handle = dlopen (provider_location, RTLD_NOW); #endif if (provider->handle == NULL) { rv = CKR_FUNCTION_FAILED; goto cleanup; } #if defined(_WIN32) gfl = (CK_C_GetFunctionList)GetProcAddress ( provider->handle, "C_GetFunctionList" ); #else /* * Make compiler happy! */ p = dlsym ( provider->handle, "C_GetFunctionList" ); memmove ( &gfl, &p, sizeof (void *) ); #endif if (gfl == NULL) { rv = CKR_FUNCTION_FAILED; goto cleanup; } if ((rv = gfl (&provider->f)) != CKR_OK) { goto cleanup; } memset(&initargs, 0, sizeof(initargs)); if ((initargs.pReserved = getenv("PKCS11H_INIT_ARGS_RESERVED")) != NULL) { pinitargs = &initargs; } if ((rv = provider->f->C_Initialize (pinitargs)) != CKR_OK) { if (rv == CKR_CRYPTOKI_ALREADY_INITIALIZED) { rv = CKR_OK; } else { goto cleanup; } } else { provider->should_finalize = TRUE; } if ((rv = provider->f->C_GetInfo (&info)) != CKR_OK) { goto cleanup; } _pkcs11h_util_fixupFixedString ( provider->manufacturerID, (char *)info.manufacturerID, sizeof (info.manufacturerID) ); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_addProvider Provider '%s' manufacturerID '%s'", reference, provider->manufacturerID ); provider->enabled = TRUE; if (_g_pkcs11h_data->providers == NULL) { _g_pkcs11h_data->providers = provider; } else { _pkcs11h_provider_t last = NULL; for ( last = _g_pkcs11h_data->providers; last->next != NULL; last = last->next ); last->next = provider; } provider = NULL; rv = CKR_OK; cleanup: if (provider != NULL) { if (provider->handle != NULL) { #if defined(_WIN32) FreeLibrary (provider->handle); #else dlclose (provider->handle); #endif provider->handle = NULL; } _pkcs11h_mem_free ((void *)&provider); provider = NULL; } #if defined(ENABLE_PKCS11H_THREADING) if (mutex_locked) { _pkcs11h_threading_mutexRelease (&_g_pkcs11h_data->mutexes.global); mutex_locked = FALSE; } #endif #if defined(ENABLE_PKCS11H_SLOTEVENT) _pkcs11h_slotevent_notify (); #endif _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Provider '%s' added rv=%lu-'%s'", reference, rv, pkcs11h_getMessage (rv) ); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_addProvider return rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); return rv; } CK_RV pkcs11h_removeProvider ( IN const char * const reference ) { #if defined(ENABLE_PKCS11H_THREADING) _pkcs11h_session_t current_session = NULL; PKCS11H_BOOL has_mutex_global = FALSE; PKCS11H_BOOL has_mutex_cache = FALSE; PKCS11H_BOOL has_mutex_session = FALSE; #endif _pkcs11h_provider_t provider = NULL; CK_RV rv = CKR_FUNCTION_FAILED; _PKCS11H_ASSERT (reference!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_removeProvider entry reference='%s'", reference ); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Removing provider '%s'", reference ); #if defined(ENABLE_PKCS11H_THREADING) if ((rv = _pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.cache)) != CKR_OK) { goto cleanup; } has_mutex_cache = TRUE; if ((rv = _pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.session)) != CKR_OK) { goto cleanup; } has_mutex_session = TRUE; if ((rv = _pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.global)) != CKR_OK) { goto cleanup; } has_mutex_global = TRUE; for ( current_session = _g_pkcs11h_data->sessions; current_session != NULL; current_session = current_session->next ) { _pkcs11h_threading_mutexLock (¤t_session->mutex); } #endif provider = _g_pkcs11h_data->providers; while ( provider != NULL && strcmp (reference, provider->reference) ) { provider = provider->next; } if (provider == NULL) { rv = CKR_OBJECT_HANDLE_INVALID; goto cleanup; } provider->enabled = FALSE; provider->reference[0] = '\0'; if (provider->should_finalize) { provider->f->C_Finalize (NULL); provider->should_finalize = FALSE; } #if defined(ENABLE_PKCS11H_SLOTEVENT) _pkcs11h_slotevent_notify (); /* * Wait until manager join this thread * this happens saldom so I can poll */ while (provider->slotevent_thread != PKCS11H_THREAD_NULL) { _pkcs11h_threading_sleep (500); } #endif if (provider->f != NULL) { provider->f = NULL; } if (provider->handle != NULL) { #if defined(_WIN32) FreeLibrary (provider->handle); #else dlclose (provider->handle); #endif provider->handle = NULL; } rv = CKR_OK; cleanup: #if defined(ENABLE_PKCS11H_THREADING) for ( current_session = _g_pkcs11h_data->sessions; current_session != NULL; current_session = current_session->next ) { _pkcs11h_threading_mutexRelease (¤t_session->mutex); } if (has_mutex_cache) { _pkcs11h_threading_mutexRelease (&_g_pkcs11h_data->mutexes.cache); has_mutex_cache = FALSE; } if (has_mutex_session) { _pkcs11h_threading_mutexRelease (&_g_pkcs11h_data->mutexes.session); has_mutex_session = FALSE; } if (has_mutex_global) { _pkcs11h_threading_mutexRelease (&_g_pkcs11h_data->mutexes.global); has_mutex_global = FALSE; } #endif _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_removeProvider return rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); return rv; } CK_RV pkcs11h_forkFixup (void) { #if defined(_WIN32) return CKR_OK; #else #if defined(ENABLE_PKCS11H_THREADING) return CKR_OK; #else return __pkcs11h_forkFixup (TRUE); #endif #endif } CK_RV pkcs11h_plugAndPlay (void) { #if defined(ENABLE_PKCS11H_DEBUG) #if defined(_WIN32) int mypid = 0; #else pid_t mypid = getpid (); #endif #endif _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_plugAndPlay entry pid=%d", mypid ); if (_g_pkcs11h_data != NULL && _g_pkcs11h_data->initialized) { _pkcs11h_provider_t current; #if defined(ENABLE_PKCS11H_SLOTEVENT) PKCS11H_BOOL slot_event_active = FALSE; #endif #if defined(ENABLE_PKCS11H_THREADING) _pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.global); #endif for ( current = _g_pkcs11h_data->providers; current != NULL; current = current->next ) { if (current->enabled) { current->f->C_Finalize (NULL); } } #if defined(ENABLE_PKCS11H_SLOTEVENT) if (_g_pkcs11h_data->slotevent.initialized) { slot_event_active = TRUE; _pkcs11h_slotevent_terminate (); } #endif for ( current = _g_pkcs11h_data->providers; current != NULL; current = current->next ) { if (current->enabled) { current->f->C_Initialize (NULL); } } #if defined(ENABLE_PKCS11H_SLOTEVENT) if (slot_event_active) { _pkcs11h_slotevent_init (); } #endif #if defined(ENABLE_PKCS11H_THREADING) _pkcs11h_threading_mutexRelease (&_g_pkcs11h_data->mutexes.global); #endif } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_plugAndPlay return" ); return CKR_OK; } CK_RV pkcs11h_logout (void) { _pkcs11h_session_t current_session = NULL; CK_RV rv = CKR_OK; _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_logout entry" ); if (_g_pkcs11h_data == NULL || !_g_pkcs11h_data->initialized) { goto cleanup; } for ( current_session = _g_pkcs11h_data->sessions; current_session != NULL; current_session = current_session->next ) { CK_RV _rv; #if defined(ENABLE_PKCS11H_THREADING) if ((_rv = _pkcs11h_threading_mutexLock (¤t_session->mutex)) == CKR_OK) { #else { #endif _rv = _pkcs11h_session_logout (current_session); #if defined(ENABLE_PKCS11H_THREADING) _pkcs11h_threading_mutexRelease (¤t_session->mutex); #endif } if (_rv != CKR_OK) { rv = _rv; } } cleanup: _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_logout return rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); return rv; } /*======================================================================* * COMMON INTERNAL INTERFACE *======================================================================*/ void _pkcs11h_log ( IN const unsigned flags, IN const char * const format, IN ... ) { va_list args; _PKCS11H_ASSERT (format!=NULL); va_start (args, format); if ( _g_pkcs11h_data != NULL && _g_pkcs11h_data->initialized ) { if (__PKCS11H_MSG_LEVEL_TEST (flags)) { if (_g_pkcs11h_data->hooks.log == NULL) { __pkcs11h_hooks_default_log ( NULL, flags, format, args ); } else { _g_pkcs11h_data->hooks.log ( _g_pkcs11h_data->hooks.log_data, flags, format, args ); } } } va_end (args); } static void __pkcs11h_hooks_default_log ( IN void * const global_data, IN const unsigned flags, IN const char * const format, IN va_list args ) { (void)global_data; (void)flags; (void)format; (void)args; } static PKCS11H_BOOL __pkcs11h_hooks_default_token_prompt ( IN void * const global_data, IN void * const user_data, IN const pkcs11h_token_id_t token, IN const unsigned retry ) { /*_PKCS11H_ASSERT (global_data) NOT NEEDED */ /*_PKCS11H_ASSERT (user_data) NOT NEEDED */ _PKCS11H_ASSERT (token!=NULL); (void)global_data; (void)user_data; (void)retry; _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_hooks_default_token_prompt global_data=%p, user_data=%p, display='%s'", global_data, user_data, token->display ); return FALSE; } static PKCS11H_BOOL __pkcs11h_hooks_default_pin_prompt ( IN void * const global_data, IN void * const user_data, IN const pkcs11h_token_id_t token, IN const unsigned retry, OUT char * const pin, IN const size_t pin_max ) { /*_PKCS11H_ASSERT (global_data) NOT NEEDED */ /*_PKCS11H_ASSERT (user_data) NOT NEEDED */ _PKCS11H_ASSERT (token!=NULL); (void)global_data; (void)user_data; (void)retry; (void)pin; (void)pin_max; _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_hooks_default_pin_prompt global_data=%p, user_data=%p, display='%s'", global_data, user_data, token->display ); return FALSE; } #if !defined(_WIN32) #if defined(ENABLE_PKCS11H_THREADING) static void __pkcs11h_threading_atfork_prepare (void) { if (_g_pkcs11h_data != NULL && _g_pkcs11h_data->initialized) { if (_g_pkcs11h_data->safefork) { _pkcs1h_threading_mutexLockAll (); } } } static void __pkcs11h_threading_atfork_parent (void) { if (_g_pkcs11h_data != NULL && _g_pkcs11h_data->initialized) { if (_g_pkcs11h_data->safefork) { _pkcs1h_threading_mutexReleaseAll (); } } } static void __pkcs11h_threading_atfork_child (void) { if (_g_pkcs11h_data != NULL && _g_pkcs11h_data->initialized) { _pkcs1h_threading_mutexReleaseAll (); if (_g_pkcs11h_data->safefork) { __pkcs11h_forkFixup (TRUE); } else { __pkcs11h_forkFixup (FALSE); pkcs11h_terminate (); } } } #endif /* ENABLE_PKCS11H_THREADING */ static CK_RV __pkcs11h_forkFixup ( IN const PKCS11H_BOOL activate_slotevent ) { #if defined(ENABLE_PKCS11H_THREADING) PKCS11H_BOOL mutex_locked = FALSE; #endif #if defined(ENABLE_PKCS11H_DEBUG) pid_t mypid = getpid (); #endif _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_forkFixup entry pid=%d, activate_slotevent=%d", mypid, activate_slotevent ? 1 : 0 ); #if !defined(ENABLE_PKCS11H_SLOTEVENT) (void)activate_slotevent; #endif if (_g_pkcs11h_data != NULL && _g_pkcs11h_data->initialized) { _pkcs11h_provider_t current; #if defined(ENABLE_PKCS11H_THREADING) if (_pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.global) != CKR_OK) { goto cleanup; } mutex_locked = TRUE; #endif for ( current = _g_pkcs11h_data->providers; current != NULL; current = current->next ) { if (current->enabled) { current->f->C_Initialize (NULL); } #if defined(ENABLE_PKCS11H_SLOTEVENT) /* * After fork we have no threads... * So just initialized. */ if (_g_pkcs11h_data->slotevent.initialized) { _pkcs11h_slotevent_terminate_force (); if (activate_slotevent) { _pkcs11h_slotevent_init (); } } #endif } #if defined(ENABLE_PKCS11H_THREADING) cleanup: if (mutex_locked) { _pkcs11h_threading_mutexRelease (&_g_pkcs11h_data->mutexes.global); mutex_locked = FALSE; } #endif } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_forkFixup return" ); return CKR_OK; } #endif /* !WIN32 */ pkcs11-helper-pkcs11-helper-1.22/lib/pkcs11h-crypto.c000066400000000000000000000132461304770615400221110ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #include "common.h" #include "_pkcs11h-crypto.h" #if defined(ENABLE_PKCS11H_ENGINE_CRYPTOAPI) extern const pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine_cryptoapi; #endif #if defined(ENABLE_PKCS11H_ENGINE_OPENSSL) extern const pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine_openssl; #endif #if defined(ENABLE_PKCS11H_ENGINE_NSS) extern const pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine_nss; #endif #if defined(ENABLE_PKCS11H_ENGINE_MBEDTLS) extern const pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine_mbedtls; #endif #if defined(ENABLE_PKCS11H_ENGINE_GNUTLS) extern const pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine_gnutls; #endif pkcs11h_engine_crypto_t _g_pkcs11h_crypto_engine = { NULL, NULL, NULL, NULL, NULL, NULL }; CK_RV pkcs11h_engine_setCrypto ( IN const pkcs11h_engine_crypto_t * const engine ) { const pkcs11h_engine_crypto_t *_engine = NULL; CK_RV rv = CKR_FUNCTION_FAILED; /*_PKCS11H_ASSERT (engine!=NULL); Not required */ if (engine == PKCS11H_ENGINE_CRYPTO_AUTO) { #if defined(ENABLE_PKCS11H_ENGINE_CRYPTOAPI) _engine = &_g_pkcs11h_crypto_engine_cryptoapi; #elif defined(ENABLE_PKCS11H_ENGINE_OPENSSL) _engine = &_g_pkcs11h_crypto_engine_openssl; #elif defined(ENABLE_PKCS11H_ENGINE_NSS) _engine = &_g_pkcs11h_crypto_engine_nss; #elif defined(ENABLE_PKCS11H_ENGINE_MBEDTLS) _engine = &_g_pkcs11h_crypto_engine_mbedtls; #elif defined(ENABLE_PKCS11H_ENGINE_GNUTLS) _engine = &_g_pkcs11h_crypto_engine_gnutls; #else rv = CKR_ATTRIBUTE_VALUE_INVALID; goto cleanup; #endif } else if (engine == PKCS11H_ENGINE_CRYPTO_GPL) { #if defined(ENABLE_PKCS11H_ENGINE_CRYPTOAPI) _engine = &_g_pkcs11h_crypto_engine_cryptoapi; #elif defined(ENABLE_PKCS11H_ENGINE_MBEDTLS) _engine = &_g_pkcs11h_crypto_engine_mbedtls; #elif defined(ENABLE_PKCS11H_ENGINE_GNUTLS) _engine = &_g_pkcs11h_crypto_engine_gnutls; #else rv = CKR_ATTRIBUTE_VALUE_INVALID; goto cleanup; #endif } else if (engine == PKCS11H_ENGINE_CRYPTO_CRYPTOAPI) { #if defined(ENABLE_PKCS11H_ENGINE_CRYPTOAPI) _engine = &_g_pkcs11h_crypto_engine_cryptoapi; #else rv = CKR_ATTRIBUTE_VALUE_INVALID; goto cleanup; #endif } else if (engine == PKCS11H_ENGINE_CRYPTO_OPENSSL) { #if defined(ENABLE_PKCS11H_ENGINE_OPENSSL) _engine = &_g_pkcs11h_crypto_engine_openssl; #else rv = CKR_ATTRIBUTE_VALUE_INVALID; goto cleanup; #endif } else if (engine == PKCS11H_ENGINE_CRYPTO_GNUTLS) { #if defined(ENABLE_PKCS11H_ENGINE_GNUTLS) _engine = &_g_pkcs11h_crypto_engine_gnutls; #else rv = CKR_ATTRIBUTE_VALUE_INVALID; goto cleanup; #endif } else if (engine == PKCS11H_ENGINE_CRYPTO_NSS) { #if defined(ENABLE_PKCS11H_ENGINE_NSS) _engine = &_g_pkcs11h_crypto_engine_nss; #else rv = CKR_ATTRIBUTE_VALUE_INVALID; goto cleanup; #endif } else if (engine == PKCS11H_ENGINE_CRYPTO_MBEDTLS) { #if defined(ENABLE_PKCS11H_ENGINE_MBEDTLS) _engine = &_g_pkcs11h_crypto_engine_mbedtls; #else rv = CKR_ATTRIBUTE_VALUE_INVALID; goto cleanup; #endif } else { _engine = engine; } memmove (&_g_pkcs11h_crypto_engine, _engine, sizeof (pkcs11h_engine_crypto_t)); rv = CKR_OK; cleanup: return rv; } pkcs11-helper-pkcs11-helper-1.22/lib/pkcs11h-data.c000066400000000000000000000427471304770615400215120ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #include "common.h" #include #include "_pkcs11h-mem.h" #include "_pkcs11h-session.h" #if defined(ENABLE_PKCS11H_DATA) static CK_RV _pkcs11h_data_getObject ( IN const _pkcs11h_session_t session, IN const char * const application, IN const char * const label, OUT CK_OBJECT_HANDLE * const p_handle ) { CK_OBJECT_CLASS class = CKO_DATA; CK_ATTRIBUTE filter[] = { {CKA_CLASS, (void *)&class, sizeof (class)}, {CKA_APPLICATION, (void *)application, application == NULL ? 0 : strlen (application)}, {CKA_LABEL, (void *)label, label == NULL ? 0 : strlen (label)} }; CK_OBJECT_HANDLE *objects = NULL; CK_ULONG objects_found = 0; CK_RV rv = CKR_FUNCTION_FAILED; _PKCS11H_ASSERT (session!=NULL); _PKCS11H_ASSERT (application!=NULL); _PKCS11H_ASSERT (label!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_data_getObject entry session=%p, application='%s', label='%s', p_handle=%p", (void *)session, application, label, (void *)p_handle ); *p_handle = _PKCS11H_INVALID_OBJECT_HANDLE; if ((rv = _pkcs11h_session_validate (session)) != CKR_OK) { goto cleanup; } if ( (rv = _pkcs11h_session_findObjects ( session, filter, sizeof (filter) / sizeof (CK_ATTRIBUTE), &objects, &objects_found )) != CKR_OK ) { goto cleanup; } if (objects_found == 0) { rv = CKR_FUNCTION_REJECTED; goto cleanup; } *p_handle = objects[0]; rv = CKR_OK; cleanup: if (objects != NULL) { _pkcs11h_mem_free ((void *)&objects); } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_data_getObject return rv=%lu-'%s', *p_handle=%08lx", rv, pkcs11h_getMessage (rv), (unsigned long)*p_handle ); return rv; } CK_RV pkcs11h_data_get ( IN const pkcs11h_token_id_t token_id, IN const PKCS11H_BOOL is_public, IN const char * const application, IN const char * const label, IN void * const user_data, IN const unsigned mask_prompt, OUT unsigned char * const blob, IN OUT size_t * const p_blob_size ) { CK_ATTRIBUTE attrs[] = { {CKA_VALUE, NULL, 0} }; CK_OBJECT_HANDLE handle = _PKCS11H_INVALID_OBJECT_HANDLE; CK_RV rv = CKR_FUNCTION_FAILED; #if defined(ENABLE_PKCS11H_THREADING) PKCS11H_BOOL mutex_locked = FALSE; #endif _pkcs11h_session_t session = NULL; PKCS11H_BOOL op_succeed = FALSE; PKCS11H_BOOL login_retry = FALSE; size_t blob_size_max = 0; _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); _PKCS11H_ASSERT (token_id!=NULL); _PKCS11H_ASSERT (application!=NULL); _PKCS11H_ASSERT (label!=NULL); /*_PKCS11H_ASSERT (user_data) NOT NEEDED */ /*_PKCS11H_ASSERT (blob!=NULL); NOT NEEDED*/ _PKCS11H_ASSERT (p_blob_size!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_data_get entry token_id=%p, application='%s', label='%s', user_data=%p, mask_prompt=%08x, blob=%p, *p_blob_size="P_Z"", (void *)token_id, application, label, user_data, mask_prompt, blob, blob != NULL ? *p_blob_size : 0 ); if (blob != NULL) { blob_size_max = *p_blob_size; } *p_blob_size = 0; if ( (rv = _pkcs11h_session_getSessionByTokenId ( token_id, &session )) != CKR_OK ) { goto cleanup; } #if defined(ENABLE_PKCS11H_THREADING) if ((rv = _pkcs11h_threading_mutexLock (&session->mutex)) != CKR_OK) { goto cleanup; } mutex_locked = TRUE; #endif while (!op_succeed) { if ( (rv = _pkcs11h_session_validate (session)) != CKR_OK || (rv = _pkcs11h_data_getObject ( session, application, label, &handle )) != CKR_OK || (rv = _pkcs11h_session_getObjectAttributes ( session, handle, attrs, sizeof (attrs)/sizeof (CK_ATTRIBUTE) )) != CKR_OK ) { goto retry; } op_succeed = TRUE; rv = CKR_OK; retry: if (!op_succeed) { if (!login_retry) { _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Read data object failed rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); login_retry = TRUE; rv = _pkcs11h_session_login ( session, is_public, TRUE, user_data, mask_prompt ); } if (rv != CKR_OK) { goto cleanup; } } } *p_blob_size = attrs[0].ulValueLen; if (blob != NULL) { if (*p_blob_size > blob_size_max) { rv = CKR_BUFFER_TOO_SMALL; } else { memmove (blob, attrs[0].pValue, *p_blob_size); } } rv = CKR_OK; cleanup: #if defined(ENABLE_PKCS11H_THREADING) if (mutex_locked) { _pkcs11h_threading_mutexRelease (&session->mutex); mutex_locked = FALSE; } #endif _pkcs11h_session_freeObjectAttributes ( attrs, sizeof (attrs)/sizeof (CK_ATTRIBUTE) ); if (session != NULL) { _pkcs11h_session_release (session); session = NULL; } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_data_get return rv=%lu-'%s', *p_blob_size="P_Z"", rv, pkcs11h_getMessage (rv), *p_blob_size ); return rv; } CK_RV pkcs11h_data_put ( IN const pkcs11h_token_id_t token_id, IN const PKCS11H_BOOL is_public, IN const char * const application, IN const char * const label, IN void * const user_data, IN const unsigned mask_prompt, OUT unsigned char * const blob, IN const size_t blob_size ) { CK_OBJECT_CLASS class = CKO_DATA; CK_BBOOL ck_true = CK_TRUE; CK_BBOOL ck_false = CK_FALSE; CK_ATTRIBUTE attrs[] = { {CKA_CLASS, &class, sizeof (class)}, {CKA_TOKEN, &ck_true, sizeof (ck_true)}, {CKA_PRIVATE, is_public ? &ck_false : &ck_true, sizeof (CK_BBOOL)}, {CKA_APPLICATION, (void *)application, strlen (application)}, {CKA_LABEL, (void *)label, strlen (label)}, {CKA_VALUE, blob, blob_size} }; CK_OBJECT_HANDLE handle = _PKCS11H_INVALID_OBJECT_HANDLE; CK_RV rv = CKR_FUNCTION_FAILED; #if defined(ENABLE_PKCS11H_THREADING) PKCS11H_BOOL mutex_locked = FALSE; #endif _pkcs11h_session_t session = NULL; PKCS11H_BOOL op_succeed = FALSE; PKCS11H_BOOL login_retry = FALSE; _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); _PKCS11H_ASSERT (token_id!=NULL); _PKCS11H_ASSERT (application!=NULL); _PKCS11H_ASSERT (label!=NULL); /*_PKCS11H_ASSERT (user_data) NOT NEEDED */ _PKCS11H_ASSERT (blob!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_data_put entry token_id=%p, application='%s', label='%s', user_data=%p, mask_prompt=%08x, blob=%p, blob_size="P_Z"", (void *)token_id, application, label, user_data, mask_prompt, blob, blob != NULL ? blob_size : 0 ); if ( (rv = _pkcs11h_session_getSessionByTokenId ( token_id, &session )) != CKR_OK ) { goto cleanup; } #if defined(ENABLE_PKCS11H_THREADING) if ((rv = _pkcs11h_threading_mutexLock (&session->mutex)) != CKR_OK) { goto cleanup; } mutex_locked = TRUE; #endif while (!op_succeed) { if ( (rv = _pkcs11h_session_validate (session)) != CKR_OK || (rv = session->provider->f->C_CreateObject ( session->session_handle, attrs, sizeof (attrs)/sizeof (CK_ATTRIBUTE), &handle )) != CKR_OK ) { goto retry; } op_succeed = TRUE; rv = CKR_OK; retry: if (!op_succeed) { if (!login_retry) { _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Write data object failed rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); login_retry = TRUE; rv = _pkcs11h_session_login ( session, is_public, FALSE, user_data, mask_prompt ); } if (rv != CKR_OK) { goto cleanup; } } } rv = CKR_OK; cleanup: #if defined(ENABLE_PKCS11H_THREADING) if (mutex_locked) { _pkcs11h_threading_mutexRelease (&session->mutex); mutex_locked = FALSE; } #endif if (session != NULL) { _pkcs11h_session_release (session); session = NULL; } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_data_put return rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); return rv; } CK_RV pkcs11h_data_del ( IN const pkcs11h_token_id_t token_id, IN const PKCS11H_BOOL is_public, IN const char * const application, IN const char * const label, IN void * const user_data, IN const unsigned mask_prompt ) { #if defined(ENABLE_PKCS11H_THREADING) PKCS11H_BOOL mutex_locked = FALSE; #endif _pkcs11h_session_t session = NULL; PKCS11H_BOOL op_succeed = FALSE; PKCS11H_BOOL login_retry = FALSE; CK_OBJECT_HANDLE handle = _PKCS11H_INVALID_OBJECT_HANDLE; CK_RV rv = CKR_FUNCTION_FAILED; _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); _PKCS11H_ASSERT (token_id!=NULL); _PKCS11H_ASSERT (application!=NULL); _PKCS11H_ASSERT (label!=NULL); /*_PKCS11H_ASSERT (user_data) NOT NEEDED */ _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_data_del entry token_id=%p, application='%s', label='%s', user_data=%p, mask_prompt=%08x", (void *)token_id, application, label, user_data, mask_prompt ); if ( (rv = _pkcs11h_session_getSessionByTokenId ( token_id, &session )) != CKR_OK ) { goto cleanup; } #if defined(ENABLE_PKCS11H_THREADING) if ((rv = _pkcs11h_threading_mutexLock (&session->mutex)) != CKR_OK) { goto cleanup; } mutex_locked = TRUE; #endif while (!op_succeed) { if ( (rv = _pkcs11h_session_validate (session)) != CKR_OK || (rv = _pkcs11h_data_getObject ( session, application, label, &handle )) != CKR_OK || (rv = session->provider->f->C_DestroyObject ( session->session_handle, handle )) != CKR_OK ) { goto retry; } op_succeed = TRUE; rv = CKR_OK; retry: if (!op_succeed) { if (!login_retry) { _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Remove data object failed rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); login_retry = TRUE; rv = _pkcs11h_session_login ( session, is_public, FALSE, user_data, mask_prompt ); } if (rv != CKR_OK) { goto cleanup; } } } cleanup: #if defined(ENABLE_PKCS11H_THREADING) if (mutex_locked) { _pkcs11h_threading_mutexRelease (&session->mutex); mutex_locked = FALSE; } #endif if (session != NULL) { _pkcs11h_session_release (session); session = NULL; } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_data_del return rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); return rv; } CK_RV pkcs11h_data_freeDataIdList ( IN const pkcs11h_data_id_list_t data_id_list ) { pkcs11h_data_id_list_t _id = data_id_list; _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); /*_PKCS11H_ASSERT (data_id_list!=NULL); NOT NEEDED*/ _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_freeDataIdList entry token_id_list=%p", (void *)data_id_list ); while (_id != NULL) { pkcs11h_data_id_list_t x = _id; _id = _id->next; if (x->application != NULL) { _pkcs11h_mem_free ((void *)&x->application); } if (x->label != NULL) { _pkcs11h_mem_free ((void *)&x->label); } _pkcs11h_mem_free ((void *)&x); } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_token_freeDataIdList return" ); return CKR_OK; } CK_RV pkcs11h_data_enumDataObjects ( IN const pkcs11h_token_id_t token_id, IN const PKCS11H_BOOL is_public, IN void * const user_data, IN const unsigned mask_prompt, OUT pkcs11h_data_id_list_t * const p_data_id_list ) { #if defined(ENABLE_PKCS11H_THREADING) PKCS11H_BOOL mutex_locked = FALSE; #endif _pkcs11h_session_t session = NULL; pkcs11h_data_id_list_t data_id_list = NULL; CK_RV rv = CKR_FUNCTION_FAILED; PKCS11H_BOOL op_succeed = FALSE; PKCS11H_BOOL login_retry = FALSE; _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); _PKCS11H_ASSERT (p_data_id_list!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_data_enumDataObjects entry token_id=%p, is_public=%d, user_data=%p, mask_prompt=%08x, p_data_id_list=%p", (void *)token_id, is_public ? 1 : 0, user_data, mask_prompt, (void *)p_data_id_list ); *p_data_id_list = NULL; if ( (rv = _pkcs11h_session_getSessionByTokenId ( token_id, &session )) != CKR_OK ) { goto cleanup; } #if defined(ENABLE_PKCS11H_THREADING) if ((rv = _pkcs11h_threading_mutexLock (&session->mutex)) != CKR_OK) { goto cleanup; } mutex_locked = TRUE; #endif while (!op_succeed) { CK_OBJECT_CLASS class = CKO_DATA; CK_ATTRIBUTE filter[] = { {CKA_CLASS, (void *)&class, sizeof (class)} }; CK_OBJECT_HANDLE *objects = NULL; CK_ULONG objects_found = 0; CK_ULONG i; if ( (rv = _pkcs11h_session_validate (session)) != CKR_OK || (rv = _pkcs11h_session_findObjects ( session, filter, sizeof (filter) / sizeof (CK_ATTRIBUTE), &objects, &objects_found )) != CKR_OK ) { goto retry1; } for (i = 0;i < objects_found;i++) { pkcs11h_data_id_list_t entry = NULL; CK_ATTRIBUTE attrs[] = { {CKA_APPLICATION, NULL, 0}, {CKA_LABEL, NULL, 0} }; if ( (rv = _pkcs11h_session_getObjectAttributes ( session, objects[i], attrs, sizeof (attrs) / sizeof (CK_ATTRIBUTE) )) != CKR_OK || (rv = _pkcs11h_mem_malloc ( (void *)&entry, sizeof (struct pkcs11h_data_id_list_s) )) != CKR_OK || (rv = _pkcs11h_mem_malloc ( (void *)&entry->application, attrs[0].ulValueLen+1 )) != CKR_OK || (rv = _pkcs11h_mem_malloc ( (void *)&entry->label, attrs[1].ulValueLen+1 )) != CKR_OK ) { goto retry11; } memmove (entry->application, attrs[0].pValue, attrs[0].ulValueLen); entry->application[attrs[0].ulValueLen] = '\0'; memmove (entry->label, attrs[1].pValue, attrs[1].ulValueLen); entry->label[attrs[1].ulValueLen] = '\0'; entry->next = data_id_list; data_id_list = entry; entry = NULL; rv = CKR_OK; retry11: _pkcs11h_session_freeObjectAttributes ( attrs, sizeof (attrs) / sizeof (CK_ATTRIBUTE) ); if (entry != NULL) { if (entry->application != NULL) { _pkcs11h_mem_free ((void *)&entry->application); } if (entry->label != NULL) { _pkcs11h_mem_free ((void *)&entry->label); } _pkcs11h_mem_free ((void *)&entry); } } op_succeed = TRUE; rv = CKR_OK; retry1: if (objects != NULL) { _pkcs11h_mem_free ((void *)&objects); } if (!op_succeed) { if (!login_retry) { _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Enumerate data objects failed rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); login_retry = TRUE; rv = _pkcs11h_session_login ( session, is_public, TRUE, user_data, mask_prompt ); } if (rv != CKR_OK) { goto cleanup; } } } *p_data_id_list = data_id_list; data_id_list = NULL; rv = CKR_OK; cleanup: #if defined(ENABLE_PKCS11H_THREADING) if (mutex_locked) { _pkcs11h_threading_mutexRelease (&session->mutex); mutex_locked = FALSE; } #endif if (session != NULL) { _pkcs11h_session_release (session); session = NULL; } if (data_id_list != NULL) { pkcs11h_data_freeDataIdList (data_id_list); data_id_list = NULL; } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_data_enumDataObjects return rv=%lu-'%s', *p_data_id_list=%p", rv, pkcs11h_getMessage (rv), (void *)*p_data_id_list ); return rv; } #endif /* ENABLE_PKCS11H_DATA */ pkcs11-helper-pkcs11-helper-1.22/lib/pkcs11h-mem.c000066400000000000000000000077401304770615400213510ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #include "common.h" #include "_pkcs11h-sys.h" #include "_pkcs11h-mem.h" CK_RV _pkcs11h_mem_malloc ( OUT const void * * const p, IN const size_t s ) { CK_RV rv = CKR_OK; _PKCS11H_ASSERT (p!=NULL); _PKCS11H_ASSERT (s!=0); *p = NULL; if (s > 0) { if ( (*p = (void *)_g_pkcs11h_sys_engine.malloc (s)) == NULL ) { rv = CKR_HOST_MEMORY; } else { memset ((void *)*p, 0, s); } } return rv; } CK_RV _pkcs11h_mem_free ( IN const void * * const p ) { _PKCS11H_ASSERT (p!=NULL); _g_pkcs11h_sys_engine.free ((void *)*p); *p = NULL; return CKR_OK; } CK_RV _pkcs11h_mem_strdup ( OUT const char * * const dest, IN const char * const src ) { return _pkcs11h_mem_duplicate ( (void *)dest, NULL, src, strlen (src)+1 ); } CK_RV _pkcs11h_mem_duplicate ( OUT const void * * const dest, OUT size_t * const p_dest_size, IN const void * const src, IN const size_t mem_size ) { CK_RV rv = CKR_FUNCTION_FAILED; _PKCS11H_ASSERT (dest!=NULL); /*_PKCS11H_ASSERT (dest_size!=NULL); NOT NEEDED*/ _PKCS11H_ASSERT (!(mem_size!=0&&src==NULL)); *dest = NULL; if (p_dest_size != NULL) { *p_dest_size = 0; } if (src != NULL) { if ((rv = _pkcs11h_mem_malloc (dest, mem_size)) != CKR_OK) { goto cleanup; } if (p_dest_size != NULL) { *p_dest_size = mem_size; } memmove ((void*)*dest, src, mem_size); } rv = CKR_OK; cleanup: return rv; } pkcs11-helper-pkcs11-helper-1.22/lib/pkcs11h-openssl.c000066400000000000000000000744131304770615400222570ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #include "common.h" #if defined(ENABLE_PKCS11H_OPENSSL) #include #include "_pkcs11h-core.h" #include "_pkcs11h-mem.h" /* * Hack libressl incorrect interface number. */ #if defined(LIBRESSL_VERSION_NUMBER) #undef OPENSSL_VERSION_NUMBER #define OPENSSL_VERSION_NUMBER 0x1000107fL #endif #if !defined(OPENSSL_NO_EC) && defined(ENABLE_PKCS11H_OPENSSL_EC) #define __ENABLE_EC #ifdef ENABLE_PKCS11H_OPENSSL_EC_HACK #include #endif #endif #if OPENSSL_VERSION_NUMBER < 0x00907000L #if !defined(RSA_PKCS1_PADDING_SIZE) #define RSA_PKCS1_PADDING_SIZE 11 #endif #endif #if OPENSSL_VERSION_NUMBER < 0x00908000L typedef unsigned char *__pkcs11_openssl_d2i_t; #else typedef const unsigned char *__pkcs11_openssl_d2i_t; #endif struct pkcs11h_openssl_session_s { #if defined(ENABLE_PKCS11H_THREADING) _pkcs11h_mutex_t reference_count_lock; #endif volatile int reference_count; PKCS11H_BOOL initialized; X509 *x509; pkcs11h_certificate_t certificate; pkcs11h_hook_openssl_cleanup_t cleanup_hook; }; #if OPENSSL_VERSION_NUMBER < 0x10100001L static RSA_METHOD * RSA_meth_dup (const RSA_METHOD *meth) { RSA_METHOD *ret = NULL; CK_RV rv; rv = _pkcs11h_mem_malloc ((void *)&ret, sizeof (RSA_METHOD)); if (rv != CKR_OK) { goto cleanup; } memmove (ret, meth, sizeof (RSA_METHOD)); cleanup: return ret; } static void RSA_meth_free (RSA_METHOD *meth) { if (meth != NULL) { if (meth->name != NULL) { _pkcs11h_mem_free ((void *)&meth->name); } _pkcs11h_mem_free ((void *)&meth); } } static int RSA_meth_set1_name (RSA_METHOD *meth, const char *name) { CK_RV rv; rv = _pkcs11h_mem_strdup ((void *)&meth->name, name); return rv == CKR_OK ? 1 : 0; } static int RSA_meth_set_flags (RSA_METHOD *meth, int flags) { meth->flags = flags; return 1; } static int RSA_meth_set_priv_enc ( RSA_METHOD *meth, int (*priv_enc) ( int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding ) ) { meth->rsa_priv_enc = priv_enc; return 1; } static int RSA_meth_set_priv_dec( RSA_METHOD *meth, int (*priv_dec) ( int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding ) ) { meth->rsa_priv_dec = priv_dec; return 1; } static DSA_METHOD * DSA_meth_dup (const DSA_METHOD *meth) { DSA_METHOD *ret = NULL; CK_RV rv; rv = _pkcs11h_mem_malloc ((void *)&ret, sizeof (DSA_METHOD)); if (rv != CKR_OK) { goto cleanup; } memmove (ret, meth, sizeof (DSA_METHOD)); cleanup: return ret; } static void DSA_meth_free (DSA_METHOD *meth) { if (meth != NULL) { if (meth->name != NULL) { _pkcs11h_mem_free ((void *)&meth->name); } _pkcs11h_mem_free ((void *)&meth); } } static int DSA_meth_set1_name (DSA_METHOD *meth, const char *name) { CK_RV rv; rv = _pkcs11h_mem_strdup ((void *)&meth->name, name); return rv == CKR_OK ? 1 : 0; } static int DSA_meth_set_sign (DSA_METHOD *meth, DSA_SIG *(*sign) (const unsigned char *, int, DSA *)) { meth->dsa_do_sign = sign; return 1; } static int DSA_SIG_set0 (DSA_SIG *sig, BIGNUM *r, BIGNUM *s) { BN_clear_free (sig->r); BN_clear_free (sig->s); sig->r = r; sig->s = s; return 1; } #endif static struct { #ifndef OPENSSL_NO_RSA RSA_METHOD *rsa; int rsa_index; #endif #ifndef OPENSSL_NO_DSA DSA_METHOD *dsa; int dsa_index; #endif #ifdef __ENABLE_EC ECDSA_METHOD *ecdsa; int ecdsa_index; #endif } __openssl_methods; #if OPENSSL_VERSION_NUMBER < 0x10100001L static int __pkcs11h_openssl_ex_data_dup ( CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, int idx, long argl, void *argp ) { #else int __pkcs11h_openssl_ex_data_dup ( CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, void *from_d, int idx, long argl, void *argp ) { #endif pkcs11h_openssl_session_t openssl_session; _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_openssl_ex_data_dup entered - to=%p, from=%p, from_d=%p, idx=%d, argl=%ld, argp=%p", (void *)to, (void *)from, from_d, idx, argl, argp ); _PKCS11H_ASSERT (from_d!=NULL); if ((openssl_session = *(pkcs11h_openssl_session_t *)from_d) != NULL) { _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_openssl_ex_data_dup session refcount=%d", openssl_session->reference_count ); openssl_session->reference_count++; } return 1; } static void __pkcs11h_openssl_ex_data_free ( void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp ) { pkcs11h_openssl_session_t openssl_session = (pkcs11h_openssl_session_t)ptr; _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_openssl_ex_data_free entered - parent=%p, ptr=%p, ad=%p, idx=%d, argl=%ld, argp=%p", parent, ptr, (void *)ad, idx, argl, argp ); if (openssl_session != NULL) { pkcs11h_openssl_freeSession (openssl_session); } } #ifndef OPENSSL_NO_RSA static pkcs11h_certificate_t __pkcs11h_openssl_rsa_get_pkcs11h_certificate ( IN RSA *rsa ) { pkcs11h_openssl_session_t session = NULL; _PKCS11H_ASSERT (rsa!=NULL); session = (pkcs11h_openssl_session_t)RSA_get_ex_data (rsa, __openssl_methods.rsa_index); _PKCS11H_ASSERT (session!=NULL); _PKCS11H_ASSERT (session->certificate!=NULL); return session->certificate; } #if OPENSSL_VERSION_NUMBER < 0x00907000L static int __pkcs11h_openssl_rsa_dec ( IN int flen, IN unsigned char *from, OUT unsigned char *to, IN OUT RSA *rsa, IN int padding ) { #else static int __pkcs11h_openssl_rsa_dec ( IN int flen, IN const unsigned char *from, OUT unsigned char *to, IN OUT RSA *rsa, IN int padding ) { #endif pkcs11h_certificate_t certificate = __pkcs11h_openssl_rsa_get_pkcs11h_certificate (rsa); PKCS11H_BOOL session_locked = FALSE; CK_MECHANISM_TYPE mech = CKM_RSA_PKCS; CK_RV rv = CKR_FUNCTION_FAILED; size_t tlen = (size_t)flen; _PKCS11H_ASSERT (from!=NULL); _PKCS11H_ASSERT (to!=NULL); _PKCS11H_ASSERT (rsa!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_openssl_rsa_dec entered - flen=%d, from=%p, to=%p, rsa=%p, padding=%d", flen, from, to, (void *)rsa, padding ); switch (padding) { case RSA_PKCS1_PADDING: mech = CKM_RSA_PKCS; break; case RSA_PKCS1_OAEP_PADDING: mech = CKM_RSA_PKCS_OAEP; break; case RSA_SSLV23_PADDING: rv = CKR_MECHANISM_INVALID; break; case RSA_NO_PADDING: rv = CKR_MECHANISM_INVALID; break; } if (rv == CKR_MECHANISM_INVALID) goto cleanup; if ((rv = pkcs11h_certificate_lockSession (certificate)) != CKR_OK) { goto cleanup; } session_locked = TRUE; _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Performing decryption" ); if ( (rv = pkcs11h_certificate_decryptAny ( certificate, mech, from, flen, to, &tlen )) != CKR_OK ) { _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot perform decryption %ld:'%s'", rv, pkcs11h_getMessage (rv)); goto cleanup; } rv = CKR_OK; cleanup: if (session_locked) { pkcs11h_certificate_releaseSession (certificate); session_locked = FALSE; } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_openssl_rsa_dec - return rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); return rv == CKR_OK ? (int)tlen : -1; } #if OPENSSL_VERSION_NUMBER < 0x00907000L static int __pkcs11h_openssl_rsa_enc ( IN int flen, IN unsigned char *from, OUT unsigned char *to, IN OUT RSA *rsa, IN int padding ) { #else static int __pkcs11h_openssl_rsa_enc ( IN int flen, IN const unsigned char *from, OUT unsigned char *to, IN OUT RSA *rsa, IN int padding ) { #endif pkcs11h_certificate_t certificate = __pkcs11h_openssl_rsa_get_pkcs11h_certificate (rsa); PKCS11H_BOOL session_locked = FALSE; CK_RV rv = CKR_FUNCTION_FAILED; size_t tlen; _PKCS11H_ASSERT (from!=NULL); _PKCS11H_ASSERT (to!=NULL); _PKCS11H_ASSERT (rsa!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_openssl_rsa_enc entered - flen=%d, from=%p, to=%p, rsa=%p, padding=%d", flen, from, to, (void *)rsa, padding ); if (padding != RSA_PKCS1_PADDING) { rv = CKR_MECHANISM_INVALID; goto cleanup; } tlen = (size_t)RSA_size(rsa); if ((rv = pkcs11h_certificate_lockSession (certificate)) != CKR_OK) { goto cleanup; } session_locked = TRUE; _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Performing signature" ); if ( (rv = pkcs11h_certificate_signAny ( certificate, CKM_RSA_PKCS, from, flen, to, &tlen )) != CKR_OK ) { _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot perform signature %ld:'%s'", rv, pkcs11h_getMessage (rv)); goto cleanup; } rv = CKR_OK; cleanup: if (session_locked) { pkcs11h_certificate_releaseSession (certificate); session_locked = FALSE; } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_openssl_rsa_enc - return rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); return rv == CKR_OK ? (int)tlen : -1; } static PKCS11H_BOOL __pkcs11h_openssl_session_setRSA( IN const pkcs11h_openssl_session_t openssl_session, IN EVP_PKEY * evp ) { PKCS11H_BOOL ret = FALSE; RSA *rsa = NULL; _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_openssl_session_setRSA - entered openssl_session=%p, evp=%p", (void *)openssl_session, (void *)evp ); if ( (rsa = EVP_PKEY_get1_RSA (evp)) == NULL ) { _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot get RSA key"); goto cleanup; } RSA_set_method (rsa, __openssl_methods.rsa); RSA_set_ex_data (rsa, __openssl_methods.rsa_index, openssl_session); #if OPENSSL_VERSION_NUMBER < 0x10100001L rsa->flags |= RSA_FLAG_SIGN_VER; #endif #ifdef BROKEN_OPENSSL_ENGINE if (!rsa->engine) { rsa->engine = ENGINE_get_default_RSA (); } ENGINE_set_RSA(ENGINE_get_default_RSA (), &openssl_session->rsa); _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: OpenSSL engine support is broken! Workaround enabled"); #endif ret = TRUE; cleanup: if (rsa != NULL) { RSA_free (rsa); rsa = NULL; } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_openssl_session_setRSA - return ret=%d", ret ); return ret; } #endif #ifndef OPENSSL_NO_DSA static pkcs11h_certificate_t __pkcs11h_openssl_dsa_get_pkcs11h_certificate ( IN DSA *dsa ) { pkcs11h_openssl_session_t session = NULL; _PKCS11H_ASSERT (dsa!=NULL); session = (pkcs11h_openssl_session_t)DSA_get_ex_data (dsa, __openssl_methods.dsa_index); _PKCS11H_ASSERT (session!=NULL); _PKCS11H_ASSERT (session->certificate!=NULL); return session->certificate; } static DSA_SIG * __pkcs11h_openssl_dsa_do_sign( IN const unsigned char *dgst, IN int dlen, OUT DSA *dsa ) { pkcs11h_certificate_t certificate = __pkcs11h_openssl_dsa_get_pkcs11h_certificate (dsa); unsigned char *sigbuf = NULL; size_t siglen; DSA_SIG *sig = NULL; DSA_SIG *ret = NULL; BIGNUM *r = NULL; BIGNUM *s = NULL; CK_RV rv = CKR_FUNCTION_FAILED; _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_openssl_dsa_do_sign - entered dgst=%p, dlen=%d, dsa=%p", (void *)dgst, dlen, (void *)dsa ); _PKCS11H_ASSERT (dgst!=NULL); _PKCS11H_ASSERT (dsa!=NULL); _PKCS11H_ASSERT (certificate!=NULL); if ( (rv = pkcs11h_certificate_signAny ( certificate, CKM_DSA, dgst, (size_t)dlen, NULL, &siglen )) != CKR_OK ) { _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot perform signature %ld:'%s'", rv, pkcs11h_getMessage (rv)); goto cleanup; } if ((rv = _pkcs11h_mem_malloc ((void *)&sigbuf, siglen)) != CKR_OK) { _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot cannot allocate signature buffer"); goto cleanup; } if ( (rv = pkcs11h_certificate_signAny ( certificate, CKM_DSA, dgst, (size_t)dlen, sigbuf, &siglen )) != CKR_OK ) { _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot perform signature %ld:'%s'", rv, pkcs11h_getMessage (rv)); goto cleanup; } if ((sig = DSA_SIG_new ()) == NULL) { _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot allocate DSA_SIG"); goto cleanup; } if ((r = BN_bin2bn (&sigbuf[0], siglen/2, NULL)) == NULL) { _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot convert dsa r"); goto cleanup; } if ((s = BN_bin2bn (&sigbuf[siglen/2], siglen/2, NULL)) == NULL) { _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot convert dsa s"); goto cleanup; } DSA_SIG_set0 (sig, r, s); ret = sig; sig = NULL; r = NULL; s = NULL; cleanup: if (sigbuf != NULL) { _pkcs11h_mem_free ((void *)&sigbuf); } if (sig != NULL) { DSA_SIG_free (sig); sig = NULL; } if (r != NULL) { BN_clear_free (r); } if (s != NULL) { BN_clear_free (s); } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_openssl_dsa_do_sign - return sig=%p", (void *)sig ); return ret; } static PKCS11H_BOOL __pkcs11h_openssl_session_setDSA( IN const pkcs11h_openssl_session_t openssl_session, IN EVP_PKEY * evp ) { PKCS11H_BOOL ret = FALSE; DSA *dsa = NULL; _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_openssl_session_setDSA - entered openssl_session=%p, evp=%p", (void *)openssl_session, (void *)evp ); if ( (dsa = EVP_PKEY_get1_DSA (evp)) == NULL ) { _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot get DSA key"); goto cleanup; } DSA_set_method (dsa, __openssl_methods.dsa); DSA_set_ex_data (dsa, __openssl_methods.dsa_index, openssl_session); ret = TRUE; cleanup: if (dsa != NULL) { DSA_free (dsa); dsa = NULL; } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_openssl_session_setDSA - return ret=%d", ret ); return ret; } #endif #ifdef __ENABLE_EC static pkcs11h_certificate_t __pkcs11h_openssl_ecdsa_get_pkcs11h_certificate ( IN EC_KEY *ec ) { pkcs11h_openssl_session_t session = NULL; _PKCS11H_ASSERT (ec!=NULL); session = (pkcs11h_openssl_session_t)ECDSA_get_ex_data (ec, __openssl_methods.ecdsa_index); _PKCS11H_ASSERT (session!=NULL); _PKCS11H_ASSERT (session->certificate!=NULL); return session->certificate; } static ECDSA_SIG * __pkcs11h_openssl_ecdsa_do_sign( IN const unsigned char *dgst, IN int dlen, IN const BIGNUM *inv, IN const BIGNUM *r, OUT EC_KEY *ec ) { pkcs11h_certificate_t certificate = __pkcs11h_openssl_ecdsa_get_pkcs11h_certificate (ec); unsigned char *sigbuf = NULL; size_t siglen; ECDSA_SIG *sig = NULL; ECDSA_SIG *ret = NULL; CK_RV rv = CKR_FUNCTION_FAILED; _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_openssl_ecdsa_do_sign - entered dgst=%p, dlen=%d, inv=%p, r=%p, ec=%p", (void *)dgst, dlen, (void *)inv, (void *)r, (void *)ec ); _PKCS11H_ASSERT (dgst!=NULL); _PKCS11H_ASSERT (inv==NULL); _PKCS11H_ASSERT (r==NULL); _PKCS11H_ASSERT (ec!=NULL); _PKCS11H_ASSERT (certificate!=NULL); if ( (rv = pkcs11h_certificate_signAny ( certificate, CKM_ECDSA, dgst, (size_t)dlen, NULL, &siglen )) != CKR_OK ) { _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot perform signature %ld:'%s'", rv, pkcs11h_getMessage (rv)); goto cleanup; } if ((rv = _pkcs11h_mem_malloc ((void *)&sigbuf, siglen)) != CKR_OK) { _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot cannot allocate signature buffer"); goto cleanup; } if ( (rv = pkcs11h_certificate_signAny ( certificate, CKM_ECDSA, dgst, (size_t)dlen, sigbuf, &siglen )) != CKR_OK ) { _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot perform signature %ld:'%s'", rv, pkcs11h_getMessage (rv)); goto cleanup; } if ((sig = ECDSA_SIG_new ()) == NULL) { _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot allocate ECDSA_SIG"); goto cleanup; } if (BN_bin2bn (&sigbuf[0], siglen/2, sig->r) == NULL) { _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot convert ecdsa r"); goto cleanup; } if (BN_bin2bn (&sigbuf[siglen/2], siglen/2, sig->s) == NULL) { _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot convert ecdsa s"); goto cleanup; } ret = sig; sig = NULL; cleanup: if (sigbuf != NULL) { _pkcs11h_mem_free ((void *)&sigbuf); } if (sig != NULL) { ECDSA_SIG_free (sig); sig = NULL; } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_openssl_ecdsa_do_sign - return sig=%p", (void *)sig ); return ret; } static PKCS11H_BOOL __pkcs11h_openssl_session_setECDSA( IN const pkcs11h_openssl_session_t openssl_session, IN EVP_PKEY * evp ) { PKCS11H_BOOL ret = FALSE; EC_KEY *ec = NULL; _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_openssl_session_setECDSA - entered openssl_session=%p, evp=%p", (void *)openssl_session, (void *)evp ); if ( (ec = EVP_PKEY_get1_EC_KEY (evp)) == NULL ) { _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot get EC key"); goto cleanup; } ECDSA_set_method (ec, __openssl_methods.ecdsa); ECDSA_set_ex_data (ec, __openssl_methods.ecdsa_index, openssl_session); ret = TRUE; cleanup: if (ec != NULL) { EC_KEY_free (ec); ec = NULL; } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_openssl_session_setECDSA - return ret=%d", ret ); return ret; } #endif PKCS11H_BOOL _pkcs11h_openssl_initialize (void) { PKCS11H_BOOL ret = FALSE; _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_openssl_initialize - entered" ); #ifndef OPENSSL_NO_RSA if (__openssl_methods.rsa != NULL) { RSA_meth_free (__openssl_methods.rsa); } if ((__openssl_methods.rsa = RSA_meth_dup (RSA_get_default_method ())) == NULL) { goto cleanup; } RSA_meth_set1_name (__openssl_methods.rsa, "pkcs11h"); RSA_meth_set_priv_dec (__openssl_methods.rsa, __pkcs11h_openssl_rsa_dec); RSA_meth_set_priv_enc (__openssl_methods.rsa, __pkcs11h_openssl_rsa_enc); RSA_meth_set_flags (__openssl_methods.rsa, RSA_METHOD_FLAG_NO_CHECK | RSA_FLAG_EXT_PKEY); __openssl_methods.rsa_index = RSA_get_ex_new_index ( 0, "pkcs11h", NULL, __pkcs11h_openssl_ex_data_dup, __pkcs11h_openssl_ex_data_free ); #endif #ifndef OPENSSL_NO_DSA if (__openssl_methods.dsa != NULL) { DSA_meth_free (__openssl_methods.dsa); } __openssl_methods.dsa = DSA_meth_dup (DSA_get_default_method ()); DSA_meth_set1_name (__openssl_methods.dsa, "pkcs11h"); DSA_meth_set_sign (__openssl_methods.dsa, __pkcs11h_openssl_dsa_do_sign); __openssl_methods.dsa_index = DSA_get_ex_new_index ( 0, "pkcs11h", NULL, __pkcs11h_openssl_ex_data_dup, __pkcs11h_openssl_ex_data_free ); #endif #ifdef __ENABLE_EC if (__openssl_methods.ecdsa != NULL) { ECDSA_METHOD_free(__openssl_methods.ecdsa); } __openssl_methods.ecdsa = ECDSA_METHOD_new ((ECDSA_METHOD *)ECDSA_get_default_method ()); ECDSA_METHOD_set_name(__openssl_methods.ecdsa, "pkcs11h"); ECDSA_METHOD_set_sign(__openssl_methods.ecdsa, __pkcs11h_openssl_ecdsa_do_sign); __openssl_methods.ecdsa_index = ECDSA_get_ex_new_index ( 0, "pkcs11h", NULL, __pkcs11h_openssl_ex_data_dup, __pkcs11h_openssl_ex_data_free ); #endif ret = TRUE; cleanup: _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_openssl_initialize - return %d", ret ); return ret; } PKCS11H_BOOL _pkcs11h_openssl_terminate (void) { _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_openssl_terminate" ); #ifndef OPENSSL_NO_RSA if (__openssl_methods.rsa != NULL) { RSA_meth_free (__openssl_methods.rsa); __openssl_methods.rsa = NULL; } #endif #ifndef OPENSSL_NO_DSA if (__openssl_methods.dsa != NULL) { DSA_meth_free (__openssl_methods.dsa); __openssl_methods.dsa = NULL; } #endif #ifdef __ENABLE_EC if (__openssl_methods.ecdsa != NULL) { ECDSA_METHOD_free(__openssl_methods.ecdsa); __openssl_methods.ecdsa = NULL; } #endif return TRUE; } X509 * pkcs11h_openssl_getX509 ( IN const pkcs11h_certificate_t certificate ) { unsigned char *certificate_blob = NULL; size_t certificate_blob_size = 0; X509 *x509 = NULL; CK_RV rv = CKR_FUNCTION_FAILED; __pkcs11_openssl_d2i_t d2i1 = NULL; _PKCS11H_ASSERT (certificate!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_openssl_getX509 - entry certificate=%p", (void *)certificate ); if ((x509 = X509_new ()) == NULL) { _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Unable to allocate certificate object"); rv = CKR_HOST_MEMORY; goto cleanup; } if ( (rv = pkcs11h_certificate_getCertificateBlob ( certificate, NULL, &certificate_blob_size )) != CKR_OK ) { goto cleanup; } if ((rv = _pkcs11h_mem_malloc ((void *)&certificate_blob, certificate_blob_size)) != CKR_OK) { goto cleanup; } if ( (rv = pkcs11h_certificate_getCertificateBlob ( certificate, certificate_blob, &certificate_blob_size )) != CKR_OK ) { goto cleanup; } d2i1 = (__pkcs11_openssl_d2i_t)certificate_blob; if (!d2i_X509 (&x509, &d2i1, certificate_blob_size)) { _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Unable to parse X.509 certificate"); rv = CKR_FUNCTION_FAILED; goto cleanup; } rv = CKR_OK; cleanup: if (certificate_blob != NULL) { _pkcs11h_mem_free((void *)&certificate_blob); } if (rv != CKR_OK) { if (x509 != NULL) { X509_free (x509); x509 = NULL; } } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_openssl_getX509 - return rv=%ld-'%s', x509=%p", rv, pkcs11h_getMessage (rv), (void *)x509 ); return x509; } pkcs11h_openssl_session_t pkcs11h_openssl_createSession ( IN const pkcs11h_certificate_t certificate ) { pkcs11h_openssl_session_t openssl_session = NULL; CK_RV rv; PKCS11H_BOOL ok = FALSE; _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_openssl_createSession - entry" ); OpenSSL_add_all_digests (); if ( _pkcs11h_mem_malloc ( (void*)&openssl_session, sizeof (struct pkcs11h_openssl_session_s)) != CKR_OK ) { _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot allocate memory"); goto cleanup; } openssl_session->certificate = certificate; openssl_session->reference_count = 1; #if defined(ENABLE_PKCS11H_THREADING) if ((rv = _pkcs11h_threading_mutexInit(&openssl_session->reference_count_lock)) != CKR_OK) { _PKCS11H_LOG (PKCS11H_LOG_ERROR, "PKCS#11: Cannot initialize mutex %ld:'%s'", rv, pkcs11h_getMessage (rv)); goto cleanup; } #endif ok = TRUE; cleanup: if (!ok) { _pkcs11h_mem_free ((void *)&openssl_session); } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_openssl_createSession - return openssl_session=%p", (void *)openssl_session ); return openssl_session; } pkcs11h_hook_openssl_cleanup_t pkcs11h_openssl_getCleanupHook ( IN const pkcs11h_openssl_session_t openssl_session ) { _PKCS11H_ASSERT (openssl_session!=NULL); return openssl_session->cleanup_hook; } void pkcs11h_openssl_setCleanupHook ( IN const pkcs11h_openssl_session_t openssl_session, IN const pkcs11h_hook_openssl_cleanup_t cleanup ) { _PKCS11H_ASSERT (openssl_session!=NULL); openssl_session->cleanup_hook = cleanup; } void pkcs11h_openssl_freeSession ( IN const pkcs11h_openssl_session_t openssl_session ) { CK_RV rv; _PKCS11H_ASSERT (openssl_session!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_openssl_freeSession - entry openssl_session=%p, count=%d", (void *)openssl_session, openssl_session->reference_count ); #if defined(ENABLE_PKCS11H_THREADING) if ((rv = _pkcs11h_threading_mutexLock(&openssl_session->reference_count_lock)) != CKR_OK) { _PKCS11H_LOG (PKCS11H_LOG_ERROR, "PKCS#11: Cannot lock mutex %ld:'%s'", rv, pkcs11h_getMessage (rv)); goto cleanup; } #endif openssl_session->reference_count--; #if defined(ENABLE_PKCS11H_THREADING) _pkcs11h_threading_mutexRelease(&openssl_session->reference_count_lock); #endif _PKCS11H_ASSERT (openssl_session->reference_count>=0); if (openssl_session->reference_count == 0) { #if defined(ENABLE_PKCS11H_THREADING) _pkcs11h_threading_mutexFree(&openssl_session->reference_count_lock); #endif if (openssl_session->cleanup_hook != NULL) { openssl_session->cleanup_hook (openssl_session->certificate); } if (openssl_session->x509 != NULL) { X509_free (openssl_session->x509); openssl_session->x509 = NULL; } if (openssl_session->certificate != NULL) { pkcs11h_certificate_freeCertificate (openssl_session->certificate); openssl_session->certificate = NULL; } _pkcs11h_mem_free ((void *)&openssl_session); } cleanup: _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_openssl_freeSession - return" ); } RSA * pkcs11h_openssl_session_getRSA ( IN const pkcs11h_openssl_session_t openssl_session ) { #ifndef OPENSSL_NO_RSA RSA *rsa = NULL; RSA *ret = NULL; EVP_PKEY *evp = NULL; _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_openssl_session_getRSA - entry openssl_session=%p", (void *)openssl_session ); if ((evp = pkcs11h_openssl_session_getEVP(openssl_session)) == NULL) { goto cleanup; } if (EVP_PKEY_id (evp) != EVP_PKEY_RSA) { _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Invalid public key algorithm"); goto cleanup; } if ( (rsa = EVP_PKEY_get1_RSA (evp)) == NULL ) { _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot get RSA key"); goto cleanup; } ret = rsa; rsa = NULL; cleanup: /* * openssl objects have reference * count, so release them */ if (rsa != NULL) { RSA_free (rsa); rsa = NULL; } if (evp != NULL) { EVP_PKEY_free (evp); evp = NULL; } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_openssl_session_getRSA - return ret=%p", (void *)rsa ); return ret; #else return NULL; #endif } EVP_PKEY * pkcs11h_openssl_session_getEVP ( IN const pkcs11h_openssl_session_t openssl_session ) { X509 *x509 = NULL; EVP_PKEY *evp = NULL; EVP_PKEY *ret = NULL; _PKCS11H_ASSERT (openssl_session!=NULL); _PKCS11H_ASSERT (!openssl_session->initialized); _PKCS11H_ASSERT (openssl_session!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_openssl_session_getEVP - entry openssl_session=%p", (void *)openssl_session ); /* * Dup x509 so RSA will not hold session x509 */ if ((x509 = pkcs11h_openssl_session_getX509 (openssl_session)) == NULL) { _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot get certificate object"); goto cleanup; } if ((evp = X509_get_pubkey (x509)) == NULL) { _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot get public key"); goto cleanup; } if (0) { } #ifndef OPENSSL_NO_RSA else if (EVP_PKEY_id (evp) == EVP_PKEY_RSA) { if (!__pkcs11h_openssl_session_setRSA(openssl_session, evp)) { goto cleanup; } } #endif #ifndef OPENSSL_NO_RSA else if (EVP_PKEY_id (evp) == EVP_PKEY_DSA) { if (!__pkcs11h_openssl_session_setDSA(openssl_session, evp)) { goto cleanup; } } #endif #ifdef __ENABLE_EC else if (evp->type == EVP_PKEY_EC) { if (!__pkcs11h_openssl_session_setECDSA(openssl_session, evp)) { goto cleanup; } } #endif else { _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Invalid public key algorithm %d", EVP_PKEY_id (evp)); goto cleanup; } #if defined(ENABLE_PKCS11H_THREADING) _pkcs11h_threading_mutexLock(&openssl_session->reference_count_lock); #endif openssl_session->reference_count++; #if defined(ENABLE_PKCS11H_THREADING) _pkcs11h_threading_mutexRelease(&openssl_session->reference_count_lock); #endif openssl_session->initialized = TRUE; ret = evp; evp = NULL; cleanup: /* * openssl objects have reference * count, so release them */ if (evp != NULL) { EVP_PKEY_free (evp); evp = NULL; } if (x509 != NULL) { X509_free (x509); x509 = NULL; } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_openssl_session_getEVP - return ret=%p", (void *)ret ); return ret; } X509 * pkcs11h_openssl_session_getX509 ( IN const pkcs11h_openssl_session_t openssl_session ) { X509 *x509 = NULL; PKCS11H_BOOL ok = FALSE; _PKCS11H_ASSERT (openssl_session!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_openssl_session_getX509 - entry openssl_session=%p", (void *)openssl_session ); if ( openssl_session->x509 == NULL && (openssl_session->x509 = pkcs11h_openssl_getX509 (openssl_session->certificate)) == NULL ) { _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot get certificate object"); goto cleanup; } if ((x509 = X509_dup (openssl_session->x509)) == NULL) { _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot duplicate certificate object"); goto cleanup; } ok = TRUE; cleanup: if (!ok) { if (x509 != NULL) { X509_free (x509); x509 = NULL; } } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_openssl_session_getX509 - return x509=%p", (void *)x509 ); return x509; } #endif /* ENABLE_PKCS11H_OPENSSL */ pkcs11-helper-pkcs11-helper-1.22/lib/pkcs11h-serialization.c000066400000000000000000000233521304770615400234450ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #include "common.h" #include "_pkcs11h-core.h" #include "_pkcs11h-mem.h" #include "_pkcs11h-util.h" #include "_pkcs11h-token.h" #include "_pkcs11h-certificate.h" #define __PKCS11H_SERIALIZE_INVALID_CHARS "\\/\"'%&#@!?$* <>{}[]()`|:;,.+-" #if defined(ENABLE_PKCS11H_TOKEN) || defined(ENABLE_PKCS11H_CERTIFICATE) CK_RV pkcs11h_token_serializeTokenId ( OUT char * const sz, IN OUT size_t *max, IN const pkcs11h_token_id_t token_id ) { const char *sources[5]; CK_RV rv = CKR_FUNCTION_FAILED; size_t n; int e; /*_PKCS11H_ASSERT (sz!=NULL); Not required*/ _PKCS11H_ASSERT (max!=NULL); _PKCS11H_ASSERT (token_id!=NULL); { /* Must be after assert */ sources[0] = token_id->manufacturerID; sources[1] = token_id->model; sources[2] = token_id->serialNumber; sources[3] = token_id->label; sources[4] = NULL; } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_token_serializeTokenId entry sz=%p, *max="P_Z", token_id=%p", sz, sz != NULL ? *max : 0, (void *)token_id ); n = 0; for (e=0;sources[e] != NULL;e++) { size_t t; if ( (rv = _pkcs11h_util_escapeString ( NULL, sources[e], &t, __PKCS11H_SERIALIZE_INVALID_CHARS )) != CKR_OK ) { goto cleanup; } n+=t; } if (sz != NULL) { if (*max < n) { rv = CKR_ATTRIBUTE_VALUE_INVALID; goto cleanup; } n = 0; for (e=0;sources[e] != NULL;e++) { size_t t = *max-n; if ( (rv = _pkcs11h_util_escapeString ( sz+n, sources[e], &t, __PKCS11H_SERIALIZE_INVALID_CHARS )) != CKR_OK ) { goto cleanup; } n+=t; sz[n-1] = '/'; } sz[n-1] = '\x0'; } *max = n; rv = CKR_OK; cleanup: _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_token_serializeTokenId return rv=%lu-'%s', *max="P_Z", sz='%s'", rv, pkcs11h_getMessage (rv), *max, sz ); return rv; } CK_RV pkcs11h_token_deserializeTokenId ( OUT pkcs11h_token_id_t *p_token_id, IN const char * const sz ) { #define __PKCS11H_TARGETS_NUMBER 4 struct { char *p; size_t s; } targets[__PKCS11H_TARGETS_NUMBER]; pkcs11h_token_id_t token_id = NULL; char *p1 = NULL; char *_sz = NULL; int e; CK_RV rv = CKR_FUNCTION_FAILED; _PKCS11H_ASSERT (p_token_id!=NULL); _PKCS11H_ASSERT (sz!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_token_deserializeTokenId entry p_token_id=%p, sz='%s'", (void *)p_token_id, sz ); *p_token_id = NULL; if ( (rv = _pkcs11h_mem_strdup ( (void *)&_sz, sz )) != CKR_OK ) { goto cleanup; } p1 = _sz; if ((rv = _pkcs11h_token_newTokenId (&token_id)) != CKR_OK) { goto cleanup; } targets[0].p = token_id->manufacturerID; targets[0].s = sizeof (token_id->manufacturerID); targets[1].p = token_id->model; targets[1].s = sizeof (token_id->model); targets[2].p = token_id->serialNumber; targets[2].s = sizeof (token_id->serialNumber); targets[3].p = token_id->label; targets[3].s = sizeof (token_id->label); for (e=0;e < __PKCS11H_TARGETS_NUMBER;e++) { size_t l; char *p2 = NULL; /* * Don't search for last * separator */ if (e != __PKCS11H_TARGETS_NUMBER-1) { p2 = strchr (p1, '/'); if (p2 == NULL) { rv = CKR_ATTRIBUTE_VALUE_INVALID; goto cleanup; } else { *p2 = '\x0'; } } if ( (rv = _pkcs11h_util_unescapeString ( NULL, p1, &l )) != CKR_OK ) { goto cleanup; } if (l > targets[e].s) { rv = CKR_ATTRIBUTE_VALUE_INVALID; goto cleanup; } l = targets[e].s; if ( (rv = _pkcs11h_util_unescapeString ( targets[e].p, p1, &l )) != CKR_OK ) { goto cleanup; } p1 = p2+1; } strncpy ( token_id->display, token_id->label, sizeof (token_id->display) ); *p_token_id = token_id; token_id = NULL; rv = CKR_OK; cleanup: if (_sz != NULL) { _pkcs11h_mem_free ((void *)&_sz); } if (token_id != NULL) { pkcs11h_token_freeTokenId (token_id); } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_token_deserializeTokenId return rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); return rv; #undef __PKCS11H_TARGETS_NUMBER } #endif /* ENABLE_PKCS11H_TOKEN || ENABLE_PKCS11H_CERTIFICATE */ #if defined(ENABLE_PKCS11H_CERTIFICATE) CK_RV pkcs11h_certificate_serializeCertificateId ( OUT char * const sz, IN OUT size_t *max, IN const pkcs11h_certificate_id_t certificate_id ) { CK_RV rv = CKR_FUNCTION_FAILED; size_t saved_max = 0; size_t n = 0; size_t _max = 0; /*_PKCS11H_ASSERT (sz!=NULL); Not required */ _PKCS11H_ASSERT (max!=NULL); _PKCS11H_ASSERT (certificate_id!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_serializeCertificateId entry sz=%p, *max="P_Z", certificate_id=%p", sz, sz != NULL ? *max : 0, (void *)certificate_id ); if (sz != NULL) { saved_max = n = *max; } *max = 0; if ( (rv = pkcs11h_token_serializeTokenId ( sz, &n, certificate_id->token_id )) != CKR_OK ) { goto cleanup; } _max = n + certificate_id->attrCKA_ID_size*2 + 1; if (sz != NULL) { if (saved_max < _max) { rv = CKR_ATTRIBUTE_VALUE_INVALID; goto cleanup; } sz[n-1] = '/'; rv = _pkcs11h_util_binaryToHex ( sz+n, saved_max-n, certificate_id->attrCKA_ID, certificate_id->attrCKA_ID_size ); } *max = _max; rv = CKR_OK; cleanup: _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_serializeCertificateId return rv=%lu-'%s', *max="P_Z", sz='%s'", rv, pkcs11h_getMessage (rv), *max, sz ); return rv; } CK_RV pkcs11h_certificate_deserializeCertificateId ( OUT pkcs11h_certificate_id_t * const p_certificate_id, IN const char * const sz ) { pkcs11h_certificate_id_t certificate_id = NULL; CK_RV rv = CKR_FUNCTION_FAILED; char *p = NULL; char *_sz = NULL; _PKCS11H_ASSERT (p_certificate_id!=NULL); _PKCS11H_ASSERT (sz!=NULL); *p_certificate_id = NULL; _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_deserializeCertificateId entry p_certificate_id=%p, sz='%s'", (void *)p_certificate_id, sz ); if ( (rv = _pkcs11h_mem_strdup ( (void *)&_sz, sz )) != CKR_OK ) { goto cleanup; } p = _sz; if ((rv = _pkcs11h_certificate_newCertificateId (&certificate_id)) != CKR_OK) { goto cleanup; } if ((p = strrchr (_sz, '/')) == NULL) { rv = CKR_ATTRIBUTE_VALUE_INVALID; goto cleanup; } *p = '\x0'; p++; if ( (rv = pkcs11h_token_deserializeTokenId ( &certificate_id->token_id, _sz )) != CKR_OK ) { goto cleanup; } certificate_id->attrCKA_ID_size = strlen (p)/2; if ( (rv = _pkcs11h_mem_malloc ( (void *)&certificate_id->attrCKA_ID, certificate_id->attrCKA_ID_size) ) != CKR_OK || (rv = _pkcs11h_util_hexToBinary ( certificate_id->attrCKA_ID, p, &certificate_id->attrCKA_ID_size )) != CKR_OK ) { goto cleanup; } *p_certificate_id = certificate_id; certificate_id = NULL; rv = CKR_OK; cleanup: if (certificate_id != NULL) { pkcs11h_certificate_freeCertificateId (certificate_id); certificate_id = NULL; } if (_sz != NULL) { _pkcs11h_mem_free ((void *)&_sz); } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_deserializeCertificateId return rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); return rv; } #endif /* ENABLE_PKCS11H_CERTIFICATE */ pkcs11-helper-pkcs11-helper-1.22/lib/pkcs11h-session.c000066400000000000000000000573041304770615400222570ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #include "common.h" #include #include "_pkcs11h-sys.h" #include "_pkcs11h-mem.h" #include "_pkcs11h-token.h" #include "_pkcs11h-session.h" CK_RV _pkcs11h_session_getSlotList ( IN const _pkcs11h_provider_t provider, IN const CK_BBOOL token_present, OUT CK_SLOT_ID_PTR * const pSlotList, OUT CK_ULONG_PTR pulCount ) { CK_SLOT_ID_PTR _slots = NULL; CK_ULONG _slotnum = 0; CK_RV rv = CKR_FUNCTION_FAILED; _PKCS11H_ASSERT (provider!=NULL); _PKCS11H_ASSERT (pSlotList!=NULL); _PKCS11H_ASSERT (pulCount!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_session_getSlotList entry provider=%p, token_present=%d, pSlotList=%p, pulCount=%p", (void *)provider, token_present ? 1 : 0, (void *)pSlotList, (void *)pulCount ); *pSlotList = NULL; *pulCount = 0; if (!provider->enabled) { rv = CKR_CRYPTOKI_NOT_INITIALIZED; goto cleanup; } if ( (rv = provider->f->C_GetSlotList ( token_present, NULL_PTR, &_slotnum )) != CKR_OK ) { goto cleanup; } if (_slotnum > 0) { if ((rv = _pkcs11h_mem_malloc ((void *)&_slots, _slotnum * sizeof (CK_SLOT_ID))) != CKR_OK) { goto cleanup; } } if (_slotnum > 0) { if ( (rv = provider->f->C_GetSlotList ( token_present, _slots, &_slotnum )) != CKR_OK ) { goto cleanup; } } *pSlotList = _slots; _slots = NULL; *pulCount = _slotnum; rv = CKR_OK; cleanup: if (_slots != NULL) { _pkcs11h_mem_free ((void *)&_slots); } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_session_getSlotList return rv=%lu-'%s' *pulCount=%ld", rv, pkcs11h_getMessage (rv), *pulCount ); return rv; } CK_RV _pkcs11h_session_getObjectAttributes ( IN const _pkcs11h_session_t session, IN const CK_OBJECT_HANDLE object, IN OUT const CK_ATTRIBUTE_PTR attrs, IN const unsigned count ) { /* * THREADING: * session->mutex must be locked */ CK_RV rv = CKR_FUNCTION_FAILED; unsigned i; _PKCS11H_ASSERT (session!=NULL); _PKCS11H_ASSERT (attrs!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_session_getObjectAttributes entry session=%p, object=%ld, attrs=%p, count=%u", (void *)session, object, (void *)attrs, count ); if ( (rv = session->provider->f->C_GetAttributeValue ( session->session_handle, object, attrs, count )) != CKR_OK ) { goto cleanup; } for (i=0;iprovider->f->C_GetAttributeValue ( session->session_handle, object, attrs, count )) != CKR_OK ) { goto cleanup; } cleanup: _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_session_getObjectAttributes return rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); return rv; } CK_RV _pkcs11h_session_freeObjectAttributes ( IN OUT const CK_ATTRIBUTE_PTR attrs, IN const unsigned count ) { unsigned i; _PKCS11H_ASSERT (attrs!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_session_freeObjectAttributes entry attrs=%p, count=%u", (void *)attrs, count ); for (i=0;imutex must be locked */ PKCS11H_BOOL should_FindObjectsFinal = FALSE; CK_OBJECT_HANDLE *objects = NULL; CK_ULONG objects_size = 0; CK_OBJECT_HANDLE objects_buffer[100]; CK_ULONG objects_found; CK_OBJECT_HANDLE oLast = _PKCS11H_INVALID_OBJECT_HANDLE; CK_RV rv = CKR_FUNCTION_FAILED; _PKCS11H_ASSERT (session!=NULL); _PKCS11H_ASSERT (!(filter==NULL && filter_attrs!=0) || filter!=NULL); _PKCS11H_ASSERT (p_objects!=NULL); _PKCS11H_ASSERT (p_objects_found!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_session_findObjects entry session=%p, filter=%p, filter_attrs=%ld, p_objects=%p, p_objects_found=%p", (void *)session, (void *)filter, filter_attrs, (void *)p_objects, (void *)p_objects_found ); *p_objects = NULL; *p_objects_found = 0; if ( (rv = session->provider->f->C_FindObjectsInit ( session->session_handle, (CK_ATTRIBUTE *)filter, filter_attrs )) != CKR_OK ) { goto cleanup; } should_FindObjectsFinal = TRUE; while ( (rv = session->provider->f->C_FindObjects ( session->session_handle, objects_buffer, sizeof (objects_buffer) / sizeof (CK_OBJECT_HANDLE), &objects_found )) == CKR_OK && objects_found > 0 ) { CK_OBJECT_HANDLE *temp = NULL; /* * Begin workaround * * Workaround iKey bug * It returns the same objects over and over */ if (oLast == objects_buffer[0]) { _PKCS11H_LOG ( PKCS11H_LOG_WARN, "PKCS#11: Bad PKCS#11 C_FindObjects implementation detected, workaround applied" ); break; } oLast = objects_buffer[0]; /* End workaround */ if ( (rv = _pkcs11h_mem_malloc ( (void *)&temp, (objects_size+objects_found) * sizeof (CK_OBJECT_HANDLE) )) != CKR_OK ) { goto cleanup; } if (objects != NULL) { memmove ( temp, objects, objects_size * sizeof (CK_OBJECT_HANDLE) ); } memmove ( temp + objects_size, objects_buffer, objects_found * sizeof (CK_OBJECT_HANDLE) ); if (objects != NULL) { _pkcs11h_mem_free ((void *)&objects); objects = NULL; } objects = temp; objects_size += objects_found; temp = NULL; } if (should_FindObjectsFinal) { session->provider->f->C_FindObjectsFinal ( session->session_handle ); should_FindObjectsFinal = FALSE; } *p_objects = objects; *p_objects_found = objects_size; objects = NULL; objects_size = 0; rv = CKR_OK; cleanup: if (objects != NULL) { _pkcs11h_mem_free ((void *)&objects); objects = NULL; objects_size = 0; } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_session_findObjects return rv=%lu-'%s', *p_objects_found=%ld", rv, pkcs11h_getMessage (rv), *p_objects_found ); return rv; } CK_RV _pkcs11h_session_getSessionByTokenId ( IN const pkcs11h_token_id_t token_id, OUT _pkcs11h_session_t * const p_session ) { #if defined(ENABLE_PKCS11H_THREADING) PKCS11H_BOOL mutex_locked = FALSE; PKCS11H_BOOL have_session_mutex = FALSE; #endif _pkcs11h_session_t session = NULL; _pkcs11h_session_t current_session; CK_RV rv = CKR_FUNCTION_FAILED; _PKCS11H_ASSERT (token_id!=NULL); _PKCS11H_ASSERT (p_session!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_session_getSessionByTokenId entry token_id=%p, p_session=%p", (void *)token_id, (void *)p_session ); *p_session = NULL; #if defined(ENABLE_PKCS11H_THREADING) if ((rv = _pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.session)) != CKR_OK) { goto cleanup; } mutex_locked = TRUE; #endif for ( current_session = _g_pkcs11h_data->sessions; current_session != NULL && session == NULL; current_session = current_session->next ) { if ( pkcs11h_token_sameTokenId ( current_session->token_id, token_id ) ) { _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Using cached session" ); session = current_session; session->reference_count++; } } if (session == NULL) { _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Creating a new session" ); if ( (rv = _pkcs11h_mem_malloc ( (void *)&session, sizeof (struct _pkcs11h_session_s)) ) != CKR_OK ) { goto cleanup; } session->reference_count = 1; session->session_handle = _PKCS11H_INVALID_SESSION_HANDLE; session->pin_cache_period = _g_pkcs11h_data->pin_cache_period; if ( (rv = pkcs11h_token_duplicateTokenId ( &session->token_id, token_id )) != CKR_OK ) { goto cleanup; } #if defined(ENABLE_PKCS11H_THREADING) if ((rv = _pkcs11h_threading_mutexInit (&session->mutex)) != CKR_OK) { goto cleanup; } have_session_mutex = TRUE; #endif session->valid = TRUE; session->next = _g_pkcs11h_data->sessions; _g_pkcs11h_data->sessions = session; } *p_session = session; session = NULL; rv = CKR_OK; cleanup: if (session != NULL) { #if defined(ENABLE_PKCS11H_THREADING) if (have_session_mutex) { _pkcs11h_threading_mutexFree (&session->mutex); } #endif _pkcs11h_mem_free ((void *)&session); } #if defined(ENABLE_PKCS11H_THREADING) if (mutex_locked) { _pkcs11h_threading_mutexRelease (&_g_pkcs11h_data->mutexes.session); mutex_locked = FALSE; } #endif _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_session_getSessionByTokenId return rv=%lu-'%s', *p_session=%p", rv, pkcs11h_getMessage (rv), (void *)*p_session ); return rv; } CK_RV _pkcs11h_session_release ( IN const _pkcs11h_session_t session ) { #if defined(ENABLE_PKCS11H_THREADING) PKCS11H_BOOL mutex_locked = TRUE; #endif CK_RV rv = CKR_FUNCTION_FAILED; _PKCS11H_ASSERT (session!=NULL); _PKCS11H_ASSERT (session->reference_count>=0); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_session_release entry session=%p", (void *)session ); #if defined(ENABLE_PKCS11H_THREADING) if ((rv = _pkcs11h_threading_mutexLock (&session->mutex)) != CKR_OK) { goto cleanup; } mutex_locked = TRUE; #endif /* * Never logout for now */ if (session->reference_count > 0) { session->reference_count--; } rv = CKR_OK; #if defined(ENABLE_PKCS11H_THREADING) cleanup: if (mutex_locked) { _pkcs11h_threading_mutexRelease (&session->mutex); mutex_locked = FALSE; } #endif _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_session_release return rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); return rv; } CK_RV _pkcs11h_session_reset ( IN const _pkcs11h_session_t session, IN void * const user_data, IN const unsigned mask_prompt, OUT CK_SLOT_ID * const p_slot ) { PKCS11H_BOOL found = FALSE; CK_RV rv = CKR_FUNCTION_FAILED; unsigned nRetry = 0; _PKCS11H_ASSERT (session!=NULL); /*_PKCS11H_ASSERT (user_data) NOT NEEDED */ _PKCS11H_ASSERT (p_slot!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_session_reset entry session=%p, user_data=%p, mask_prompt=%08x, p_slot=%p", (void *)session, user_data, mask_prompt, (void *)p_slot ); *p_slot = _PKCS11H_INVALID_SLOT_ID; _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_session_reset Expected token manufacturerID='%s' model='%s', serialNumber='%s', label='%s'", session->token_id->manufacturerID, session->token_id->model, session->token_id->serialNumber, session->token_id->label ); while (!found) { _pkcs11h_provider_t current_provider = NULL; for ( current_provider = _g_pkcs11h_data->providers; ( current_provider != NULL && !found ); current_provider = current_provider->next ) { CK_SLOT_ID_PTR slots = NULL; CK_ULONG slotnum; CK_SLOT_ID slot_index; /* * Skip all other providers, * if one was set in the past */ if ( session->provider != NULL && session->provider != current_provider ) { continue; } if ( (rv = _pkcs11h_session_getSlotList ( current_provider, CK_TRUE, &slots, &slotnum )) != CKR_OK ) { _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Cannot get slot list for provider '%s' rv=%lu-'%s'", current_provider->manufacturerID, rv, pkcs11h_getMessage (rv) ); goto retry1; } for ( slot_index=0; ( slot_index < slotnum && !found ); slot_index++ ) { pkcs11h_token_id_t token_id = NULL; CK_TOKEN_INFO info; if ( (rv = current_provider->f->C_GetTokenInfo ( slots[slot_index], &info )) != CKR_OK || (rv = _pkcs11h_token_getTokenId ( &info, &token_id )) != CKR_OK ) { goto retry11; } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_session_reset Found token manufacturerID='%s' model='%s', serialNumber='%s', label='%s'", token_id->manufacturerID, token_id->model, token_id->serialNumber, token_id->label ); if ( pkcs11h_token_sameTokenId ( session->token_id, token_id ) ) { found = TRUE; *p_slot = slots[slot_index]; if (session->provider == NULL) { session->provider = current_provider; session->allow_protected_auth_supported = (info.flags & CKF_PROTECTED_AUTHENTICATION_PATH) != 0; } } rv = CKR_OK; retry11: if (rv != CKR_OK) { _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Cannot get token information for provider '%s' slot %ld rv=%lu-'%s'", current_provider->manufacturerID, slots[slot_index], rv, pkcs11h_getMessage (rv) ); } if (token_id != NULL) { pkcs11h_token_freeTokenId (token_id); } } retry1: if (slots != NULL) { _pkcs11h_mem_free ((void *)&slots); slots = NULL; } } if (!found && (mask_prompt & PKCS11H_PROMPT_MASK_ALLOW_TOKEN_PROMPT) == 0) { rv = CKR_TOKEN_NOT_PRESENT; goto cleanup; } if (!found) { PKCS11H_BOOL canceled; _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Calling token_prompt hook for '%s'", session->token_id->display ); canceled = !_g_pkcs11h_data->hooks.token_prompt ( _g_pkcs11h_data->hooks.token_prompt_data, user_data, session->token_id, nRetry++ ); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: token_prompt returned %d", canceled ? 0 : 1 ); if (canceled) { rv = CKR_CANCEL; goto cleanup; } } } rv = CKR_OK; cleanup: _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_session_reset return rv=%lu-'%s', *p_slot=%ld", rv, pkcs11h_getMessage (rv), *p_slot ); return rv; } CK_RV _pkcs11h_session_getObjectById ( IN const _pkcs11h_session_t session, IN const CK_OBJECT_CLASS class, IN const CK_BYTE_PTR id, IN const size_t id_size, OUT CK_OBJECT_HANDLE * const p_handle ) { /* * THREADING: * session->mutex must be locked */ CK_ATTRIBUTE filter[] = { {CKA_CLASS, (void *)&class, sizeof (class)}, {CKA_ID, (void *)id, id_size} }; CK_OBJECT_HANDLE *objects = NULL; CK_ULONG objects_found = 0; CK_RV rv = CKR_FUNCTION_FAILED; /*_PKCS11H_ASSERT (session!=NULL); NOT NEEDED*/ _PKCS11H_ASSERT (id!=NULL); _PKCS11H_ASSERT (p_handle!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_session_getObjectById entry session=%p, class=%ld, id=%p, id_size="P_Z", p_handle=%p", (void *)session, class, id, id_size, (void *)p_handle ); *p_handle = _PKCS11H_INVALID_OBJECT_HANDLE; if ((rv = _pkcs11h_session_validate (session)) != CKR_OK) { goto cleanup; } if ( (rv = _pkcs11h_session_findObjects ( session, filter, sizeof (filter) / sizeof (CK_ATTRIBUTE), &objects, &objects_found )) != CKR_OK ) { goto cleanup; } if (objects_found == 0) { rv = CKR_FUNCTION_REJECTED; goto cleanup; } *p_handle = objects[0]; rv = CKR_OK; cleanup: if (objects != NULL) { _pkcs11h_mem_free ((void *)&objects); } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_session_getObjectById return rv=%lu-'%s', *p_handle=%08lx", rv, pkcs11h_getMessage (rv), (unsigned long)*p_handle ); return rv; } CK_RV _pkcs11h_session_validate ( IN const _pkcs11h_session_t session ) { CK_RV rv = CKR_FUNCTION_FAILED; /*_PKCS11H_ASSERT (session!=NULL); NOT NEEDED*/ _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_session_validate entry session=%p", (void *)session ); if (session == NULL) { rv = CKR_SESSION_HANDLE_INVALID; goto cleanup; } if ( session->provider == NULL || !session->provider->enabled || session->session_handle == _PKCS11H_INVALID_SESSION_HANDLE ) { rv = CKR_SESSION_HANDLE_INVALID; goto cleanup; } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_session_validate session->pin_expire_time=%u, time=%u", (unsigned int)session->pin_expire_time, (unsigned int)_g_pkcs11h_sys_engine.time () ); if ( session->pin_expire_time != (time_t)0 && session->pin_expire_time < _g_pkcs11h_sys_engine.time () ) { _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Forcing logout due to pin timeout" ); _pkcs11h_session_logout (session); rv = CKR_SESSION_HANDLE_INVALID; goto cleanup; } rv = CKR_OK; cleanup: _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_session_validate return rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); return rv; } CK_RV __pkcs11h_session_touch ( IN const _pkcs11h_session_t session ) { /* * THREADING: * session->mutex must be locked */ _PKCS11H_ASSERT (session!=NULL); if (session->pin_cache_period == PKCS11H_PIN_CACHE_INFINITE) { session->pin_expire_time = 0; } else { session->pin_expire_time = ( _g_pkcs11h_sys_engine.time () + (time_t)session->pin_cache_period ); } return CKR_OK; } CK_RV _pkcs11h_session_login ( IN const _pkcs11h_session_t session, IN const PKCS11H_BOOL is_publicOnly, IN const PKCS11H_BOOL readonly, IN void * const user_data, IN const unsigned mask_prompt ) { /* * THREADING: * session->mutex must be locked */ CK_SLOT_ID slot = _PKCS11H_INVALID_SLOT_ID; CK_RV rv = CKR_FUNCTION_FAILED; _PKCS11H_ASSERT (session!=NULL); /*_PKCS11H_ASSERT (user_data) NOT NEEDED */ _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_session_login entry session=%p, is_publicOnly=%d, readonly=%d, user_data=%p, mask_prompt=%08x", (void *)session, is_publicOnly ? 1 : 0, readonly ? 1 : 0, user_data, mask_prompt ); if ( (rv = _pkcs11h_session_logout (session)) != CKR_OK || (rv = _pkcs11h_session_reset (session, user_data, mask_prompt, &slot)) != CKR_OK || (rv = session->provider->f->C_OpenSession ( slot, ( CKF_SERIAL_SESSION | (readonly ? 0 : CKF_RW_SESSION) ), NULL_PTR, NULL_PTR, &session->session_handle )) != CKR_OK ) { goto cleanup; } if ( !is_publicOnly || session->provider->cert_is_private ) { PKCS11H_BOOL login_succeeded = FALSE; unsigned retry_count = 0; if ((mask_prompt & PKCS11H_PROMPT_MASK_ALLOW_PIN_PROMPT) == 0) { rv = CKR_USER_NOT_LOGGED_IN; _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Calling pin_prompt hook denied because of prompt mask" ); } while ( !login_succeeded && retry_count < _g_pkcs11h_data->max_retries ) { CK_UTF8CHAR_PTR utfPIN = NULL; CK_ULONG lPINLength = 0; char pin[1024]; if ( !( _g_pkcs11h_data->allow_protected_auth && session->provider->allow_protected_auth && session->allow_protected_auth_supported ) ) { _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Calling pin_prompt hook for '%s'", session->token_id->display ); if ( _g_pkcs11h_data->hooks.pin_prompt ( _g_pkcs11h_data->hooks.pin_prompt_data, user_data, session->token_id, retry_count, pin, sizeof (pin) ) ) { rv = CKR_OK; } else { rv = CKR_CANCEL; } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: pin_prompt hook return rv=%ld", rv ); if (rv != CKR_OK ){ goto retry; } utfPIN = (CK_UTF8CHAR_PTR)pin; lPINLength = strlen (pin); } if ((rv = __pkcs11h_session_touch (session)) != CKR_OK) { goto cleanup; } if ( (rv = session->provider->f->C_Login ( session->session_handle, CKU_USER, utfPIN, lPINLength )) != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN ) { goto retry; } login_succeeded = TRUE; rv = CKR_OK; retry: _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_session_login C_Login rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); /* * Clean PIN buffer */ memset (pin, 0, sizeof (pin)); if ( rv != CKR_OK && rv != CKR_PIN_INCORRECT && rv != CKR_PIN_INVALID && rv != CKR_PIN_LEN_RANGE ) { goto cleanup; } retry_count++; } /* * Retry limit */ if (!login_succeeded) { rv = CKR_PIN_INCORRECT; goto cleanup; } } rv = CKR_OK; cleanup: _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_session_login return rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); return rv; } CK_RV _pkcs11h_session_logout ( IN const _pkcs11h_session_t session ) { /* * THREADING: * session->mutex must be locked */ /*_PKCS11H_ASSERT (session!=NULL); NOT NEEDED*/ _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_session_logout entry session=%p", (void *)session ); if ( session != NULL && session->session_handle != _PKCS11H_INVALID_SESSION_HANDLE ) { if (session->provider != NULL) { session->provider->f->C_Logout (session->session_handle); session->provider->f->C_CloseSession (session->session_handle); } session->session_handle = _PKCS11H_INVALID_SESSION_HANDLE; } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_session_logout return" ); return CKR_OK; } pkcs11-helper-pkcs11-helper-1.22/lib/pkcs11h-slotevent.c000066400000000000000000000311011304770615400226020ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #include "common.h" #if defined(ENABLE_PKCS11H_SLOTEVENT) #include "_pkcs11h-mem.h" #include "_pkcs11h-session.h" #include "_pkcs11h-slotevent.h" static unsigned long __pkcs11h_slotevent_checksum ( IN const unsigned char * const p, IN const size_t s ); static void * __pkcs11h_slotevent_provider ( IN void *p ); static void * __pkcs11h_slotevent_manager ( IN void *p ); static unsigned long __pkcs11h_slotevent_checksum ( IN const unsigned char * const p, IN const size_t s ) { unsigned long r = 0; size_t i; for (i=0;imanufacturerID ); if (!provider->enabled) { rv = CKR_OPERATION_NOT_INITIALIZED; goto cleanup; } if (provider->slot_poll_interval == 0) { provider->slot_poll_interval = _PKCS11H_DEFAULT_SLOTEVENT_POLL; } /* * If we cannot finalize, we cannot cause * WaitForSlotEvent to terminate */ if (!provider->should_finalize) { _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Setup slotevent provider='%s' mode hardset to poll", provider->manufacturerID ); provider->slot_event_method = PKCS11H_SLOTEVENT_METHOD_POLL; } if ( provider->slot_event_method == PKCS11H_SLOTEVENT_METHOD_AUTO || provider->slot_event_method == PKCS11H_SLOTEVENT_METHOD_TRIGGER ) { _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Setup slotevent provider='%s' checking trigger", provider->manufacturerID ); while ( !_g_pkcs11h_data->slotevent.should_terminate && provider->enabled && (rv = provider->f->C_WaitForSlotEvent ( 0, &slot, NULL_PTR )) == CKR_OK ) { _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Slotevent provider='%s' event", provider->manufacturerID ); _pkcs11h_threading_condSignal (&_g_pkcs11h_data->slotevent.cond_event); } if (rv != CKR_FUNCTION_NOT_SUPPORTED) { goto cleanup; } } if ( provider->slot_event_method == PKCS11H_SLOTEVENT_METHOD_AUTO || provider->slot_event_method == PKCS11H_SLOTEVENT_METHOD_POLL ) { PKCS11H_BOOL had_sleep = TRUE; _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Setup slotevent provider='%s' checking poll", provider->manufacturerID ); while ( !_g_pkcs11h_data->slotevent.should_terminate && provider->enabled && ( (rv = provider->f->C_WaitForSlotEvent ( CKF_DONT_BLOCK, &slot, NULL_PTR )) == CKR_OK || rv == CKR_NO_EVENT ) ) { if (rv == CKR_OK) { if (had_sleep) { _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Slotevent provider='%s' event", provider->manufacturerID ); had_sleep = FALSE; /* Mask out seq events */ _pkcs11h_threading_condSignal (&_g_pkcs11h_data->slotevent.cond_event); } } else { _pkcs11h_threading_sleep (provider->slot_poll_interval); had_sleep = TRUE; } } if (rv != CKR_FUNCTION_NOT_SUPPORTED) { goto cleanup; } } if ( provider->slot_event_method == PKCS11H_SLOTEVENT_METHOD_AUTO || provider->slot_event_method == PKCS11H_SLOTEVENT_METHOD_FETCH ) { unsigned long last_checksum = 0; PKCS11H_BOOL is_first_time = TRUE; _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Setup slotevent provider='%s' checking fetch", provider->manufacturerID ); while ( !_g_pkcs11h_data->slotevent.should_terminate && provider->enabled ) { unsigned long current_checksum = 0; CK_ULONG i; CK_SLOT_ID_PTR slots = NULL; CK_ULONG slotnum; _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Slotevent provider='%s' poll", provider->manufacturerID ); if ( (rv = _pkcs11h_session_getSlotList ( provider, TRUE, &slots, &slotnum )) != CKR_OK ) { goto cleanup1; } for (i=0;if->C_GetTokenInfo (slots[i], &info) == CKR_OK) { current_checksum += ( __pkcs11h_slotevent_checksum ( info.label, sizeof (info.label) ) + __pkcs11h_slotevent_checksum ( info.manufacturerID, sizeof (info.manufacturerID) ) + __pkcs11h_slotevent_checksum ( info.model, sizeof (info.model) ) + __pkcs11h_slotevent_checksum ( info.serialNumber, sizeof (info.serialNumber) ) ); } } if (is_first_time) { is_first_time = FALSE; } else { if (last_checksum != current_checksum) { _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Slotevent provider='%s' event", provider->manufacturerID ); _pkcs11h_threading_condSignal (&_g_pkcs11h_data->slotevent.cond_event); } } last_checksum = current_checksum; rv = CKR_OK; cleanup1: if (slots != NULL) { _pkcs11h_mem_free ((void *)&slots); } if (rv != CKR_OK) { goto cleanup; } if (!_g_pkcs11h_data->slotevent.should_terminate) { _pkcs11h_threading_sleep (provider->slot_poll_interval); } } } cleanup: _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_slotevent_provider provider='%s' return", provider->manufacturerID ); return NULL; } static void * __pkcs11h_slotevent_manager ( IN void *p ) { PKCS11H_BOOL first_time = TRUE; (void)p; _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_slotevent_manager entry" ); /* * Trigger hook, so application may * depend on initial slot change */ _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Calling slotevent hook" ); _g_pkcs11h_data->hooks.slotevent (_g_pkcs11h_data->hooks.slotevent_data); while ( first_time || /* Must enter wait or mutex will never be free */ !_g_pkcs11h_data->slotevent.should_terminate ) { _pkcs11h_provider_t current_provider; first_time = FALSE; /* * Start each provider thread * if not already started. * This is required in order to allow * adding new providers. */ _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_slotevent_manager examine provider list" ); for ( current_provider = _g_pkcs11h_data->providers; current_provider != NULL; current_provider = current_provider->next ) { if (current_provider->enabled) { if (current_provider->slotevent_thread == PKCS11H_THREAD_NULL) { _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_slotevent_manager found enabled provider without thread" ); _pkcs11h_threading_threadStart ( ¤t_provider->slotevent_thread, __pkcs11h_slotevent_provider, current_provider ); } } else { if (current_provider->slotevent_thread != PKCS11H_THREAD_NULL) { _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_slotevent_manager found disabled provider with thread" ); _pkcs11h_threading_threadJoin (¤t_provider->slotevent_thread); } } } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_slotevent_manager waiting for slotevent" ); _pkcs11h_threading_condWait (&_g_pkcs11h_data->slotevent.cond_event, PKCS11H_COND_INFINITE); if (_g_pkcs11h_data->slotevent.skip_event) { _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Slotevent skipping event" ); _g_pkcs11h_data->slotevent.skip_event = FALSE; } else { _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Calling slotevent hook" ); _g_pkcs11h_data->hooks.slotevent (_g_pkcs11h_data->hooks.slotevent_data); } } { _pkcs11h_provider_t current_provider; _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_slotevent_manager joining threads" ); for ( current_provider = _g_pkcs11h_data->providers; current_provider != NULL; current_provider = current_provider->next ) { if (current_provider->slotevent_thread != PKCS11H_THREAD_NULL) { _pkcs11h_threading_threadJoin (¤t_provider->slotevent_thread); } } } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_slotevent_manager return" ); return NULL; } CK_RV _pkcs11h_slotevent_init (void) { CK_RV rv = CKR_FUNCTION_FAILED; _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_slotevent_init entry" ); if (!_g_pkcs11h_data->slotevent.initialized) { if ((rv = _pkcs11h_threading_condInit (&_g_pkcs11h_data->slotevent.cond_event)) != CKR_OK) { goto cleanup; } if ( (rv = _pkcs11h_threading_threadStart ( &_g_pkcs11h_data->slotevent.thread, __pkcs11h_slotevent_manager, NULL )) != CKR_OK ) { goto cleanup; } _g_pkcs11h_data->slotevent.initialized = TRUE; } rv = CKR_OK; cleanup: _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_slotevent_init return rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); return rv; } CK_RV _pkcs11h_slotevent_notify (void) { _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_slotevent_notify entry" ); if (_g_pkcs11h_data->slotevent.initialized) { _g_pkcs11h_data->slotevent.skip_event = TRUE; _pkcs11h_threading_condSignal (&_g_pkcs11h_data->slotevent.cond_event); } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_slotevent_notify return" ); return CKR_OK; } CK_RV _pkcs11h_slotevent_terminate_force (void) { if (_g_pkcs11h_data->slotevent.initialized) { _pkcs11h_threading_condFree (&_g_pkcs11h_data->slotevent.cond_event); _g_pkcs11h_data->slotevent.initialized = FALSE; } return CKR_OK; } CK_RV _pkcs11h_slotevent_terminate (void) { _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_slotevent_terminate entry" ); if (_g_pkcs11h_data->slotevent.initialized) { _g_pkcs11h_data->slotevent.should_terminate = TRUE; _pkcs11h_slotevent_notify (); if (_g_pkcs11h_data->slotevent.thread != PKCS11H_THREAD_NULL) { _pkcs11h_threading_threadJoin (&_g_pkcs11h_data->slotevent.thread); } _pkcs11h_slotevent_terminate_force (); } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_slotevent_terminate return" ); return CKR_OK; } #endif pkcs11-helper-pkcs11-helper-1.22/lib/pkcs11h-sys.c000066400000000000000000000066341304770615400214120ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #include "common.h" #include #if !defined(_WIN32) #include #endif #include #include "_pkcs11h-sys.h" static time_t __mytime (void) { return time (NULL); } static void __mysleep (unsigned long usec) { #if defined(_WIN32) Sleep (usec/1000); #else usleep (usec); #endif } #if !defined(_WIN32) static int __mygettimeofday (struct timeval *tv) { return gettimeofday (tv, NULL); } #endif pkcs11h_engine_system_t _g_pkcs11h_sys_engine = { malloc, free, __mytime, __mysleep, #if defined(_WIN32) NULL #else __mygettimeofday #endif }; CK_RV pkcs11h_engine_setSystem ( IN const pkcs11h_engine_system_t * const engine ) { _PKCS11H_ASSERT (engine!=NULL); memmove (&_g_pkcs11h_sys_engine, engine, sizeof (pkcs11h_engine_system_t)); return CKR_OK; } pkcs11-helper-pkcs11-helper-1.22/lib/pkcs11h-threading.c000066400000000000000000000301311304770615400225260ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #include "common.h" #if defined(ENABLE_PKCS11H_THREADING) #if defined(_WIN32) #include #else #include #endif #include "_pkcs11h-sys.h" #include "_pkcs11h-mem.h" #include "_pkcs11h-threading.h" typedef struct { _pkcs11h_thread_start_t start; void *data; } ___pkcs11h_thread_data_t; /*========================================== * Static data */ #if !defined(_WIN32) typedef struct __pkcs11h_threading_mutex_entry_s { struct __pkcs11h_threading_mutex_entry_s *next; _pkcs11h_mutex_t *p_mutex; PKCS11H_BOOL locked; } *__pkcs11h_threading_mutex_entry_t; static struct { _pkcs11h_mutex_t mutex; __pkcs11h_threading_mutex_entry_t head; } __s_pkcs11h_threading_mutex_list = { PTHREAD_MUTEX_INITIALIZER, NULL }; #endif void _pkcs11h_threading_sleep ( IN const unsigned milli ) { _g_pkcs11h_sys_engine.usleep (milli*1000); } CK_RV _pkcs11h_threading_mutexInit ( OUT _pkcs11h_mutex_t * const mutex ) { CK_RV rv = CKR_FUNCTION_FAILED; #if defined(_WIN32) if ((*mutex = CreateMutex (NULL, FALSE, NULL)) == NULL) { rv = CKR_FUNCTION_FAILED; goto cleanup; } rv = CKR_OK; cleanup: #else { __pkcs11h_threading_mutex_entry_t entry = NULL; PKCS11H_BOOL mutex_locked = FALSE; if ((rv = _pkcs11h_threading_mutexLock (&__s_pkcs11h_threading_mutex_list.mutex)) != CKR_OK) { goto cleanup; } mutex_locked = TRUE; if ( (rv = _pkcs11h_mem_malloc ( (void *)&entry, sizeof (struct __pkcs11h_threading_mutex_entry_s) )) != CKR_OK ) { goto cleanup; } if (pthread_mutex_init (mutex, NULL)) { rv = CKR_FUNCTION_FAILED; goto cleanup; } entry->p_mutex = mutex; entry->next = __s_pkcs11h_threading_mutex_list.head; __s_pkcs11h_threading_mutex_list.head = entry; entry = NULL; rv = CKR_OK; cleanup: if (entry != NULL) { _pkcs11h_mem_free ((void *)&entry); } if (mutex_locked) { _pkcs11h_threading_mutexRelease (&__s_pkcs11h_threading_mutex_list.mutex); mutex_locked = FALSE; } } #endif return rv; } CK_RV _pkcs11h_threading_mutexLock ( IN OUT _pkcs11h_mutex_t *const mutex ) { CK_RV rv = CKR_FUNCTION_FAILED; #if defined(_WIN32) if (WaitForSingleObject (*mutex, INFINITE) == WAIT_FAILED) { rv = CKR_FUNCTION_FAILED; goto cleanup; } #else if (pthread_mutex_lock (mutex)) { goto cleanup; } #endif rv = CKR_OK; cleanup: return rv; } CK_RV _pkcs11h_threading_mutexRelease ( IN OUT _pkcs11h_mutex_t *const mutex ) { CK_RV rv = CKR_FUNCTION_FAILED; #if defined(_WIN32) if (!ReleaseMutex (*mutex)) { rv = CKR_FUNCTION_FAILED; goto cleanup; } #else if (pthread_mutex_unlock (mutex)) { rv = CKR_FUNCTION_FAILED; goto cleanup; } #endif rv = CKR_OK; cleanup: return rv; } CK_RV _pkcs11h_threading_mutexFree ( IN OUT _pkcs11h_mutex_t *const mutex ) { #if defined(_WIN32) if (*mutex != NULL) { CloseHandle (*mutex); *mutex = NULL; } #else { __pkcs11h_threading_mutex_entry_t last = NULL; __pkcs11h_threading_mutex_entry_t entry = NULL; PKCS11H_BOOL mutex_locked = FALSE; if (_pkcs11h_threading_mutexLock (&__s_pkcs11h_threading_mutex_list.mutex) != CKR_OK) { goto cleanup; } mutex_locked = TRUE; entry = __s_pkcs11h_threading_mutex_list.head; while ( entry != NULL && entry->p_mutex != mutex ) { last = entry; entry = entry->next; } if (entry != NULL) { if (last == NULL) { __s_pkcs11h_threading_mutex_list.head = entry->next; } else { last->next = entry->next; } _pkcs11h_mem_free ((void *)&entry); } pthread_mutex_destroy (mutex); cleanup: if (mutex_locked) { _pkcs11h_threading_mutexRelease (&__s_pkcs11h_threading_mutex_list.mutex); mutex_locked = FALSE; } } #endif return CKR_OK; } #if !defined(_WIN32) /* * This function is required in order * to lock all mutexes before fork is called, * and to avoid dedlocks. * The loop is required because there is no * way to lock all mutex in one system call... */ void _pkcs1h_threading_mutexLockAll (void) { __pkcs11h_threading_mutex_entry_t entry = NULL; PKCS11H_BOOL mutex_locked = FALSE; PKCS11H_BOOL all_mutexes_locked = FALSE; if (_pkcs11h_threading_mutexLock (&__s_pkcs11h_threading_mutex_list.mutex) != CKR_OK) { goto cleanup; } mutex_locked = TRUE; for ( entry = __s_pkcs11h_threading_mutex_list.head; entry != NULL; entry = entry->next ) { entry->locked = FALSE; } while (!all_mutexes_locked) { PKCS11H_BOOL ok = TRUE; for ( entry = __s_pkcs11h_threading_mutex_list.head; entry != NULL && ok; entry = entry->next ) { if (!pthread_mutex_trylock (entry->p_mutex)) { entry->locked = TRUE; } else { ok = FALSE; } } if (!ok) { for ( entry = __s_pkcs11h_threading_mutex_list.head; entry != NULL; entry = entry->next ) { if (entry->locked == TRUE) { pthread_mutex_unlock (entry->p_mutex); entry->locked = FALSE; } } _pkcs11h_threading_mutexRelease (&__s_pkcs11h_threading_mutex_list.mutex); _pkcs11h_threading_sleep (1000); _pkcs11h_threading_mutexLock (&__s_pkcs11h_threading_mutex_list.mutex); } else { all_mutexes_locked = TRUE; } } cleanup: if (mutex_locked) { _pkcs11h_threading_mutexRelease (&__s_pkcs11h_threading_mutex_list.mutex); mutex_locked = FALSE; } } void _pkcs1h_threading_mutexReleaseAll (void) { __pkcs11h_threading_mutex_entry_t entry = NULL; PKCS11H_BOOL mutex_locked = FALSE; if (_pkcs11h_threading_mutexLock (&__s_pkcs11h_threading_mutex_list.mutex) != CKR_OK) { goto cleanup; } mutex_locked = TRUE; for ( entry = __s_pkcs11h_threading_mutex_list.head; entry != NULL; entry = entry->next ) { pthread_mutex_unlock (entry->p_mutex); entry->locked = FALSE; } cleanup: if (mutex_locked) { _pkcs11h_threading_mutexRelease (&__s_pkcs11h_threading_mutex_list.mutex); mutex_locked = FALSE; } } #endif CK_RV _pkcs11h_threading_condSignal ( IN OUT _pkcs11h_cond_t *const cond ) { CK_RV rv = CKR_FUNCTION_FAILED; #if defined(_WIN32) if (!SetEvent (*cond)) { rv = CKR_FUNCTION_FAILED; goto cleanup; } #else if ( ( pthread_mutex_lock (&cond->mut) || pthread_cond_signal (&cond->cond) || pthread_mutex_unlock (&cond->mut) ) ) { rv = CKR_FUNCTION_FAILED; goto cleanup; } #endif rv = CKR_OK; cleanup: return rv; } CK_RV _pkcs11h_threading_condInit ( OUT _pkcs11h_cond_t * const cond ) { CK_RV rv = CKR_FUNCTION_FAILED; #if defined(_WIN32) if ((*cond = CreateEvent (NULL, FALSE, FALSE, NULL)) == NULL) { rv = CKR_FUNCTION_FAILED; goto cleanup; } #else if ( ( pthread_mutex_init (&cond->mut, NULL) || pthread_cond_init (&cond->cond, NULL) || pthread_mutex_lock (&cond->mut) ) ) { rv = CKR_FUNCTION_FAILED; goto cleanup; } #endif rv = CKR_OK; cleanup: return rv; } CK_RV _pkcs11h_threading_condWait ( IN OUT _pkcs11h_cond_t *const cond, IN const unsigned milli ) { CK_RV rv = CKR_FUNCTION_FAILED; #if defined(_WIN32) DWORD dwMilli; if (milli == PKCS11H_COND_INFINITE) { dwMilli = INFINITE; } else { dwMilli = milli; } if (WaitForSingleObject (*cond, dwMilli) == WAIT_FAILED) { rv = CKR_FUNCTION_FAILED; goto cleanup; } #else if (milli == PKCS11H_COND_INFINITE) { if (pthread_cond_wait (&cond->cond, &cond->mut) ) { rv = CKR_FUNCTION_FAILED; goto cleanup; } } else { struct timeval now; struct timespec timeout; if (_g_pkcs11h_sys_engine.gettimeofday (&now)) { rv = CKR_FUNCTION_FAILED; goto cleanup; } timeout.tv_sec = now.tv_sec + milli/1000; timeout.tv_nsec = now.tv_usec*1000 + milli%1000; if (pthread_cond_timedwait (&cond->cond, &cond->mut, &timeout)) { rv = CKR_FUNCTION_FAILED; goto cleanup; } } #endif rv = CKR_OK; cleanup: return rv; } CK_RV _pkcs11h_threading_condFree ( IN OUT _pkcs11h_cond_t *const cond ) { #if defined(_WIN32) CloseHandle (*cond); *cond = NULL; #else pthread_mutex_unlock (&cond->mut); #endif return CKR_OK; } #if defined(_WIN32) static unsigned __stdcall ___pkcs11h_thread_start (void *p) { ___pkcs11h_thread_data_t *_data = (___pkcs11h_thread_data_t *)p; unsigned ret; ret = (unsigned)((char*)_data->start (_data->data) - (char*)0); _pkcs11h_mem_free ((void *)&_data); return ret; } #else static void * ___pkcs11h_thread_start (void *p) { ___pkcs11h_thread_data_t *_data = (___pkcs11h_thread_data_t *)p; sigset_t signal_mask; void *ret; int i; /* * Ignore any signal in * this thread */ sigemptyset (&signal_mask); for (i=1;i<16;i++) { sigaddset (&signal_mask, i); } pthread_sigmask (SIG_SETMASK, &signal_mask, NULL); ret = _data->start (_data->data); _pkcs11h_mem_free ((void *)&_data); return ret; } #endif CK_RV _pkcs11h_threading_threadStart ( OUT _pkcs11h_thread_t * const thread, IN _pkcs11h_thread_start_t const start, IN void * data ) { ___pkcs11h_thread_data_t *_data = NULL; CK_RV rv = CKR_FUNCTION_FAILED; if ( (rv = _pkcs11h_mem_malloc ( (void *)&_data, sizeof (___pkcs11h_thread_data_t) )) != CKR_OK ) { goto cleanup; } _data->start = start; _data->data = data; #if defined(_WIN32) { unsigned tmp; if ( (*thread = (HANDLE)_beginthreadex ( NULL, 0, ___pkcs11h_thread_start, _data, 0, &tmp )) == NULL ) { rv = CKR_FUNCTION_FAILED; goto cleanup; } } #else if (pthread_create (thread, NULL, ___pkcs11h_thread_start, _data)) { rv = CKR_FUNCTION_FAILED; goto cleanup; } #endif rv = CKR_OK; cleanup: return rv; } CK_RV _pkcs11h_threading_threadJoin ( IN _pkcs11h_thread_t * const thread ) { #if defined(_WIN32) WaitForSingleObject (*thread, INFINITE); CloseHandle (*thread); *thread = NULL; #else pthread_join (*thread, NULL); *thread = 0l; #endif return CKR_OK; } #endif pkcs11-helper-pkcs11-helper-1.22/lib/pkcs11h-token.c000066400000000000000000000371241304770615400217120ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #include "common.h" #include #include "_pkcs11h-mem.h" #include "_pkcs11h-session.h" #include "_pkcs11h-util.h" #include "_pkcs11h-token.h" CK_RV pkcs11h_token_freeTokenId ( IN pkcs11h_token_id_t token_id ) { _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); _PKCS11H_ASSERT (token_id!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_token_freeTokenId entry certificate_id=%p", (void *)token_id ); _pkcs11h_mem_free ((void *)&token_id); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_token_freeTokenId return" ); return CKR_OK; } CK_RV pkcs11h_token_duplicateTokenId ( OUT pkcs11h_token_id_t * const to, IN const pkcs11h_token_id_t from ) { CK_RV rv = CKR_FUNCTION_FAILED; _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); _PKCS11H_ASSERT (to!=NULL); _PKCS11H_ASSERT (from!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_token_duplicateTokenId entry to=%p form=%p", (void *)to, (void *)from ); *to = NULL; if ( (rv = _pkcs11h_mem_duplicate ( (void*)to, NULL, from, sizeof (struct pkcs11h_token_id_s) )) != CKR_OK ) { goto cleanup; } rv = CKR_OK; cleanup: _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_token_duplicateTokenId return rv=%lu-'%s', *to=%p", rv, pkcs11h_getMessage (rv), (void *)*to ); return rv; } PKCS11H_BOOL pkcs11h_token_sameTokenId ( IN const pkcs11h_token_id_t a, IN const pkcs11h_token_id_t b ) { _PKCS11H_ASSERT (a!=NULL); _PKCS11H_ASSERT (b!=NULL); return ( !strcmp (a->manufacturerID, b->manufacturerID) && !strcmp (a->model, b->model) && !strcmp (a->serialNumber, b->serialNumber) && !strcmp (a->label, b->label) ); } CK_RV _pkcs11h_token_getTokenId ( IN const CK_TOKEN_INFO_PTR info, OUT pkcs11h_token_id_t * const p_token_id ) { pkcs11h_token_id_t token_id; CK_RV rv = CKR_FUNCTION_FAILED; _PKCS11H_ASSERT (info!=NULL); _PKCS11H_ASSERT (p_token_id!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_token_getTokenId entry p_token_id=%p", (void *)p_token_id ); *p_token_id = NULL; if ((rv = _pkcs11h_token_newTokenId (&token_id)) != CKR_OK) { goto cleanup; } _pkcs11h_util_fixupFixedString ( token_id->label, (char *)info->label, sizeof (info->label) ); _pkcs11h_util_fixupFixedString ( token_id->manufacturerID, (char *)info->manufacturerID, sizeof (info->manufacturerID) ); _pkcs11h_util_fixupFixedString ( token_id->model, (char *)info->model, sizeof (info->model) ); _pkcs11h_util_fixupFixedString ( token_id->serialNumber, (char *)info->serialNumber, sizeof (info->serialNumber) ); strncpy ( token_id->display, token_id->label, sizeof (token_id->display) ); *p_token_id = token_id; token_id = NULL; rv = CKR_OK; cleanup: if (token_id != NULL) { _pkcs11h_mem_free ((void *)&token_id); } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_token_getTokenId return rv=%lu-'%s', *p_token_id=%p", rv, pkcs11h_getMessage (rv), (void *)*p_token_id ); return rv; } CK_RV _pkcs11h_token_newTokenId ( OUT pkcs11h_token_id_t * const p_token_id ) { CK_RV rv = CKR_FUNCTION_FAILED; pkcs11h_token_id_t token_id = NULL; _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); _PKCS11H_ASSERT (p_token_id!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_token_newTokenId entry p_token_id=%p", (void *)p_token_id ); *p_token_id = NULL; if ((rv = _pkcs11h_mem_malloc ((void *)&token_id, sizeof (struct pkcs11h_token_id_s))) != CKR_OK) { goto cleanup; } *p_token_id = token_id; token_id = NULL; rv = CKR_OK; cleanup: if (token_id != NULL) { _pkcs11h_mem_free ((void *)&token_id); token_id = NULL; } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_token_newTokenId return rv=%lu-'%s', *p_token_id=%p", rv, pkcs11h_getMessage (rv), (void *)*p_token_id ); return rv; } CK_RV pkcs11h_token_logout ( IN const pkcs11h_token_id_t token_id ) { #if defined(ENABLE_PKCS11H_THREADING) PKCS11H_BOOL mutex_locked = FALSE; #endif CK_RV rv = CKR_FUNCTION_FAILED; _pkcs11h_session_t session = NULL; _PKCS11H_ASSERT (token_id!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_token_logout entry token_id=%p\n", (void *)token_id ); if ( (rv = _pkcs11h_session_getSessionByTokenId ( token_id, &session )) != CKR_OK ) { goto cleanup; } #if defined(ENABLE_PKCS11H_THREADING) if ((rv = _pkcs11h_threading_mutexLock (&session->mutex)) != CKR_OK) { goto cleanup; } mutex_locked = TRUE; #endif if ( (rv = _pkcs11h_session_logout (session)) != CKR_OK ) { goto cleanup; } rv = CKR_OK; cleanup: #if defined(ENABLE_PKCS11H_THREADING) if (mutex_locked) { _pkcs11h_threading_mutexRelease (&session->mutex); mutex_locked = FALSE; } #endif if (session != NULL) { _pkcs11h_session_release (session); session = NULL; } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_token_logout return rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); return rv; } CK_RV pkcs11h_token_login ( IN const pkcs11h_token_id_t token_id, IN const PKCS11H_BOOL readonly, IN const char * const pin ) { #if defined(ENABLE_PKCS11H_THREADING) PKCS11H_BOOL mutex_locked = FALSE; #endif CK_SLOT_ID slot = _PKCS11H_INVALID_SLOT_ID; CK_ULONG pin_size = 0; CK_RV rv = CKR_FUNCTION_FAILED; _pkcs11h_session_t session = NULL; _PKCS11H_ASSERT (token_id!=NULL); /*_PKCS11H_ASSERT (pin!=NULL); NOT NEEDED*/ _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_token_login entry token_id=%p, readonly=%d\n", (void *)token_id, readonly ? 1 : 0 ); if (pin != NULL) { pin_size = strlen (pin); } if ( (rv = _pkcs11h_session_getSessionByTokenId ( token_id, &session )) != CKR_OK ) { goto cleanup; } #if defined(ENABLE_PKCS11H_THREADING) if ((rv = _pkcs11h_threading_mutexLock (&session->mutex)) != CKR_OK) { goto cleanup; } mutex_locked = TRUE; #endif if ( (rv = _pkcs11h_session_logout (session)) != CKR_OK || (rv = _pkcs11h_session_reset (session, NULL, 0, &slot)) != CKR_OK || (rv = __pkcs11h_session_touch (session)) != CKR_OK || (rv = session->provider->f->C_OpenSession ( slot, ( CKF_SERIAL_SESSION | (readonly ? 0 : CKF_RW_SESSION) ), NULL_PTR, NULL_PTR, &session->session_handle )) != CKR_OK ) { goto cleanup; } if ( (rv = session->provider->f->C_Login ( session->session_handle, CKU_USER, (CK_UTF8CHAR_PTR)pin, pin_size )) != CKR_OK ) { if (rv != CKR_USER_ALREADY_LOGGED_IN) { goto cleanup; } } rv = CKR_OK; cleanup: #if defined(ENABLE_PKCS11H_THREADING) if (mutex_locked) { _pkcs11h_threading_mutexRelease (&session->mutex); mutex_locked = FALSE; } #endif if (session != NULL) { _pkcs11h_session_release (session); session = NULL; } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_token_login return rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); return rv; } #if defined(ENABLE_PKCS11H_TOKEN) CK_RV pkcs11h_token_ensureAccess ( IN const pkcs11h_token_id_t token_id, IN void * const user_data, IN const unsigned mask_prompt ) { #if defined(ENABLE_PKCS11H_THREADING) PKCS11H_BOOL mutex_locked = FALSE; #endif _pkcs11h_session_t session = NULL; CK_RV rv = CKR_FUNCTION_FAILED; CK_SLOT_ID slot; _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); _PKCS11H_ASSERT (token_id!=NULL); /*_PKCS11H_ASSERT (user_data) NOT NEEDED */ _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_token_ensureAccess entry token_id=%p, user_data=%p, mask_prompt=%08x", (void *)token_id, user_data, mask_prompt ); if ( (rv = _pkcs11h_session_getSessionByTokenId ( token_id, &session )) != CKR_OK ) { goto cleanup; } #if defined(ENABLE_PKCS11H_THREADING) if ((rv = _pkcs11h_threading_mutexLock (&session->mutex)) != CKR_OK) { goto cleanup; } mutex_locked = TRUE; #endif if ( (rv = _pkcs11h_session_reset ( session, user_data, mask_prompt, &slot )) != CKR_OK ) { goto cleanup; } rv = CKR_OK; cleanup: #if defined(ENABLE_PKCS11H_THREADING) if (mutex_locked) { _pkcs11h_threading_mutexRelease (&session->mutex); mutex_locked = FALSE; } #endif if (session != NULL) { _pkcs11h_session_release (session); session = NULL; } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_token_ensureAccess return rv=%lu-'%s'", rv, pkcs11h_getMessage (rv) ); return rv; } CK_RV pkcs11h_token_freeTokenIdList ( IN const pkcs11h_token_id_list_t token_id_list ) { pkcs11h_token_id_list_t _id = token_id_list; _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); /*_PKCS11H_ASSERT (token_id_list!=NULL); NOT NEEDED*/ _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_token_freeTokenIdList entry token_id_list=%p", (void *)token_id_list ); while (_id != NULL) { pkcs11h_token_id_list_t x = _id; _id = _id->next; if (x->token_id != NULL) { pkcs11h_token_freeTokenId (x->token_id); } x->next = NULL; _pkcs11h_mem_free ((void *)&x); } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_token_freeTokenIdList return" ); return CKR_OK; } CK_RV pkcs11h_token_enumTokenIds ( IN const unsigned method, OUT pkcs11h_token_id_list_t * const p_token_id_list ) { #if defined(ENABLE_PKCS11H_THREADING) PKCS11H_BOOL mutex_locked = FALSE; #endif pkcs11h_token_id_list_t token_id_list = NULL; _pkcs11h_provider_t current_provider; CK_RV rv = CKR_FUNCTION_FAILED; _PKCS11H_ASSERT (_g_pkcs11h_data!=NULL); _PKCS11H_ASSERT (_g_pkcs11h_data->initialized); _PKCS11H_ASSERT (p_token_id_list!=NULL); _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_token_enumTokenIds entry method=%u, p_token_id_list=%p", method, (void *)p_token_id_list ); *p_token_id_list = NULL; #if defined(ENABLE_PKCS11H_THREADING) if ((rv = _pkcs11h_threading_mutexLock (&_g_pkcs11h_data->mutexes.global)) != CKR_OK) { goto cleanup; } mutex_locked = TRUE; #endif for ( current_provider = _g_pkcs11h_data->providers; current_provider != NULL; current_provider = current_provider->next ) { CK_SLOT_ID_PTR slots = NULL; CK_ULONG slotnum; CK_SLOT_ID slot_index; /* * Skip disabled providers */ if (!current_provider->enabled) { continue; } if ( (rv = _pkcs11h_session_getSlotList ( current_provider, CK_TRUE, &slots, &slotnum )) != CKR_OK ) { _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG1, "PKCS#11: Cannot get slot list for provider '%s' rv=%lu-'%s'", current_provider->manufacturerID, rv, pkcs11h_getMessage (rv) ); goto retry1; } for ( slot_index=0; slot_index < slotnum; slot_index++ ) { pkcs11h_token_id_list_t entry = NULL; CK_TOKEN_INFO info; if ( (rv = _pkcs11h_mem_malloc ( (void *)&entry, sizeof (struct pkcs11h_token_id_list_s) )) != CKR_OK || (rv = current_provider->f->C_GetTokenInfo ( slots[slot_index], &info )) != CKR_OK || (rv = _pkcs11h_token_getTokenId ( &info, &entry->token_id )) ) { goto retry11; } entry->next = token_id_list; token_id_list = entry; entry = NULL; rv = CKR_OK; retry11: if (entry != NULL) { pkcs11h_token_freeTokenIdList (entry); entry = NULL; } } retry1: if (slots != NULL) { _pkcs11h_mem_free ((void *)&slots); slots = NULL; } } if (method == PKCS11H_ENUM_METHOD_CACHE) { _pkcs11h_session_t session = NULL; for ( session = _g_pkcs11h_data->sessions; session != NULL; session = session->next ) { pkcs11h_token_id_list_t entry = NULL; PKCS11H_BOOL found = FALSE; for ( entry = token_id_list; entry != NULL && !found; entry = entry->next ) { if ( pkcs11h_token_sameTokenId ( session->token_id, entry->token_id ) ) { found = TRUE; } } if (!found) { entry = NULL; if ( (rv = _pkcs11h_mem_malloc ( (void *)&entry, sizeof (struct pkcs11h_token_id_list_s) )) != CKR_OK || (rv = pkcs11h_token_duplicateTokenId ( &entry->token_id, session->token_id )) != CKR_OK ) { goto retry12; } entry->next = token_id_list; token_id_list = entry; entry = NULL; retry12: if (entry != NULL) { if (entry->token_id != NULL) { pkcs11h_token_freeTokenId (entry->token_id); } _pkcs11h_mem_free ((void *)&entry); } } } } *p_token_id_list = token_id_list; token_id_list = NULL; rv = CKR_OK; cleanup: if (token_id_list != NULL) { pkcs11h_token_freeTokenIdList (token_id_list); token_id_list = NULL; } #if defined(ENABLE_PKCS11H_THREADING) if (mutex_locked) { rv = _pkcs11h_threading_mutexRelease (&_g_pkcs11h_data->mutexes.global); mutex_locked = FALSE; } #endif _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_token_enumTokenIds return rv=%lu-'%s', *p_token_id_list=%p", rv, pkcs11h_getMessage (rv), (void *)p_token_id_list ); return rv; } #endif /* ENABLE_PKCS11H_TOKEN */ pkcs11-helper-pkcs11-helper-1.22/lib/pkcs11h-util.c000066400000000000000000000147721304770615400215530ustar00rootroot00000000000000/* * Copyright (c) 2005-2011 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING.GPL included with this * distribution); if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * BSD License * ============ * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * o Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * o Neither the name of the Alon Bar-Lev nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #include "common.h" #include "_pkcs11h-util.h" void _pkcs11h_util_fixupFixedString ( OUT char * const target, /* MUST BE >= length+1 */ IN const char * const source, IN const size_t length /* FIXED STRING LENGTH */ ) { char *p; _PKCS11H_ASSERT (source!=NULL); _PKCS11H_ASSERT (target!=NULL); p = target+length; memmove (target, source, length); *p = '\0'; p--; while (p >= target && *p == ' ') { *p = '\0'; p--; } } CK_RV _pkcs11h_util_hexToBinary ( OUT unsigned char * const target, IN const char * const source, IN OUT size_t * const p_target_size ) { size_t target_max_size; const char *p; char buf[3] = {'\0', '\0', '\0'}; int i = 0; _PKCS11H_ASSERT (source!=NULL); _PKCS11H_ASSERT (target!=NULL); _PKCS11H_ASSERT (p_target_size!=NULL); target_max_size = *p_target_size; p = source; *p_target_size = 0; while (*p != '\x0' && *p_target_size < target_max_size) { if (isxdigit ((unsigned char)*p)) { buf[i%2] = *p; if ((i%2) == 1) { unsigned v; if (sscanf (buf, "%x", &v) != 1) { v = 0; } target[*p_target_size] = (char)(v & 0xff); (*p_target_size)++; } i++; } p++; } if (*p != '\x0') { return CKR_ATTRIBUTE_VALUE_INVALID; } else { return CKR_OK; } } CK_RV _pkcs11h_util_binaryToHex ( OUT char * const target, IN const size_t target_size, IN const unsigned char * const source, IN const size_t source_size ) { static const char *x = "0123456789ABCDEF"; size_t i; _PKCS11H_ASSERT (target!=NULL); _PKCS11H_ASSERT (source!=NULL); if (target_size < source_size * 2 + 1) { return CKR_ATTRIBUTE_VALUE_INVALID; } for (i=0;i>4]; target[i*2+1] = x[(source[i]&0x0f)>>0]; } target[source_size*2] = '\x0'; return CKR_OK; } CK_RV _pkcs11h_util_escapeString ( IN OUT char * const target, IN const char * const source, IN size_t * const max, IN const char * const invalid_chars ) { static const char *x = "0123456789ABCDEF"; CK_RV rv = CKR_FUNCTION_FAILED; const char *s = source; char *t = target; size_t n = 0; /*_PKCS11H_ASSERT (target!=NULL); Not required*/ _PKCS11H_ASSERT (source!=NULL); _PKCS11H_ASSERT (max!=NULL); while (*s != '\x0') { if (*s == '\\' || strchr (invalid_chars, (unsigned char)*s) || !isgraph (*s)) { if (t != NULL) { if (n+4 > *max) { rv = CKR_ATTRIBUTE_VALUE_INVALID; goto cleanup; } else { t[0] = '\\'; t[1] = 'x'; t[2] = x[(*s&0xf0)>>4]; t[3] = x[(*s&0x0f)>>0]; t+=4; } } n+=4; } else { if (t != NULL) { if (n+1 > *max) { rv = CKR_ATTRIBUTE_VALUE_INVALID; goto cleanup; } else { *t = *s; t++; } } n+=1; } s++; } if (t != NULL) { if (n+1 > *max) { rv = CKR_ATTRIBUTE_VALUE_INVALID; goto cleanup; } else { *t = '\x0'; t++; } } n++; *max = n; rv = CKR_OK; cleanup: return rv; } CK_RV _pkcs11h_util_unescapeString ( IN OUT char * const target, IN const char * const source, IN size_t * const max ) { CK_RV rv = CKR_FUNCTION_FAILED; const char *s = source; char *t = target; size_t n = 0; /*_PKCS11H_ASSERT (target!=NULL); Not required*/ _PKCS11H_ASSERT (source!=NULL); _PKCS11H_ASSERT (max!=NULL); while (*s != '\x0') { if (*s == '\\') { if (t != NULL) { if (n+1 > *max) { rv = CKR_ATTRIBUTE_VALUE_INVALID; goto cleanup; } else { char b[3]; unsigned u; b[0] = s[2]; b[1] = s[3]; b[2] = '\x0'; sscanf (b, "%08x", &u); *t = (char)(u & 0xff); t++; } } s+=4; } else { if (t != NULL) { if (n+1 > *max) { rv = CKR_ATTRIBUTE_VALUE_INVALID; goto cleanup; } else { *t = *s; t++; } } s++; } n+=1; } if (t != NULL) { if (n+1 > *max) { rv = CKR_ATTRIBUTE_VALUE_INVALID; goto cleanup; } else { *t = '\x0'; t++; } } n++; *max = n; rv = CKR_OK; cleanup: return rv; } pkcs11-helper-pkcs11-helper-1.22/lib/slotevent.exports000066400000000000000000000000311304770615400226120ustar00rootroot00000000000000pkcs11h_setSlotEventHook pkcs11-helper-pkcs11-helper-1.22/lib/token.exports000066400000000000000000000004201304770615400217110ustar00rootroot00000000000000pkcs11h_token_deserializeTokenId pkcs11h_token_duplicateTokenId pkcs11h_token_ensureAccess pkcs11h_token_enumTokenIds pkcs11h_token_freeTokenId pkcs11h_token_freeTokenIdList pkcs11h_token_login pkcs11h_token_logout pkcs11h_token_sameTokenId pkcs11h_token_serializeTokenId pkcs11-helper-pkcs11-helper-1.22/lib/versioninfo.rc.in000066400000000000000000000023751304770615400224520ustar00rootroot00000000000000#include VS_VERSION_INFO VERSIONINFO FILEVERSION @LIBPKCS11_HELPER_LT_CURRENT@,@LIBPKCS11_HELPER_LT_AGE@,@LIBPKCS11_HELPER_LT_REVISION@,0 PRODUCTVERSION @PKCS11H_VERSION_MAJOR@,@PKCS11H_VERSION_MINOR@,@PKCS11H_VERSION_FIX@,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x21L #else FILEFLAGS 0x20L #endif FILEOS 0x40004L FILETYPE 0x1L FILESUBTYPE 0x0L BEGIN BLOCK "StringFileInfo" BEGIN BLOCK "040904b0" BEGIN VALUE "Comments", "Provided under the terms of the GNU General Public License (GPLv2.1+), or BSD.\0" VALUE "CompanyName", "OpenSC Project\0" VALUE "FileDescription", "@PACKAGE_NAME@ - An easy way to access PKCS#11 modules\0" VALUE "FileVersion", "@LIBPKCS11_HELPER_LT_CURRENT@.@LIBPKCS11_HELPER_LT_AGE@.@LIBPKCS11_HELPER_LT_REVISION@.0\0" VALUE "InternalName", "@PACKAGE_NAME@\0" VALUE "LegalCopyright", "Copyright 2006-2008 Alon Bar-Lev \0" VALUE "LegalTrademarks", "\0" VALUE "OriginalFilename", "@PACKAGE_NAME@-@LIBPKCS11_HELPER_LT_CURRENT@.dll\0" VALUE "PrivateBuild", "\0" VALUE "ProductName", "@PACKAGE_NAME@\0" VALUE "ProductVersion", "@PKCS11H_VERSION_MAJOR@,@PKCS11H_VERSION_MINOR@,@PKCS11H_VERSION_FIX@,0\0" VALUE "SpecialBuild", "@PKCS11H_FEATURES@\0" END END END pkcs11-helper-pkcs11-helper-1.22/m4/000077500000000000000000000000001304770615400167215ustar00rootroot00000000000000pkcs11-helper-pkcs11-helper-1.22/m4/size_t.m4000066400000000000000000000010371304770615400204610ustar00rootroot00000000000000dnl @synopsis AX_SIZE_T_PRINTF dnl dnl Test if %zx is supported by printf. dnl dnl @version dnl @author AC_DEFUN([AX_SIZE_T_PRINTF], [dnl AC_TYPE_SIZE_T dnl AC_CHECK_SIZEOF([size_t])dnl AC_MSG_CHECKING([size_t printf format]) if test ${ac_cv_sizeof_size_t} = 4; then ax_cv_printf_z_format="%08x" else ax_cv_printf_z_format="%016lx" fi AC_MSG_RESULT([${ax_cv_printf_z_format}])dnl AC_DEFINE_UNQUOTED( [PRINTF_Z_FORMAT],dnl ["${ax_cv_printf_z_format}"],dnl [Define printf format for size_t]dnl )dnl ]) pkcs11-helper-pkcs11-helper-1.22/m4/vararg.m4000066400000000000000000000031401304770615400204430ustar00rootroot00000000000000dnl @synopsis AX_CPP_VARARG_MACRO_GCC dnl dnl Test if the preprocessor understands GNU GCC-style vararg macros. dnl If it does, defines HAVE_CPP_VARARG_MACRO_GCC to 1. dnl dnl @version dnl @author James Yonan , Matthias Andree AC_DEFUN([AX_CPP_VARARG_MACRO_GCC], [dnl AS_VAR_PUSHDEF([VAR],[ax_cv_cpp_vararg_macro_gcc])dnl AC_CACHE_CHECK([for GNU GCC vararg macro support], VAR, [dnl AC_COMPILE_IFELSE([AC_LANG_SOURCE( , [[#define macro(a, b...) func(a, b) int func(int a, int b, int c); int test() { return macro(1, 2, 3); } ]])], [ VAR=yes ], [VAR=no])]) if test $VAR = yes ; then AC_DEFINE([HAVE_CPP_VARARG_MACRO_GCC], 1, [Define to 1 if your compiler supports GNU GCC-style variadic macros]) fi AS_VAR_POPDEF([VAR])dnl ]) dnl @synopsis AX_CPP_VARARG_MACRO_ISO dnl dnl Test if the preprocessor understands ISO C 1999 vararg macros. dnl If it does, defines HAVE_CPP_VARARG_MACRO_ISO to 1. dnl dnl @version dnl @author James Yonan , Matthias Andree AC_DEFUN([AX_CPP_VARARG_MACRO_ISO], [dnl AS_VAR_PUSHDEF([VAR],[ax_cv_cpp_vararg_macro_iso])dnl AC_CACHE_CHECK([for ISO C 1999 vararg macro support], VAR, [dnl AC_COMPILE_IFELSE([AC_LANG_SOURCE( , [[ #define macro(a, ...) func(a, __VA_ARGS__) int func(int a, int b, int c); int test() { return macro(1, 2, 3); } ]])], [ VAR=yes ], [VAR=no])]) if test $VAR = yes ; then AC_DEFINE([HAVE_CPP_VARARG_MACRO_ISO], 1, [Define to 1 if your compiler supports ISO C99 variadic macros]) fi AS_VAR_POPDEF([VAR])dnl ]) pkcs11-helper-pkcs11-helper-1.22/m4dir/000077500000000000000000000000001304770615400174205ustar00rootroot00000000000000pkcs11-helper-pkcs11-helper-1.22/m4dir/Makefile.am000066400000000000000000000052071304770615400214600ustar00rootroot00000000000000# # Copyright (c) 2005-2011 Alon Bar-Lev # All rights reserved. # # This software is available to you under a choice of one of two # licenses. You may choose to be licensed under the terms of the GNU # General Public License (GPL) Version 2, or the BSD license. # # GNU General Public License (GPL) Version 2 # =========================================== # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program (see the file COPYING.GPL included with this # distribution); if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # # BSD License # ============ # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: # # o Redistributions of source code must retain the above copyright notice, # this list of conditions and the following disclaimer. # o Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # o Neither the name of the Alon Bar-Lev nor the names of its # contributors may be used to endorse or promote products derived from # this software without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # MAINTAINERCLEANFILES=$(srcdir)/Makefile.in dist_m4_DATA=pkcs11-helper-1.m4 pkcs11-helper-pkcs11-helper-1.22/m4dir/pkcs11-helper-1.m4000066400000000000000000000065411304770615400224050ustar00rootroot00000000000000# pkcs11-helper-1.m4 - Macros to locate and utilise pkcs11-helper. -*- Autoconf -*- # # Copyright (c) 2005-2011 Alon Bar-Lev # All rights reserved. # # This software is available to you under a choice of one of two # licenses. You may choose to be licensed under the terms of the GNU # General Public License (GPL) Version 2, or the BSD license. # # GNU General Public License (GPL) Version 2 # =========================================== # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program (see the file COPYING.GPL included with this # distribution); if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # # BSD License # ============ # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: # # o Redistributions of source code must retain the above copyright notice, # this list of conditions and the following disclaimer. # o Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # o Neither the name of the Alon Bar-Lev nor the names of its # contributors may be used to endorse or promote products derived from # this software without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # # PKCS11_HELPER_CHECK_FEATURES([features]) # # Check whether features exists in pkcs11-helper. # # debug threading token data certificate locate slotevent openssl standalone engine_crypto # AC_DEFUN([PKCS11_HELPER_1_CHECK_FEATURES], [ AC_REQUIRE([PKG_PROG_PKG_CONFIG]) AC_ARG_VAR([PKCS11_HELPER_FEATURES], [pkcs11-helperer feartures overriding pkg-config]) AC_MSG_CHECKING([pkcs11-helper features]) _PKG_CONFIG([PKCS11_HELPER_FEATURES], [variable features], [libpkcs11-helper-1]) for pkcs11h_feature in $1; do echo " ${pkg_cv_PKCS11_HELPER_FEATURES} " | grep " ${pkcs11h_feature} " > /dev/null 2>&1 || \ AC_MSG_ERROR([pkcs11-helper ${pkcs11h_feature} feature must be enabled.]) done AC_MSG_RESULT([ok]) ]) pkcs11-helper-pkcs11-helper-1.22/man/000077500000000000000000000000001304770615400171545ustar00rootroot00000000000000pkcs11-helper-pkcs11-helper-1.22/man/Makefile.am000066400000000000000000000055151304770615400212160ustar00rootroot00000000000000# # Copyright (c) 2005-2011 Alon Bar-Lev # All rights reserved. # # This software is available to you under a choice of one of two # licenses. You may choose to be licensed under the terms of the GNU # General Public License (GPL) Version 2, or the BSD license. # # GNU General Public License (GPL) Version 2 # =========================================== # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program (see the file COPYING.GPL included with this # distribution); if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # # BSD License # ============ # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: # # o Redistributions of source code must retain the above copyright notice, # this list of conditions and the following disclaimer. # o Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # o Neither the name of the Alon Bar-Lev nor the names of its # contributors may be used to endorse or promote products derived from # this software without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # MAINTAINERCLEANFILES=$(srcdir)/Makefile.in CLEANFILES=pkcs11-helper-1.8.html if WIN32 nodist_html_DATA=pkcs11-helper-1.8.html dist_noinst_DATA=pkcs11-helper-1.8 pkcs11-helper-1.8.html: pkcs11-helper-1.8 $(MAN2HTML) < "$^" > "$@" else dist_man_MANS=pkcs11-helper-1.8 endif pkcs11-helper-pkcs11-helper-1.22/man/pkcs11-helper-1.8000066400000000000000000000070421304770615400217650ustar00rootroot00000000000000.\" .\" Copyright (c) 2005-2007 Alon Bar-Lev .\" All rights reserved. .\" .\" This software is available to you under a choice of one of two .\" licenses. You may choose to be licensed under the terms of the GNU .\" General Public License (GPL) Version 2, or the BSD license. .\" .\" GNU General Public License (GPL) Version 2 .\" =========================================== .\" This program is free software; you can redistribute it and/or modify .\" it under the terms of the GNU General Public License version 2 .\" as published by the Free Software Foundation. .\" .\" This program is distributed in the hope that it will be useful, .\" but WITHOUT ANY WARRANTY; without even the implied warranty of .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the .\" GNU General Public License for more details. .\" .\" You should have received a copy of the GNU General Public License .\" along with this program (see the file COPYING.GPL included with this .\" distribution); if not, write to the Free Software Foundation, Inc., .\" 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. .\" .\" BSD License .\" ============ .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions are met: .\" .\" o Redistributions of source code must retain the above copyright notice, .\" this list of conditions and the following disclaimer. .\" o Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" o Neither the name of the Alon Bar-Lev nor the names of its .\" contributors may be used to endorse or promote products derived from .\" this software without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" .\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE .\" LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" .Dd November 18, 2006 .Os POSIX-compatible .Dt pkcs11-helper 1 .Sh NAME .Nm pkcs11-helper .Nd Simplified PKCS#11 library. .Sh DESCRIPTION .Nm pkcs11-helper is a simplified API for accessing PKCS#11 tokens for user applications. .Sh SEE ALSO .Rs .%T "pkcs11-helper Home Page" .%O http://www.opensc-project.org/pkcs11-helper .Re .Sh AUTHORS AND COPYRIGHT Copyright (c) 2006 Alon Bar-Lev .Pp All rights reserved. .Pp THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. pkcs11-helper-pkcs11-helper-1.22/tests/000077500000000000000000000000001304770615400175435ustar00rootroot00000000000000pkcs11-helper-pkcs11-helper-1.22/tests/Makefile.am000066400000000000000000000053471304770615400216100ustar00rootroot00000000000000# # Copyright (c) 2005-2011 Alon Bar-Lev # All rights reserved. # # This software is available to you under a choice of one of two # licenses. You may choose to be licensed under the terms of the GNU # General Public License (GPL) Version 2, or the BSD license. # # GNU General Public License (GPL) Version 2 # =========================================== # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program (see the file COPYING.GPL included with this # distribution); if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # # BSD License # ============ # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: # # o Redistributions of source code must retain the above copyright notice, # this list of conditions and the following disclaimer. # o Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # o Neither the name of the Alon Bar-Lev nor the names of its # contributors may be used to endorse or promote products derived from # this software without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # MAINTAINERCLEANFILES=$(srcdir)/Makefile.in COMMON= \ test-basic \ test-certificate \ test-slotevent if ENABLE_TESTS SUBDIRS = $(COMMON) endif DIST_SUBDIRS = $(COMMON) pkcs11-helper-pkcs11-helper-1.22/tests/test-basic/000077500000000000000000000000001304770615400216015ustar00rootroot00000000000000pkcs11-helper-pkcs11-helper-1.22/tests/test-basic/Makefile.am000066400000000000000000000054541304770615400236450ustar00rootroot00000000000000# # Copyright (c) 2005-2011 Alon Bar-Lev # All rights reserved. # # This software is available to you under a choice of one of two # licenses. You may choose to be licensed under the terms of the GNU # General Public License (GPL) Version 2, or the BSD license. # # GNU General Public License (GPL) Version 2 # =========================================== # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program (see the file COPYING.GPL included with this # distribution); if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # # BSD License # ============ # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: # # o Redistributions of source code must retain the above copyright notice, # this list of conditions and the following disclaimer. # o Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # o Neither the name of the Alon Bar-Lev nor the names of its # contributors may be used to endorse or promote products derived from # this software without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # MAINTAINERCLEANFILES=$(srcdir)/Makefile.in TESTS=test-basic noinst_PROGRAMS=test-basic AM_CPPFLAGS= \ -I$(top_srcdir)/include \ -I$(top_builddir)/include LDADD= \ $(top_builddir)/lib/libpkcs11-helper.la test_basic_SOURCES=test-basic.c pkcs11-helper-pkcs11-helper-1.22/tests/test-basic/test-basic.c000066400000000000000000000025471304770615400240130ustar00rootroot00000000000000#include #include #include "../../config.h" #include static void fatal (const char * const m, CK_RV rv) { fprintf (stderr, "%s - %08lu - %s\n", m, rv, pkcs11h_getMessage (rv)); exit (1); } static void _pkcs11h_hooks_log ( IN void * const global_data, IN unsigned flags, IN const char * const format, IN va_list args ) { vfprintf (stdout, format, args); fprintf (stdout, "\n"); fflush (stdout); } int main () { CK_RV rv; printf ("Version: %08x\n", pkcs11h_getVersion ()); printf ("Features: %08x\n", pkcs11h_getFeatures ()); printf ("Initializing pkcs11-helper\n"); if ((rv = pkcs11h_initialize ()) != CKR_OK) { fatal ("pkcs11h_initialize failed", rv); } printf ("Registering pkcs11-helper hooks\n"); if ((rv = pkcs11h_setLogHook (_pkcs11h_hooks_log, NULL)) != CKR_OK) { fatal ("pkcs11h_setLogHook failed", rv); } pkcs11h_setLogLevel (TEST_LOG_LEVEL); printf ("Adding provider '%s'\n", TEST_PROVIDER); if ( (rv = pkcs11h_addProvider ( TEST_PROVIDER, TEST_PROVIDER, FALSE, PKCS11H_PRIVATEMODE_MASK_AUTO, PKCS11H_SLOTEVENT_METHOD_AUTO, 0, FALSE )) != CKR_OK ) { fatal ("pkcs11h_addProvider failed", rv); } printf ("Terminating pkcs11-helper\n"); if ((rv = pkcs11h_terminate ()) != CKR_OK) { fatal ("pkcs11h_terminate failed", rv); } exit (0); return 0; } pkcs11-helper-pkcs11-helper-1.22/tests/test-certificate/000077500000000000000000000000001304770615400230025ustar00rootroot00000000000000pkcs11-helper-pkcs11-helper-1.22/tests/test-certificate/Makefile.am000066400000000000000000000055041304770615400250420ustar00rootroot00000000000000# # Copyright (c) 2005-2011 Alon Bar-Lev # All rights reserved. # # This software is available to you under a choice of one of two # licenses. You may choose to be licensed under the terms of the GNU # General Public License (GPL) Version 2, or the BSD license. # # GNU General Public License (GPL) Version 2 # =========================================== # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program (see the file COPYING.GPL included with this # distribution); if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # # BSD License # ============ # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: # # o Redistributions of source code must retain the above copyright notice, # this list of conditions and the following disclaimer. # o Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # o Neither the name of the Alon Bar-Lev nor the names of its # contributors may be used to endorse or promote products derived from # this software without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # MAINTAINERCLEANFILES=$(srcdir)/Makefile.in TESTS=test-certificate noinst_PROGRAMS=test-certificate AM_CPPFLAGS= \ -I$(top_srcdir)/include \ -I$(top_builddir)/include LDADD= \ $(top_builddir)/lib/libpkcs11-helper.la test_certificate_SOURCES=test-certificate.c pkcs11-helper-pkcs11-helper-1.22/tests/test-certificate/test-certificate.c000066400000000000000000000170511304770615400264110ustar00rootroot00000000000000#include "../../config.h" #include #include #include #if defined(_WIN32) #include #else #include #endif #if !(defined(ENABLE_PKCS11H_CERTIFICATE) && (defined(ENABLE_PKCS11H_ENGINE_OPENSSL) || defined (ENABLE_PKCS11H_ENGINE_GNUTLS) || defined(ENABLE_PKCS11H_ENGINE_WIN32))) int main () { printf ("!win32, certificate, enum and crypto engine interfaces should be enabled for this test"); exit (0); return 0; } #else #include #include static void fatal (const char * const m, CK_RV rv) { fprintf (stderr, "%s - %lu - %s\n", m, rv, pkcs11h_getMessage (rv)); exit (1); } static void mypause (const char * const m) { char temp[10]; fprintf (stdout, "%s", m); fflush (stdout); fgets (temp, sizeof (temp), stdin); } static void _pkcs11h_hooks_log ( IN void * const global_data, IN unsigned flags, IN const char * const format, IN va_list args ) { vfprintf (stdout, format, args); fprintf (stdout, "\n"); fflush (stdout); } static PKCS11H_BOOL _pkcs11h_hooks_token_prompt ( IN void * const global_data, IN void * const user_data, IN const pkcs11h_token_id_t token, IN const unsigned retry ) { char buf[1024]; PKCS11H_BOOL fValidInput = FALSE; PKCS11H_BOOL fRet = FALSE; while (!fValidInput) { fprintf (stderr, "Please insert token '%s' 'ok' or 'cancel': ", token->display); fgets (buf, sizeof (buf), stdin); buf[sizeof (buf)-1] = '\0'; fflush (stdin); if (buf[strlen (buf)-1] == '\n') { buf[strlen (buf)-1] = '\0'; } if (buf[strlen (buf)-1] == '\r') { buf[strlen (buf)-1] = '\0'; } if (!strcmp (buf, "ok")) { fValidInput = TRUE; fRet = TRUE; } else if (!strcmp (buf, "cancel")) { fValidInput = TRUE; } } return fRet; } static PKCS11H_BOOL _pkcs11h_hooks_pin_prompt ( IN void * const global_data, IN void * const user_data, IN const pkcs11h_token_id_t token, IN const unsigned retry, OUT char * const pin, IN const size_t pin_max ) { char prompt[1024]; char *p = NULL; snprintf (prompt, sizeof (prompt), "Please enter '%s' PIN or 'cancel': ", token->display); #if defined(_WIN32) { size_t i = 0; char c; while (i < pin_max && (c = getch ()) != '\r') { pin[i++] = c; } } fprintf (stderr, "\n"); #else p = getpass (prompt); #endif strncpy (pin, p, pin_max); pin[pin_max-1] = '\0'; return strcmp (pin, "cancel") != 0; } void sign_test (const pkcs11h_certificate_t cert) { static unsigned const char sha1_data[] = { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, /* 1.3.14.3.2.26 */ 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, /* dummy data */ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14 }; CK_RV rv; unsigned char *blob; size_t blob_size; if ( (rv = pkcs11h_certificate_signAny ( cert, CKM_RSA_PKCS, sha1_data, sizeof (sha1_data), NULL, &blob_size )) != CKR_OK ) { fatal ("pkcs11h_certificate_sign(1) failed", rv); } blob = (unsigned char *)malloc (blob_size); if ( (rv = pkcs11h_certificate_signAny ( cert, CKM_RSA_PKCS, sha1_data, sizeof (sha1_data), blob, &blob_size )) != CKR_OK ) { fatal ("pkcs11h_certificate_sign(1) failed", rv); } free (blob); } int main () { pkcs11h_certificate_id_list_t issuers, certs, temp; pkcs11h_certificate_t cert; CK_RV rv; printf ("Initializing pkcs11-helper\n"); if ((rv = pkcs11h_initialize ()) != CKR_OK) { fatal ("pkcs11h_initialize failed", rv); } printf ("Registering pkcs11-helper hooks\n"); if ((rv = pkcs11h_setLogHook (_pkcs11h_hooks_log, NULL)) != CKR_OK) { fatal ("pkcs11h_setLogHook failed", rv); } pkcs11h_setLogLevel (TEST_LOG_LEVEL); if ((rv = pkcs11h_setTokenPromptHook (_pkcs11h_hooks_token_prompt, NULL)) != CKR_OK) { fatal ("pkcs11h_setTokenPromptHook failed", rv); } if ((rv = pkcs11h_setPINPromptHook (_pkcs11h_hooks_pin_prompt, NULL)) != CKR_OK) { fatal ("pkcs11h_setPINPromptHook failed", rv); } printf ("Adding provider '%s'\n", TEST_PROVIDER); if ( (rv = pkcs11h_addProvider ( TEST_PROVIDER, TEST_PROVIDER, FALSE, PKCS11H_PRIVATEMODE_MASK_AUTO, PKCS11H_SLOTEVENT_METHOD_AUTO, 0, FALSE )) != CKR_OK ) { fatal ("pkcs11h_addProvider failed", rv); } mypause ("Please remove all tokens, press : "); printf ("Enumerating token certificate (list should be empty, no prompt)\n"); if ( (rv = pkcs11h_certificate_enumCertificateIds ( PKCS11H_ENUM_METHOD_CACHE, NULL, PKCS11H_PROMPT_MASK_ALLOW_ALL, &issuers, &certs )) != CKR_OK ) { fatal ("pkcs11h_certificate_enumCertificateIds failed", rv); } if (issuers != NULL || certs != NULL) { fatal ("No certificates should be found", rv); } mypause ("Please insert token, press : "); printf ("Getting certificate cache, should be available certificates\n"); if ( (rv = pkcs11h_certificate_enumCertificateIds ( PKCS11H_ENUM_METHOD_CACHE, NULL, PKCS11H_PROMPT_MASK_ALLOW_ALL, &issuers, &certs )) != CKR_OK ) { fatal ("pkcs11h_certificate_enumCertificateIds failed", rv); } for (temp = issuers;temp != NULL;temp = temp->next) { printf ("Issuer: %s\n", temp->certificate_id->displayName); } for (temp = certs;temp != NULL;temp = temp->next) { printf ("Certificate: %s\n", temp->certificate_id->displayName); } if (certs == NULL) { fatal ("No certificates found", rv); } pkcs11h_certificate_freeCertificateIdList (issuers); pkcs11h_certificate_freeCertificateIdList (certs); mypause ("Please remove token, press : "); printf ("Getting certificate cache, should be similar to last\n"); if ( (rv = pkcs11h_certificate_enumCertificateIds ( PKCS11H_ENUM_METHOD_CACHE, NULL, PKCS11H_PROMPT_MASK_ALLOW_ALL, &issuers, &certs )) != CKR_OK ) { fatal ("pkcs11h_certificate_enumCertificateIds failed", rv); } for (temp = issuers;temp != NULL;temp = temp->next) { printf ("Issuer: %s\n", temp->certificate_id->displayName); } for (temp = certs;temp != NULL;temp = temp->next) { printf ("Certificate: %s\n", temp->certificate_id->displayName); } if (certs == NULL) { fatal ("No certificates found", rv); } printf ("Creating certificate context\n"); if ( (rv = pkcs11h_certificate_create ( certs->certificate_id, NULL, PKCS11H_PROMPT_MASK_ALLOW_ALL, PKCS11H_PIN_CACHE_INFINITE, &cert )) != CKR_OK ) { fatal ("pkcs11h_certificate_create failed", rv); } printf ("Perforing signature #1 (you should be prompt for token and PIN)\n"); sign_test (cert); printf ("Perforing signature #2 (you should NOT be prompt for anything)\n"); sign_test (cert); mypause ("Please remove and insert token, press : "); printf ("Perforing signature #3 (you should be prompt only for PIN)\n"); sign_test (cert); printf ("Perforing signature #4 (you should NOT be prompt for anything)\n"); if ((rv = pkcs11h_certificate_freeCertificate (cert)) != CKR_OK) { fatal ("pkcs11h_certificate_free failed", rv); } if ( (rv = pkcs11h_certificate_create ( certs->certificate_id, NULL, PKCS11H_PROMPT_MASK_ALLOW_ALL, PKCS11H_PIN_CACHE_INFINITE, &cert )) != CKR_OK ) { fatal ("pkcs11h_certificate_create failed", rv); } sign_test (cert); printf ("Terminating pkcs11-helper\n"); if ((rv = pkcs11h_certificate_freeCertificate (cert)) != CKR_OK) { fatal ("pkcs11h_certificate_free failed", rv); } pkcs11h_certificate_freeCertificateIdList (issuers); pkcs11h_certificate_freeCertificateIdList (certs); if ((rv = pkcs11h_terminate ()) != CKR_OK) { fatal ("pkcs11h_terminate failed", rv); } exit (0); return 0; } #endif pkcs11-helper-pkcs11-helper-1.22/tests/test-slotevent/000077500000000000000000000000001304770615400225435ustar00rootroot00000000000000pkcs11-helper-pkcs11-helper-1.22/tests/test-slotevent/Makefile.am000066400000000000000000000054741304770615400246110ustar00rootroot00000000000000# # Copyright (c) 2005-2011 Alon Bar-Lev # All rights reserved. # # This software is available to you under a choice of one of two # licenses. You may choose to be licensed under the terms of the GNU # General Public License (GPL) Version 2, or the BSD license. # # GNU General Public License (GPL) Version 2 # =========================================== # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program (see the file COPYING.GPL included with this # distribution); if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # # BSD License # ============ # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: # # o Redistributions of source code must retain the above copyright notice, # this list of conditions and the following disclaimer. # o Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # o Neither the name of the Alon Bar-Lev nor the names of its # contributors may be used to endorse or promote products derived from # this software without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # MAINTAINERCLEANFILES=$(srcdir)/Makefile.in TESTS=test-slotevent noinst_PROGRAMS=test-slotevent AM_CPPFLAGS= \ -I$(top_srcdir)/include \ -I$(top_builddir)/include LDADD= \ $(top_builddir)/lib/libpkcs11-helper.la test_slotevent_SOURCES=test-slotevent.c pkcs11-helper-pkcs11-helper-1.22/tests/test-slotevent/test-slotevent.c000066400000000000000000000072241304770615400257140ustar00rootroot00000000000000#include "../../config.h" #include #include #include #if !defined(ENABLE_PKCS11H_SLOTEVENT) int main () { printf ("!win32, certificate, enum and crypto engine interfaces should be enabled for this test"); exit (0); return 0; } #else #if defined(_WIN32) #include #else #include #endif #include static void fatal (const char * const m, CK_RV rv) { fprintf (stderr, "%s - %08lu - %s\n", m, rv, pkcs11h_getMessage (rv)); exit (1); } static void mypause (const char * const m) { char temp[10]; fprintf (stdout, "%s", m); fflush (stdout); fgets (temp, sizeof (temp), stdin); } static void _pkcs11h_hooks_log ( IN void * const global_data, IN unsigned flags, IN const char * const format, IN va_list args ) { vfprintf (stdout, format, args); fprintf (stdout, "\n"); fflush (stdout); } static void _pkcs11h_hooks_slotevent ( IN void * const global_data ) { printf ("slotevent\n"); } int main () { CK_RV rv; printf ("Initializing pkcs11-helper\n"); if ((rv = pkcs11h_initialize ()) != CKR_OK) { fatal ("pkcs11h_initialize failed", rv); } printf ("Registering pkcs11-helper hooks\n"); if ((rv = pkcs11h_setLogHook (_pkcs11h_hooks_log, NULL)) != CKR_OK) { fatal ("pkcs11h_setLogHook failed", rv); } pkcs11h_setLogLevel (TEST_LOG_LEVEL); if ((rv = pkcs11h_setSlotEventHook (_pkcs11h_hooks_slotevent, NULL)) != CKR_OK) { fatal ("pkcs11h_setSlotEventHook failed", rv); } printf ("Adding provider '%s' as auto\n", TEST_PROVIDER); if ( (rv = pkcs11h_addProvider ( TEST_PROVIDER, TEST_PROVIDER, FALSE, PKCS11H_PRIVATEMODE_MASK_AUTO, PKCS11H_SLOTEVENT_METHOD_AUTO, 0, FALSE )) != CKR_OK ) { fatal ("pkcs11h_addProvider failed", rv); } printf ("Please remove and insert tokens (pause for 30 seconds)\n"); #if defined(_WIN32) Sleep (30*1024); #else sleep (30); #endif if ((rv = pkcs11h_removeProvider (TEST_PROVIDER)) != CKR_OK) { fatal ("pkcs11h_removeProvider failed", rv); } printf ("Adding provider '%s' as trigger\n", TEST_PROVIDER); if ( (rv = pkcs11h_addProvider ( TEST_PROVIDER, TEST_PROVIDER, FALSE, PKCS11H_PRIVATEMODE_MASK_AUTO, PKCS11H_SLOTEVENT_METHOD_TRIGGER, 0, FALSE )) != CKR_OK ) { fatal ("pkcs11h_addProvider failed", rv); } printf ("Please remove and insert tokens (pause for 30 seconds)\n"); #if defined(_WIN32) Sleep (30*1024); #else sleep (30); #endif if ((rv = pkcs11h_removeProvider (TEST_PROVIDER)) != CKR_OK) { fatal ("pkcs11h_removeProvider failed", rv); } printf ("Adding provider '%s' as poll\n", TEST_PROVIDER); if ( (rv = pkcs11h_addProvider ( TEST_PROVIDER, TEST_PROVIDER, FALSE, PKCS11H_PRIVATEMODE_MASK_AUTO, PKCS11H_SLOTEVENT_METHOD_POLL, 0, FALSE )) != CKR_OK ) { fatal ("pkcs11h_addProvider failed", rv); } printf ("Please remove and insert tokens (pause for 30 seconds)\n"); #if defined(_WIN32) Sleep (30*1024); #else sleep (30); #endif if ((rv = pkcs11h_removeProvider (TEST_PROVIDER)) != CKR_OK) { fatal ("pkcs11h_removeProvider failed", rv); } printf ("Adding provider '%s' as fetch\n", TEST_PROVIDER); if ( (rv = pkcs11h_addProvider ( TEST_PROVIDER, TEST_PROVIDER, FALSE, PKCS11H_PRIVATEMODE_MASK_AUTO, PKCS11H_SLOTEVENT_METHOD_FETCH, 0, FALSE )) != CKR_OK ) { fatal ("pkcs11h_addProvider failed", rv); } printf ("Please remove and insert tokens (pause for 30 seconds)\n"); #if defined(_WIN32) Sleep (30*1024); #else sleep (30); #endif printf ("Terminating pkcs11-helper\n"); if ((rv = pkcs11h_terminate ()) != CKR_OK) { fatal ("pkcs11h_terminate failed", rv); } exit (0); return 0; } #endif