[thirdparty/systemd.git] / src / shared / pkcs11-util.h

/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once

#include <stdbool.h>

#if HAVE_P11KIT
#  include <p11-kit/p11-kit.h>
#  include <p11-kit/uri.h>
#endif

#include "macro.h"
#include "openssl-util.h"
#include "time-util.h"

bool pkcs11_uri_valid(const char *uri);

#if HAVE_P11KIT
int uri_from_string(const char *p, P11KitUri **ret);

P11KitUri *uri_from_module_info(const CK_INFO *info);
P11KitUri *uri_from_slot_info(const CK_SLOT_INFO *slot_info);
P11KitUri *uri_from_token_info(const CK_TOKEN_INFO *token_info);

DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(P11KitUri*, p11_kit_uri_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(CK_FUNCTION_LIST**, p11_kit_modules_finalize_and_release, NULL);

CK_RV pkcs11_get_slot_list_malloc(CK_FUNCTION_LIST *m, CK_SLOT_ID **ret_slotids, CK_ULONG *ret_n_slotids);

char *pkcs11_token_label(const CK_TOKEN_INFO *token_info);
char *pkcs11_token_manufacturer_id(const CK_TOKEN_INFO *token_info);
char *pkcs11_token_model(const CK_TOKEN_INFO *token_info);

int pkcs11_token_login(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_SLOT_ID slotid, const CK_TOKEN_INFO *token_info, const char *friendly_name, const char *icon_name, const char *key_name, const char *credential_name, usec_t until, char **ret_used_pin);

int pkcs11_token_find_x509_certificate(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, P11KitUri *search_uri, CK_OBJECT_HANDLE *ret_object);
#if HAVE_OPENSSL
int pkcs11_token_read_x509_certificate(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, X509 **ret_cert);
#endif

int pkcs11_token_find_private_key(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, P11KitUri *search_uri, CK_OBJECT_HANDLE *ret_object);
int pkcs11_token_decrypt_data(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, const void *encrypted_data, size_t encrypted_data_size, void **ret_decrypted_data, size_t *ret_decrypted_data_size);

int pkcs11_token_acquire_rng(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session);

typedef int (*pkcs11_find_token_callback_t)(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_SLOT_ID slotid, const CK_SLOT_INFO *slot_info, const CK_TOKEN_INFO *token_info, P11KitUri *uri, void *userdata);
int pkcs11_find_token(const char *pkcs11_uri, pkcs11_find_token_callback_t callback, void *userdata);

#if HAVE_OPENSSL
int pkcs11_acquire_certificate(const char *uri, const char *askpw_friendly_name, const char *askpw_icon_name, X509 **ret_cert, char **ret_pin_used);
#endif

#endif

int pkcs11_list_tokens(void);
int pkcs11_find_token_auto(char **ret);
Commit	Line	Data
db9ecf05	1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
839fddbe LP	2	#pragma once
	3
	4	#include <stdbool.h>
	5
	6	#if HAVE_P11KIT
b012a1f4 ZJS	7	# include <p11-kit/p11-kit.h>
b012a1f4 ZJS	8	# include <p11-kit/uri.h>
839fddbe LP	9	#endif
	10
	11	#include "macro.h"
b012a1f4	12	#include "openssl-util.h"
839fddbe LP	13	#include "time-util.h"
	14
	15	bool pkcs11_uri_valid(const char *uri);
	16
	17	#if HAVE_P11KIT
	18	int uri_from_string(const char p, P11KitUri *ret);
	19
	20	P11KitUri uri_from_module_info(const CK_INFO info);
	21	P11KitUri uri_from_slot_info(const CK_SLOT_INFO slot_info);
	22	P11KitUri uri_from_token_info(const CK_TOKEN_INFO token_info);
	23
fd421c4a ZJS	24	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(P11KitUri*, p11_kit_uri_free, NULL);
fd421c4a ZJS	25	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(CK_FUNCTION_LIST**, p11_kit_modules_finalize_and_release, NULL);
839fddbe LP	26
	27	CK_RV pkcs11_get_slot_list_malloc(CK_FUNCTION_LIST m, CK_SLOT_ID ret_slotids, CK_ULONG ret_n_slotids);
	28
	29	char pkcs11_token_label(const CK_TOKEN_INFO token_info);
0eb3be46 LP	30	char pkcs11_token_manufacturer_id(const CK_TOKEN_INFO token_info);
0eb3be46 LP	31	char pkcs11_token_model(const CK_TOKEN_INFO token_info);
839fddbe	32
8806bb4b	33	int pkcs11_token_login(CK_FUNCTION_LIST m, CK_SESSION_HANDLE session, CK_SLOT_ID slotid, const CK_TOKEN_INFO token_info, const char friendly_name, const char icon_name, const char key_name, const char credential_name, usec_t until, char **ret_used_pin);
839fddbe LP	34
	35	int pkcs11_token_find_x509_certificate(CK_FUNCTION_LIST m, CK_SESSION_HANDLE session, P11KitUri search_uri, CK_OBJECT_HANDLE *ret_object);
	36	#if HAVE_OPENSSL
	37	int pkcs11_token_read_x509_certificate(CK_FUNCTION_LIST m, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, X509 *ret_cert);
	38	#endif
	39
	40	int pkcs11_token_find_private_key(CK_FUNCTION_LIST m, CK_SESSION_HANDLE session, P11KitUri search_uri, CK_OBJECT_HANDLE *ret_object);
	41	int pkcs11_token_decrypt_data(CK_FUNCTION_LIST m, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, const void encrypted_data, size_t encrypted_data_size, void *ret_decrypted_data, size_t ret_decrypted_data_size);
	42
	43	int pkcs11_token_acquire_rng(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session);
	44
	45	typedef int (pkcs11_find_token_callback_t)(CK_FUNCTION_LIST m, CK_SESSION_HANDLE session, CK_SLOT_ID slotid, const CK_SLOT_INFO slot_info, const CK_TOKEN_INFO token_info, P11KitUri uri, void userdata);
	46	int pkcs11_find_token(const char pkcs11_uri, pkcs11_find_token_callback_t callback, void userdata);
2289a784 LP	47
	48	#if HAVE_OPENSSL
	49	int pkcs11_acquire_certificate(const char uri, const char askpw_friendly_name, const char askpw_icon_name, X509 ret_cert, char *ret_pin_used);
	50	#endif
	51
839fddbe	52	#endif
f240cbb6 LP	53
	54	int pkcs11_list_tokens(void);
	55	int pkcs11_find_token_auto(char **ret);