[thirdparty/systemd.git] / src / shared / pkcs11-util.h

/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once

#if HAVE_OPENSSL
#  include <openssl/evp.h>
#endif

#if HAVE_P11KIT
#  include <p11-kit/p11-kit.h>  /* IWYU pragma: export */
#  include <p11-kit/uri.h>      /* IWYU pragma: export */
#endif

#include "ask-password-api.h"
#include "dlfcn-util.h"
#include "forward.h"

bool pkcs11_uri_valid(const char *uri);

#if HAVE_P11KIT
extern DLSYM_PROTOTYPE(p11_kit_module_get_name);
extern DLSYM_PROTOTYPE(p11_kit_modules_finalize_and_release);
extern DLSYM_PROTOTYPE(p11_kit_modules_load_and_initialize);
extern DLSYM_PROTOTYPE(p11_kit_strerror);
extern DLSYM_PROTOTYPE(p11_kit_uri_format);
extern DLSYM_PROTOTYPE(p11_kit_uri_free);
extern DLSYM_PROTOTYPE(p11_kit_uri_get_attributes);
extern DLSYM_PROTOTYPE(p11_kit_uri_get_attribute);
extern DLSYM_PROTOTYPE(p11_kit_uri_set_attribute);
extern DLSYM_PROTOTYPE(p11_kit_uri_get_module_info);
extern DLSYM_PROTOTYPE(p11_kit_uri_get_slot_info);
extern DLSYM_PROTOTYPE(p11_kit_uri_get_token_info);
extern DLSYM_PROTOTYPE(p11_kit_uri_match_token_info);
extern DLSYM_PROTOTYPE(p11_kit_uri_message);
extern DLSYM_PROTOTYPE(p11_kit_uri_new);
extern DLSYM_PROTOTYPE(p11_kit_uri_parse);

int uri_from_string(const char *p, P11KitUri **ret);

P11KitUri *uri_from_module_info(const CK_INFO *info);
P11KitUri *uri_from_slot_info(const CK_SLOT_INFO *slot_info);
P11KitUri *uri_from_token_info(const CK_TOKEN_INFO *token_info);

DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(P11KitUri*, sym_p11_kit_uri_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(CK_FUNCTION_LIST**, sym_p11_kit_modules_finalize_and_release, NULL);

CK_RV pkcs11_get_slot_list_malloc(CK_FUNCTION_LIST *m, CK_SLOT_ID **ret_slotids, CK_ULONG *ret_n_slotids);

char* pkcs11_token_label(const CK_TOKEN_INFO *token_info);
char* pkcs11_token_manufacturer_id(const CK_TOKEN_INFO *token_info);
char* pkcs11_token_model(const CK_TOKEN_INFO *token_info);

int pkcs11_token_login_by_pin(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, const CK_TOKEN_INFO *token_info, const char *token_label, const void *pin, size_t pin_size);
int pkcs11_token_login(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_SLOT_ID slotid, const CK_TOKEN_INFO *token_info, const char *friendly_name, const char *icon_name, const char *key_name, const char *credential_name, usec_t until, AskPasswordFlags ask_password_flags, char **ret_used_pin);

int pkcs11_token_find_related_object(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE prototype, CK_OBJECT_CLASS class, CK_OBJECT_HANDLE *ret_object);
#if HAVE_OPENSSL
int pkcs11_token_read_public_key(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, EVP_PKEY **ret_pkey);
int pkcs11_token_read_x509_certificate(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, X509 **ret_cert);
#endif

int pkcs11_token_find_private_key(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, P11KitUri *search_uri, CK_OBJECT_HANDLE *ret_object);
int pkcs11_token_decrypt_data(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, const void *encrypted_data, size_t encrypted_data_size, void **ret_decrypted_data, size_t *ret_decrypted_data_size);

int pkcs11_token_acquire_rng(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session);

typedef int (*pkcs11_find_token_callback_t)(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_SLOT_ID slotid, const CK_SLOT_INFO *slot_info, const CK_TOKEN_INFO *token_info, P11KitUri *uri, void *userdata);
int pkcs11_find_token(const char *pkcs11_uri, pkcs11_find_token_callback_t callback, void *userdata);

#if HAVE_OPENSSL
int pkcs11_acquire_public_key(const char *uri, const char *askpw_friendly_name, const char *askpw_icon, const char *askpw_credential, AskPasswordFlags askpw_flags, EVP_PKEY **ret_pkey, char **ret_pin_used);
#endif

typedef struct {
        const char *friendly_name;
        usec_t until;
        void *encrypted_key;
        size_t encrypted_key_size;
        void *decrypted_key;
        size_t decrypted_key_size;
        bool free_encrypted_key;
        const char *askpw_credential;
        AskPasswordFlags askpw_flags;
} pkcs11_crypt_device_callback_data;

void pkcs11_crypt_device_callback_data_release(pkcs11_crypt_device_callback_data *data);

int pkcs11_crypt_device_callback(
                CK_FUNCTION_LIST *m,
                CK_SESSION_HANDLE session,
                CK_SLOT_ID slot_id,
                const CK_SLOT_INFO *slot_info,
                const CK_TOKEN_INFO *token_info,
                P11KitUri *uri,
                void *userdata);

#endif

int dlopen_p11kit(void);

typedef struct {
        const char *friendly_name;
        usec_t until;
        const char *askpw_credential;
        AskPasswordFlags askpw_flags;
} systemd_pkcs11_plugin_params;

int pkcs11_list_tokens(void);
int pkcs11_find_token_auto(char **ret);
Commit	Line	Data
db9ecf05	1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
839fddbe LP	2	#pragma once
839fddbe LP	3
06b77382	4	#if HAVE_OPENSSL
85686b37	5	# include <openssl/evp.h>
06b77382	6	#endif
839fddbe LP	7
839fddbe LP	8	#if HAVE_P11KIT
69a283c5 DDM	9	# include <p11-kit/p11-kit.h> /* IWYU pragma: export */
69a283c5 DDM	10	# include <p11-kit/uri.h> /* IWYU pragma: export */
839fddbe LP	11	#endif
839fddbe LP	12
a758a128	13	#include "ask-password-api.h"
9dbabd0a	14	#include "dlfcn-util.h"
69a283c5	15	#include "forward.h"
839fddbe LP	16
	17	bool pkcs11_uri_valid(const char *uri);
	18
	19	#if HAVE_P11KIT
5c672e90 ZJS	20	extern DLSYM_PROTOTYPE(p11_kit_module_get_name);
	21	extern DLSYM_PROTOTYPE(p11_kit_modules_finalize_and_release);
	22	extern DLSYM_PROTOTYPE(p11_kit_modules_load_and_initialize);
	23	extern DLSYM_PROTOTYPE(p11_kit_strerror);
	24	extern DLSYM_PROTOTYPE(p11_kit_uri_format);
	25	extern DLSYM_PROTOTYPE(p11_kit_uri_free);
	26	extern DLSYM_PROTOTYPE(p11_kit_uri_get_attributes);
	27	extern DLSYM_PROTOTYPE(p11_kit_uri_get_attribute);
	28	extern DLSYM_PROTOTYPE(p11_kit_uri_set_attribute);
	29	extern DLSYM_PROTOTYPE(p11_kit_uri_get_module_info);
	30	extern DLSYM_PROTOTYPE(p11_kit_uri_get_slot_info);
	31	extern DLSYM_PROTOTYPE(p11_kit_uri_get_token_info);
	32	extern DLSYM_PROTOTYPE(p11_kit_uri_match_token_info);
	33	extern DLSYM_PROTOTYPE(p11_kit_uri_message);
	34	extern DLSYM_PROTOTYPE(p11_kit_uri_new);
	35	extern DLSYM_PROTOTYPE(p11_kit_uri_parse);
da035a3a	36
839fddbe LP	37	int uri_from_string(const char p, P11KitUri *ret);
	38
	39	P11KitUri uri_from_module_info(const CK_INFO info);
	40	P11KitUri uri_from_slot_info(const CK_SLOT_INFO slot_info);
	41	P11KitUri uri_from_token_info(const CK_TOKEN_INFO token_info);
	42
da035a3a LB	43	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(P11KitUri*, sym_p11_kit_uri_free, NULL);
da035a3a LB	44	DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(CK_FUNCTION_LIST**, sym_p11_kit_modules_finalize_and_release, NULL);
839fddbe LP	45
	46	CK_RV pkcs11_get_slot_list_malloc(CK_FUNCTION_LIST m, CK_SLOT_ID ret_slotids, CK_ULONG ret_n_slotids);
	47
ff3f2953 ZJS	48	char* pkcs11_token_label(const CK_TOKEN_INFO *token_info);
	49	char* pkcs11_token_manufacturer_id(const CK_TOKEN_INFO *token_info);
	50	char* pkcs11_token_model(const CK_TOKEN_INFO *token_info);
839fddbe	51
0ff60566	52	int pkcs11_token_login_by_pin(CK_FUNCTION_LIST m, CK_SESSION_HANDLE session, const CK_TOKEN_INFO token_info, const char token_label, const void pin, size_t pin_size);
b2ac9280	53	int pkcs11_token_login(CK_FUNCTION_LIST m, CK_SESSION_HANDLE session, CK_SLOT_ID slotid, const CK_TOKEN_INFO token_info, const char friendly_name, const char icon_name, const char key_name, const char credential_name, usec_t until, AskPasswordFlags ask_password_flags, char **ret_used_pin);
839fddbe	54
06b77382	55	int pkcs11_token_find_related_object(CK_FUNCTION_LIST m, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE prototype, CK_OBJECT_CLASS class, CK_OBJECT_HANDLE ret_object);
839fddbe	56	#if HAVE_OPENSSL
85686b37	57	int pkcs11_token_read_public_key(CK_FUNCTION_LIST m, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, EVP_PKEY *ret_pkey);
839fddbe LP	58	int pkcs11_token_read_x509_certificate(CK_FUNCTION_LIST m, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, X509 *ret_cert);
	59	#endif
	60
	61	int pkcs11_token_find_private_key(CK_FUNCTION_LIST m, CK_SESSION_HANDLE session, P11KitUri search_uri, CK_OBJECT_HANDLE *ret_object);
	62	int pkcs11_token_decrypt_data(CK_FUNCTION_LIST m, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, const void encrypted_data, size_t encrypted_data_size, void *ret_decrypted_data, size_t ret_decrypted_data_size);
	63
	64	int pkcs11_token_acquire_rng(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session);
	65
	66	typedef int (pkcs11_find_token_callback_t)(CK_FUNCTION_LIST m, CK_SESSION_HANDLE session, CK_SLOT_ID slotid, const CK_SLOT_INFO slot_info, const CK_TOKEN_INFO token_info, P11KitUri uri, void userdata);
	67	int pkcs11_find_token(const char pkcs11_uri, pkcs11_find_token_callback_t callback, void userdata);
2289a784 LP	68
2289a784 LP	69	#if HAVE_OPENSSL
b2ac9280	70	int pkcs11_acquire_public_key(const char uri, const char askpw_friendly_name, const char askpw_icon, const char askpw_credential, AskPasswordFlags askpw_flags, EVP_PKEY ret_pkey, char ret_pin_used);
2289a784 LP	71	#endif
2289a784 LP	72
ed3d3af1 OK	73	typedef struct {
	74	const char *friendly_name;
	75	usec_t until;
	76	void *encrypted_key;
	77	size_t encrypted_key_size;
	78	void *decrypted_key;
	79	size_t decrypted_key_size;
	80	bool free_encrypted_key;
a96c284f	81	const char *askpw_credential;
a758a128	82	AskPasswordFlags askpw_flags;
ed3d3af1 OK	83	} pkcs11_crypt_device_callback_data;
	84
	85	void pkcs11_crypt_device_callback_data_release(pkcs11_crypt_device_callback_data *data);
	86
	87	int pkcs11_crypt_device_callback(
	88	CK_FUNCTION_LIST *m,
	89	CK_SESSION_HANDLE session,
	90	CK_SLOT_ID slot_id,
	91	const CK_SLOT_INFO *slot_info,
	92	const CK_TOKEN_INFO *token_info,
	93	P11KitUri *uri,
	94	void *userdata);
	95
839fddbe	96	#endif
f240cbb6	97
69a283c5 DDM	98	int dlopen_p11kit(void);
69a283c5 DDM	99
8186022c OK	100	typedef struct {
	101	const char *friendly_name;
	102	usec_t until;
1c12daa4	103	const char *askpw_credential;
a758a128	104	AskPasswordFlags askpw_flags;
8186022c OK	105	} systemd_pkcs11_plugin_params;
8186022c OK	106
f240cbb6 LP	107	int pkcs11_list_tokens(void);
f240cbb6 LP	108	int pkcs11_find_token_auto(char **ret);