]> git.ipfire.org Git - thirdparty/systemd.git/blame_incremental - src/shared/pkcs11-util.h
networkd-test: stop varlink socket before setting up runtime directories
[thirdparty/systemd.git] / src / shared / pkcs11-util.h
... / ...
CommitLineData
1/* SPDX-License-Identifier: LGPL-2.1-or-later */
2#pragma once
3
4#if HAVE_OPENSSL
5# include <openssl/evp.h>
6#endif
7
8#if HAVE_P11KIT
9# include <p11-kit/p11-kit.h> /* IWYU pragma: export */
10# include <p11-kit/uri.h> /* IWYU pragma: export */
11#endif
12
13#include "ask-password-api.h"
14#include "dlfcn-util.h"
15#include "forward.h"
16
17bool pkcs11_uri_valid(const char *uri);
18
19#if HAVE_P11KIT
20extern DLSYM_PROTOTYPE(p11_kit_module_get_name);
21extern DLSYM_PROTOTYPE(p11_kit_modules_finalize_and_release);
22extern DLSYM_PROTOTYPE(p11_kit_modules_load_and_initialize);
23extern DLSYM_PROTOTYPE(p11_kit_strerror);
24extern DLSYM_PROTOTYPE(p11_kit_uri_format);
25extern DLSYM_PROTOTYPE(p11_kit_uri_free);
26extern DLSYM_PROTOTYPE(p11_kit_uri_get_attributes);
27extern DLSYM_PROTOTYPE(p11_kit_uri_get_attribute);
28extern DLSYM_PROTOTYPE(p11_kit_uri_set_attribute);
29extern DLSYM_PROTOTYPE(p11_kit_uri_get_module_info);
30extern DLSYM_PROTOTYPE(p11_kit_uri_get_slot_info);
31extern DLSYM_PROTOTYPE(p11_kit_uri_get_token_info);
32extern DLSYM_PROTOTYPE(p11_kit_uri_match_token_info);
33extern DLSYM_PROTOTYPE(p11_kit_uri_message);
34extern DLSYM_PROTOTYPE(p11_kit_uri_new);
35extern DLSYM_PROTOTYPE(p11_kit_uri_parse);
36
37int uri_from_string(const char *p, P11KitUri **ret);
38
39P11KitUri *uri_from_module_info(const CK_INFO *info);
40P11KitUri *uri_from_slot_info(const CK_SLOT_INFO *slot_info);
41P11KitUri *uri_from_token_info(const CK_TOKEN_INFO *token_info);
42
43DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(P11KitUri*, sym_p11_kit_uri_free, NULL);
44DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(CK_FUNCTION_LIST**, sym_p11_kit_modules_finalize_and_release, NULL);
45
46CK_RV pkcs11_get_slot_list_malloc(CK_FUNCTION_LIST *m, CK_SLOT_ID **ret_slotids, CK_ULONG *ret_n_slotids);
47
48char* pkcs11_token_label(const CK_TOKEN_INFO *token_info);
49char* pkcs11_token_manufacturer_id(const CK_TOKEN_INFO *token_info);
50char* pkcs11_token_model(const CK_TOKEN_INFO *token_info);
51
52int pkcs11_token_login_by_pin(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, const CK_TOKEN_INFO *token_info, const char *token_label, const void *pin, size_t pin_size);
53int pkcs11_token_login(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_SLOT_ID slotid, const CK_TOKEN_INFO *token_info, const char *friendly_name, const char *icon_name, const char *key_name, const char *credential_name, usec_t until, AskPasswordFlags ask_password_flags, char **ret_used_pin);
54
55int pkcs11_token_find_related_object(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE prototype, CK_OBJECT_CLASS class, CK_OBJECT_HANDLE *ret_object);
56#if HAVE_OPENSSL
57int pkcs11_token_read_public_key(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, EVP_PKEY **ret_pkey);
58int pkcs11_token_read_x509_certificate(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, X509 **ret_cert);
59#endif
60
61int pkcs11_token_find_private_key(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, P11KitUri *search_uri, CK_OBJECT_HANDLE *ret_object);
62int pkcs11_token_decrypt_data(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, const void *encrypted_data, size_t encrypted_data_size, void **ret_decrypted_data, size_t *ret_decrypted_data_size);
63
64int pkcs11_token_acquire_rng(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session);
65
66typedef int (*pkcs11_find_token_callback_t)(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_SLOT_ID slotid, const CK_SLOT_INFO *slot_info, const CK_TOKEN_INFO *token_info, P11KitUri *uri, void *userdata);
67int pkcs11_find_token(const char *pkcs11_uri, pkcs11_find_token_callback_t callback, void *userdata);
68
69#if HAVE_OPENSSL
70int pkcs11_acquire_public_key(const char *uri, const char *askpw_friendly_name, const char *askpw_icon, const char *askpw_credential, AskPasswordFlags askpw_flags, EVP_PKEY **ret_pkey, char **ret_pin_used);
71#endif
72
73typedef struct {
74 const char *friendly_name;
75 usec_t until;
76 void *encrypted_key;
77 size_t encrypted_key_size;
78 void *decrypted_key;
79 size_t decrypted_key_size;
80 bool free_encrypted_key;
81 const char *askpw_credential;
82 AskPasswordFlags askpw_flags;
83} pkcs11_crypt_device_callback_data;
84
85void pkcs11_crypt_device_callback_data_release(pkcs11_crypt_device_callback_data *data);
86
87int pkcs11_crypt_device_callback(
88 CK_FUNCTION_LIST *m,
89 CK_SESSION_HANDLE session,
90 CK_SLOT_ID slot_id,
91 const CK_SLOT_INFO *slot_info,
92 const CK_TOKEN_INFO *token_info,
93 P11KitUri *uri,
94 void *userdata);
95
96#endif
97
98int dlopen_p11kit(void);
99
100typedef struct {
101 const char *friendly_name;
102 usec_t until;
103 const char *askpw_credential;
104 AskPasswordFlags askpw_flags;
105} systemd_pkcs11_plugin_params;
106
107int pkcs11_list_tokens(void);
108int pkcs11_find_token_auto(char **ret);