]>
Commit | Line | Data |
---|---|---|
1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ | |
2 | #pragma once | |
3 | ||
4 | #if HAVE_OPENSSL | |
5 | # include <openssl/evp.h> | |
6 | #endif | |
7 | ||
8 | #if HAVE_P11KIT | |
9 | # include <p11-kit/p11-kit.h> /* IWYU pragma: export */ | |
10 | # include <p11-kit/uri.h> /* IWYU pragma: export */ | |
11 | #endif | |
12 | ||
13 | #include "ask-password-api.h" | |
14 | #include "dlfcn-util.h" | |
15 | #include "forward.h" | |
16 | ||
17 | bool pkcs11_uri_valid(const char *uri); | |
18 | ||
19 | #if HAVE_P11KIT | |
20 | extern DLSYM_PROTOTYPE(p11_kit_module_get_name); | |
21 | extern DLSYM_PROTOTYPE(p11_kit_modules_finalize_and_release); | |
22 | extern DLSYM_PROTOTYPE(p11_kit_modules_load_and_initialize); | |
23 | extern DLSYM_PROTOTYPE(p11_kit_strerror); | |
24 | extern DLSYM_PROTOTYPE(p11_kit_uri_format); | |
25 | extern DLSYM_PROTOTYPE(p11_kit_uri_free); | |
26 | extern DLSYM_PROTOTYPE(p11_kit_uri_get_attributes); | |
27 | extern DLSYM_PROTOTYPE(p11_kit_uri_get_attribute); | |
28 | extern DLSYM_PROTOTYPE(p11_kit_uri_set_attribute); | |
29 | extern DLSYM_PROTOTYPE(p11_kit_uri_get_module_info); | |
30 | extern DLSYM_PROTOTYPE(p11_kit_uri_get_slot_info); | |
31 | extern DLSYM_PROTOTYPE(p11_kit_uri_get_token_info); | |
32 | extern DLSYM_PROTOTYPE(p11_kit_uri_match_token_info); | |
33 | extern DLSYM_PROTOTYPE(p11_kit_uri_message); | |
34 | extern DLSYM_PROTOTYPE(p11_kit_uri_new); | |
35 | extern DLSYM_PROTOTYPE(p11_kit_uri_parse); | |
36 | ||
37 | int uri_from_string(const char *p, P11KitUri **ret); | |
38 | ||
39 | P11KitUri *uri_from_module_info(const CK_INFO *info); | |
40 | P11KitUri *uri_from_slot_info(const CK_SLOT_INFO *slot_info); | |
41 | P11KitUri *uri_from_token_info(const CK_TOKEN_INFO *token_info); | |
42 | ||
43 | DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(P11KitUri*, sym_p11_kit_uri_free, NULL); | |
44 | DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(CK_FUNCTION_LIST**, sym_p11_kit_modules_finalize_and_release, NULL); | |
45 | ||
46 | CK_RV pkcs11_get_slot_list_malloc(CK_FUNCTION_LIST *m, CK_SLOT_ID **ret_slotids, CK_ULONG *ret_n_slotids); | |
47 | ||
48 | char* pkcs11_token_label(const CK_TOKEN_INFO *token_info); | |
49 | char* pkcs11_token_manufacturer_id(const CK_TOKEN_INFO *token_info); | |
50 | char* pkcs11_token_model(const CK_TOKEN_INFO *token_info); | |
51 | ||
52 | int pkcs11_token_login_by_pin(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, const CK_TOKEN_INFO *token_info, const char *token_label, const void *pin, size_t pin_size); | |
53 | int pkcs11_token_login(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_SLOT_ID slotid, const CK_TOKEN_INFO *token_info, const char *friendly_name, const char *icon_name, const char *key_name, const char *credential_name, usec_t until, AskPasswordFlags ask_password_flags, char **ret_used_pin); | |
54 | ||
55 | int pkcs11_token_find_related_object(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE prototype, CK_OBJECT_CLASS class, CK_OBJECT_HANDLE *ret_object); | |
56 | #if HAVE_OPENSSL | |
57 | int pkcs11_token_read_public_key(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, EVP_PKEY **ret_pkey); | |
58 | int pkcs11_token_read_x509_certificate(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, X509 **ret_cert); | |
59 | #endif | |
60 | ||
61 | int pkcs11_token_find_private_key(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, P11KitUri *search_uri, CK_OBJECT_HANDLE *ret_object); | |
62 | int pkcs11_token_decrypt_data(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, const void *encrypted_data, size_t encrypted_data_size, void **ret_decrypted_data, size_t *ret_decrypted_data_size); | |
63 | ||
64 | int pkcs11_token_acquire_rng(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session); | |
65 | ||
66 | typedef int (*pkcs11_find_token_callback_t)(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_SLOT_ID slotid, const CK_SLOT_INFO *slot_info, const CK_TOKEN_INFO *token_info, P11KitUri *uri, void *userdata); | |
67 | int pkcs11_find_token(const char *pkcs11_uri, pkcs11_find_token_callback_t callback, void *userdata); | |
68 | ||
69 | #if HAVE_OPENSSL | |
70 | int pkcs11_acquire_public_key(const char *uri, const char *askpw_friendly_name, const char *askpw_icon, const char *askpw_credential, AskPasswordFlags askpw_flags, EVP_PKEY **ret_pkey, char **ret_pin_used); | |
71 | #endif | |
72 | ||
73 | typedef struct { | |
74 | const char *friendly_name; | |
75 | usec_t until; | |
76 | void *encrypted_key; | |
77 | size_t encrypted_key_size; | |
78 | void *decrypted_key; | |
79 | size_t decrypted_key_size; | |
80 | bool free_encrypted_key; | |
81 | const char *askpw_credential; | |
82 | AskPasswordFlags askpw_flags; | |
83 | } pkcs11_crypt_device_callback_data; | |
84 | ||
85 | void pkcs11_crypt_device_callback_data_release(pkcs11_crypt_device_callback_data *data); | |
86 | ||
87 | int pkcs11_crypt_device_callback( | |
88 | CK_FUNCTION_LIST *m, | |
89 | CK_SESSION_HANDLE session, | |
90 | CK_SLOT_ID slot_id, | |
91 | const CK_SLOT_INFO *slot_info, | |
92 | const CK_TOKEN_INFO *token_info, | |
93 | P11KitUri *uri, | |
94 | void *userdata); | |
95 | ||
96 | #endif | |
97 | ||
98 | int dlopen_p11kit(void); | |
99 | ||
100 | typedef struct { | |
101 | const char *friendly_name; | |
102 | usec_t until; | |
103 | const char *askpw_credential; | |
104 | AskPasswordFlags askpw_flags; | |
105 | } systemd_pkcs11_plugin_params; | |
106 | ||
107 | int pkcs11_list_tokens(void); | |
108 | int pkcs11_find_token_auto(char **ret); |