src/shared/pkcs11-util.h

   1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
   2 #pragma once
   3
   4 #include <stdbool.h>
   5
   6 #if HAVE_P11KIT
   7 #  include <p11-kit/p11-kit.h>
   8 #  include <p11-kit/uri.h>
   9 #endif
  10
  11 #include "macro.h"
  12 #include "openssl-util.h"
  13 #include "time-util.h"
  14
  15 bool pkcs11_uri_valid(const char *uri);
  16
  17 #if HAVE_P11KIT
  18 int uri_from_string(const char *p, P11KitUri **ret);
  19
  20 P11KitUri *uri_from_module_info(const CK_INFO *info);
  21 P11KitUri *uri_from_slot_info(const CK_SLOT_INFO *slot_info);
  22 P11KitUri *uri_from_token_info(const CK_TOKEN_INFO *token_info);
  23
  24 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(P11KitUri*, p11_kit_uri_free, NULL);
  25 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(CK_FUNCTION_LIST**, p11_kit_modules_finalize_and_release, NULL);
  26
  27 CK_RV pkcs11_get_slot_list_malloc(CK_FUNCTION_LIST *m, CK_SLOT_ID **ret_slotids, CK_ULONG *ret_n_slotids);
  28
  29 char *pkcs11_token_label(const CK_TOKEN_INFO *token_info);
  30 char *pkcs11_token_manufacturer_id(const CK_TOKEN_INFO *token_info);
  31 char *pkcs11_token_model(const CK_TOKEN_INFO *token_info);
  32
  33 int pkcs11_token_login_by_pin(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, const CK_TOKEN_INFO *token_info, const char *token_label, const void *pin, size_t pin_size);
  34 int pkcs11_token_login(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_SLOT_ID slotid, const CK_TOKEN_INFO *token_info, const char *friendly_name, const char *icon_name, const char *key_name, const char *credential_name, usec_t until, bool headless, char **ret_used_pin);
  35
  36 int pkcs11_token_find_x509_certificate(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, P11KitUri *search_uri, CK_OBJECT_HANDLE *ret_object);
  37 #if HAVE_OPENSSL
  38 int pkcs11_token_read_x509_certificate(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, X509 **ret_cert);
  39 #endif
  40
  41 int pkcs11_token_find_private_key(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, P11KitUri *search_uri, CK_OBJECT_HANDLE *ret_object);
  42 int pkcs11_token_decrypt_data(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, const void *encrypted_data, size_t encrypted_data_size, void **ret_decrypted_data, size_t *ret_decrypted_data_size);
  43
  44 int pkcs11_token_acquire_rng(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session);
  45
  46 typedef int (*pkcs11_find_token_callback_t)(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_SLOT_ID slotid, const CK_SLOT_INFO *slot_info, const CK_TOKEN_INFO *token_info, P11KitUri *uri, void *userdata);
  47 int pkcs11_find_token(const char *pkcs11_uri, pkcs11_find_token_callback_t callback, void *userdata);
  48
  49 #if HAVE_OPENSSL
  50 int pkcs11_acquire_certificate(const char *uri, const char *askpw_friendly_name, const char *askpw_icon_name, X509 **ret_cert, char **ret_pin_used);
  51 #endif
  52
  53 typedef struct {
  54         const char *friendly_name;
  55         usec_t until;
  56         void *encrypted_key;
  57         size_t encrypted_key_size;
  58         void *decrypted_key;
  59         size_t decrypted_key_size;
  60         bool free_encrypted_key;
  61         bool headless;
  62 } pkcs11_crypt_device_callback_data;
  63
  64 void pkcs11_crypt_device_callback_data_release(pkcs11_crypt_device_callback_data *data);
  65
  66 int pkcs11_crypt_device_callback(
  67                 CK_FUNCTION_LIST *m,
  68                 CK_SESSION_HANDLE session,
  69                 CK_SLOT_ID slot_id,
  70                 const CK_SLOT_INFO *slot_info,
  71                 const CK_TOKEN_INFO *token_info,
  72                 P11KitUri *uri,
  73                 void *userdata);
  74
  75 #endif
  76
  77 typedef struct {
  78         const char *friendly_name;
  79         usec_t until;
  80         bool headless;
  81 } systemd_pkcs11_plugin_params;
  82
  83 int pkcs11_list_tokens(void);
  84 int pkcs11_find_token_auto(char **ret);