programs/pluto/smartcard.h

   1 /* Support of smartcards and cryptotokens
   2  * Copyright (C) 2003 Christoph Gysin, Simon Zwahlen
   3  * Copyright (C) 2004 David Buechi, Michael Meier
   4  * Zuercher Hochschule Winterthur
   5  *
   6  * This program is free software; you can redistribute it and/or modify it
   7  * under the terms of the GNU General Public License as published by the
   8  * Free Software Foundation; either version 2 of the License, or (at your
   9  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
  10  *
  11  * This program is distributed in the hope that it will be useful, but
  12  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  13  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * for more details.
  15  *
  16  * RCSID $Id: smartcard.h,v 1.14 2005/11/06 22:55:41 as Exp $
  17  */
  18
  19 #ifndef _SMARTCARD_H
  20 #define _SMARTCARD_H
  21
  22 #include "certs.h"
  23
  24 #define SCX_TOKEN                 "%smartcard"
  25 #define SCX_CERT_CACHE_INTERVAL   60 /* seconds */
  26 #define SCX_MAX_PIN_TRIALS        3
  27
  28 /* smartcard operations */
  29
  30 typedef enum {
  31     SC_OP_NONE =    0,
  32     SC_OP_ENCRYPT = 1,
  33     SC_OP_DECRYPT = 2,
  34     SC_OP_SIGN =    3,
  35 } sc_op_t;
  36
  37 /* smartcard record */
  38
  39 typedef struct smartcard smartcard_t;
  40
  41 struct smartcard {
  42     smartcard_t  *next;
  43     time_t        last_load;
  44     cert_t        last_cert;
  45     int           count;
  46     int           number;
  47     unsigned long slot;
  48     char          *id;
  49     char         *label;
  50     chunk_t       pin;
  51     bool          pinpad;
  52     bool          valid;
  53     bool          session_opened;
  54     bool          logged_in;
  55     bool          any_slot;
  56     long          session;
  57 };
  58
  59 extern const smartcard_t empty_sc;
  60
  61 /*  keep a PKCS#11 login during the lifetime of pluto
  62  *  flag set in plutomain.c and used in ipsec_doi.c and ocsp.c
  63  */
  64 extern bool pkcs11_keep_state;
  65
  66 /* allow other applications access to pluto's PKCS#11 interface
  67  * via whack. Could be used e.g. for disk encryption
  68  */
  69 extern bool pkcs11_proxy;
  70
  71 extern smartcard_t* scx_parse_number_slot_id(const char *number_slot_id);
  72 extern void scx_init(const char *module);
  73 extern void scx_finalize(void);
  74 extern bool scx_establish_context(smartcard_t *sc);
  75 extern bool scx_login(smartcard_t *sc);
  76 extern bool scx_on_smartcard(const char *filename);
  77 extern bool scx_load_cert(const char *filename, smartcard_t **scp
  78     , cert_t *cert, bool *cached);
  79 extern bool scx_verify_pin(smartcard_t *sc);
  80 extern void scx_share(smartcard_t *sc);
  81 extern bool scx_sign_hash(smartcard_t *sc, const u_char *in, size_t inlen
  82     , u_char *out, size_t outlen);
  83 extern bool scx_encrypt(smartcard_t *sc, const u_char *in, size_t inlen
  84     , u_char *out, size_t *outlen);
  85 extern bool scx_decrypt(smartcard_t *sc, const u_char *in, size_t inlen
  86     , u_char *out, size_t *outlen);
  87 extern bool scx_op_via_whack(const char* msg, int inbase, int outbase
  88     , sc_op_t op, const char *keyid, int whackfd);
  89 extern bool scx_get_pin(smartcard_t *sc, int whackfd);
  90 extern size_t scx_get_keylength(smartcard_t *sc);
  91 extern smartcard_t* scx_add(smartcard_t *sc);
  92 extern smartcard_t* scx_get(x509cert_t *cert);
  93 extern void scx_release(smartcard_t *sc);
  94 extern void scx_release_context(smartcard_t *sc);
  95 extern void scx_free_pin(chunk_t *pin);
  96 extern void scx_free(smartcard_t *sc);
  97 extern void scx_list(bool utc);
  98 extern char *scx_print_slot(smartcard_t *sc, const char *whitespace);
  99
 100 #endif /* _SMARTCARD_H */