Go to most recent revision | Details | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
5496 | leency | 1 | /** |
2 | * \file pkcs11.h |
||
3 | * |
||
4 | * \brief Wrapper for PKCS#11 library libpkcs11-helper |
||
5 | * |
||
6 | * \author Adriaan de Jong |
||
7 | * |
||
8 | * Copyright (C) 2006-2011, Brainspark B.V. |
||
9 | * |
||
10 | * This file is part of PolarSSL (http://www.polarssl.org) |
||
11 | * Lead Maintainer: Paul Bakker |
||
12 | * |
||
13 | * All rights reserved. |
||
14 | * |
||
15 | * This program is free software; you can redistribute it and/or modify |
||
16 | * it under the terms of the GNU General Public License as published by |
||
17 | * the Free Software Foundation; either version 2 of the License, or |
||
18 | * (at your option) any later version. |
||
19 | * |
||
20 | * This program is distributed in the hope that it will be useful, |
||
21 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
22 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
23 | * GNU General Public License for more details. |
||
24 | * |
||
25 | * You should have received a copy of the GNU General Public License along |
||
26 | * with this program; if not, write to the Free Software Foundation, Inc., |
||
27 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
||
28 | */ |
||
29 | #ifndef POLARSSL_PKCS11_H |
||
30 | #define POLARSSL_PKCS11_H |
||
31 | |||
32 | #include "config.h" |
||
33 | |||
34 | #if defined(POLARSSL_PKCS11_C) |
||
35 | |||
36 | #include "x509.h" |
||
37 | |||
38 | #include |
||
39 | |||
40 | #if defined(_MSC_VER) && !defined(inline) |
||
41 | #define inline _inline |
||
42 | #else |
||
43 | #if defined(__ARMCC_VERSION) && !defined(inline) |
||
44 | #define inline __inline |
||
45 | #endif /* __ARMCC_VERSION */ |
||
46 | #endif /*_MSC_VER */ |
||
47 | |||
48 | /** |
||
49 | * Context for PKCS #11 private keys. |
||
50 | */ |
||
51 | typedef struct { |
||
52 | pkcs11h_certificate_t pkcs11h_cert; |
||
53 | int len; |
||
54 | } pkcs11_context; |
||
55 | |||
56 | /** |
||
57 | * Fill in a PolarSSL certificate, based on the given PKCS11 helper certificate. |
||
58 | * |
||
59 | * \param cert X.509 certificate to fill |
||
60 | * \param pkcs11h_cert PKCS #11 helper certificate |
||
61 | * |
||
62 | * \return 0 on success. |
||
63 | */ |
||
64 | int pkcs11_x509_cert_init( x509_cert *cert, pkcs11h_certificate_t pkcs11h_cert ); |
||
65 | |||
66 | /** |
||
67 | * Initialise a pkcs11_context, storing the given certificate. Note that the |
||
68 | * pkcs11_context will take over control of the certificate, freeing it when |
||
69 | * done. |
||
70 | * |
||
71 | * \param priv_key Private key structure to fill. |
||
72 | * \param pkcs11_cert PKCS #11 helper certificate |
||
73 | * |
||
74 | * \return 0 on success |
||
75 | */ |
||
76 | int pkcs11_priv_key_init( pkcs11_context *priv_key, |
||
77 | pkcs11h_certificate_t pkcs11_cert ); |
||
78 | |||
79 | /** |
||
80 | * Free the contents of the given private key context. Note that the structure |
||
81 | * itself is not freed. |
||
82 | * |
||
83 | * \param priv_key Private key structure to cleanup |
||
84 | */ |
||
85 | void pkcs11_priv_key_free( pkcs11_context *priv_key ); |
||
86 | |||
87 | /** |
||
88 | * \brief Do an RSA private key decrypt, then remove the message padding |
||
89 | * |
||
90 | * \param ctx PKCS #11 context |
||
91 | * \param mode must be RSA_PRIVATE, for compatibility with rsa.c's signature |
||
92 | * \param input buffer holding the encrypted data |
||
93 | * \param output buffer that will hold the plaintext |
||
94 | * \param olen will contain the plaintext length |
||
95 | * \param output_max_len maximum length of the output buffer |
||
96 | * |
||
97 | * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code |
||
98 | * |
||
99 | * \note The output buffer must be as large as the size |
||
100 | * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise |
||
101 | * an error is thrown. |
||
102 | */ |
||
103 | int pkcs11_decrypt( pkcs11_context *ctx, |
||
104 | int mode, size_t *olen, |
||
105 | const unsigned char *input, |
||
106 | unsigned char *output, |
||
107 | size_t output_max_len ); |
||
108 | |||
109 | /** |
||
110 | * \brief Do a private RSA to sign a message digest |
||
111 | * |
||
112 | * \param ctx PKCS #11 context |
||
113 | * \param mode must be RSA_PRIVATE, for compatibility with rsa.c's signature |
||
114 | * \param hash_id SIG_RSA_RAW, SIG_RSA_MD{2,4,5} or SIG_RSA_SHA{1,224,256,384,512} |
||
115 | * \param hashlen message digest length (for SIG_RSA_RAW only) |
||
116 | * \param hash buffer holding the message digest |
||
117 | * \param sig buffer that will hold the ciphertext |
||
118 | * |
||
119 | * \return 0 if the signing operation was successful, |
||
120 | * or an POLARSSL_ERR_RSA_XXX error code |
||
121 | * |
||
122 | * \note The "sig" buffer must be as large as the size |
||
123 | * of ctx->N (eg. 128 bytes if RSA-1024 is used). |
||
124 | */ |
||
125 | int pkcs11_sign( pkcs11_context *ctx, |
||
126 | int mode, |
||
127 | int hash_id, |
||
128 | unsigned int hashlen, |
||
129 | const unsigned char *hash, |
||
130 | unsigned char *sig ); |
||
131 | |||
132 | /** |
||
133 | * SSL/TLS wrappers for PKCS#11 functions |
||
134 | */ |
||
135 | static inline int ssl_pkcs11_decrypt( void *ctx, int mode, size_t *olen, |
||
136 | const unsigned char *input, unsigned char *output, |
||
137 | size_t output_max_len ) |
||
138 | { |
||
139 | return pkcs11_decrypt( (pkcs11_context *) ctx, mode, olen, input, output, |
||
140 | output_max_len ); |
||
141 | } |
||
142 | |||
143 | static inline int ssl_pkcs11_sign( void *ctx, |
||
144 | int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, |
||
145 | int mode, int hash_id, unsigned int hashlen, |
||
146 | const unsigned char *hash, unsigned char *sig ) |
||
147 | { |
||
148 | ((void) f_rng); |
||
149 | ((void) p_rng); |
||
150 | return pkcs11_sign( (pkcs11_context *) ctx, mode, hash_id, |
||
151 | hashlen, hash, sig ); |
||
152 | } |
||
153 | |||
154 | static inline size_t ssl_pkcs11_key_len( void *ctx ) |
||
155 | { |
||
156 | return ( (pkcs11_context *) ctx )->len; |
||
157 | } |
||
158 | |||
159 | #endif /* POLARSSL_PKCS11_C */ |
||
160 | |||
161 | #endif /* POLARSSL_PKCS11_H */ |