1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
|
/* Support of smartcards and cryptotokens
* Copyright (C) 2003 Christoph Gysin, Simon Zwahlen
* Copyright (C) 2004 David Buechi, Michael Meier
* Zuercher Hochschule Winterthur
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
* RCSID $Id: smartcard.h 4709 2008-11-27 10:20:25Z martin $
*/
#ifndef _SMARTCARD_H
#define _SMARTCARD_H
#include "certs.h"
#define SCX_TOKEN "%smartcard"
#define SCX_CERT_CACHE_INTERVAL 60 /* seconds */
#define SCX_MAX_PIN_TRIALS 3
/* smartcard operations, update copy in whack.h */
#ifndef SC_OP_T
#define SC_OP_T
typedef enum {
SC_OP_NONE = 0,
SC_OP_ENCRYPT = 1,
SC_OP_DECRYPT = 2,
SC_OP_SIGN = 3,
} sc_op_t;
#endif /* SC_OP_T */
/* smartcard record */
typedef struct smartcard smartcard_t;
struct smartcard {
smartcard_t *next;
time_t last_load;
cert_t last_cert;
int count;
int number;
unsigned long slot;
char *id;
char *label;
chunk_t pin;
bool pinpad;
bool valid;
bool session_opened;
bool logged_in;
bool any_slot;
long session;
};
extern const smartcard_t empty_sc;
/* keep a PKCS#11 login during the lifetime of pluto
* flag set in plutomain.c and used in ipsec_doi.c and ocsp.c
*/
extern bool pkcs11_keep_state;
/* allow other applications access to pluto's PKCS#11 interface
* via whack. Could be used e.g. for disk encryption
*/
extern bool pkcs11_proxy;
extern smartcard_t* scx_parse_number_slot_id(const char *number_slot_id);
extern void scx_init(const char *module, const char *init_args);
extern void scx_finalize(void);
extern bool scx_establish_context(smartcard_t *sc);
extern bool scx_login(smartcard_t *sc);
extern bool scx_on_smartcard(const char *filename);
extern bool scx_load_cert(const char *filename, smartcard_t **scp
, cert_t *cert, bool *cached);
extern bool scx_verify_pin(smartcard_t *sc);
extern void scx_share(smartcard_t *sc);
extern bool scx_sign_hash(smartcard_t *sc, const u_char *in, size_t inlen
, u_char *out, size_t outlen);
extern bool scx_encrypt(smartcard_t *sc, const u_char *in, size_t inlen
, u_char *out, size_t *outlen);
extern bool scx_decrypt(smartcard_t *sc, const u_char *in, size_t inlen
, u_char *out, size_t *outlen);
extern bool scx_op_via_whack(const char* msg, int inbase, int outbase
, sc_op_t op, const char *keyid, int whackfd);
extern bool scx_get_pin(smartcard_t *sc, int whackfd);
extern size_t scx_get_keylength(smartcard_t *sc);
extern smartcard_t* scx_add(smartcard_t *sc);
extern smartcard_t* scx_get(x509cert_t *cert);
extern void scx_release(smartcard_t *sc);
extern void scx_release_context(smartcard_t *sc);
extern void scx_free_pin(chunk_t *pin);
extern void scx_free(smartcard_t *sc);
extern void scx_list(bool utc);
extern char *scx_print_slot(smartcard_t *sc, const char *whitespace);
#endif /* _SMARTCARD_H */
|