summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--common/Makefile.am3
-rw-r--r--common/attrs.c1
-rw-r--r--common/constants.c1
-rw-r--r--common/mock.h2
-rw-r--r--common/pkcs11i.h505
-rw-r--r--common/pkcs11x.h458
-rw-r--r--doc/manual/Makefile.am1
-rw-r--r--p11-kit/virtual.h2
-rw-r--r--trust/builder.c1
-rw-r--r--trust/persist.c1
-rw-r--r--trust/test-builder.c1
-rw-r--r--trust/test-persist.c1
12 files changed, 520 insertions, 457 deletions
diff --git a/common/Makefile.am b/common/Makefile.am
index 5f185b8..47162dd 100644
--- a/common/Makefile.am
+++ b/common/Makefile.am
@@ -1,6 +1,7 @@
inc_HEADERS += \
common/pkcs11.h \
+ common/pkcs11x.h \
$(NULL)
noinst_LTLIBRARIES += \
@@ -23,7 +24,7 @@ libp11_common_la_SOURCES = \
common/lexer.c common/lexer.h \
common/message.c common/message.h \
common/path.c common/path.h \
- common/pkcs11.h common/pkcs11x.h \
+ common/pkcs11.h common/pkcs11x.h common/pkcs11i.h \
common/url.c common/url.h \
$(NULL)
diff --git a/common/attrs.c b/common/attrs.c
index bbf2c58..5a138a8 100644
--- a/common/attrs.c
+++ b/common/attrs.c
@@ -42,6 +42,7 @@
#include "debug.h"
#include "hash.h"
#include "pkcs11.h"
+#include "pkcs11i.h"
#include "pkcs11x.h"
#include <assert.h>
diff --git a/common/constants.c b/common/constants.c
index 218ce93..f4aa66b 100644
--- a/common/constants.c
+++ b/common/constants.c
@@ -38,6 +38,7 @@
#include "constants.h"
#include "debug.h"
#include "pkcs11.h"
+#include "pkcs11i.h"
#include "pkcs11x.h"
#include <stdlib.h>
diff --git a/common/mock.h b/common/mock.h
index 6253386..16beb66 100644
--- a/common/mock.h
+++ b/common/mock.h
@@ -37,7 +37,7 @@
#include "compat.h"
#include "pkcs11.h"
-#include "pkcs11x.h"
+#include "pkcs11i.h"
enum {
MOCK_DATA_OBJECT = 2,
diff --git a/common/pkcs11i.h b/common/pkcs11i.h
new file mode 100644
index 0000000..d9e3ffc
--- /dev/null
+++ b/common/pkcs11i.h
@@ -0,0 +1,505 @@
+/*
+ * Copyright (c) 2012 Red Hat Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ * * Redistributions in binary form must reproduce the
+ * above copyright notice, this list of conditions and
+ * the following disclaimer in the documentation and/or
+ * other materials provided with the distribution.
+ * * The names of contributors to this software may not be
+ * used to endorse or promote products derived from this
+ * software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter <stefw@redhat.com>
+ */
+
+#ifndef PKCS11_I_H_
+#define PKCS11_I_H_ 1
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+/* -------------------------------------------------------------------
+ * TRUST ASSERTIONS
+ *
+ * These are retired and should not be used in new code
+ */
+
+#define CKO_X_TRUST_ASSERTION (CKO_X_VENDOR + 100)
+#define CKA_X_ASSERTION_TYPE (CKA_X_VENDOR + 1)
+#define CKA_X_CERTIFICATE_VALUE (CKA_X_VENDOR + 2)
+#define CKA_X_PURPOSE (CKA_X_VENDOR + 3)
+#define CKA_X_PEER (CKA_X_VENDOR + 4)
+typedef CK_ULONG CK_X_ASSERTION_TYPE;
+#define CKT_X_DISTRUSTED_CERTIFICATE 1UL
+#define CKT_X_PINNED_CERTIFICATE 2UL
+#define CKT_X_ANCHORED_CERTIFICATE 3UL
+
+/* -------------------------------------------------------------------
+ * Other deprecated definitions
+ */
+#define CKA_X_CRITICAL (CKA_X_VENDOR + 101)
+
+/* -------------------------------------------------------------------
+ * SUBCLASSABLE PKCS#11 FUNCTIONS
+ */
+
+typedef struct _CK_X_FUNCTION_LIST CK_X_FUNCTION_LIST;
+
+typedef CK_RV (* CK_X_Initialize) (CK_X_FUNCTION_LIST *,
+ CK_VOID_PTR);
+
+typedef CK_RV (* CK_X_Finalize) (CK_X_FUNCTION_LIST *,
+ CK_VOID_PTR);
+
+typedef CK_RV (* CK_X_GetInfo) (CK_X_FUNCTION_LIST *,
+ CK_INFO_PTR);
+
+typedef CK_RV (* CK_X_GetSlotList) (CK_X_FUNCTION_LIST *,
+ CK_BBOOL,
+ CK_SLOT_ID_PTR,
+ CK_ULONG_PTR);
+
+typedef CK_RV (* CK_X_GetSlotInfo) (CK_X_FUNCTION_LIST *,
+ CK_SLOT_ID,
+ CK_SLOT_INFO_PTR);
+
+typedef CK_RV (* CK_X_GetTokenInfo) (CK_X_FUNCTION_LIST *,
+ CK_SLOT_ID,
+ CK_TOKEN_INFO_PTR);
+
+typedef CK_RV (* CK_X_GetMechanismList) (CK_X_FUNCTION_LIST *,
+ CK_SLOT_ID,
+ CK_MECHANISM_TYPE_PTR,
+ CK_ULONG_PTR);
+
+typedef CK_RV (* CK_X_GetMechanismInfo) (CK_X_FUNCTION_LIST *,
+ CK_SLOT_ID,
+ CK_MECHANISM_TYPE,
+ CK_MECHANISM_INFO_PTR);
+
+typedef CK_RV (* CK_X_InitToken) (CK_X_FUNCTION_LIST *,
+ CK_SLOT_ID,
+ CK_BYTE_PTR,
+ CK_ULONG,
+ CK_BYTE_PTR);
+
+typedef CK_RV (* CK_X_InitPIN) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_BYTE_PTR,
+ CK_ULONG);
+
+typedef CK_RV (* CK_X_SetPIN) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_BYTE_PTR,
+ CK_ULONG,
+ CK_BYTE_PTR,
+ CK_ULONG);
+
+typedef CK_RV (* CK_X_OpenSession) (CK_X_FUNCTION_LIST *,
+ CK_SLOT_ID,
+ CK_FLAGS,
+ CK_VOID_PTR,
+ CK_NOTIFY,
+ CK_SESSION_HANDLE_PTR);
+
+typedef CK_RV (* CK_X_CloseSession) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE);
+
+typedef CK_RV (* CK_X_CloseAllSessions) (CK_X_FUNCTION_LIST *,
+ CK_SLOT_ID);
+
+typedef CK_RV (* CK_X_GetSessionInfo) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_SESSION_INFO_PTR);
+
+typedef CK_RV (* CK_X_GetOperationState) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_BYTE_PTR,
+ CK_ULONG_PTR);
+
+typedef CK_RV (* CK_X_SetOperationState) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_BYTE_PTR,
+ CK_ULONG,
+ CK_OBJECT_HANDLE,
+ CK_OBJECT_HANDLE);
+
+typedef CK_RV (* CK_X_Login) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_USER_TYPE,
+ CK_BYTE_PTR,
+ CK_ULONG);
+
+typedef CK_RV (* CK_X_Logout) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE);
+
+typedef CK_RV (* CK_X_CreateObject) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_ATTRIBUTE_PTR,
+ CK_ULONG,
+ CK_OBJECT_HANDLE_PTR);
+
+typedef CK_RV (* CK_X_CopyObject) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_OBJECT_HANDLE,
+ CK_ATTRIBUTE_PTR,
+ CK_ULONG,
+ CK_OBJECT_HANDLE_PTR);
+
+typedef CK_RV (* CK_X_DestroyObject) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_OBJECT_HANDLE);
+
+typedef CK_RV (* CK_X_GetObjectSize) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_OBJECT_HANDLE,
+ CK_ULONG_PTR);
+
+typedef CK_RV (* CK_X_GetAttributeValue) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_OBJECT_HANDLE,
+ CK_ATTRIBUTE_PTR,
+ CK_ULONG);
+
+typedef CK_RV (* CK_X_SetAttributeValue) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_OBJECT_HANDLE,
+ CK_ATTRIBUTE_PTR,
+ CK_ULONG);
+
+typedef CK_RV (* CK_X_FindObjectsInit) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_ATTRIBUTE_PTR,
+ CK_ULONG);
+
+typedef CK_RV (* CK_X_FindObjects) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_OBJECT_HANDLE_PTR,
+ CK_ULONG,
+ CK_ULONG_PTR);
+
+typedef CK_RV (* CK_X_FindObjectsFinal) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE);
+
+typedef CK_RV (* CK_X_EncryptInit) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_MECHANISM_PTR,
+ CK_OBJECT_HANDLE);
+
+typedef CK_RV (* CK_X_Encrypt) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_BYTE_PTR,
+ CK_ULONG,
+ CK_BYTE_PTR,
+ CK_ULONG_PTR);
+
+typedef CK_RV (* CK_X_EncryptUpdate) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_BYTE_PTR,
+ CK_ULONG,
+ CK_BYTE_PTR,
+ CK_ULONG_PTR);
+
+typedef CK_RV (* CK_X_EncryptFinal) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_BYTE_PTR,
+ CK_ULONG_PTR);
+
+typedef CK_RV (* CK_X_DecryptInit) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_MECHANISM_PTR,
+ CK_OBJECT_HANDLE);
+
+typedef CK_RV (* CK_X_Decrypt) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_BYTE_PTR,
+ CK_ULONG,
+ CK_BYTE_PTR,
+ CK_ULONG_PTR);
+
+typedef CK_RV (* CK_X_DecryptUpdate) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_BYTE_PTR,
+ CK_ULONG,
+ CK_BYTE_PTR,
+ CK_ULONG_PTR);
+
+typedef CK_RV (* CK_X_DecryptFinal) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_BYTE_PTR,
+ CK_ULONG_PTR);
+
+typedef CK_RV (* CK_X_DigestInit) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_MECHANISM_PTR);
+
+typedef CK_RV (* CK_X_Digest) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_BYTE_PTR,
+ CK_ULONG,
+ CK_BYTE_PTR,
+ CK_ULONG_PTR);
+
+typedef CK_RV (* CK_X_DigestUpdate) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_BYTE_PTR,
+ CK_ULONG);
+
+typedef CK_RV (* CK_X_DigestKey) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_OBJECT_HANDLE);
+
+typedef CK_RV (* CK_X_DigestFinal) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_BYTE_PTR,
+ CK_ULONG_PTR);
+
+typedef CK_RV (* CK_X_SignInit) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_MECHANISM_PTR,
+ CK_OBJECT_HANDLE);
+
+typedef CK_RV (* CK_X_Sign) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_BYTE_PTR,
+ CK_ULONG,
+ CK_BYTE_PTR,
+ CK_ULONG_PTR);
+
+typedef CK_RV (* CK_X_SignUpdate) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_BYTE_PTR,
+ CK_ULONG);
+
+typedef CK_RV (* CK_X_SignFinal) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_BYTE_PTR,
+ CK_ULONG_PTR);
+
+typedef CK_RV (* CK_X_SignRecoverInit) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_MECHANISM_PTR,
+ CK_OBJECT_HANDLE);
+
+typedef CK_RV (* CK_X_SignRecover) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_BYTE_PTR,
+ CK_ULONG,
+ CK_BYTE_PTR,
+ CK_ULONG_PTR);
+
+typedef CK_RV (* CK_X_VerifyInit) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_MECHANISM_PTR,
+ CK_OBJECT_HANDLE);
+
+typedef CK_RV (* CK_X_Verify) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_BYTE_PTR,
+ CK_ULONG,
+ CK_BYTE_PTR,
+ CK_ULONG);
+
+typedef CK_RV (* CK_X_VerifyUpdate) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_BYTE_PTR,
+ CK_ULONG);
+
+typedef CK_RV (* CK_X_VerifyFinal) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_BYTE_PTR,
+ CK_ULONG);
+
+typedef CK_RV (* CK_X_VerifyRecoverInit) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_MECHANISM_PTR,
+ CK_OBJECT_HANDLE);
+
+typedef CK_RV (* CK_X_VerifyRecover) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_BYTE_PTR,
+ CK_ULONG,
+ CK_BYTE_PTR,
+ CK_ULONG_PTR);
+
+typedef CK_RV (* CK_X_DigestEncryptUpdate) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_BYTE_PTR,
+ CK_ULONG,
+ CK_BYTE_PTR,
+ CK_ULONG_PTR);
+
+typedef CK_RV (* CK_X_DecryptDigestUpdate) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_BYTE_PTR,
+ CK_ULONG,
+ CK_BYTE_PTR,
+ CK_ULONG_PTR);
+
+typedef CK_RV (* CK_X_SignEncryptUpdate) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_BYTE_PTR,
+ CK_ULONG,
+ CK_BYTE_PTR,
+ CK_ULONG_PTR);
+
+typedef CK_RV (* CK_X_DecryptVerifyUpdate) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_BYTE_PTR,
+ CK_ULONG,
+ CK_BYTE_PTR,
+ CK_ULONG_PTR);
+
+typedef CK_RV (* CK_X_GenerateKey) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_MECHANISM_PTR,
+ CK_ATTRIBUTE_PTR,
+ CK_ULONG,
+ CK_OBJECT_HANDLE_PTR);
+
+typedef CK_RV (* CK_X_GenerateKeyPair) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_MECHANISM_PTR,
+ CK_ATTRIBUTE_PTR,
+ CK_ULONG,
+ CK_ATTRIBUTE_PTR,
+ CK_ULONG,
+ CK_OBJECT_HANDLE_PTR,
+ CK_OBJECT_HANDLE_PTR);
+
+typedef CK_RV (* CK_X_WrapKey) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_MECHANISM_PTR,
+ CK_OBJECT_HANDLE,
+ CK_OBJECT_HANDLE,
+ CK_BYTE_PTR,
+ CK_ULONG_PTR);
+
+typedef CK_RV (* CK_X_UnwrapKey) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_MECHANISM_PTR,
+ CK_OBJECT_HANDLE,
+ CK_BYTE_PTR,
+ CK_ULONG,
+ CK_ATTRIBUTE_PTR,
+ CK_ULONG,
+ CK_OBJECT_HANDLE_PTR);
+
+typedef CK_RV (* CK_X_DeriveKey) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_MECHANISM_PTR,
+ CK_OBJECT_HANDLE,
+ CK_ATTRIBUTE_PTR,
+ CK_ULONG,
+ CK_OBJECT_HANDLE_PTR);
+
+typedef CK_RV (* CK_X_SeedRandom) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_BYTE_PTR,
+ CK_ULONG);
+
+typedef CK_RV (* CK_X_GenerateRandom) (CK_X_FUNCTION_LIST *,
+ CK_SESSION_HANDLE,
+ CK_BYTE_PTR,
+ CK_ULONG);
+
+typedef CK_RV (* CK_X_WaitForSlotEvent) (CK_X_FUNCTION_LIST *,
+ CK_FLAGS,
+ CK_SLOT_ID_PTR,
+ CK_VOID_PTR);
+
+struct _CK_X_FUNCTION_LIST {
+ CK_VERSION version;
+ CK_X_Initialize C_Initialize;
+ CK_X_Finalize C_Finalize;
+ CK_X_GetInfo C_GetInfo;
+ CK_X_GetSlotList C_GetSlotList;
+ CK_X_GetSlotInfo C_GetSlotInfo;
+ CK_X_GetTokenInfo C_GetTokenInfo;
+ CK_X_GetMechanismList C_GetMechanismList;
+ CK_X_GetMechanismInfo C_GetMechanismInfo;
+ CK_X_InitToken C_InitToken;
+ CK_X_InitPIN C_InitPIN;
+ CK_X_SetPIN C_SetPIN;
+ CK_X_OpenSession C_OpenSession;
+ CK_X_CloseSession C_CloseSession;
+ CK_X_CloseAllSessions C_CloseAllSessions;
+ CK_X_GetSessionInfo C_GetSessionInfo;
+ CK_X_GetOperationState C_GetOperationState;
+ CK_X_SetOperationState C_SetOperationState;
+ CK_X_Login C_Login;
+ CK_X_Logout C_Logout;
+ CK_X_CreateObject C_CreateObject;
+ CK_X_CopyObject C_CopyObject;
+ CK_X_DestroyObject C_DestroyObject;
+ CK_X_GetObjectSize C_GetObjectSize;
+ CK_X_GetAttributeValue C_GetAttributeValue;
+ CK_X_SetAttributeValue C_SetAttributeValue;
+ CK_X_FindObjectsInit C_FindObjectsInit;
+ CK_X_FindObjects C_FindObjects;
+ CK_X_FindObjectsFinal C_FindObjectsFinal;
+ CK_X_EncryptInit C_EncryptInit;
+ CK_X_Encrypt C_Encrypt;
+ CK_X_EncryptUpdate C_EncryptUpdate;
+ CK_X_EncryptFinal C_EncryptFinal;
+ CK_X_DecryptInit C_DecryptInit;
+ CK_X_Decrypt C_Decrypt;
+ CK_X_DecryptUpdate C_DecryptUpdate;
+ CK_X_DecryptFinal C_DecryptFinal;
+ CK_X_DigestInit C_DigestInit;
+ CK_X_Digest C_Digest;
+ CK_X_DigestUpdate C_DigestUpdate;
+ CK_X_DigestKey C_DigestKey;
+ CK_X_DigestFinal C_DigestFinal;
+ CK_X_SignInit C_SignInit;
+ CK_X_Sign C_Sign;
+ CK_X_SignUpdate C_SignUpdate;
+ CK_X_SignFinal C_SignFinal;
+ CK_X_SignRecoverInit C_SignRecoverInit;
+ CK_X_SignRecover C_SignRecover;
+ CK_X_VerifyInit C_VerifyInit;
+ CK_X_Verify C_Verify;
+ CK_X_VerifyUpdate C_VerifyUpdate;
+ CK_X_VerifyFinal C_VerifyFinal;
+ CK_X_VerifyRecoverInit C_VerifyRecoverInit;
+ CK_X_VerifyRecover C_VerifyRecover;
+ CK_X_DigestEncryptUpdate C_DigestEncryptUpdate;
+ CK_X_DecryptDigestUpdate C_DecryptDigestUpdate;
+ CK_X_SignEncryptUpdate C_SignEncryptUpdate;
+ CK_X_DecryptVerifyUpdate C_DecryptVerifyUpdate;
+ CK_X_GenerateKey C_GenerateKey;
+ CK_X_GenerateKeyPair C_GenerateKeyPair;
+ CK_X_WrapKey C_WrapKey;
+ CK_X_UnwrapKey C_UnwrapKey;
+ CK_X_DeriveKey C_DeriveKey;
+ CK_X_SeedRandom C_SeedRandom;
+ CK_X_GenerateRandom C_GenerateRandom;
+ CK_X_WaitForSlotEvent C_WaitForSlotEvent;
+};
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif /* PKCS11_X_H_ */
diff --git a/common/pkcs11x.h b/common/pkcs11x.h
index ea0e303..4a89f73 100644
--- a/common/pkcs11x.h
+++ b/common/pkcs11x.h
@@ -122,30 +122,18 @@ typedef CK_ULONG CK_TRUST;
#define CKO_X_VENDOR (CKA_VENDOR_DEFINED | 0x58444700UL)
/* -------------------------------------------------------------------
- * TRUST ASSERTIONS
- *
- * These are retired and should not be used in new code
+ * BLACKLISTS
*/
-#define CKO_X_TRUST_ASSERTION (CKO_X_VENDOR + 100)
-#define CKA_X_ASSERTION_TYPE (CKA_X_VENDOR + 1)
-#define CKA_X_CERTIFICATE_VALUE (CKA_X_VENDOR + 2)
-#define CKA_X_PURPOSE (CKA_X_VENDOR + 3)
-#define CKA_X_PEER (CKA_X_VENDOR + 4)
-typedef CK_ULONG CK_X_ASSERTION_TYPE;
-#define CKT_X_DISTRUSTED_CERTIFICATE 1UL
-#define CKT_X_PINNED_CERTIFICATE 2UL
-#define CKT_X_ANCHORED_CERTIFICATE 3UL
+#define CKA_X_DISTRUSTED (CKA_X_VENDOR + 100)
/* -------------------------------------------------------------------
- * STAPLED CERTIFICATES
+ * CERTIFICATE EXTENSIONS
*
- * Not yet final
+ * For attaching certificate extensions to certificates
*/
#define CKO_X_CERTIFICATE_EXTENSION (CKO_X_VENDOR + 200)
-#define CKA_X_DISTRUSTED (CKA_X_VENDOR + 100)
-#define CKA_X_CRITICAL (CKA_X_VENDOR + 101)
/* From the 2.40 draft */
#ifndef CKA_PUBLIC_KEY_INFO
@@ -154,444 +142,6 @@ typedef CK_ULONG CK_X_ASSERTION_TYPE;
#endif /* CRYPTOKI_X_VENDOR_DEFINED */
-/* -------------------------------------------------------------------
- * SUBCLASSABLE PKCS#11 FUNCTIONS
- */
-
-typedef struct _CK_X_FUNCTION_LIST CK_X_FUNCTION_LIST;
-
-typedef CK_RV (* CK_X_Initialize) (CK_X_FUNCTION_LIST *,
- CK_VOID_PTR);
-
-typedef CK_RV (* CK_X_Finalize) (CK_X_FUNCTION_LIST *,
- CK_VOID_PTR);
-
-typedef CK_RV (* CK_X_GetInfo) (CK_X_FUNCTION_LIST *,
- CK_INFO_PTR);
-
-typedef CK_RV (* CK_X_GetSlotList) (CK_X_FUNCTION_LIST *,
- CK_BBOOL,
- CK_SLOT_ID_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_GetSlotInfo) (CK_X_FUNCTION_LIST *,
- CK_SLOT_ID,
- CK_SLOT_INFO_PTR);
-
-typedef CK_RV (* CK_X_GetTokenInfo) (CK_X_FUNCTION_LIST *,
- CK_SLOT_ID,
- CK_TOKEN_INFO_PTR);
-
-typedef CK_RV (* CK_X_GetMechanismList) (CK_X_FUNCTION_LIST *,
- CK_SLOT_ID,
- CK_MECHANISM_TYPE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_GetMechanismInfo) (CK_X_FUNCTION_LIST *,
- CK_SLOT_ID,
- CK_MECHANISM_TYPE,
- CK_MECHANISM_INFO_PTR);
-
-typedef CK_RV (* CK_X_InitToken) (CK_X_FUNCTION_LIST *,
- CK_SLOT_ID,
- CK_BYTE_PTR,
- CK_ULONG,
- CK_BYTE_PTR);
-
-typedef CK_RV (* CK_X_InitPIN) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG);
-
-typedef CK_RV (* CK_X_SetPIN) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG,
- CK_BYTE_PTR,
- CK_ULONG);
-
-typedef CK_RV (* CK_X_OpenSession) (CK_X_FUNCTION_LIST *,
- CK_SLOT_ID,
- CK_FLAGS,
- CK_VOID_PTR,
- CK_NOTIFY,
- CK_SESSION_HANDLE_PTR);
-
-typedef CK_RV (* CK_X_CloseSession) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE);
-
-typedef CK_RV (* CK_X_CloseAllSessions) (CK_X_FUNCTION_LIST *,
- CK_SLOT_ID);
-
-typedef CK_RV (* CK_X_GetSessionInfo) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_SESSION_INFO_PTR);
-
-typedef CK_RV (* CK_X_GetOperationState) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_SetOperationState) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG,
- CK_OBJECT_HANDLE,
- CK_OBJECT_HANDLE);
-
-typedef CK_RV (* CK_X_Login) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_USER_TYPE,
- CK_BYTE_PTR,
- CK_ULONG);
-
-typedef CK_RV (* CK_X_Logout) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE);
-
-typedef CK_RV (* CK_X_CreateObject) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_ATTRIBUTE_PTR,
- CK_ULONG,
- CK_OBJECT_HANDLE_PTR);
-
-typedef CK_RV (* CK_X_CopyObject) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_OBJECT_HANDLE,
- CK_ATTRIBUTE_PTR,
- CK_ULONG,
- CK_OBJECT_HANDLE_PTR);
-
-typedef CK_RV (* CK_X_DestroyObject) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_OBJECT_HANDLE);
-
-typedef CK_RV (* CK_X_GetObjectSize) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_OBJECT_HANDLE,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_GetAttributeValue) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_OBJECT_HANDLE,
- CK_ATTRIBUTE_PTR,
- CK_ULONG);
-
-typedef CK_RV (* CK_X_SetAttributeValue) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_OBJECT_HANDLE,
- CK_ATTRIBUTE_PTR,
- CK_ULONG);
-
-typedef CK_RV (* CK_X_FindObjectsInit) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_ATTRIBUTE_PTR,
- CK_ULONG);
-
-typedef CK_RV (* CK_X_FindObjects) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_OBJECT_HANDLE_PTR,
- CK_ULONG,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_FindObjectsFinal) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE);
-
-typedef CK_RV (* CK_X_EncryptInit) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_MECHANISM_PTR,
- CK_OBJECT_HANDLE);
-
-typedef CK_RV (* CK_X_Encrypt) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG,
- CK_BYTE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_EncryptUpdate) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG,
- CK_BYTE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_EncryptFinal) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_DecryptInit) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_MECHANISM_PTR,
- CK_OBJECT_HANDLE);
-
-typedef CK_RV (* CK_X_Decrypt) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG,
- CK_BYTE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_DecryptUpdate) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG,
- CK_BYTE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_DecryptFinal) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_DigestInit) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_MECHANISM_PTR);
-
-typedef CK_RV (* CK_X_Digest) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG,
- CK_BYTE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_DigestUpdate) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG);
-
-typedef CK_RV (* CK_X_DigestKey) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_OBJECT_HANDLE);
-
-typedef CK_RV (* CK_X_DigestFinal) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_SignInit) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_MECHANISM_PTR,
- CK_OBJECT_HANDLE);
-
-typedef CK_RV (* CK_X_Sign) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG,
- CK_BYTE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_SignUpdate) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG);
-
-typedef CK_RV (* CK_X_SignFinal) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_SignRecoverInit) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_MECHANISM_PTR,
- CK_OBJECT_HANDLE);
-
-typedef CK_RV (* CK_X_SignRecover) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG,
- CK_BYTE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_VerifyInit) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_MECHANISM_PTR,
- CK_OBJECT_HANDLE);
-
-typedef CK_RV (* CK_X_Verify) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG,
- CK_BYTE_PTR,
- CK_ULONG);
-
-typedef CK_RV (* CK_X_VerifyUpdate) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG);
-
-typedef CK_RV (* CK_X_VerifyFinal) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG);
-
-typedef CK_RV (* CK_X_VerifyRecoverInit) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_MECHANISM_PTR,
- CK_OBJECT_HANDLE);
-
-typedef CK_RV (* CK_X_VerifyRecover) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG,
- CK_BYTE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_DigestEncryptUpdate) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG,
- CK_BYTE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_DecryptDigestUpdate) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG,
- CK_BYTE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_SignEncryptUpdate) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG,
- CK_BYTE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_DecryptVerifyUpdate) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG,
- CK_BYTE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_GenerateKey) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_MECHANISM_PTR,
- CK_ATTRIBUTE_PTR,
- CK_ULONG,
- CK_OBJECT_HANDLE_PTR);
-
-typedef CK_RV (* CK_X_GenerateKeyPair) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_MECHANISM_PTR,
- CK_ATTRIBUTE_PTR,
- CK_ULONG,
- CK_ATTRIBUTE_PTR,
- CK_ULONG,
- CK_OBJECT_HANDLE_PTR,
- CK_OBJECT_HANDLE_PTR);
-
-typedef CK_RV (* CK_X_WrapKey) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_MECHANISM_PTR,
- CK_OBJECT_HANDLE,
- CK_OBJECT_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_UnwrapKey) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_MECHANISM_PTR,
- CK_OBJECT_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG,
- CK_ATTRIBUTE_PTR,
- CK_ULONG,
- CK_OBJECT_HANDLE_PTR);
-
-typedef CK_RV (* CK_X_DeriveKey) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_MECHANISM_PTR,
- CK_OBJECT_HANDLE,
- CK_ATTRIBUTE_PTR,
- CK_ULONG,
- CK_OBJECT_HANDLE_PTR);
-
-typedef CK_RV (* CK_X_SeedRandom) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG);
-
-typedef CK_RV (* CK_X_GenerateRandom) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG);
-
-typedef CK_RV (* CK_X_WaitForSlotEvent) (CK_X_FUNCTION_LIST *,
- CK_FLAGS,
- CK_SLOT_ID_PTR,
- CK_VOID_PTR);
-
-struct _CK_X_FUNCTION_LIST {
- CK_VERSION version;
- CK_X_Initialize C_Initialize;
- CK_X_Finalize C_Finalize;
- CK_X_GetInfo C_GetInfo;
- CK_X_GetSlotList C_GetSlotList;
- CK_X_GetSlotInfo C_GetSlotInfo;
- CK_X_GetTokenInfo C_GetTokenInfo;
- CK_X_GetMechanismList C_GetMechanismList;
- CK_X_GetMechanismInfo C_GetMechanismInfo;
- CK_X_InitToken C_InitToken;
- CK_X_InitPIN C_InitPIN;
- CK_X_SetPIN C_SetPIN;
- CK_X_OpenSession C_OpenSession;
- CK_X_CloseSession C_CloseSession;
- CK_X_CloseAllSessions C_CloseAllSessions;
- CK_X_GetSessionInfo C_GetSessionInfo;
- CK_X_GetOperationState C_GetOperationState;
- CK_X_SetOperationState C_SetOperationState;
- CK_X_Login C_Login;
- CK_X_Logout C_Logout;
- CK_X_CreateObject C_CreateObject;
- CK_X_CopyObject C_CopyObject;
- CK_X_DestroyObject C_DestroyObject;
- CK_X_GetObjectSize C_GetObjectSize;
- CK_X_GetAttributeValue C_GetAttributeValue;
- CK_X_SetAttributeValue C_SetAttributeValue;
- CK_X_FindObjectsInit C_FindObjectsInit;
- CK_X_FindObjects C_FindObjects;
- CK_X_FindObjectsFinal C_FindObjectsFinal;
- CK_X_EncryptInit C_EncryptInit;
- CK_X_Encrypt C_Encrypt;
- CK_X_EncryptUpdate C_EncryptUpdate;
- CK_X_EncryptFinal C_EncryptFinal;
- CK_X_DecryptInit C_DecryptInit;
- CK_X_Decrypt C_Decrypt;
- CK_X_DecryptUpdate C_DecryptUpdate;
- CK_X_DecryptFinal C_DecryptFinal;
- CK_X_DigestInit C_DigestInit;
- CK_X_Digest C_Digest;
- CK_X_DigestUpdate C_DigestUpdate;
- CK_X_DigestKey C_DigestKey;
- CK_X_DigestFinal C_DigestFinal;
- CK_X_SignInit C_SignInit;
- CK_X_Sign C_Sign;
- CK_X_SignUpdate C_SignUpdate;
- CK_X_SignFinal C_SignFinal;
- CK_X_SignRecoverInit C_SignRecoverInit;
- CK_X_SignRecover C_SignRecover;
- CK_X_VerifyInit C_VerifyInit;
- CK_X_Verify C_Verify;
- CK_X_VerifyUpdate C_VerifyUpdate;
- CK_X_VerifyFinal C_VerifyFinal;
- CK_X_VerifyRecoverInit C_VerifyRecoverInit;
- CK_X_VerifyRecover C_VerifyRecover;
- CK_X_DigestEncryptUpdate C_DigestEncryptUpdate;
- CK_X_DecryptDigestUpdate C_DecryptDigestUpdate;
- CK_X_SignEncryptUpdate C_SignEncryptUpdate;
- CK_X_DecryptVerifyUpdate C_DecryptVerifyUpdate;
- CK_X_GenerateKey C_GenerateKey;
- CK_X_GenerateKeyPair C_GenerateKeyPair;
- CK_X_WrapKey C_WrapKey;
- CK_X_UnwrapKey C_UnwrapKey;
- CK_X_DeriveKey C_DeriveKey;
- CK_X_SeedRandom C_SeedRandom;
- CK_X_GenerateRandom C_GenerateRandom;
- CK_X_WaitForSlotEvent C_WaitForSlotEvent;
-};
-
#if defined(__cplusplus)
}
#endif
diff --git a/doc/manual/Makefile.am b/doc/manual/Makefile.am
index 300fc3f..c3dfe2a 100644
--- a/doc/manual/Makefile.am
+++ b/doc/manual/Makefile.am
@@ -56,6 +56,7 @@ IGNORE_HFILES= \
mock.h \
modules.h \
pkcs11.h \
+ pkcs11i.h \
pkcs11x.h \
private.h \
proxy.h \
diff --git a/p11-kit/virtual.h b/p11-kit/virtual.h
index d29ea49..97d2a7c 100644
--- a/p11-kit/virtual.h
+++ b/p11-kit/virtual.h
@@ -36,7 +36,7 @@
#define __P11_VIRTUAL_H__
#include "pkcs11.h"
-#include "pkcs11x.h"
+#include "pkcs11i.h"
#include "array.h"
typedef struct {
diff --git a/trust/builder.c b/trust/builder.c
index 000c723..5066dc6 100644
--- a/trust/builder.c
+++ b/trust/builder.c
@@ -46,6 +46,7 @@
#include "index.h"
#include "message.h"
#include "oid.h"
+#include "pkcs11i.h"
#include "pkcs11x.h"
#include "utf8.h"
#include "x509.h"
diff --git a/trust/persist.c b/trust/persist.c
index eb3ed06..1b41568 100644
--- a/trust/persist.c
+++ b/trust/persist.c
@@ -43,6 +43,7 @@
#include "pem.h"
#include "persist.h"
#include "pkcs11.h"
+#include "pkcs11i.h"
#include "pkcs11x.h"
#include "types.h"
#include "url.h"
diff --git a/trust/test-builder.c b/trust/test-builder.c
index e584741..51d499c 100644
--- a/trust/test-builder.c
+++ b/trust/test-builder.c
@@ -47,6 +47,7 @@
#include "index.h"
#include "message.h"
#include "oid.h"
+#include "pkcs11i.h"
#include "pkcs11x.h"
struct {
diff --git a/trust/test-persist.c b/trust/test-persist.c
index 107f131..68d2033 100644
--- a/trust/test-persist.c
+++ b/trust/test-persist.c
@@ -48,6 +48,7 @@
#include "message.h"
#include "persist.h"
#include "pkcs11.h"
+#include "pkcs11i.h"
#include "pkcs11x.h"
static void