summaryrefslogtreecommitdiff
path: root/ckcapi.h
diff options
context:
space:
mode:
Diffstat (limited to 'ckcapi.h')
-rw-r--r--ckcapi.h259
1 files changed, 153 insertions, 106 deletions
diff --git a/ckcapi.h b/ckcapi.h
index 4e69c0d..f166528 100644
--- a/ckcapi.h
+++ b/ckcapi.h
@@ -1,14 +1,29 @@
+
#ifndef CKCAPI_H
#define CKCAPI_H
-#ifndef ASSERT
-#include "assert.h"
-#define ASSERT assert
-#endif
+/* --------------------------------------------------------------------
+ *
+ * Session = CkCapiSession
+ * - A PKCS#11 Session
+ *
+ * Objects = CkCapiObject
+ * - There's a global list of objects in ckcapi-object.c indexed by
+ * object handle.
+ * - The object itself has no attributes or cached data, but knows how
+ * to load data when needed.
+ * - Each object has a unique key which guarantees we don't load the
+ * same object twice with two different object handles.
+ *
+ * Object Data = CkCapiObjectData
+ * - Object Data is owned by the Session
+ * - Loaded data and/or attributes for an object.
+ */
#define WIN32_LEAN_AND_MEAN
#define _WIN32_WINNT 0x400
#include <windows.h>
+#include <wincrypt.h>
#define CRYPTOKI_EXPORTS
#include "pkcs11/cryptoki.h"
@@ -16,36 +31,25 @@
#include "ckcapi-util.h"
struct _CkCapiObject;
+struct _CkCapiObjectData;
struct _CkCapiSession;
typedef struct _CkCapiObject CkCapiObject;
+typedef struct _CkCapiObjectData CkCapiObjectData;
typedef struct _CkCapiSession CkCapiSession;
-/* Represents 'any' class in searches */
-#define CKO_ANY CK_INVALID_HANDLE
-/* ------------------------------------------------------------------
- * cryptoki-capi.c
+/* ------------------------------------------------------------------
+ * ckcapi-object.c
*/
-#define DBG(args) \
- ckcapi_debug args
-
-void ckcapi_debug(const char* msg, ...);
-void ckcapi_lock_global(void);
-void ckcapi_unlock_global(void);
-CK_RV ckcapi_winerr_to_ckr (DWORD werr);
-
-CK_RV ckcapi_return_data(CK_VOID_PTR dst, CK_ULONG_PTR dlen,
- CK_VOID_PTR src, DWORD slen);
-
-/* object data ------------------- */
-
-typedef CK_RV (*CkCapiGetAttribute)(void* obj, CK_ATTRIBUTE_TYPE type,
- CK_VOID_PTR data, CK_ULONG_PTR len);
+/* A function to get an attribute from ObjectData */
+typedef CK_RV (*CkCapiGetAttribute)(CkCapiObjectData* objdata, CK_ATTRIBUTE_PTR attr);
-typedef void (*CkCapiRelease)(void* value);
+/* A function to free some data */
+typedef void (*CkCapiRelease)(void* data);
+/* Object data functions */
typedef struct _CkCapiObjectDataVtable
{
CkCapiGetAttribute get_bool;
@@ -56,14 +60,88 @@ typedef struct _CkCapiObjectDataVtable
}
CkCapiObjectDataVtable;
-typedef struct _CkCapiObjectData
+/*
+ * Base class for object data. Different types of
+ * objects extend this with more detailed data
+ */
+struct _CkCapiObjectData
{
CK_OBJECT_HANDLE object;
- void* data;
const CkCapiObjectDataVtable* data_funcs;
+};
+
+/* A function to load data for an object */
+typedef CK_RV (*CkCapiLoadData)(CkCapiSession* sess, struct _CkCapiObject* obj,
+ CkCapiObjectData** objdata);
+
+/* Object functions */
+typedef struct _CkCapiObjectVtable
+{
+ CkCapiLoadData load_data;
+ CkCapiRelease release;
}
-CkCapiObjectData;
+CkCapiObjectVtable;
+/* Represents a object we've seen */
+struct _CkCapiObject
+{
+ CK_OBJECT_HANDLE id;
+ const CkCapiObjectVtable* obj_funcs;
+ void* unique_key;
+ size_t unique_len;
+};
+
+/* Debug print something about an object */
+#define DBGO(obj, msg) \
+ ckcapi_debug("O%d: %s", (obj) ? (obj)->id : 0, (msg))
+#define DBGOD(objdata, msg) \
+ ckcapi_debug("O%d: %s", (objdata) ? (objdata)->obj : 0, (msg))
+
+CK_OBJECT_HANDLE ckcapi_object_get_max_handle (void);
+
+CkCapiObject* ckcapi_object_lookup (CkCapiSession* sess, CK_OBJECT_HANDLE obj);
+
+CK_RV ckcapi_object_register (CkCapiSession* sess, CkCapiObject* obj);
+
+void ckcapi_object_clear_all (void);
+
+
+CK_BBOOL ckcapi_object_data_match (CkCapiObjectData* objdata,
+ CK_ATTRIBUTE_PTR matches, CK_ULONG count);
+
+CK_BBOOL ckcapi_object_data_match_attr (CkCapiObjectData* objdata,
+ CK_ATTRIBUTE_PTR match);
+
+CK_RV ckcapi_object_data_get_attrs (CkCapiObjectData* objdata, CK_ATTRIBUTE_PTR attrs,
+ CK_ULONG count);
+
+/*
+ * Each object has a unique key which guarantees that we're
+ * not loading the same objects over and over again.
+ * Usually these are contiguous members of a struct. These
+ * macros help calculate the address and length of such a
+ * unique key
+ */
+
+/* The unique key starts at the address of the starting struct member */
+#define UNIQUE_KEY_AT(obj, mem) \
+ (void*)(&((obj->mem)))
+
+/* Calculates key length between first and last struct members */
+#define UNIQUE_KEY_LEN(obj, first, last) \
+ UNIQUE_KEY_VAR_LEN(obj, first, last, sizeof(obj->last))
+
+/* Calcs key len between first and a certain num of bytes past last struct member */
+#define UNIQUE_KEY_VAR_LEN(obj, first, last, len) \
+ ((((char*)&((obj->last))) - ((char*)&((obj->first)))) + (len))
+
+/* Used internally to have a unique id for different object types */
+enum
+{
+ OBJECT_CERT = 1,
+ OBJECT_BUILTIN = 2,
+ OBJECT_TRUST = 3
+};
/* ------------------------------------------------------------------
* cryptoki-capi-session.c
@@ -118,8 +196,8 @@ CK_RV ckcapi_session_get_object_data (CkCapiSession* sess, CkCapiObject* obj,
CK_RV ckcapi_session_get_object_data_for (CkCapiSession* sess, CK_OBJECT_HANDLE hand,
CkCapiObjectData** objdata);
-CK_RV ckcapi_session_set_object_data (CkCapiSession* sess, CkCapiObject* obj,
- const CkCapiObjectData* objdata);
+void ckcapi_session_take_object_data (CkCapiSession* sess, CkCapiObject* obj,
+ CkCapiObjectData* objdata);
void ckcapi_session_clear_object_data (CkCapiSession* sess, CkCapiObject* obj);
@@ -128,80 +206,6 @@ typedef void (*CkCapiEnumObjectData)(CkCapiSession* sess, CkCapiObject* obj, CkC
void ckcapi_session_enum_object_data (CkCapiSession* sess, CkCapiEnumObjectData enum_func, void* arg);
-/* ------------------------------------------------------------------
- * ckcapi-object.c
- */
-
-/* Used internally to guarantee uniqueness between object types */
-enum
-{
- OBJECT_CERT = 1,
- OBJECT_BUILTIN = 2,
- OBJECT_TRUST = 3
-};
-
-
-typedef CK_RV (*CkCapiPurge)(struct _CkCapiObject* obj);
-typedef CK_RV (*CkCapiLoadData)(CkCapiSession* sess, struct _CkCapiObject* obj,
- CkCapiObjectData* objdata);
-
-typedef struct _CkCapiObjectVtable
-{
- CkCapiLoadData load_data;
- CkCapiRelease release;
-}
-CkCapiObjectVtable;
-
-/*
- * Each object has a unique key which guarantees that we're
- * not loading the same objects over and over again.
- * Usually these are contiguous members of a struct. These
- * macros help calculate the address and length of such a
- * unique key
- */
-
-/* The unique key starts at the address of the starting struct member */
-#define UNIQUE_KEY_AT(obj, mem) \
- (void*)(&((obj->mem)))
-
-/* Calculates key length between first and last struct members */
-#define UNIQUE_KEY_LEN(obj, first, last) \
- UNIQUE_KEY_VAR_LEN(obj, first, last, sizeof(obj->last))
-
-/* Calcs key len between first and a certain num of bytes past last struct member */
-#define UNIQUE_KEY_VAR_LEN(obj, first, last, len) \
- ((((char*)&((obj->last))) - ((char*)&((obj->first)))) + (len))
-
-struct _CkCapiObject
-{
- CK_OBJECT_HANDLE id;
- const CkCapiObjectVtable* obj_funcs;
- void* unique_key;
- size_t unique_len;
-};
-
-#define DBGO(obj, msg) \
- ckcapi_debug("O%d: %s", (obj) ? (obj)->id : 0, (msg))
-#define DBGOD(objdata, msg) \
- ckcapi_debug("O%d: %s", (objdata) ? (objdata)->obj : 0, (msg))
-
-CK_OBJECT_HANDLE ckcapi_object_get_max_handle (void);
-
-CkCapiObject* ckcapi_object_lookup (CkCapiSession* sess, CK_OBJECT_HANDLE obj);
-
-CK_RV ckcapi_object_register (CkCapiSession* sess, CkCapiObject* obj);
-
-void ckcapi_object_clear_all (void);
-
-
-CK_BBOOL ckcapi_object_data_match (CkCapiObjectData* objdata,
- CK_ATTRIBUTE_PTR matches, CK_ULONG count);
-
-CK_BBOOL ckcapi_object_data_match_attr (CkCapiObjectData* objdata,
- CK_ATTRIBUTE_PTR match);
-
-CK_RV ckcapi_object_data_get_attrs (CkCapiObjectData* objdata, CK_ATTRIBUTE_PTR attrs,
- CK_ULONG count);
/* -------------------------------------------------------------------
* ckcapi-cert.c
@@ -216,8 +220,10 @@ CK_RV ckcapi_cert_find_specific (CkCapiSession* sess, CK_OBJECT_CLASS cls,
CK_OBJECT_HANDLE_PTR obj);
/* Called by trust stuff */
-CK_RV ckcapi_cert_get_bytes_attribute (void* cert, CK_ATTRIBUTE_TYPE type,
- CK_VOID_PTR data, CK_ULONG_PTR len);
+CK_RV
+ckcapi_cert_certificate_get_bytes(PCCERT_CONTEXT cert, CK_ATTRIBUTE_PTR attr);
+
+PCCERT_CONTEXT ckcapi_cert_object_data_get_certificate (CkCapiObjectData* objdata);
/* -------------------------------------------------------------------
* ckcapi-builtin.c
@@ -239,6 +245,47 @@ CK_RV ckcapi_trust_find_specific (CkCapiSession* sess, CK_OBJECT_CLASS cls,
CK_ATTRIBUTE_PTR issuer, CK_ATTRIBUTE_PTR serial,
CK_OBJECT_HANDLE_PTR obj);
+/* ------------------------------------------------------------------
+ * cryptoki-capi.c
+ *
+ * Module helper and logging functions.
+ */
+
+#define DBG(args) \
+ ckcapi_debug args
+
+void ckcapi_debug (const char* msg, ...);
+
+/*
+ * Protect global data with these.
+ */
+void ckcapi_lock_global (void);
+void ckcapi_unlock_global (void);
+
+/*
+ * Convert a GetLastError() windows error to a
+ * PKCS#11 return code.
+ */
+CK_RV ckcapi_winerr_to_ckr (DWORD werr);
+
+/*
+ * This stores data in the output buffer with appropriate
+ * PKCS#11 codes when the buffer is too short, or the caller
+ * just wants to know the length, etc.
+ */
+CK_RV ckcapi_return_data (CK_VOID_PTR dst, CK_ULONG_PTR dlen,
+ CK_VOID_PTR src, DWORD slen);
-#endif /* CRYPTOKI_CAPI_H */
+/* ------------------------------------------------------------------ */
+
+#ifndef ASSERT
+#include "assert.h"
+#define ASSERT assert
+#endif
+
+/* Represents 'any' class in searches */
+#define CKO_ANY CK_INVALID_HANDLE
+
+
+#endif /* CRYPTOKI_CAPI_H */
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-07 00:30:31 +0000