diff options
Diffstat (limited to 'ckcapi.h')
-rw-r--r-- | ckcapi.h | 259 |
1 files changed, 153 insertions, 106 deletions
@@ -1,14 +1,29 @@ + #ifndef CKCAPI_H #define CKCAPI_H -#ifndef ASSERT -#include "assert.h" -#define ASSERT assert -#endif +/* -------------------------------------------------------------------- + * + * Session = CkCapiSession + * - A PKCS#11 Session + * + * Objects = CkCapiObject + * - There's a global list of objects in ckcapi-object.c indexed by + * object handle. + * - The object itself has no attributes or cached data, but knows how + * to load data when needed. + * - Each object has a unique key which guarantees we don't load the + * same object twice with two different object handles. + * + * Object Data = CkCapiObjectData + * - Object Data is owned by the Session + * - Loaded data and/or attributes for an object. + */ #define WIN32_LEAN_AND_MEAN #define _WIN32_WINNT 0x400 #include <windows.h> +#include <wincrypt.h> #define CRYPTOKI_EXPORTS #include "pkcs11/cryptoki.h" @@ -16,36 +31,25 @@ #include "ckcapi-util.h" struct _CkCapiObject; +struct _CkCapiObjectData; struct _CkCapiSession; typedef struct _CkCapiObject CkCapiObject; +typedef struct _CkCapiObjectData CkCapiObjectData; typedef struct _CkCapiSession CkCapiSession; -/* Represents 'any' class in searches */ -#define CKO_ANY CK_INVALID_HANDLE -/* ------------------------------------------------------------------ - * cryptoki-capi.c +/* ------------------------------------------------------------------ + * ckcapi-object.c */ -#define DBG(args) \ - ckcapi_debug args - -void ckcapi_debug(const char* msg, ...); -void ckcapi_lock_global(void); -void ckcapi_unlock_global(void); -CK_RV ckcapi_winerr_to_ckr (DWORD werr); - -CK_RV ckcapi_return_data(CK_VOID_PTR dst, CK_ULONG_PTR dlen, - CK_VOID_PTR src, DWORD slen); - -/* object data ------------------- */ - -typedef CK_RV (*CkCapiGetAttribute)(void* obj, CK_ATTRIBUTE_TYPE type, - CK_VOID_PTR data, CK_ULONG_PTR len); +/* A function to get an attribute from ObjectData */ +typedef CK_RV (*CkCapiGetAttribute)(CkCapiObjectData* objdata, CK_ATTRIBUTE_PTR attr); -typedef void (*CkCapiRelease)(void* value); +/* A function to free some data */ +typedef void (*CkCapiRelease)(void* data); +/* Object data functions */ typedef struct _CkCapiObjectDataVtable { CkCapiGetAttribute get_bool; @@ -56,14 +60,88 @@ typedef struct _CkCapiObjectDataVtable } CkCapiObjectDataVtable; -typedef struct _CkCapiObjectData +/* + * Base class for object data. Different types of + * objects extend this with more detailed data + */ +struct _CkCapiObjectData { CK_OBJECT_HANDLE object; - void* data; const CkCapiObjectDataVtable* data_funcs; +}; + +/* A function to load data for an object */ +typedef CK_RV (*CkCapiLoadData)(CkCapiSession* sess, struct _CkCapiObject* obj, + CkCapiObjectData** objdata); + +/* Object functions */ +typedef struct _CkCapiObjectVtable +{ + CkCapiLoadData load_data; + CkCapiRelease release; } -CkCapiObjectData; +CkCapiObjectVtable; +/* Represents a object we've seen */ +struct _CkCapiObject +{ + CK_OBJECT_HANDLE id; + const CkCapiObjectVtable* obj_funcs; + void* unique_key; + size_t unique_len; +}; + +/* Debug print something about an object */ +#define DBGO(obj, msg) \ + ckcapi_debug("O%d: %s", (obj) ? (obj)->id : 0, (msg)) +#define DBGOD(objdata, msg) \ + ckcapi_debug("O%d: %s", (objdata) ? (objdata)->obj : 0, (msg)) + +CK_OBJECT_HANDLE ckcapi_object_get_max_handle (void); + +CkCapiObject* ckcapi_object_lookup (CkCapiSession* sess, CK_OBJECT_HANDLE obj); + +CK_RV ckcapi_object_register (CkCapiSession* sess, CkCapiObject* obj); + +void ckcapi_object_clear_all (void); + + +CK_BBOOL ckcapi_object_data_match (CkCapiObjectData* objdata, + CK_ATTRIBUTE_PTR matches, CK_ULONG count); + +CK_BBOOL ckcapi_object_data_match_attr (CkCapiObjectData* objdata, + CK_ATTRIBUTE_PTR match); + +CK_RV ckcapi_object_data_get_attrs (CkCapiObjectData* objdata, CK_ATTRIBUTE_PTR attrs, + CK_ULONG count); + +/* + * Each object has a unique key which guarantees that we're + * not loading the same objects over and over again. + * Usually these are contiguous members of a struct. These + * macros help calculate the address and length of such a + * unique key + */ + +/* The unique key starts at the address of the starting struct member */ +#define UNIQUE_KEY_AT(obj, mem) \ + (void*)(&((obj->mem))) + +/* Calculates key length between first and last struct members */ +#define UNIQUE_KEY_LEN(obj, first, last) \ + UNIQUE_KEY_VAR_LEN(obj, first, last, sizeof(obj->last)) + +/* Calcs key len between first and a certain num of bytes past last struct member */ +#define UNIQUE_KEY_VAR_LEN(obj, first, last, len) \ + ((((char*)&((obj->last))) - ((char*)&((obj->first)))) + (len)) + +/* Used internally to have a unique id for different object types */ +enum +{ + OBJECT_CERT = 1, + OBJECT_BUILTIN = 2, + OBJECT_TRUST = 3 +}; /* ------------------------------------------------------------------ * cryptoki-capi-session.c @@ -118,8 +196,8 @@ CK_RV ckcapi_session_get_object_data (CkCapiSession* sess, CkCapiObject* obj, CK_RV ckcapi_session_get_object_data_for (CkCapiSession* sess, CK_OBJECT_HANDLE hand, CkCapiObjectData** objdata); -CK_RV ckcapi_session_set_object_data (CkCapiSession* sess, CkCapiObject* obj, - const CkCapiObjectData* objdata); +void ckcapi_session_take_object_data (CkCapiSession* sess, CkCapiObject* obj, + CkCapiObjectData* objdata); void ckcapi_session_clear_object_data (CkCapiSession* sess, CkCapiObject* obj); @@ -128,80 +206,6 @@ typedef void (*CkCapiEnumObjectData)(CkCapiSession* sess, CkCapiObject* obj, CkC void ckcapi_session_enum_object_data (CkCapiSession* sess, CkCapiEnumObjectData enum_func, void* arg); -/* ------------------------------------------------------------------ - * ckcapi-object.c - */ - -/* Used internally to guarantee uniqueness between object types */ -enum -{ - OBJECT_CERT = 1, - OBJECT_BUILTIN = 2, - OBJECT_TRUST = 3 -}; - - -typedef CK_RV (*CkCapiPurge)(struct _CkCapiObject* obj); -typedef CK_RV (*CkCapiLoadData)(CkCapiSession* sess, struct _CkCapiObject* obj, - CkCapiObjectData* objdata); - -typedef struct _CkCapiObjectVtable -{ - CkCapiLoadData load_data; - CkCapiRelease release; -} -CkCapiObjectVtable; - -/* - * Each object has a unique key which guarantees that we're - * not loading the same objects over and over again. - * Usually these are contiguous members of a struct. These - * macros help calculate the address and length of such a - * unique key - */ - -/* The unique key starts at the address of the starting struct member */ -#define UNIQUE_KEY_AT(obj, mem) \ - (void*)(&((obj->mem))) - -/* Calculates key length between first and last struct members */ -#define UNIQUE_KEY_LEN(obj, first, last) \ - UNIQUE_KEY_VAR_LEN(obj, first, last, sizeof(obj->last)) - -/* Calcs key len between first and a certain num of bytes past last struct member */ -#define UNIQUE_KEY_VAR_LEN(obj, first, last, len) \ - ((((char*)&((obj->last))) - ((char*)&((obj->first)))) + (len)) - -struct _CkCapiObject -{ - CK_OBJECT_HANDLE id; - const CkCapiObjectVtable* obj_funcs; - void* unique_key; - size_t unique_len; -}; - -#define DBGO(obj, msg) \ - ckcapi_debug("O%d: %s", (obj) ? (obj)->id : 0, (msg)) -#define DBGOD(objdata, msg) \ - ckcapi_debug("O%d: %s", (objdata) ? (objdata)->obj : 0, (msg)) - -CK_OBJECT_HANDLE ckcapi_object_get_max_handle (void); - -CkCapiObject* ckcapi_object_lookup (CkCapiSession* sess, CK_OBJECT_HANDLE obj); - -CK_RV ckcapi_object_register (CkCapiSession* sess, CkCapiObject* obj); - -void ckcapi_object_clear_all (void); - - -CK_BBOOL ckcapi_object_data_match (CkCapiObjectData* objdata, - CK_ATTRIBUTE_PTR matches, CK_ULONG count); - -CK_BBOOL ckcapi_object_data_match_attr (CkCapiObjectData* objdata, - CK_ATTRIBUTE_PTR match); - -CK_RV ckcapi_object_data_get_attrs (CkCapiObjectData* objdata, CK_ATTRIBUTE_PTR attrs, - CK_ULONG count); /* ------------------------------------------------------------------- * ckcapi-cert.c @@ -216,8 +220,10 @@ CK_RV ckcapi_cert_find_specific (CkCapiSession* sess, CK_OBJECT_CLASS cls, CK_OBJECT_HANDLE_PTR obj); /* Called by trust stuff */ -CK_RV ckcapi_cert_get_bytes_attribute (void* cert, CK_ATTRIBUTE_TYPE type, - CK_VOID_PTR data, CK_ULONG_PTR len); +CK_RV +ckcapi_cert_certificate_get_bytes(PCCERT_CONTEXT cert, CK_ATTRIBUTE_PTR attr); + +PCCERT_CONTEXT ckcapi_cert_object_data_get_certificate (CkCapiObjectData* objdata); /* ------------------------------------------------------------------- * ckcapi-builtin.c @@ -239,6 +245,47 @@ CK_RV ckcapi_trust_find_specific (CkCapiSession* sess, CK_OBJECT_CLASS cls, CK_ATTRIBUTE_PTR issuer, CK_ATTRIBUTE_PTR serial, CK_OBJECT_HANDLE_PTR obj); +/* ------------------------------------------------------------------ + * cryptoki-capi.c + * + * Module helper and logging functions. + */ + +#define DBG(args) \ + ckcapi_debug args + +void ckcapi_debug (const char* msg, ...); + +/* + * Protect global data with these. + */ +void ckcapi_lock_global (void); +void ckcapi_unlock_global (void); + +/* + * Convert a GetLastError() windows error to a + * PKCS#11 return code. + */ +CK_RV ckcapi_winerr_to_ckr (DWORD werr); + +/* + * This stores data in the output buffer with appropriate + * PKCS#11 codes when the buffer is too short, or the caller + * just wants to know the length, etc. + */ +CK_RV ckcapi_return_data (CK_VOID_PTR dst, CK_ULONG_PTR dlen, + CK_VOID_PTR src, DWORD slen); -#endif /* CRYPTOKI_CAPI_H */ +/* ------------------------------------------------------------------ */ + +#ifndef ASSERT +#include "assert.h" +#define ASSERT assert +#endif + +/* Represents 'any' class in searches */ +#define CKO_ANY CK_INVALID_HANDLE + + +#endif /* CRYPTOKI_CAPI_H */ |