#ifndef _ENGINE_SCT_INTERNAL_H_ #define _ENGINE_SCT_INTERNAL_H_ #include #include #include #include #include #include #include #if defined(_MSC_VER) #pragma comment(lib, "libeay32.lib") #endif #ifdef U64 #undef U64 #endif #include struct load_cert_params; #include "SlotList.h" #include "CertificateList.h" class CardKey; struct enum_certs_s; #define EXTRACT_CARD_KEY(rsastruct) (reinterpret_cast(RSA_get_app_data(rsastruct))) /* * Core module. Actual engine startup/finish code and crypto operations. */ class SecureTokenEngine { public: SecureTokenEngine() { } ~SecureTokenEngine() { } // NOTE: contents of source string will be overwritten for security reasons int setPin(char *pin); int incVerbosity(); int setInitArgs(const char *args); int init(); int finish(); int rsa_finish(RSA *rsa); int loadCertCtrl(ENGINE *e, load_cert_params *p); EVP_PKEY *load_pubkey(const char *s_key_id, UI_METHOD *ui_method, void *callback_data); EVP_PKEY *load_privkey(const char *s_key_id, UI_METHOD *ui_method, void *callback_data); // Caller is required to provide an output buffer of sufficient size, depending on input data's length // and used key material. Improper usage may cause buffer overruns. OpenSSL API's weakness. // Encrypt/Decrypt return size of output data on success, -1 on failure. int rsa_encrypt(int flen, const unsigned char *from, unsigned char *to, const CardKey* ck, int padding); int rsa_decrypt(int flen, const unsigned char *from, unsigned char *to, CardKey* ck, int padding); // Sign/Verify return 1 on success, 0 on failure. int rsa_sign(int type, const unsigned char *msg, unsigned int msglen, unsigned char *sigret, unsigned int *siglen, CardKey* ck); int rsa_verify(int type, const unsigned char *msg, unsigned int msglen, unsigned char *signature, unsigned int siglen, const CardKey* ck); // Return a list of all certificates and the necessary IDs to use them // !! frees up the memory of the previosly returned structure in subsequent calls !! int enumerate_certs(ENGINE *e, enum_certs_s **p); private: EVP_PKEY *encapsule_CardKey(CardKey *ck); act::Blob m_pin; SlotList m_slot_list; std::auto_ptr m_cert_list; }; // Needed in SecureTokenEngine for creation of new RSA key (stubs) as well RSA_METHOD* RSA_get_sct_method(); #endif