You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
109 lines
2.8 KiB
109 lines
2.8 KiB
|
|
#ifndef _ENGINE_SCT_INTERNAL_H_ |
|
#define _ENGINE_SCT_INTERNAL_H_ |
|
|
|
|
|
#include <memory> |
|
#include <list> |
|
#include <vector> |
|
#include <map> |
|
#include <openssl/crypto.h> |
|
#include <openssl/objects.h> |
|
#include <openssl/engine.h> |
|
|
|
#if defined(_MSC_VER) |
|
#pragma comment(lib, "libeay32.lib") |
|
#endif |
|
|
|
#ifdef U64 |
|
#undef U64 |
|
#endif |
|
|
|
#include <actBlob.h> |
|
|
|
struct load_cert_params; |
|
|
|
|
|
|
|
#include "SlotList.h" |
|
#include "CertificateList.h" |
|
|
|
class CardKey; |
|
struct enum_certs_s; |
|
|
|
#define EXTRACT_CARD_KEY(rsastruct) (reinterpret_cast<CardKey*>(RSA_get_app_data(rsastruct))) |
|
|
|
/* |
|
* Core module. Actual engine startup/finish code and crypto operations. |
|
*/ |
|
|
|
class SecureTokenEngine |
|
{ |
|
public: |
|
SecureTokenEngine() { } |
|
~SecureTokenEngine() { } |
|
|
|
/*! Stores pin in internal buffer. |
|
* @note contents of source string will be overwritten for security reasons |
|
*/ |
|
int setPin(char *pin); |
|
|
|
//! debug |
|
int incVerbosity(); |
|
//! not used |
|
int setInitArgs(const char *args); |
|
|
|
//! Initialize PCSC, read slots |
|
int init(); |
|
//! cleanup memory |
|
int finish(); |
|
|
|
//! Deletes OpenSSL rsa structure |
|
int rsa_finish(RSA *rsa); |
|
|
|
//! Read certificate from token |
|
int loadCertCtrl(ENGINE *e, load_cert_params *p); |
|
|
|
//! Get Public Key |
|
EVP_PKEY *load_pubkey(const char *s_key_id, UI_METHOD *ui_method, void *callback_data); |
|
|
|
//! Get Private Key |
|
EVP_PKEY *load_privkey(const char *s_key_id, UI_METHOD *ui_method, void *callback_data); |
|
|
|
/*! @defgroup engSign Crypto Operations |
|
* |
|
* Caller is required to provide an output buffer of sufficient size, |
|
* depending on input data's length |
|
* and used key material. Improper usage may cause buffer overruns. OpenSSL API's weakness. */ |
|
//@{ |
|
|
|
//! Encrypt/Decrypt return size of output data on success, -1 on failure. |
|
int rsa_encrypt(int flen, const unsigned char *from, unsigned char *to, const CardKey* ck, int padding); |
|
int rsa_decrypt(int flen, const unsigned char *from, unsigned char *to, CardKey* ck, int padding); |
|
|
|
//! Sign/Verify return 1 on success, 0 on failure. |
|
int rsa_sign(int type, const unsigned char *msg, unsigned int msglen, unsigned char *sigret, unsigned int *siglen, CardKey* ck); |
|
int rsa_verify(int type, const unsigned char *msg, unsigned int msglen, unsigned char *signature, unsigned int siglen, const CardKey* ck); |
|
|
|
//@} |
|
|
|
/*! Return a list of all certificates and the necessary IDs to use them |
|
@note frees up the memory of the previosly returned structure in |
|
subsequent calls */ |
|
int enumerate_certs(ENGINE *e, enum_certs_s **p); |
|
|
|
private: |
|
|
|
//! Converts CardKey to OpenSSL EVP_PKEY |
|
EVP_PKEY *encapsule_CardKey(CardKey *ck); |
|
|
|
act::Blob m_pin; |
|
SlotList m_slot_list; |
|
std::auto_ptr<CertificateList> m_cert_list; |
|
}; |
|
|
|
//! Needed in SecureTokenEngine for creation of new RSA key (stubs) as well |
|
RSA_METHOD* RSA_get_sct_method(); |
|
|
|
#endif |
|
|
|
|