opensc-sys 0.1.1

FFI bindings to OpenSC
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460

/*
 * Function prototypes for pkcs15-init
 *
 * Copyright (C) 2002 Olaf Kirch <okir@suse.de>
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */

#ifndef PKCS15_INIT_H
#define PKCS15_INIT_H

#ifdef __cplusplus
extern "C" {
#endif

#include "libopensc/pkcs15.h"

#define DEFAULT_PRIVATE_KEY_LABEL "Private Key"
#define DEFAULT_SECRET_KEY_LABEL  "Secret Key"

#define SC_PKCS15INIT_X509_DIGITAL_SIGNATURE     0x0080UL
#define SC_PKCS15INIT_X509_NON_REPUDIATION       0x0040UL
#define SC_PKCS15INIT_X509_KEY_ENCIPHERMENT      0x0020UL
#define SC_PKCS15INIT_X509_DATA_ENCIPHERMENT     0x0010UL
#define SC_PKCS15INIT_X509_KEY_AGREEMENT         0x0008UL
#define SC_PKCS15INIT_X509_KEY_CERT_SIGN         0x0004UL
#define SC_PKCS15INIT_X509_CRL_SIGN              0x0002UL

typedef struct sc_profile sc_profile_t; /* opaque type */

struct sc_pkcs15init_operations {
	/*
	 * Erase everything that's on the card
	 */
	int	(*erase_card)(struct sc_profile *, struct sc_pkcs15_card *);

	/*
	 * New style API
	 */

	/*
	 * Card-specific initialization of PKCS15 meta-information.
	 * Currently used by the cflex driver to read the card's
	 * serial number and use it as the pkcs15 serial number.
	 */
	int	(*init_card)(struct sc_profile *, struct sc_pkcs15_card *);

	/*
	 * Create a DF
	 */
	int	(*create_dir)(struct sc_profile *, struct sc_pkcs15_card *, struct sc_file *);

	/*
	 * Create a "pin domain". This is for cards such as
	 * the cryptoflex that need to put their pins into
	 * separate directories
	 */
	int	(*create_domain)(struct sc_profile *, struct sc_pkcs15_card *,
			const struct sc_pkcs15_id *, struct sc_file **);

	/*
	 * Select a PIN reference
	 */
	int	(*select_pin_reference)(struct sc_profile *, struct sc_pkcs15_card *,
			struct sc_pkcs15_auth_info *);

	/*
	 * Create a PIN object within the given DF.
	 *
	 * The pin_info object is completely filled in by the caller.
	 * The card driver can reject the pin reference; in this case
	 * the caller needs to adjust it.
	 */
	int	(*create_pin)(struct sc_profile *, struct sc_pkcs15_card *, struct sc_file *,
			struct sc_pkcs15_object *,
			const unsigned char *, size_t,
			const unsigned char *, size_t);

	/*
	 * Select a reference for a private key object
	 */
	int	(*select_key_reference)(struct sc_profile *, struct sc_pkcs15_card *,
			struct sc_pkcs15_prkey_info *);

	/*
	 * Create an empty key object.
	 * @index is the number key objects already on the card.
	 * @pin_info contains information on the PIN protecting
	 *		the key. NULL if the key should be
	 *		unprotected.
	 * @key_info should be filled in by the function
	 */
	int	(*create_key)(struct sc_profile *, struct sc_pkcs15_card *,
			struct sc_pkcs15_object *);

	/*
	 * Store a key on the card
	 */
	int	(*store_key)(struct sc_profile *, struct sc_pkcs15_card *,
			struct sc_pkcs15_object *,
			struct sc_pkcs15_prkey *);

	/*
	 * Generate key
	 */
	int	(*generate_key)(struct sc_profile *, struct sc_pkcs15_card *,
			struct sc_pkcs15_object *,
			struct sc_pkcs15_pubkey *);

	/*
	 * Encode private/public key
	 * These are used mostly by the Cryptoflex/Cyberflex drivers.
	 */
	int	(*encode_private_key)(struct sc_profile *, struct sc_card *,
			struct sc_pkcs15_prkey_rsa *,
			unsigned char *, size_t *, int);
	int	(*encode_public_key)(struct sc_profile *, struct sc_card *,
			struct sc_pkcs15_prkey_rsa *,
			unsigned char *, size_t *, int);

	/*
	 * Finalize card
	 * Ends the initialization phase of the smart card/token
	 * (actually this command is currently only for starcos spk 2.3
	 * cards).
	 */
	int	(*finalize_card)(struct sc_card *);

	/*
	 * Delete object
	 */
	int (*delete_object)(struct sc_profile *, struct sc_pkcs15_card *,
			struct sc_pkcs15_object *, const struct sc_path *);

	/*
	 * Support of pkcs15init emulation
	 */
	int (*emu_update_dir) (struct sc_profile *, struct sc_pkcs15_card *,
			struct sc_app_info *);
	int (*emu_update_any_df) (struct sc_profile *, struct sc_pkcs15_card *,
			unsigned, struct sc_pkcs15_object *);
	int (*emu_update_tokeninfo) (struct sc_profile *, struct sc_pkcs15_card *,
			struct sc_pkcs15_tokeninfo *);
	int (*emu_write_info)(struct sc_profile *, struct sc_pkcs15_card *,
		struct sc_pkcs15_object *);
	int (*emu_store_data)(struct sc_pkcs15_card *, struct sc_profile *, struct sc_pkcs15_object *,
			struct sc_pkcs15_der *, struct sc_path *);

	int (*sanity_check)(struct sc_profile *, struct sc_pkcs15_card *);
};

/* Do not change these or reorder these */
#define SC_PKCS15INIT_ID_STYLE_NATIVE		0
#define SC_PKCS15INIT_ID_STYLE_MOZILLA		1
#define SC_PKCS15INIT_ID_STYLE_RFC2459		2

#define SC_PKCS15INIT_SO_PIN		0
#define SC_PKCS15INIT_SO_PUK		1
#define SC_PKCS15INIT_USER_PIN		2
#define SC_PKCS15INIT_USER_PUK		3
#define SC_PKCS15INIT_NPINS		4

#define SC_PKCS15INIT_MD_STYLE_NONE	0
#define SC_PKCS15INIT_MD_STYLE_GEMALTO	1

struct sc_pkcs15init_callbacks {
	/*
	 * Get a PIN from the front-end. The first argument is
	 * one of the SC_PKCS15INIT_XXX_PIN/PUK macros.
	 */
	int	(*get_pin)(struct sc_profile *, int, const struct sc_pkcs15_auth_info *,
				const char *, unsigned char *, size_t *);

	/*
	 * Get a transport/secure messaging key from the front-end.
	 */
	int	(*get_key)(struct sc_profile *, int, int,
				const unsigned char *, size_t,
				unsigned char *, size_t *);
};

struct sc_pkcs15init_initargs {
	const unsigned char *	so_pin;
	size_t			so_pin_len;
	const unsigned char *	so_puk;
	size_t			so_puk_len;
	const char *		so_pin_label;
	const char *		label;
	const char *		serial;
};

struct sc_pkcs15init_pinargs {
	struct sc_pkcs15_id	auth_id;
	const char *		label;
	const unsigned char *	pin;
	size_t			pin_len;

	struct sc_pkcs15_id	puk_id;
	const char *		puk_label;
	const unsigned char *	puk;
	size_t			puk_len;
};

struct sc_pkcs15init_keyarg_gost_params {
	unsigned char gostr3410, gostr3411, gost28147;
};

struct sc_pkcs15init_prkeyargs {
	/* TODO: member for private key algorithm: currently is used algorithm from 'key' member */
	struct sc_pkcs15_id	id;
	struct sc_pkcs15_id	auth_id;
	char *label;
	unsigned char *guid;
	size_t guid_len;
	unsigned long		usage;
	unsigned long		x509_usage;
	unsigned int		flags;
	unsigned int		access_flags;
	int			user_consent;

	union {
		struct sc_pkcs15init_keyarg_gost_params gost;
	} params;

	struct sc_pkcs15_prkey	key;
};

struct sc_pkcs15init_keygen_args {
	struct sc_pkcs15init_prkeyargs prkey_args;
	const char *                   pubkey_label;
};

struct sc_pkcs15init_pubkeyargs {
	struct sc_pkcs15_id	id;
	struct sc_pkcs15_id	auth_id;
	const char *		label;
	unsigned long		usage;
	unsigned long		x509_usage;

	union {
		struct sc_pkcs15init_keyarg_gost_params gost;
	} params;

	struct sc_pkcs15_pubkey	key;
};

struct sc_pkcs15init_dataargs {
	struct sc_pkcs15_id	id;
	const char *		label;
	struct sc_pkcs15_id	auth_id;
	const char *		app_label;
	struct sc_object_id	app_oid;

	struct sc_pkcs15_der	der_encoded; /* Wrong name: is not DER encoded */
};

struct sc_pkcs15init_skeyargs {
	struct sc_pkcs15_id	id;
	struct sc_pkcs15_id	auth_id;
	const char *		label;
	unsigned long		usage;
	unsigned int		flags;
	unsigned int		access_flags;
	unsigned long		algorithm; /* User requested algorithm */
	unsigned long		value_len; /* User requested length */
	int			session_object;	 /* If nonzero. this is a session object, which will
						be cleared from card when the session is closed.*/
	int			user_consent;
	struct sc_pkcs15_skey	key;
};

struct sc_pkcs15init_certargs {
	struct sc_pkcs15_id	id;
	const char *		label;
	int update;

	unsigned long		x509_usage;
	unsigned char		authority;
	struct sc_pkcs15_der	der_encoded;
};

#define P15_ATTR_TYPE_LABEL	0
#define P15_ATTR_TYPE_ID	1
#define P15_ATTR_TYPE_VALUE	2


extern struct	sc_pkcs15_object *sc_pkcs15init_new_object(int, const char *,
				struct sc_pkcs15_id *, void *);
extern void		sc_pkcs15init_free_object(struct sc_pkcs15_object *);
extern void	sc_pkcs15init_set_callbacks(struct sc_pkcs15init_callbacks *);
extern int	sc_pkcs15init_bind(struct sc_card *, const char *, const char *,
				struct sc_app_info *app_info, struct sc_profile **);
extern void	sc_pkcs15init_unbind(struct sc_profile *);
extern void	sc_pkcs15init_set_p15card(struct sc_profile *,
				struct sc_pkcs15_card *);
extern int	sc_pkcs15init_set_lifecycle(struct sc_card *, int);
extern int	sc_pkcs15init_erase_card(struct sc_pkcs15_card *,
				struct sc_profile *, struct sc_aid *);
/* XXX could this function be merged with ..._set_lifecycle ?? */
extern int	sc_pkcs15init_finalize_card(struct sc_card *,
				struct sc_profile *);
extern int	sc_pkcs15init_add_app(struct sc_card *,
				struct sc_profile *,
				struct sc_pkcs15init_initargs *);
extern int	sc_pkcs15init_store_pin(struct sc_pkcs15_card *,
				struct sc_profile *,
				struct sc_pkcs15init_pinargs *);
extern int	sc_pkcs15init_generate_key(struct sc_pkcs15_card *,
				struct sc_profile *,
				struct sc_pkcs15init_keygen_args *,
				unsigned int keybits,
				struct sc_pkcs15_object **);
extern int	sc_pkcs15init_generate_secret_key(struct sc_pkcs15_card *,
				struct sc_profile *,
				struct sc_pkcs15init_skeyargs *,
				struct sc_pkcs15_object **);
extern int	sc_pkcs15init_store_private_key(struct sc_pkcs15_card *,
				struct sc_profile *,
				struct sc_pkcs15init_prkeyargs *,
				struct sc_pkcs15_object **);
extern int	sc_pkcs15init_store_split_key(struct sc_pkcs15_card *,
				struct sc_profile *,
				struct sc_pkcs15init_prkeyargs *,
				struct sc_pkcs15_object **,
				struct sc_pkcs15_object **);
extern int	sc_pkcs15init_store_public_key(struct sc_pkcs15_card *,
				struct sc_profile *,
				struct sc_pkcs15init_pubkeyargs *,
				struct sc_pkcs15_object **);
extern int	sc_pkcs15init_store_secret_key(struct sc_pkcs15_card *,
				struct sc_profile *,
				struct sc_pkcs15init_skeyargs *,
				struct sc_pkcs15_object **);
extern int	sc_pkcs15init_store_certificate(struct sc_pkcs15_card *,
				struct sc_profile *,
				struct sc_pkcs15init_certargs *,
				struct sc_pkcs15_object **);
extern int	sc_pkcs15init_store_data_object(struct sc_pkcs15_card *,
				struct sc_profile *,
				struct sc_pkcs15init_dataargs *,
				struct sc_pkcs15_object **);
/* Change the value of a pkcs15 attribute.
 * new_attrib_type can (currently) be either P15_ATTR_TYPE_LABEL or
 *   P15_ATTR_TYPE_ID.
 * If P15_ATTR_TYPE_LABEL, then *new_value is a struct sc_pkcs15_id;
 * If P15_ATTR_TYPE_ID, then *new_value is a char array.
 */
extern int	sc_pkcs15init_change_attrib(struct sc_pkcs15_card *,
				struct sc_profile *,
				struct sc_pkcs15_object *,
				int,
				void *,
				int);
extern int	sc_pkcs15init_add_object(struct sc_pkcs15_card *,
			struct sc_profile *profile,
			unsigned int,
			struct sc_pkcs15_object *);
extern int	sc_pkcs15init_delete_object(struct sc_pkcs15_card *,
				struct sc_profile *,
				struct sc_pkcs15_object *);
/* Replace an existing cert with a new one, which is assumed to be
 * compatible with the corresponding private key (e.g. the old and
 * new cert should have the same public key).
 */
extern int	sc_pkcs15init_update_certificate(struct sc_pkcs15_card *,
				struct sc_profile *,
				struct sc_pkcs15_object *,
				const unsigned char *,
				size_t);

extern int	sc_pkcs15init_create_file(struct sc_profile *,
				struct sc_pkcs15_card *, struct sc_file *);
extern int	sc_pkcs15init_update_file(struct sc_profile *,
				struct sc_pkcs15_card *, struct sc_file *, void *, unsigned int);
extern int	sc_pkcs15init_authenticate(struct sc_profile *, struct sc_pkcs15_card *,
				struct sc_file *, int);
extern int	sc_pkcs15init_fixup_file(struct sc_profile *, struct sc_pkcs15_card *,
				struct sc_file *);
extern int	sc_pkcs15init_get_pin_info(struct sc_profile *, int, struct sc_pkcs15_auth_info *);
extern int	sc_profile_get_pin_retries(struct sc_profile *, int);
extern int	sc_pkcs15init_get_manufacturer(struct sc_profile *,
				const char **);
extern int	sc_pkcs15init_get_serial(struct sc_profile *, const char **);
extern int	sc_pkcs15init_set_serial(struct sc_profile *, const char *);

extern int	sc_pkcs15init_verify_secret(struct sc_profile *, struct sc_pkcs15_card *,
				sc_file_t *,  unsigned int, int);
extern int	sc_pkcs15init_delete_by_path(struct sc_profile *,
				struct sc_pkcs15_card *, const struct sc_path *);
extern int	sc_pkcs15init_update_any_df(struct sc_pkcs15_card *, struct sc_profile *,
			struct sc_pkcs15_df *, int);
extern int	sc_pkcs15init_select_intrinsic_id(struct sc_pkcs15_card *, struct sc_profile *,
			int, struct sc_pkcs15_id *, void *);

/* Erasing the card structure via rm -rf */
extern int	sc_pkcs15init_erase_card_recursively(struct sc_pkcs15_card *,
				struct sc_profile *);
extern int	sc_pkcs15init_rmdir(struct sc_pkcs15_card *, struct sc_profile *,
				struct sc_file *);

extern int	sc_pkcs15_create_pin_domain(struct sc_profile *, struct sc_pkcs15_card *,
				const struct sc_pkcs15_id *, struct sc_file **);

extern int	sc_pkcs15init_get_pin_reference(struct sc_pkcs15_card *,
				struct sc_profile *, unsigned, int);

extern int	sc_pkcs15init_sanity_check(struct sc_pkcs15_card *, struct sc_profile *);

extern int	sc_pkcs15init_finalize_profile(struct sc_card *card, struct sc_profile *profile,
		                struct sc_aid *aid);

extern int	sc_pkcs15init_unwrap_key(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
		struct sc_pkcs15_object *key, u8* wrapped_key, size_t wrapped_key_len,
		struct sc_pkcs15init_skeyargs *keyargs, struct sc_pkcs15_object **res_obj);



extern struct sc_pkcs15init_operations *sc_pkcs15init_get_gpk_ops(void);
extern struct sc_pkcs15init_operations *sc_pkcs15init_get_miocos_ops(void);
extern struct sc_pkcs15init_operations *sc_pkcs15init_get_cryptoflex_ops(void);
extern struct sc_pkcs15init_operations *sc_pkcs15init_get_cyberflex_ops(void);
extern struct sc_pkcs15init_operations *sc_pkcs15init_get_cardos_ops(void);
extern struct sc_pkcs15init_operations *sc_pkcs15init_get_jcop_ops(void);
extern struct sc_pkcs15init_operations *sc_pkcs15init_get_starcos_ops(void);
extern struct sc_pkcs15init_operations *sc_pkcs15init_get_oberthur_ops(void);
extern struct sc_pkcs15init_operations *sc_pkcs15init_get_setcos_ops(void);
extern struct sc_pkcs15init_operations *sc_pkcs15init_get_incrypto34_ops(void);
extern struct sc_pkcs15init_operations *sc_pkcs15init_get_muscle_ops(void);
extern struct sc_pkcs15init_operations *sc_pkcs15init_get_asepcos_ops(void);
extern struct sc_pkcs15init_operations *sc_pkcs15init_get_rutoken_ops(void);
extern struct sc_pkcs15init_operations *sc_pkcs15init_get_entersafe_ops(void);
extern struct sc_pkcs15init_operations *sc_pkcs15init_get_epass2003_ops(void);
extern struct sc_pkcs15init_operations *sc_pkcs15init_get_rtecp_ops(void);
extern struct sc_pkcs15init_operations *sc_pkcs15init_get_westcos_ops(void);
extern struct sc_pkcs15init_operations *sc_pkcs15init_get_myeid_ops(void);
extern struct sc_pkcs15init_operations *sc_pkcs15init_get_authentic_ops(void);
extern struct sc_pkcs15init_operations *sc_pkcs15init_get_iasecc_ops(void);
extern struct sc_pkcs15init_operations *sc_pkcs15init_get_piv_ops(void);
extern struct sc_pkcs15init_operations *sc_pkcs15init_get_openpgp_ops(void);
extern struct sc_pkcs15init_operations *sc_pkcs15init_get_sc_hsm_ops(void);
extern struct sc_pkcs15init_operations *sc_pkcs15init_get_isoApplet_ops(void);
extern struct sc_pkcs15init_operations *sc_pkcs15init_get_gids_ops(void);

#ifdef __cplusplus
}
#endif

#endif /* PKCS15_INIT_H */