c004ca7ddbde5621c2d1d0912d33c4aa5ebfc067
[strongswan.git] / src / pluto / smartcard.h
1 /* Support of smartcards and cryptotokens
2 * Copyright (C) 2003 Christoph Gysin, Simon Zwahlen
3 * Copyright (C) 2004 David Buechi, Michael Meier
4 * Zuercher Hochschule Winterthur
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 *
16 * RCSID $Id: smartcard.h,v 1.14 2005/11/06 22:55:41 as Exp $
17 */
18
19 #ifndef _SMARTCARD_H
20 #define _SMARTCARD_H
21
22 #include "certs.h"
23
24 #define SCX_TOKEN "%smartcard"
25 #define SCX_CERT_CACHE_INTERVAL 60 /* seconds */
26 #define SCX_MAX_PIN_TRIALS 3
27
28 /* smartcard operations */
29
30 typedef enum {
31 SC_OP_NONE = 0,
32 SC_OP_ENCRYPT = 1,
33 SC_OP_DECRYPT = 2,
34 SC_OP_SIGN = 3,
35 } sc_op_t;
36
37 /* smartcard record */
38
39 typedef struct smartcard smartcard_t;
40
41 struct smartcard {
42 smartcard_t *next;
43 time_t last_load;
44 cert_t last_cert;
45 int count;
46 int number;
47 unsigned long slot;
48 char *id;
49 char *label;
50 chunk_t pin;
51 bool pinpad;
52 bool valid;
53 bool session_opened;
54 bool logged_in;
55 bool any_slot;
56 long session;
57 };
58
59 extern const smartcard_t empty_sc;
60
61 /* keep a PKCS#11 login during the lifetime of pluto
62 * flag set in plutomain.c and used in ipsec_doi.c and ocsp.c
63 */
64 extern bool pkcs11_keep_state;
65
66 /* allow other applications access to pluto's PKCS#11 interface
67 * via whack. Could be used e.g. for disk encryption
68 */
69 extern bool pkcs11_proxy;
70
71 extern smartcard_t* scx_parse_number_slot_id(const char *number_slot_id);
72 extern void scx_init(const char *module);
73 extern void scx_finalize(void);
74 extern bool scx_establish_context(smartcard_t *sc);
75 extern bool scx_login(smartcard_t *sc);
76 extern bool scx_on_smartcard(const char *filename);
77 extern bool scx_load_cert(const char *filename, smartcard_t **scp
78 , cert_t *cert, bool *cached);
79 extern bool scx_verify_pin(smartcard_t *sc);
80 extern void scx_share(smartcard_t *sc);
81 extern bool scx_sign_hash(smartcard_t *sc, const u_char *in, size_t inlen
82 , u_char *out, size_t outlen);
83 extern bool scx_encrypt(smartcard_t *sc, const u_char *in, size_t inlen
84 , u_char *out, size_t *outlen);
85 extern bool scx_decrypt(smartcard_t *sc, const u_char *in, size_t inlen
86 , u_char *out, size_t *outlen);
87 extern bool scx_op_via_whack(const char* msg, int inbase, int outbase
88 , sc_op_t op, const char *keyid, int whackfd);
89 extern bool scx_get_pin(smartcard_t *sc, int whackfd);
90 extern size_t scx_get_keylength(smartcard_t *sc);
91 extern smartcard_t* scx_add(smartcard_t *sc);
92 extern smartcard_t* scx_get(x509cert_t *cert);
93 extern void scx_release(smartcard_t *sc);
94 extern void scx_release_context(smartcard_t *sc);
95 extern void scx_free_pin(chunk_t *pin);
96 extern void scx_free(smartcard_t *sc);
97 extern void scx_list(bool utc);
98 extern char *scx_print_slot(smartcard_t *sc, const char *whitespace);
99
100 #endif /* _SMARTCARD_H */