This repository has been archived by the owner on Oct 15, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathp11net_interface.h
447 lines (435 loc) · 22.2 KB
/
p11net_interface.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
// Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef P11NET_P11NET_INTERFACE_H_
#define P11NET_P11NET_INTERFACE_H_
#include <string>
#include <vector>
#include <base/macros.h>
#include <brillo/secure_blob.h>
#include "p11net.h"
namespace p11net {
// P11NetInterface provides an abstract interface closely matching the
// interfaces generated by dbus-c++ but hiding any dbus-c++ specifics. See
// p11net_interface.xml for the dbus-c++ interface definition.
//
// Implemented By:
// - P11NetProxyImpl: On the P11Net client side; sends calls over IPC.
// - P11NetServiceImpl: On the P11Net daemon side; receives and implements IPC
// calls.
// - P11NetServiceRedirect: An alternative implementation on the daemon side
// which receives IPC calls and forwards to a PKCS #11 library.
class P11NetInterface {
public:
P11NetInterface() {}
virtual ~P11NetInterface() {}
// The following methods map to PKCS #11 calls. Each method name is identical
// to the corresponding PKCS #11 function name except for the "C_" prefix.
// PKCS #11 v2.20 section 11.5 page 106.
virtual uint32_t GetSlotList(const brillo::SecureBlob& isolate_credential,
bool token_present,
std::vector<uint64_t>* slot_list) = 0;
// PKCS #11 v2.20 section 11.5 page 108.
virtual uint32_t GetSlotInfo(const brillo::SecureBlob& isolate_credential,
uint64_t slot_id,
std::vector<uint8_t>* slot_description,
std::vector<uint8_t>* manufacturer_id,
uint64_t* flags,
uint8_t* hardware_version_major,
uint8_t* hardware_version_minor,
uint8_t* firmware_version_major,
uint8_t* firmware_version_minor) = 0;
// PKCS #11 v2.20 section 11.5 page 109.
virtual uint32_t GetTokenInfo(const brillo::SecureBlob& isolate_credential,
uint64_t slot_id,
std::vector<uint8_t>* label,
std::vector<uint8_t>* manufacturer_id,
std::vector<uint8_t>* model,
std::vector<uint8_t>* serial_number,
uint64_t* flags,
uint64_t* max_session_count,
uint64_t* session_count,
uint64_t* max_session_count_rw,
uint64_t* session_count_rw,
uint64_t* max_pin_len,
uint64_t* min_pin_len,
uint64_t* total_public_memory,
uint64_t* free_public_memory,
uint64_t* total_private_memory,
uint64_t* free_private_memory,
uint8_t* hardware_version_major,
uint8_t* hardware_version_minor,
uint8_t* firmware_version_major,
uint8_t* firmware_version_minor) = 0;
// PKCS #11 v2.20 section 11.5 page 111.
virtual uint32_t GetMechanismList(
const brillo::SecureBlob& isolate_credential,
uint64_t slot_id,
std::vector<uint64_t>* mechanism_list) = 0;
// PKCS #11 v2.20 section 11.5 page 112.
virtual uint32_t GetMechanismInfo(
const brillo::SecureBlob& isolate_credential,
uint64_t slot_id,
uint64_t mechanism_type,
uint64_t* min_key_size,
uint64_t* max_key_size,
uint64_t* flags) = 0;
// PKCS #11 v2.20 section 11.5 page 113.
virtual uint32_t InitToken(const brillo::SecureBlob& isolate_credential,
uint64_t slot_id,
const std::string* so_pin,
const std::vector<uint8_t>& label) = 0;
// PKCS #11 v2.20 section 11.5 page 115.
virtual uint32_t InitPIN(const brillo::SecureBlob& isolate_credential,
uint64_t session_id, const std::string* pin) = 0;
// PKCS #11 v2.20 section 11.5 page 116.
virtual uint32_t SetPIN(const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
const std::string* old_pin,
const std::string* new_pin) = 0;
// PKCS #11 v2.20 section 11.6 page 117.
virtual uint32_t OpenSession(const brillo::SecureBlob& isolate_credential,
uint64_t slot_id, uint64_t flags,
uint64_t* session) = 0;
// PKCS #11 v2.20 section 11.6 page 118.
virtual uint32_t CloseSession(const brillo::SecureBlob& isolate_credential,
uint64_t session) = 0;
// PKCS #11 v2.20 section 11.6 page 120.
virtual uint32_t CloseAllSessions(
const brillo::SecureBlob& isolate_credential,
uint64_t slot_id) = 0;
// PKCS #11 v2.20 section 11.6 page 120.
virtual uint32_t GetSessionInfo(
const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
uint64_t* slot_id,
uint64_t* state,
uint64_t* flags,
uint64_t* device_error) = 0;
// PKCS #11 v2.20 section 11.6 page 121.
virtual uint32_t GetOperationState(
const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
std::vector<uint8_t>* operation_state) = 0;
// PKCS #11 v2.20 section 11.6 page 123.
virtual uint32_t SetOperationState(
const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
const std::vector<uint8_t>& operation_state,
uint64_t encryption_key_handle,
uint64_t authentication_key_handle) = 0;
// PKCS #11 v2.20 section 11.6 page 125.
virtual uint32_t Login(const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
uint64_t user_type,
const std::string* pin) = 0;
// PKCS #11 v2.20 section 11.6 page 127.
virtual uint32_t Logout(const brillo::SecureBlob& isolate_credential,
uint64_t session_id) = 0;
// PKCS #11 v2.20 section 11.7 page 128.
virtual uint32_t CreateObject(const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
const std::vector<uint8_t>& attributes,
uint64_t* new_object_handle) = 0;
// PKCS #11 v2.20 section 11.7 page 130.
virtual uint32_t CopyObject(const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
uint64_t object_handle,
const std::vector<uint8_t>& attributes,
uint64_t* new_object_handle) = 0;
// PKCS #11 v2.20 section 11.7 page 131.
virtual uint32_t DestroyObject(const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
uint64_t object_handle) = 0;
// PKCS #11 v2.20 section 11.7 page 132.
virtual uint32_t GetObjectSize(const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
uint64_t object_handle,
uint64_t* object_size) = 0;
// PKCS #11 v2.20 section 11.7 page 133.
virtual uint32_t GetAttributeValue(
const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
uint64_t object_handle,
const std::vector<uint8_t>& attributes_in,
std::vector<uint8_t>* attributes_out) = 0;
// PKCS #11 v2.20 section 11.7 page 135.
virtual uint32_t SetAttributeValue(
const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
uint64_t object_handle,
const std::vector<uint8_t>& attributes) = 0;
// PKCS #11 v2.20 section 11.7 page 136.
virtual uint32_t FindObjectsInit(
const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
const std::vector<uint8_t>& attributes) = 0;
// PKCS #11 v2.20 section 11.7 page 137.
virtual uint32_t FindObjects(const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
uint64_t max_object_count,
std::vector<uint64_t>* object_list) = 0;
// PKCS #11 v2.20 section 11.7 page 138.
virtual uint32_t FindObjectsFinal(
const brillo::SecureBlob& isolate_credential,
uint64_t session_id) = 0;
// PKCS #11 v2.20 section 11.8 page 139.
virtual uint32_t EncryptInit(const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
uint64_t mechanism_type,
const std::vector<uint8_t>& mechanism_parameter,
uint64_t key_handle) = 0;
// PKCS #11 v2.20 section 11.8 page 140.
virtual uint32_t Encrypt(const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
const std::vector<uint8_t>& data_in,
uint64_t max_out_length,
uint64_t* actual_out_length,
std::vector<uint8_t>* data_out) = 0;
// PKCS #11 v2.20 section 11.8 page 141.
virtual uint32_t EncryptUpdate(const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
const std::vector<uint8_t>& data_in,
uint64_t max_out_length,
uint64_t* actual_out_length,
std::vector<uint8_t>* data_out) = 0;
// PKCS #11 v2.20 section 11.8 page 141.
virtual uint32_t EncryptFinal(const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
uint64_t max_out_length,
uint64_t* actual_out_length,
std::vector<uint8_t>* data_out) = 0;
// PKCS #11 v2.20 section 11.8 page 140,142: any errors terminate the active
// encryption operation.
virtual void EncryptCancel(const brillo::SecureBlob& isolate_credential,
uint64_t session_id) = 0;
// PKCS #11 v2.20 section 11.9 page 144.
virtual uint32_t DecryptInit(const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
uint64_t mechanism_type,
const std::vector<uint8_t>& mechanism_parameter,
uint64_t key_handle) = 0;
// PKCS #11 v2.20 section 11.9 page 145.
virtual uint32_t Decrypt(const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
const std::vector<uint8_t>& data_in,
uint64_t max_out_length,
uint64_t* actual_out_length,
std::vector<uint8_t>* data_out) = 0;
// PKCS #11 v2.20 section 11.9 page 146.
virtual uint32_t DecryptUpdate(const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
const std::vector<uint8_t>& data_in,
uint64_t max_out_length,
uint64_t* actual_out_length,
std::vector<uint8_t>* data_out) = 0;
// PKCS #11 v2.20 section 11.9 page 146.
virtual uint32_t DecryptFinal(const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
uint64_t max_out_length,
uint64_t* actual_out_length,
std::vector<uint8_t>* data_out) = 0;
// PKCS #11 v2.20 section 11.9 page 145,146: any errors terminate the active
// decryption operation.
virtual void DecryptCancel(const brillo::SecureBlob& isolate_credential,
uint64_t session_id) = 0;
// PKCS #11 v2.20 section 11.10 page 148.
virtual uint32_t DigestInit(
const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
uint64_t mechanism_type,
const std::vector<uint8_t>& mechanism_parameter) = 0;
// PKCS #11 v2.20 section 11.10 page 149.
virtual uint32_t Digest(const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
const std::vector<uint8_t>& data_in,
uint64_t max_out_length,
uint64_t* actual_out_length,
std::vector<uint8_t>* digest) = 0;
// PKCS #11 v2.20 section 11.10 page 150.
virtual uint32_t DigestUpdate(const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
const std::vector<uint8_t>& data_in) = 0;
// PKCS #11 v2.20 section 11.10 page 150.
virtual uint32_t DigestKey(const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
uint64_t key_handle) = 0;
// PKCS #11 v2.20 section 11.10 page 151.
virtual uint32_t DigestFinal(const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
uint64_t max_out_length,
uint64_t* actual_out_length,
std::vector<uint8_t>* digest) = 0;
// PKCS #11 v2.20 section 11.10 page 149,151: any errors terminate the active
// digest operation.
virtual void DigestCancel(const brillo::SecureBlob& isolate_credential,
uint64_t session_id) = 0;
// PKCS #11 v2.20 section 11.11 page 152.
virtual uint32_t SignInit(const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
uint64_t mechanism_type,
const std::vector<uint8_t>& mechanism_parameter,
uint64_t key_handle) = 0;
// PKCS #11 v2.20 section 11.11 page 153.
virtual uint32_t Sign(const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
const std::vector<uint8_t>& data,
uint64_t max_out_length,
uint64_t* actual_out_length,
std::vector<uint8_t>* signature) = 0;
// PKCS #11 v2.20 section 11.11 page 154.
virtual uint32_t SignUpdate(const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
const std::vector<uint8_t>& data_part) = 0;
// PKCS #11 v2.20 section 11.11 page 154.
virtual uint32_t SignFinal(const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
uint64_t max_out_length,
uint64_t* actual_out_length,
std::vector<uint8_t>* signature) = 0;
// PKCS #11 v2.20 section 11.11 page 153,154: any errors terminate the active
// signing operation.
virtual void SignCancel(const brillo::SecureBlob& isolate_credential,
uint64_t session_id) = 0;
// PKCS #11 v2.20 section 11.11 page 155.
virtual uint32_t SignRecoverInit(
const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
uint64_t mechanism_type,
const std::vector<uint8_t>& mechanism_parameter,
uint64_t key_handle) = 0;
// PKCS #11 v2.20 section 11.11 page 156.
virtual uint32_t SignRecover(const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
const std::vector<uint8_t>& data,
uint64_t max_out_length,
uint64_t* actual_out_length,
std::vector<uint8_t>* signature) = 0;
// PKCS #11 v2.20 section 11.12 page 157.
virtual uint32_t VerifyInit(const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
uint64_t mechanism_type,
const std::vector<uint8_t>& mechanism_parameter,
uint64_t key_handle) = 0;
// PKCS #11 v2.20 section 11.12 page 158.
virtual uint32_t Verify(const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
const std::vector<uint8_t>& data,
const std::vector<uint8_t>& signature) = 0;
// PKCS #11 v2.20 section 11.12 page 159.
virtual uint32_t VerifyUpdate(const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
const std::vector<uint8_t>& data_part) = 0;
// PKCS #11 v2.20 section 11.12 page 159.
virtual uint32_t VerifyFinal(const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
const std::vector<uint8_t>& signature) = 0;
// PKCS #11 v2.20 section 11.12 page 159: any errors terminate the active
// verification operation.
virtual void VerifyCancel(const brillo::SecureBlob& isolate_credential,
uint64_t session_id) = 0;
// PKCS #11 v2.20 section 11.12 page 161.
virtual uint32_t VerifyRecoverInit(
const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
uint64_t mechanism_type,
const std::vector<uint8_t>& mechanism_parameter,
uint64_t key_handle) = 0;
// PKCS #11 v2.20 section 11.12 page 161.
virtual uint32_t VerifyRecover(const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
const std::vector<uint8_t>& signature,
uint64_t max_out_length,
uint64_t* actual_out_length,
std::vector<uint8_t>* data) = 0;
// PKCS #11 v2.20 section 11.13 page 163.
virtual uint32_t DigestEncryptUpdate(
const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
const std::vector<uint8_t>& data_in,
uint64_t max_out_length,
uint64_t* actual_out_length,
std::vector<uint8_t>* data_out) = 0;
// PKCS #11 v2.20 section 11.13 page 165.
virtual uint32_t DecryptDigestUpdate(
const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
const std::vector<uint8_t>& data_in,
uint64_t max_out_length,
uint64_t* actual_out_length,
std::vector<uint8_t>* data_out) = 0;
// PKCS #11 v2.20 section 11.13 page 169.
virtual uint32_t SignEncryptUpdate(
const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
const std::vector<uint8_t>& data_in,
uint64_t max_out_length,
uint64_t* actual_out_length,
std::vector<uint8_t>* data_out) = 0;
// PKCS #11 v2.20 section 11.13 page 171.
virtual uint32_t DecryptVerifyUpdate(
const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
const std::vector<uint8_t>& data_in,
uint64_t max_out_length,
uint64_t* actual_out_length,
std::vector<uint8_t>* data_out) = 0;
// PKCS #11 v2.20 section 11.14 page 175.
virtual uint32_t GenerateKey(const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
uint64_t mechanism_type,
const std::vector<uint8_t>& mechanism_parameter,
const std::vector<uint8_t>& attributes,
uint64_t* key_handle) = 0;
// PKCS #11 v2.20 section 11.14 page 176.
virtual uint32_t GenerateKeyPair(
const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
uint64_t mechanism_type,
const std::vector<uint8_t>& mechanism_parameter,
const std::vector<uint8_t>& public_attributes,
const std::vector<uint8_t>& private_attributes,
uint64_t* public_key_handle,
uint64_t* private_key_handle) = 0;
// PKCS #11 v2.20 section 11.14 page 178.
virtual uint32_t WrapKey(const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
uint64_t mechanism_type,
const std::vector<uint8_t>& mechanism_parameter,
uint64_t wrapping_key_handle,
uint64_t key_handle,
uint64_t max_out_length,
uint64_t* actual_out_length,
std::vector<uint8_t>* wrapped_key) = 0;
// PKCS #11 v2.20 section 11.14 page 180.
virtual uint32_t UnwrapKey(const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
uint64_t mechanism_type,
const std::vector<uint8_t>& mechanism_parameter,
uint64_t wrapping_key_handle,
const std::vector<uint8_t>& wrapped_key,
const std::vector<uint8_t>& attributes,
uint64_t* key_handle) = 0;
// PKCS #11 v2.20 section 11.14 page 182.
virtual uint32_t DeriveKey(const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
uint64_t mechanism_type,
const std::vector<uint8_t>& mechanism_parameter,
uint64_t base_key_handle,
const std::vector<uint8_t>& attributes,
uint64_t* key_handle) = 0;
// PKCS #11 v2.20 section 11.15 page 184.
virtual uint32_t SeedRandom(const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
const std::vector<uint8_t>& seed) = 0;
// PKCS #11 v2.20 section 11.15 page 184.
virtual uint32_t GenerateRandom(
const brillo::SecureBlob& isolate_credential,
uint64_t session_id,
uint64_t num_bytes,
std::vector<uint8_t>* random_data) = 0;
private:
DISALLOW_COPY_AND_ASSIGN(P11NetInterface);
};
} // namespace p11net
#endif // P11NET_P11NET_INTERFACE_H_