Another ENGINE that's been working in 0.9.6-engine for a while that will

be included for 0.9.6c-engine.
2001-11-17 05:29:25 +00:00 · 2001-11-17 05:29:25 +00:00 · b26f6ee5f2
commit b26f6ee5f2
parent b5719e9673
7 changed files with 1306 additions and 6 deletions
--- a/crypto/engine/Makefile.ssl
+++ b/crypto/engine/Makefile.ssl
@ -24,10 +24,10 @@ APPS=
 LIB=$(TOP)/libcrypto.a
 LIBSRC= engine_err.c engine_lib.c engine_list.c engine_openssl.c \
 	hw_atalla.c hw_cswift.c hw_ncipher.c hw_aep.c hw_sureware.c \
-	hw_ubsec.c
+	hw_ubsec.c hw_keyclient.c
 LIBOBJ= engine_err.o engine_lib.o engine_list.o engine_openssl.o \
 	hw_atalla.o hw_cswift.o hw_ncipher.o hw_aep.o hw_sureware.o \
-	hw_ubsec.o
+	hw_ubsec.o hw_keyclient.o

 SRC= $(LIBSRC)

@ -217,6 +217,26 @@ hw_cswift.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 hw_cswift.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 hw_cswift.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
 hw_cswift.o: vendor_defns/cswift.h
+hw_keyclient.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_keyclient.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+hw_keyclient.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+hw_keyclient.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_keyclient.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_keyclient.o: ../../include/openssl/dso.h ../../include/openssl/e_os.h
+hw_keyclient.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_keyclient.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hw_keyclient.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hw_keyclient.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hw_keyclient.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hw_keyclient.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hw_keyclient.o: ../../include/openssl/opensslconf.h
+hw_keyclient.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+hw_keyclient.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+hw_keyclient.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+hw_keyclient.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+hw_keyclient.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+hw_keyclient.o: ../../include/openssl/symhacks.h ../cryptlib.h engine_int.h
+hw_keyclient.o: vendor_defns/keyclient.h
 hw_ncipher.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 hw_ncipher.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 hw_ncipher.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
--- a/crypto/engine/engine.h
+++ b/crypto/engine/engine.h
@ -276,9 +276,6 @@ int ENGINE_set_default_BN_mod_exp_crt(ENGINE *e);
 * ENGINE_METHOD_*** defines above. */
 int ENGINE_set_default(ENGINE *e, unsigned int flags);

-/* Obligatory error function. */
-void ERR_load_ENGINE_strings(void);
-
 /*
 * Error codes for all engine functions. NB: We use "generic"
 * function names instead of per-implementation ones because this
@ -293,6 +290,7 @@ void ERR_load_ENGINE_strings(void);
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
+void ERR_load_ENGINE_strings(void);

 /* Error codes for the ENGINE functions. */

@ -362,6 +360,28 @@ void ERR_load_ENGINE_strings(void);
 #define ENGINE_F_HWCRHK_MOD_EXP_CRT			 138
 #define ENGINE_F_HWCRHK_RAND_BYTES			 139
 #define ENGINE_F_HWCRHK_RSA_MOD_EXP			 140
+#define ENGINE_F_KC_INT_DSA_PRIV			 213
+#define ENGINE_F_KC_INT_DSA_VERIFY			 214
+#define ENGINE_F_KC_INT_RSA_PRIV			 215
+#define ENGINE_F_KC_INT_RSA_PUB				 216
+#define ENGINE_F_KEYCLIENT_CHECK_GLOBAL			 217
+#define ENGINE_F_KEYCLIENT_DSA_FINISH			 218
+#define ENGINE_F_KEYCLIENT_DSA_INIT			 219
+#define ENGINE_F_KEYCLIENT_DSA_SIGN			 220
+#define ENGINE_F_KEYCLIENT_DSA_VERIFY			 221
+#define ENGINE_F_KEYCLIENT_FINISH			 222
+#define ENGINE_F_KEYCLIENT_GET_DSA_CTX			 223
+#define ENGINE_F_KEYCLIENT_GET_RSA_CTX			 224
+#define ENGINE_F_KEYCLIENT_INIT				 225
+#define ENGINE_F_KEYCLIENT_PADDING			 226
+#define ENGINE_F_KEYCLIENT_RSA_FINISH			 227
+#define ENGINE_F_KEYCLIENT_RSA_INIT			 228
+#define ENGINE_F_KEYCLIENT_RSA_PRIV_DEC			 229
+#define ENGINE_F_KEYCLIENT_RSA_PRIV_ENC			 230
+#define ENGINE_F_KEYCLIENT_RSA_PUB_DEC			 231
+#define ENGINE_F_KEYCLIENT_RSA_PUB_ENC			 232
+#define ENGINE_F_KEYCLIENT_SET_DSA_CTX			 233
+#define ENGINE_F_KEYCLIENT_SET_RSA_CTX			 234
 #define ENGINE_F_LOG_MESSAGE				 141
 #define ENGINE_F_SUREWAREHK_CTRL			 209
 #define ENGINE_F_SUREWAREHK_DH_GEN_KEY			 210
@ -406,6 +426,8 @@ void ERR_load_ENGINE_strings(void);
 #define ENGINE_R_ID_OR_NAME_MISSING			 108
 #define ENGINE_R_INIT_FAILED				 109
 #define ENGINE_R_INTERNAL_LIST_ERROR			 110
+#define ENGINE_R_INVALID_PADDING			 137
+#define ENGINE_R_KEY_TOO_LARGE				 138
 #define ENGINE_R_MISSING_KEY_COMPONENTS			 111
 #define ENGINE_R_MOD_EXP_CRT_FAILED			 134
 #define ENGINE_R_MOD_EXP_FAILED				 131
@ -413,6 +435,7 @@ void ERR_load_ENGINE_strings(void);
 #define ENGINE_R_NOT_LOADED				 112
 #define ENGINE_R_NO_CALLBACK				 127
 #define ENGINE_R_NO_CONTROL_FUNCTION			 120
+#define ENGINE_R_NO_INDEX				 139
 #define ENGINE_R_NO_KEY					 124
 #define ENGINE_R_NO_LOAD_FUNCTION			 125
 #define ENGINE_R_NO_REFERENCE				 130
@ -430,4 +453,3 @@ void ERR_load_ENGINE_strings(void);
 }
 #endif
 #endif
-
--- a/crypto/engine/engine_err.c
+++ b/crypto/engine/engine_err.c
@ -131,6 +131,28 @@ static ERR_STRING_DATA ENGINE_str_functs[]=
 {ERR_PACK(0,ENGINE_F_HWCRHK_MOD_EXP_CRT,0),	"HWCRHK_MOD_EXP_CRT"},
 {ERR_PACK(0,ENGINE_F_HWCRHK_RAND_BYTES,0),	"HWCRHK_RAND_BYTES"},
 {ERR_PACK(0,ENGINE_F_HWCRHK_RSA_MOD_EXP,0),	"HWCRHK_RSA_MOD_EXP"},
+{ERR_PACK(0,ENGINE_F_KC_INT_DSA_PRIV,0),	"KC_INT_DSA_PRIV"},
+{ERR_PACK(0,ENGINE_F_KC_INT_DSA_VERIFY,0),	"KC_INT_DSA_VERIFY"},
+{ERR_PACK(0,ENGINE_F_KC_INT_RSA_PRIV,0),	"KC_INT_RSA_PRIV"},
+{ERR_PACK(0,ENGINE_F_KC_INT_RSA_PUB,0),	"KC_INT_RSA_PUB"},
+{ERR_PACK(0,ENGINE_F_KEYCLIENT_CHECK_GLOBAL,0),	"KEYCLIENT_CHECK_GLOBAL"},
+{ERR_PACK(0,ENGINE_F_KEYCLIENT_DSA_FINISH,0),	"KEYCLIENT_DSA_FINISH"},
+{ERR_PACK(0,ENGINE_F_KEYCLIENT_DSA_INIT,0),	"KEYCLIENT_DSA_INIT"},
+{ERR_PACK(0,ENGINE_F_KEYCLIENT_DSA_SIGN,0),	"KEYCLIENT_DSA_SIGN"},
+{ERR_PACK(0,ENGINE_F_KEYCLIENT_DSA_VERIFY,0),	"KEYCLIENT_DSA_VERIFY"},
+{ERR_PACK(0,ENGINE_F_KEYCLIENT_FINISH,0),	"KEYCLIENT_FINISH"},
+{ERR_PACK(0,ENGINE_F_KEYCLIENT_GET_DSA_CTX,0),	"KEYCLIENT_GET_DSA_CTX"},
+{ERR_PACK(0,ENGINE_F_KEYCLIENT_GET_RSA_CTX,0),	"KEYCLIENT_GET_RSA_CTX"},
+{ERR_PACK(0,ENGINE_F_KEYCLIENT_INIT,0),	"KEYCLIENT_INIT"},
+{ERR_PACK(0,ENGINE_F_KEYCLIENT_PADDING,0),	"KEYCLIENT_PADDING"},
+{ERR_PACK(0,ENGINE_F_KEYCLIENT_RSA_FINISH,0),	"KEYCLIENT_RSA_FINISH"},
+{ERR_PACK(0,ENGINE_F_KEYCLIENT_RSA_INIT,0),	"KEYCLIENT_RSA_INIT"},
+{ERR_PACK(0,ENGINE_F_KEYCLIENT_RSA_PRIV_DEC,0),	"KEYCLIENT_RSA_PRIV_DEC"},
+{ERR_PACK(0,ENGINE_F_KEYCLIENT_RSA_PRIV_ENC,0),	"KEYCLIENT_RSA_PRIV_ENC"},
+{ERR_PACK(0,ENGINE_F_KEYCLIENT_RSA_PUB_DEC,0),	"KEYCLIENT_RSA_PUB_DEC"},
+{ERR_PACK(0,ENGINE_F_KEYCLIENT_RSA_PUB_ENC,0),	"KEYCLIENT_RSA_PUB_ENC"},
+{ERR_PACK(0,ENGINE_F_KEYCLIENT_SET_DSA_CTX,0),	"KEYCLIENT_SET_DSA_CTX"},
+{ERR_PACK(0,ENGINE_F_KEYCLIENT_SET_RSA_CTX,0),	"KEYCLIENT_SET_RSA_CTX"},
 {ERR_PACK(0,ENGINE_F_LOG_MESSAGE,0),	"LOG_MESSAGE"},
 {ERR_PACK(0,ENGINE_F_SUREWAREHK_CTRL,0),	"SUREWAREHK_CTRL"},
 {ERR_PACK(0,ENGINE_F_SUREWAREHK_DH_GEN_KEY,0),	"SUREWAREHK_DH_GEN_KEY"},
@ -178,6 +200,8 @@ static ERR_STRING_DATA ENGINE_str_reasons[]=
 {ENGINE_R_ID_OR_NAME_MISSING             ,"'id' or 'name' missing"},
 {ENGINE_R_INIT_FAILED                    ,"init failed"},
 {ENGINE_R_INTERNAL_LIST_ERROR            ,"internal list error"},
+{ENGINE_R_INVALID_PADDING                ,"invalid padding"},
+{ENGINE_R_KEY_TOO_LARGE                  ,"key too large"},
 {ENGINE_R_MISSING_KEY_COMPONENTS         ,"missing key components"},
 {ENGINE_R_MOD_EXP_CRT_FAILED             ,"mod exp crt failed"},
 {ENGINE_R_MOD_EXP_FAILED                 ,"mod exp failed"},
@ -185,6 +209,7 @@ static ERR_STRING_DATA ENGINE_str_reasons[]=
 {ENGINE_R_NOT_LOADED                     ,"not loaded"},
 {ENGINE_R_NO_CALLBACK                    ,"no callback"},
 {ENGINE_R_NO_CONTROL_FUNCTION            ,"no control function"},
+{ENGINE_R_NO_INDEX                       ,"no index"},
 {ENGINE_R_NO_KEY                         ,"no key"},
 {ENGINE_R_NO_LOAD_FUNCTION               ,"no load function"},
 {ENGINE_R_NO_REFERENCE                   ,"no reference"},
--- a/crypto/engine/engine_int.h
+++ b/crypto/engine/engine_int.h
@ -165,6 +165,11 @@ ENGINE *ENGINE_sureware();
 /* Returns a structure of ubsec methods. */
 ENGINE *ENGINE_ubsec();
 #endif /* !NO_HW_UBSEC */
+
+#ifndef NO_HW_KEYCLIENT
+/* Returns a structure of keyclient methods. */
+ENGINE *ENGINE_keyclient();
+#endif /* !NO_HW_KEYCLIENT */
 #endif /* !NO_HW */

 #ifdef  __cplusplus
--- a/crypto/engine/engine_list.c
+++ b/crypto/engine/engine_list.c
@ -210,6 +210,10 @@ static int engine_internal_check(void)
 	if(!engine_list_add(ENGINE_ubsec()))
 		return 0;
 #endif /* !NO_HW_UBSEC */
+#ifndef NO_HW_KEYCLIENT
+	if(!engine_list_add(ENGINE_keyclient()))
+		return 0;
+#endif /* !NO_HW_KEYCLIENT */
 #endif /* !NO_HW */
 	engine_list_flag = 1;
 	return 1;
--- a/crypto/engine/hw_keyclient.c
+++ b/crypto/engine/hw_keyclient.c
--- a/crypto/engine/vendor_defns/keyclient.h
+++ b/crypto/engine/vendor_defns/keyclient.h
@ -0,0 +1,214 @@
+#ifndef HEADER_KEYCLIENT_H
+#define HEADER_KEYCLIENT_H
+
+/* Stop name-munging before it begins */
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* This header is consistent with the "libclient" header but has been modified
+ * and pruned (esp. virtually all explanations and comments have gone) for
+ * inclusion in openssl. */
+
+#if 0 /* Not used in openssl */
+/* The obligatory nonsense associated with porting shared libraries to win32 */
+#if defined(KSCLIENT_BUILD)
+#define KC_INTERFACE __declspec(dllexport)
+#elif defined(KSCLIENT_USE)
+#define KC_INTERFACE __declspec(dllimport)
+#else
+#define KC_INTERFACE
+#endif
+#else
+#define KC_INTERFACE
+#endif
+
+/* 
+ * TYPES
+ */
+
+typedef struct _keyclient_ctx	keyclient_ctx;
+
+typedef struct _ctx_locking_table {
+	/* These functions return zero for failure. */
+	int (*ctx_lock)(const void *, unsigned int);
+	int (*ctx_unlock)(const void *, unsigned int);
+} ctx_locking_table;
+
+typedef struct _global_locking_table {
+	void (*lock)(void);
+	void (*unlock)(void);
+} global_locking_table;
+
+#define KC_MAX_PUBKEY_ASN 512	/* If the key doesn't fit, don't try */
+typedef struct _keyclient_key_t {
+	enum {
+		KC_KEY_RSA = 0,
+		KC_KEY_DSA = 1
+	} key_type;
+	unsigned int der_len;
+	unsigned char der[KC_MAX_PUBKEY_ASN];
+} keyclient_key_t;
+
+/*
+ * ENUMS
+ */
+
+/* Different "operation" types */
+typedef enum {
+	KC_FIRST_OP_INDEX = 0,
+	/* RSA operations */
+	KC_RSA_FIRST_OP = KC_FIRST_OP_INDEX,
+	KC_RSA_PUB_ENCRYPT = KC_RSA_FIRST_OP,
+	KC_RSA_PUB_DECRYPT,
+	KC_RSA_PRIV_ENCRYPT,
+	KC_RSA_PRIV_DECRYPT,
+	KC_RSA_SIGN,
+	KC_RSA_VERIFY,
+	KC_RSA_LAST_OP = KC_RSA_VERIFY,
+	/* DSA operations */
+	KC_DSA_FIRST_OP,
+	KC_DSA_SIGN = KC_DSA_FIRST_OP,
+	KC_DSA_VERIFY,
+	KC_DSA_LAST_OP = KC_DSA_VERIFY,
+	/* Round it out */
+	KC_LAST_OP_INDEX = KC_DSA_LAST_OP
+} keyclient_op_t;
+
+/* Different "padding" types */
+typedef enum {
+	KC_FIRST_PAD_INDEX = 0,
+	/* No padding (works for RSA and DSA) */
+	KC_PADDING_NONE = KC_FIRST_PAD_INDEX,
+	KC_PADDING_DSA = KC_PADDING_NONE,
+	/* RSA padding schemes */
+	KC_PADDING_RSA_PKCS1,
+	KC_PADDING_RSA_SSLV23,
+	KC_PADDING_RSA_PKCS1_OAEP,
+	/* Round it out */
+	KC_LAST_PAD_INDEX = KC_PADDING_RSA_PKCS1_OAEP
+} keyclient_pad_t;
+
+/* Different "return" types */
+typedef enum {
+	KC_RET_OK = 0,
+	KC_RET_ERR_INTERNAL, /* Bug */
+	KC_RET_ERR_BAD_ADDRESS, /* Bad address string */
+	KC_RET_ERR_NO_CONNECT, /* Can not connect to the address */
+	KC_RET_ERR_MEM, /* Memory error, insufficient space or some such */
+	KC_RET_ERR_REF_MISUSE, /* Reference count corruption */
+	KC_RET_ERR_INVALID_LOCKS, /* Caller provided inconsistent callbacks */
+	KC_RET_ERR_REQUEST_ENCODING, /* Error encoding the request */
+	KC_RET_ERR_RESPONSE_DECODING, /* Error decoding the response */
+	KC_RET_ERR_SELECT, /* Error in underlying select() call */
+	KC_RET_ERR_NETWORK_IO, /* Error in network I/O calls */
+	KC_RET_ERR_CTX_LOCK, /* lock() callback returned failure! */
+	KC_RET_ERR_CTX_UNLOCK, /* unlock() callback returned failure! */
+	KC_RET_ERR_REQUEST_SPACE, /* The request can not fit in the provided space */
+	KC_RET_ERR_RESULT_SPACE, /* The response can not fit in the provided space */
+	KC_RET_ERR_RESPONSE_MISMATCH, /* We received someone else's response? */
+	KC_RET_ERR_PRIVATE_EMBED, /* Cannot embed private keys in requests */
+	KC_RET_ERR_FLAG_COMBO, /* A bad combination of bitwise flags was used */
+	KC_RET_ERR_NULL1, /* Parameter 1 was NULL */
+	KC_RET_ERR_NULL2, /* Parameter 2 was NULL */
+	KC_RET_ERR_NULL3, /* Parameter 3 was NULL */
+	KC_RET_ERR_NULL4, /* Parameter 4 was NULL */
+	KC_RET_ERR_NULL5, /* Parameter 5 was NULL */
+	KC_RET_ERR_NULL6, /* Parameter 6 was NULL */
+	KC_RET_ERR_NULL7, /* Parameter 7 was NULL */
+	KC_RET_ERR_NULL8, /* Parameter 8 was NULL */
+	KC_RET_ERR_NON_NULL1, /* Parameter 1 was *not* NULL */
+	KC_RET_ERR_NON_NULL2, /* Parameter 2 was *not* NULL */
+	KC_RET_ERR_NON_NULL3, /* Parameter 3 was *not* NULL */
+	KC_RET_ERR_NON_NULL4, /* Parameter 4 was *not* NULL */
+	KC_RET_ERR_NON_NULL5, /* Parameter 5 was *not* NULL */
+	KC_RET_ERR_NON_NULL6, /* Parameter 6 was *not* NULL */
+	KC_RET_ERR_NON_NULL7, /* Parameter 7 was *not* NULL */
+	KC_RET_ERR_NON_NULL8, /* Parameter 8 was *not* NULL */
+	KC_RET_ERR_BAD_RANGE1, /* Parameter 1 was out of range */
+	KC_RET_ERR_BAD_RANGE2, /* Parameter 2 was out of range */
+	KC_RET_ERR_BAD_RANGE3, /* Parameter 3 was out of range */
+	KC_RET_ERR_BAD_RANGE4, /* Parameter 4 was out of range */
+	KC_RET_ERR_BAD_RANGE5, /* Parameter 5 was out of range */
+	KC_RET_ERR_BAD_RANGE6, /* Parameter 6 was out of range */
+	KC_RET_ERR_BAD_RANGE7, /* Parameter 7 was out of range */
+	KC_RET_ERR_BAD_RANGE8, /* Parameter 8 was out of range */
+	/* These errors are all "soft" - if keyclient_keyop() returns one of
+	 * these values, then the operation completed successfully but the
+	 * underlying payload of the response had its internal "error" value set
+	 * to something other than KS_OP_ERR_OK. */
+	KC_RET_SOFT_UNKNOWN_OPERATION = 200, /* The keyserver doesn't support that */
+	KC_RET_SOFT_NO_SUCH_KEY, /* The keyserver doesn't have that key */
+	KC_RET_SOFT_NO_DATA, /* Data was required but was not supplied */
+	KC_RET_SOFT_OP_FAILED, /* The key operation on the server did not work */
+	KC_RET_SOFT_MISC /* An error that is not currently aliased was received */
+} KC_RET;
+
+
+/* Context flags (used in keyclient_create) */
+
+#define KC_FLAG_USE_LOCKING		0x01
+#define KC_FLAG_NO_LOCKING		0x02
+#define KC_FLAG_PERSISTENT_CONN		0x04
+#define KC_FLAG_PID_CHECK		0x08
+#define KC_FLAG_PERSISTENT_RETRY	0x10
+#define KC_FLAG_PERSISTENT_LATE		0x20
+
+
+/*
+ * FUNCTIONS
+ */
+
+KC_INTERFACE KC_RET keyclient_set_global_locks(const global_locking_table *locking);
+typedef KC_RET t_keyclient_set_global_locks(const global_locking_table *locking);
+
+KC_INTERFACE KC_RET keyclient_create(keyclient_ctx **ctx, const char *target_string,
+		unsigned int flags, const ctx_locking_table *locking);
+typedef KC_RET t_keyclient_create(keyclient_ctx **ctx, const char *target_string,
+		unsigned int flags, const ctx_locking_table *locking);
+
+KC_INTERFACE KC_RET keyclient_release(keyclient_ctx *ctx);
+typedef KC_RET t_keyclient_release(keyclient_ctx *ctx);
+
+KC_INTERFACE KC_RET keyclient_dup(keyclient_ctx *ctx);
+typedef KC_RET t_keyclient_dup(keyclient_ctx *ctx);
+
+KC_INTERFACE KC_RET keyclient_get_uid(const keyclient_ctx *ctx, unsigned int *uid);
+typedef KC_RET t_keyclient_get_uid(const keyclient_ctx *ctx, unsigned int *uid);
+
+KC_INTERFACE KC_RET keyclient_keyop(keyclient_ctx *ctx, keyclient_op_t operation,
+		const unsigned char *data, unsigned int data_len,
+		unsigned char *result, unsigned int *result_len,
+		keyclient_pad_t padding, const unsigned char *keyhash);
+typedef KC_RET t_keyclient_keyop(keyclient_ctx *ctx, keyclient_op_t operation,
+		const unsigned char *data, unsigned int data_len,
+		unsigned char *result, unsigned int *result_len,
+		keyclient_pad_t padding, const unsigned char *keyhash);
+
+KC_INTERFACE KC_RET keyclient_pubkeyop(keyclient_ctx *ctx, keyclient_op_t operation,
+		const unsigned char *data, unsigned int data_len,
+		unsigned char *result, unsigned int *result_len,
+		keyclient_pad_t padding, const keyclient_key_t *pubkey);
+typedef KC_RET t_keyclient_pubkeyop(keyclient_ctx *ctx, keyclient_op_t operation,
+		const unsigned char *data, unsigned int data_len,
+		unsigned char *result, unsigned int *result_len,
+		keyclient_pad_t padding, const keyclient_key_t *pubkey);
+
+typedef struct _keyclient_symbol_table {
+	t_keyclient_set_global_locks *keyclient_set_global_locks;
+	t_keyclient_create *keyclient_create;
+	t_keyclient_release *keyclient_release;
+	t_keyclient_dup *keyclient_dup;
+	t_keyclient_get_uid *keyclient_get_uid;
+	t_keyclient_keyop *keyclient_keyop;
+	t_keyclient_pubkeyop *keyclient_pubkeyop;
+} keyclient_symbol_table;
+
+KC_INTERFACE void keyclient_bind_symbols(keyclient_symbol_table *funcs);
+typedef void t_keyclient_bind_symbols(keyclient_symbol_table *funcs);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif