hwcryptohook.h revision 160814
1160814Ssimon/* 2160814Ssimon * ModExp / RSA (with/without KM) plugin API 3160814Ssimon * 4160814Ssimon * The application will load a dynamic library which 5160814Ssimon * exports entrypoint(s) defined in this file. 6160814Ssimon * 7160814Ssimon * This set of entrypoints provides only a multithreaded, 8160814Ssimon * synchronous-within-each-thread, facility. 9160814Ssimon * 10160814Ssimon * 11160814Ssimon * This file is Copyright 1998-2000 nCipher Corporation Limited. 12160814Ssimon * 13160814Ssimon * Redistribution and use in source and binary forms, with opr without 14160814Ssimon * modification, are permitted provided that the following conditions 15160814Ssimon * are met: 16160814Ssimon * 17160814Ssimon * 1. Redistributions of source code must retain the copyright notice, 18160814Ssimon * this list of conditions, and the following disclaimer. 19160814Ssimon * 20160814Ssimon * 2. Redistributions in binary form must reproduce the above 21160814Ssimon * copyright notice, this list of conditions, and the following 22160814Ssimon * disclaimer, in the documentation and/or other materials provided 23160814Ssimon * with the distribution 24160814Ssimon * 25160814Ssimon * IN NO EVENT SHALL NCIPHER CORPORATION LIMITED (`NCIPHER') AND/OR 26160814Ssimon * ANY OTHER AUTHORS OR DISTRIBUTORS OF THIS FILE BE LIABLE for any 27160814Ssimon * damages arising directly or indirectly from this file, its use or 28160814Ssimon * this licence. Without prejudice to the generality of the 29160814Ssimon * foregoing: all liability shall be excluded for direct, indirect, 30160814Ssimon * special, incidental, consequential or other damages or any loss of 31160814Ssimon * profits, business, revenue goodwill or anticipated savings; 32160814Ssimon * liability shall be excluded even if nCipher or anyone else has been 33160814Ssimon * advised of the possibility of damage. In any event, if the 34160814Ssimon * exclusion of liability is not effective, the liability of nCipher 35160814Ssimon * or any author or distributor shall be limited to the lesser of the 36160814Ssimon * price paid and 1,000 pounds sterling. This licence only fails to 37160814Ssimon * exclude or limit liability for death or personal injury arising out 38160814Ssimon * of negligence, and only to the extent that such an exclusion or 39160814Ssimon * limitation is not effective. 40160814Ssimon * 41160814Ssimon * NCIPHER AND THE AUTHORS AND DISTRIBUTORS SPECIFICALLY DISCLAIM ALL 42160814Ssimon * AND ANY WARRANTIES (WHETHER EXPRESS OR IMPLIED), including, but not 43160814Ssimon * limited to, any implied warranties of merchantability, fitness for 44160814Ssimon * a particular purpose, satisfactory quality, and/or non-infringement 45160814Ssimon * of any third party rights. 46160814Ssimon * 47160814Ssimon * US Government use: This software and documentation is Commercial 48160814Ssimon * Computer Software and Computer Software Documentation, as defined in 49160814Ssimon * sub-paragraphs (a)(1) and (a)(5) of DFAR 252.227-7014, "Rights in 50160814Ssimon * Noncommercial Computer Software and Noncommercial Computer Software 51160814Ssimon * Documentation." Use, duplication or disclosure by the Government is 52160814Ssimon * subject to the terms and conditions specified here. 53160814Ssimon * 54160814Ssimon * By using or distributing this file you will be accepting these 55160814Ssimon * terms and conditions, including the limitation of liability and 56160814Ssimon * lack of warranty. If you do not wish to accept these terms and 57160814Ssimon * conditions, DO NOT USE THE FILE. 58160814Ssimon * 59160814Ssimon * 60160814Ssimon * The actual dynamically loadable plugin, and the library files for 61160814Ssimon * static linking, which are also provided in some distributions, are 62160814Ssimon * not covered by the licence described above. You should have 63160814Ssimon * received a separate licence with terms and conditions for these 64160814Ssimon * library files; if you received the library files without a licence, 65160814Ssimon * please contact nCipher. 66160814Ssimon * 67160814Ssimon * 68160814Ssimon * $Id: hwcryptohook.h,v 1.1 2002/10/11 17:10:59 levitte Exp $ 69160814Ssimon */ 70160814Ssimon 71160814Ssimon#ifndef HWCRYPTOHOOK_H 72160814Ssimon#define HWCRYPTOHOOK_H 73160814Ssimon 74160814Ssimon#include <sys/types.h> 75160814Ssimon#include <stdio.h> 76160814Ssimon 77160814Ssimon#ifndef HWCRYPTOHOOK_DECLARE_APPTYPES 78160814Ssimon#define HWCRYPTOHOOK_DECLARE_APPTYPES 1 79160814Ssimon#endif 80160814Ssimon 81160814Ssimon#define HWCRYPTOHOOK_ERROR_FAILED -1 82160814Ssimon#define HWCRYPTOHOOK_ERROR_FALLBACK -2 83160814Ssimon#define HWCRYPTOHOOK_ERROR_MPISIZE -3 84160814Ssimon 85160814Ssimon#if HWCRYPTOHOOK_DECLARE_APPTYPES 86160814Ssimon 87160814Ssimon/* These structs are defined by the application and opaque to the 88160814Ssimon * crypto plugin. The application may define these as it sees fit. 89160814Ssimon * Default declarations are provided here, but the application may 90160814Ssimon * #define HWCRYPTOHOOK_DECLARE_APPTYPES 0 91160814Ssimon * to prevent these declarations, and instead provide its own 92160814Ssimon * declarations of these types. (Pointers to them must still be 93160814Ssimon * ordinary pointers to structs or unions, or the resulting combined 94160814Ssimon * program will have a type inconsistency.) 95160814Ssimon */ 96160814Ssimontypedef struct HWCryptoHook_MutexValue HWCryptoHook_Mutex; 97160814Ssimontypedef struct HWCryptoHook_CondVarValue HWCryptoHook_CondVar; 98160814Ssimontypedef struct HWCryptoHook_PassphraseContextValue HWCryptoHook_PassphraseContext; 99160814Ssimontypedef struct HWCryptoHook_CallerContextValue HWCryptoHook_CallerContext; 100160814Ssimon 101160814Ssimon#endif /* HWCRYPTOHOOK_DECLARE_APPTYPES */ 102160814Ssimon 103160814Ssimon/* These next two structs are opaque to the application. The crypto 104160814Ssimon * plugin will return pointers to them; the caller simply manipulates 105160814Ssimon * the pointers. 106160814Ssimon */ 107160814Ssimontypedef struct HWCryptoHook_Context *HWCryptoHook_ContextHandle; 108160814Ssimontypedef struct HWCryptoHook_RSAKey *HWCryptoHook_RSAKeyHandle; 109160814Ssimon 110160814Ssimontypedef struct { 111160814Ssimon char *buf; 112160814Ssimon size_t size; 113160814Ssimon} HWCryptoHook_ErrMsgBuf; 114160814Ssimon/* Used for error reporting. When a HWCryptoHook function fails it 115160814Ssimon * will return a sentinel value (0 for pointer-valued functions, or a 116160814Ssimon * negative number, usually HWCRYPTOHOOK_ERROR_FAILED, for 117160814Ssimon * integer-valued ones). It will, if an ErrMsgBuf is passed, also put 118160814Ssimon * an error message there. 119160814Ssimon * 120160814Ssimon * size is the size of the buffer, and will not be modified. If you 121160814Ssimon * pass 0 for size you must pass 0 for buf, and nothing will be 122160814Ssimon * recorded (just as if you passed 0 for the struct pointer). 123160814Ssimon * Messages written to the buffer will always be null-terminated, even 124160814Ssimon * when truncated to fit within size bytes. 125160814Ssimon * 126160814Ssimon * The contents of the buffer are not defined if there is no error. 127160814Ssimon */ 128160814Ssimon 129160814Ssimontypedef struct HWCryptoHook_MPIStruct { 130160814Ssimon unsigned char *buf; 131160814Ssimon size_t size; 132160814Ssimon} HWCryptoHook_MPI; 133160814Ssimon/* When one of these is returned, a pointer is passed to the function. 134160814Ssimon * At call, size is the space available. Afterwards it is updated to 135160814Ssimon * be set to the actual length (which may be more than the space available, 136160814Ssimon * if there was not enough room and the result was truncated). 137160814Ssimon * buf (the pointer) is not updated. 138160814Ssimon * 139160814Ssimon * size is in bytes and may be zero at call or return, but must be a 140160814Ssimon * multiple of the limb size. Zero limbs at the MS end are not 141160814Ssimon * permitted. 142160814Ssimon */ 143160814Ssimon 144160814Ssimon#define HWCryptoHook_InitFlags_FallbackModExp 0x0002UL 145160814Ssimon#define HWCryptoHook_InitFlags_FallbackRSAImmed 0x0004UL 146160814Ssimon/* Enable requesting fallback to software in case of problems with the 147160814Ssimon * hardware support. This indicates to the crypto provider that the 148160814Ssimon * application is prepared to fall back to software operation if the 149160814Ssimon * ModExp* or RSAImmed* functions return HWCRYPTOHOOK_ERROR_FALLBACK. 150160814Ssimon * Without this flag those calls will never return 151160814Ssimon * HWCRYPTOHOOK_ERROR_FALLBACK. The flag will also cause the crypto 152160814Ssimon * provider to avoid repeatedly attempting to contact dead hardware 153160814Ssimon * within a short interval, if appropriate. 154160814Ssimon */ 155160814Ssimon 156160814Ssimon#define HWCryptoHook_InitFlags_SimpleForkCheck 0x0010UL 157160814Ssimon/* Without _SimpleForkCheck the library is allowed to assume that the 158160814Ssimon * application will not fork and call the library in the child(ren). 159160814Ssimon * 160160814Ssimon * When it is specified, this is allowed. However, after a fork 161160814Ssimon * neither parent nor child may unload any loaded keys or call 162160814Ssimon * _Finish. Instead, they should call exit (or die with a signal) 163160814Ssimon * without calling _Finish. After all the children have died the 164160814Ssimon * parent may unload keys or call _Finish. 165160814Ssimon * 166160814Ssimon * This flag only has any effect on UN*X platforms. 167160814Ssimon */ 168160814Ssimon 169160814Ssimontypedef struct { 170160814Ssimon unsigned long flags; 171160814Ssimon void *logstream; /* usually a FILE*. See below. */ 172160814Ssimon 173160814Ssimon size_t limbsize; /* bignum format - size of radix type, must be power of 2 */ 174160814Ssimon int mslimbfirst; /* 0 or 1 */ 175160814Ssimon int msbytefirst; /* 0 or 1; -1 = native */ 176160814Ssimon 177160814Ssimon /* All the callback functions should return 0 on success, or a 178160814Ssimon * nonzero integer (whose value will be visible in the error message 179160814Ssimon * put in the buffer passed to the call). 180160814Ssimon * 181160814Ssimon * If a callback is not available pass a null function pointer. 182160814Ssimon * 183160814Ssimon * The callbacks may not call down again into the crypto plugin. 184160814Ssimon */ 185160814Ssimon 186160814Ssimon /* For thread-safety. Set everything to 0 if you promise only to be 187160814Ssimon * singlethreaded. maxsimultaneous is the number of calls to 188160814Ssimon * ModExp[Crt]/RSAImmed{Priv,Pub}/RSA. If you don't know what to 189160814Ssimon * put there then say 0 and the hook library will use a default. 190160814Ssimon * 191160814Ssimon * maxmutexes is a small limit on the number of simultaneous mutexes 192160814Ssimon * which will be requested by the library. If there is no small 193160814Ssimon * limit, set it to 0. If the crypto plugin cannot create the 194160814Ssimon * advertised number of mutexes the calls to its functions may fail. 195160814Ssimon * If a low number of mutexes is advertised the plugin will try to 196160814Ssimon * do the best it can. Making larger numbers of mutexes available 197160814Ssimon * may improve performance and parallelism by reducing contention 198160814Ssimon * over critical sections. Unavailability of any mutexes, implying 199160814Ssimon * single-threaded operation, should be indicated by the setting 200160814Ssimon * mutex_init et al to 0. 201160814Ssimon */ 202160814Ssimon int maxmutexes; 203160814Ssimon int maxsimultaneous; 204160814Ssimon size_t mutexsize; 205160814Ssimon int (*mutex_init)(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext *cactx); 206160814Ssimon int (*mutex_acquire)(HWCryptoHook_Mutex*); 207160814Ssimon void (*mutex_release)(HWCryptoHook_Mutex*); 208160814Ssimon void (*mutex_destroy)(HWCryptoHook_Mutex*); 209160814Ssimon 210160814Ssimon /* For greater efficiency, can use condition vars internally for 211160814Ssimon * synchronisation. In this case maxsimultaneous is ignored, but 212160814Ssimon * the other mutex stuff must be available. In singlethreaded 213160814Ssimon * programs, set everything to 0. 214160814Ssimon */ 215160814Ssimon size_t condvarsize; 216160814Ssimon int (*condvar_init)(HWCryptoHook_CondVar*, HWCryptoHook_CallerContext *cactx); 217160814Ssimon int (*condvar_wait)(HWCryptoHook_CondVar*, HWCryptoHook_Mutex*); 218160814Ssimon void (*condvar_signal)(HWCryptoHook_CondVar*); 219160814Ssimon void (*condvar_broadcast)(HWCryptoHook_CondVar*); 220160814Ssimon void (*condvar_destroy)(HWCryptoHook_CondVar*); 221160814Ssimon 222160814Ssimon /* The semantics of acquiring and releasing mutexes and broadcasting 223160814Ssimon * and waiting on condition variables are expected to be those from 224160814Ssimon * POSIX threads (pthreads). The mutexes may be (in pthread-speak) 225160814Ssimon * fast mutexes, recursive mutexes, or nonrecursive ones. 226160814Ssimon * 227160814Ssimon * The _release/_signal/_broadcast and _destroy functions must 228160814Ssimon * always succeed when given a valid argument; if they are given an 229160814Ssimon * invalid argument then the program (crypto plugin + application) 230160814Ssimon * has an internal error, and they should abort the program. 231160814Ssimon */ 232160814Ssimon 233160814Ssimon int (*getpassphrase)(const char *prompt_info, 234160814Ssimon int *len_io, char *buf, 235160814Ssimon HWCryptoHook_PassphraseContext *ppctx, 236160814Ssimon HWCryptoHook_CallerContext *cactx); 237160814Ssimon /* Passphrases and the prompt_info, if they contain high-bit-set 238160814Ssimon * characters, are UTF-8. The prompt_info may be a null pointer if 239160814Ssimon * no prompt information is available (it should not be an empty 240160814Ssimon * string). It will not contain text like `enter passphrase'; 241160814Ssimon * instead it might say something like `Operator Card for John 242160814Ssimon * Smith' or `SmartCard in nFast Module #1, Slot #1'. 243160814Ssimon * 244160814Ssimon * buf points to a buffer in which to return the passphrase; on 245160814Ssimon * entry *len_io is the length of the buffer. It should be updated 246160814Ssimon * by the callback. The returned passphrase should not be 247160814Ssimon * null-terminated by the callback. 248160814Ssimon */ 249160814Ssimon 250160814Ssimon int (*getphystoken)(const char *prompt_info, 251160814Ssimon const char *wrong_info, 252160814Ssimon HWCryptoHook_PassphraseContext *ppctx, 253160814Ssimon HWCryptoHook_CallerContext *cactx); 254160814Ssimon /* Requests that the human user physically insert a different 255160814Ssimon * smartcard, DataKey, etc. The plugin should check whether the 256160814Ssimon * currently inserted token(s) are appropriate, and if they are it 257160814Ssimon * should not make this call. 258160814Ssimon * 259160814Ssimon * prompt_info is as before. wrong_info is a description of the 260160814Ssimon * currently inserted token(s) so that the user is told what 261160814Ssimon * something is. wrong_info, like prompt_info, may be null, but 262160814Ssimon * should not be an empty string. Its contents should be 263160814Ssimon * syntactically similar to that of prompt_info. 264160814Ssimon */ 265160814Ssimon 266160814Ssimon /* Note that a single LoadKey operation might cause several calls to 267160814Ssimon * getpassphrase and/or requestphystoken. If requestphystoken is 268160814Ssimon * not provided (ie, a null pointer is passed) then the plugin may 269160814Ssimon * not support loading keys for which authorisation by several cards 270160814Ssimon * is required. If getpassphrase is not provided then cards with 271160814Ssimon * passphrases may not be supported. 272160814Ssimon * 273160814Ssimon * getpassphrase and getphystoken do not need to check that the 274160814Ssimon * passphrase has been entered correctly or the correct token 275160814Ssimon * inserted; the crypto plugin will do that. If this is not the 276160814Ssimon * case then the crypto plugin is responsible for calling these 277160814Ssimon * routines again as appropriate until the correct token(s) and 278160814Ssimon * passphrase(s) are supplied as required, or until any retry limits 279160814Ssimon * implemented by the crypto plugin are reached. 280160814Ssimon * 281160814Ssimon * In either case, the application must allow the user to say `no' 282160814Ssimon * or `cancel' to indicate that they do not know the passphrase or 283160814Ssimon * have the appropriate token; this should cause the callback to 284160814Ssimon * return nonzero indicating error. 285160814Ssimon */ 286160814Ssimon 287160814Ssimon void (*logmessage)(void *logstream, const char *message); 288160814Ssimon /* A log message will be generated at least every time something goes 289160814Ssimon * wrong and an ErrMsgBuf is filled in (or would be if one was 290160814Ssimon * provided). Other diagnostic information may be written there too, 291160814Ssimon * including more detailed reasons for errors which are reported in an 292160814Ssimon * ErrMsgBuf. 293160814Ssimon * 294160814Ssimon * When a log message is generated, this callback is called. It 295160814Ssimon * should write a message to the relevant logging arrangements. 296160814Ssimon * 297160814Ssimon * The message string passed will be null-terminated and may be of arbitrary 298160814Ssimon * length. It will not be prefixed by the time and date, nor by the 299160814Ssimon * name of the library that is generating it - if this is required, 300160814Ssimon * the logmessage callback must do it. The message will not have a 301160814Ssimon * trailing newline (though it may contain internal newlines). 302160814Ssimon * 303160814Ssimon * If a null pointer is passed for logmessage a default function is 304160814Ssimon * used. The default function treats logstream as a FILE* which has 305160814Ssimon * been converted to a void*. If logstream is 0 it does nothing. 306160814Ssimon * Otherwise it prepends the date and time and library name and 307160814Ssimon * writes the message to logstream. Each line will be prefixed by a 308160814Ssimon * descriptive string containing the date, time and identity of the 309160814Ssimon * crypto plugin. Errors on the logstream are not reported 310160814Ssimon * anywhere, and the default function doesn't flush the stream, so 311160814Ssimon * the application must set the buffering how it wants it. 312160814Ssimon * 313160814Ssimon * The crypto plugin may also provide a facility to have copies of 314160814Ssimon * log messages sent elsewhere, and or for adjusting the verbosity 315160814Ssimon * of the log messages; any such facilities will be configured by 316160814Ssimon * external means. 317160814Ssimon */ 318160814Ssimon 319160814Ssimon} HWCryptoHook_InitInfo; 320160814Ssimon 321160814Ssimontypedef 322160814SsimonHWCryptoHook_ContextHandle HWCryptoHook_Init_t(const HWCryptoHook_InitInfo *initinfo, 323160814Ssimon size_t initinfosize, 324160814Ssimon const HWCryptoHook_ErrMsgBuf *errors, 325160814Ssimon HWCryptoHook_CallerContext *cactx); 326160814Ssimonextern HWCryptoHook_Init_t HWCryptoHook_Init; 327160814Ssimon 328160814Ssimon/* Caller should set initinfosize to the size of the HWCryptoHook struct, 329160814Ssimon * so it can be extended later. 330160814Ssimon * 331160814Ssimon * On success, a message for display or logging by the server, 332160814Ssimon * including the name and version number of the plugin, will be filled 333160814Ssimon * in into *errors; on failure *errors is used for error handling, as 334160814Ssimon * usual. 335160814Ssimon */ 336160814Ssimon 337160814Ssimon/* All these functions return 0 on success, HWCRYPTOHOOK_ERROR_FAILED 338160814Ssimon * on most failures. HWCRYPTOHOOK_ERROR_MPISIZE means at least one of 339160814Ssimon * the output MPI buffer(s) was too small; the sizes of all have been 340160814Ssimon * set to the desired size (and for those where the buffer was large 341160814Ssimon * enough, the value may have been copied in), and no error message 342160814Ssimon * has been recorded. 343160814Ssimon * 344160814Ssimon * You may pass 0 for the errors struct. In any case, unless you set 345160814Ssimon * _NoStderr at init time then messages may be reported to stderr. 346160814Ssimon */ 347160814Ssimon 348160814Ssimon/* The RSAImmed* functions (and key managed RSA) only work with 349160814Ssimon * modules which have an RSA patent licence - currently that means KM 350160814Ssimon * units; the ModExp* ones work with all modules, so you need a patent 351160814Ssimon * licence in the software in the US. They are otherwise identical. 352160814Ssimon */ 353160814Ssimon 354160814Ssimontypedef 355160814Ssimonvoid HWCryptoHook_Finish_t(HWCryptoHook_ContextHandle hwctx); 356160814Ssimonextern HWCryptoHook_Finish_t HWCryptoHook_Finish; 357160814Ssimon/* You must not have any calls going or keys loaded when you call this. */ 358160814Ssimon 359160814Ssimontypedef 360160814Ssimonint HWCryptoHook_RandomBytes_t(HWCryptoHook_ContextHandle hwctx, 361160814Ssimon unsigned char *buf, size_t len, 362160814Ssimon const HWCryptoHook_ErrMsgBuf *errors); 363160814Ssimonextern HWCryptoHook_RandomBytes_t HWCryptoHook_RandomBytes; 364160814Ssimon 365160814Ssimontypedef 366160814Ssimonint HWCryptoHook_ModExp_t(HWCryptoHook_ContextHandle hwctx, 367160814Ssimon HWCryptoHook_MPI a, 368160814Ssimon HWCryptoHook_MPI p, 369160814Ssimon HWCryptoHook_MPI n, 370160814Ssimon HWCryptoHook_MPI *r, 371160814Ssimon const HWCryptoHook_ErrMsgBuf *errors); 372160814Ssimonextern HWCryptoHook_ModExp_t HWCryptoHook_ModExp; 373160814Ssimon 374160814Ssimontypedef 375160814Ssimonint HWCryptoHook_RSAImmedPub_t(HWCryptoHook_ContextHandle hwctx, 376160814Ssimon HWCryptoHook_MPI m, 377160814Ssimon HWCryptoHook_MPI e, 378160814Ssimon HWCryptoHook_MPI n, 379160814Ssimon HWCryptoHook_MPI *r, 380160814Ssimon const HWCryptoHook_ErrMsgBuf *errors); 381160814Ssimonextern HWCryptoHook_RSAImmedPub_t HWCryptoHook_RSAImmedPub; 382160814Ssimon 383160814Ssimontypedef 384160814Ssimonint HWCryptoHook_ModExpCRT_t(HWCryptoHook_ContextHandle hwctx, 385160814Ssimon HWCryptoHook_MPI a, 386160814Ssimon HWCryptoHook_MPI p, 387160814Ssimon HWCryptoHook_MPI q, 388160814Ssimon HWCryptoHook_MPI dmp1, 389160814Ssimon HWCryptoHook_MPI dmq1, 390160814Ssimon HWCryptoHook_MPI iqmp, 391160814Ssimon HWCryptoHook_MPI *r, 392160814Ssimon const HWCryptoHook_ErrMsgBuf *errors); 393160814Ssimonextern HWCryptoHook_ModExpCRT_t HWCryptoHook_ModExpCRT; 394160814Ssimon 395160814Ssimontypedef 396160814Ssimonint HWCryptoHook_RSAImmedPriv_t(HWCryptoHook_ContextHandle hwctx, 397160814Ssimon HWCryptoHook_MPI m, 398160814Ssimon HWCryptoHook_MPI p, 399160814Ssimon HWCryptoHook_MPI q, 400160814Ssimon HWCryptoHook_MPI dmp1, 401160814Ssimon HWCryptoHook_MPI dmq1, 402160814Ssimon HWCryptoHook_MPI iqmp, 403160814Ssimon HWCryptoHook_MPI *r, 404160814Ssimon const HWCryptoHook_ErrMsgBuf *errors); 405160814Ssimonextern HWCryptoHook_RSAImmedPriv_t HWCryptoHook_RSAImmedPriv; 406160814Ssimon 407160814Ssimon/* The RSAImmed* and ModExp* functions may return E_FAILED or 408160814Ssimon * E_FALLBACK for failure. 409160814Ssimon * 410160814Ssimon * E_FAILED means the failure is permanent and definite and there 411160814Ssimon * should be no attempt to fall back to software. (Eg, for some 412160814Ssimon * applications, which support only the acceleration-only 413160814Ssimon * functions, the `key material' may actually be an encoded key 414160814Ssimon * identifier, and doing the operation in software would give wrong 415160814Ssimon * answers.) 416160814Ssimon * 417160814Ssimon * E_FALLBACK means that doing the computation in software would seem 418160814Ssimon * reasonable. If an application pays attention to this and is 419160814Ssimon * able to fall back, it should also set the Fallback init flags. 420160814Ssimon */ 421160814Ssimon 422160814Ssimontypedef 423160814Ssimonint HWCryptoHook_RSALoadKey_t(HWCryptoHook_ContextHandle hwctx, 424160814Ssimon const char *key_ident, 425160814Ssimon HWCryptoHook_RSAKeyHandle *keyhandle_r, 426160814Ssimon const HWCryptoHook_ErrMsgBuf *errors, 427160814Ssimon HWCryptoHook_PassphraseContext *ppctx); 428160814Ssimonextern HWCryptoHook_RSALoadKey_t HWCryptoHook_RSALoadKey; 429160814Ssimon/* The key_ident is a null-terminated string configured by the 430160814Ssimon * user via the application's usual configuration mechanisms. 431160814Ssimon * It is provided to the user by the crypto provider's key management 432160814Ssimon * system. The user must be able to enter at least any string of between 433160814Ssimon * 1 and 1023 characters inclusive, consisting of printable 7-bit 434160814Ssimon * ASCII characters. The provider should avoid using 435160814Ssimon * any characters except alphanumerics and the punctuation 436160814Ssimon * characters _ - + . / @ ~ (the user is expected to be able 437160814Ssimon * to enter these without quoting). The string may be case-sensitive. 438160814Ssimon * The application may allow the user to enter other NULL-terminated strings, 439160814Ssimon * and the provider must cope (returning an error if the string is not 440160814Ssimon * valid). 441160814Ssimon * 442160814Ssimon * If the key does not exist, no error is recorded and 0 is returned; 443160814Ssimon * keyhandle_r will be set to 0 instead of to a key handle. 444160814Ssimon */ 445160814Ssimon 446160814Ssimontypedef 447160814Ssimonint HWCryptoHook_RSAGetPublicKey_t(HWCryptoHook_RSAKeyHandle k, 448160814Ssimon HWCryptoHook_MPI *n, 449160814Ssimon HWCryptoHook_MPI *e, 450160814Ssimon const HWCryptoHook_ErrMsgBuf *errors); 451160814Ssimonextern HWCryptoHook_RSAGetPublicKey_t HWCryptoHook_RSAGetPublicKey; 452160814Ssimon/* The crypto plugin will not store certificates. 453160814Ssimon * 454160814Ssimon * Although this function for acquiring the public key value is 455160814Ssimon * provided, it is not the purpose of this API to deal fully with the 456160814Ssimon * handling of the public key. 457160814Ssimon * 458160814Ssimon * It is expected that the crypto supplier's key generation program 459160814Ssimon * will provide general facilities for producing X.509 460160814Ssimon * self-certificates and certificate requests in PEM format. These 461160814Ssimon * will be given to the user so that they can configure them in the 462160814Ssimon * application, send them to CAs, or whatever. 463160814Ssimon * 464160814Ssimon * In case this kind of certificate handling is not appropriate, the 465160814Ssimon * crypto supplier's key generation program should be able to be 466160814Ssimon * configured not to generate such a self-certificate or certificate 467160814Ssimon * request. Then the application will need to do all of this, and 468160814Ssimon * will need to store and handle the public key and certificates 469160814Ssimon * itself. 470160814Ssimon */ 471160814Ssimon 472160814Ssimontypedef 473160814Ssimonint HWCryptoHook_RSAUnloadKey_t(HWCryptoHook_RSAKeyHandle k, 474160814Ssimon const HWCryptoHook_ErrMsgBuf *errors); 475160814Ssimonextern HWCryptoHook_RSAUnloadKey_t HWCryptoHook_RSAUnloadKey; 476160814Ssimon/* Might fail due to locking problems, or other serious internal problems. */ 477160814Ssimon 478160814Ssimontypedef 479160814Ssimonint HWCryptoHook_RSA_t(HWCryptoHook_MPI m, 480160814Ssimon HWCryptoHook_RSAKeyHandle k, 481160814Ssimon HWCryptoHook_MPI *r, 482160814Ssimon const HWCryptoHook_ErrMsgBuf *errors); 483160814Ssimonextern HWCryptoHook_RSA_t HWCryptoHook_RSA; 484160814Ssimon/* RSA private key operation (sign or decrypt) - raw, unpadded. */ 485160814Ssimon 486160814Ssimon#endif /*HWCRYPTOHOOK_H*/ 487