hwcryptohook.h revision 296465 
1/*-
2 * ModExp / RSA (with/without KM) plugin API
3 *
4 * The application will load a dynamic library which
5 * exports entrypoint(s) defined in this file.
6 *
7 * This set of entrypoints provides only a multithreaded,
8 * synchronous-within-each-thread, facility.
9 *
10 *
11 * This file is Copyright 1998-2000 nCipher Corporation Limited.
12 *
13 * Redistribution and use in source and binary forms, with opr without
14 * modification, are permitted provided that the following conditions
15 * are met:
16 *
17 * 1. Redistributions of source code must retain the copyright notice,
18 *    this list of conditions, and the following disclaimer.
19 *
20 * 2. Redistributions in binary form must reproduce the above
21 *    copyright notice, this list of conditions, and the following
22 *    disclaimer, in the documentation and/or other materials provided
23 *    with the distribution
24 *
25 * IN NO EVENT SHALL NCIPHER CORPORATION LIMITED (`NCIPHER') AND/OR
26 * ANY OTHER AUTHORS OR DISTRIBUTORS OF THIS FILE BE LIABLE for any
27 * damages arising directly or indirectly from this file, its use or
28 * this licence.  Without prejudice to the generality of the
29 * foregoing: all liability shall be excluded for direct, indirect,
30 * special, incidental, consequential or other damages or any loss of
31 * profits, business, revenue goodwill or anticipated savings;
32 * liability shall be excluded even if nCipher or anyone else has been
33 * advised of the possibility of damage.  In any event, if the
34 * exclusion of liability is not effective, the liability of nCipher
35 * or any author or distributor shall be limited to the lesser of the
36 * price paid and 1,000 pounds sterling. This licence only fails to
37 * exclude or limit liability for death or personal injury arising out
38 * of negligence, and only to the extent that such an exclusion or
39 * limitation is not effective.
40 *
41 * NCIPHER AND THE AUTHORS AND DISTRIBUTORS SPECIFICALLY DISCLAIM ALL
42 * AND ANY WARRANTIES (WHETHER EXPRESS OR IMPLIED), including, but not
43 * limited to, any implied warranties of merchantability, fitness for
44 * a particular purpose, satisfactory quality, and/or non-infringement
45 * of any third party rights.
46 *
47 * US Government use: This software and documentation is Commercial
48 * Computer Software and Computer Software Documentation, as defined in
49 * sub-paragraphs (a)(1) and (a)(5) of DFAR 252.227-7014, "Rights in
50 * Noncommercial Computer Software and Noncommercial Computer Software
51 * Documentation."  Use, duplication or disclosure by the Government is
52 * subject to the terms and conditions specified here.
53 *
54 * By using or distributing this file you will be accepting these
55 * terms and conditions, including the limitation of liability and
56 * lack of warranty.  If you do not wish to accept these terms and
57 * conditions, DO NOT USE THE FILE.
58 *
59 *
60 * The actual dynamically loadable plugin, and the library files for
61 * static linking, which are also provided in some distributions, are
62 * not covered by the licence described above.  You should have
63 * received a separate licence with terms and conditions for these
64 * library files; if you received the library files without a licence,
65 * please contact nCipher.
66 *
67 *
68 * $Id: hwcryptohook.h,v 1.1 2002/10/11 17:10:59 levitte Exp $
69 */
70
71#ifndef HWCRYPTOHOOK_H
72# define HWCRYPTOHOOK_H
73
74# include <sys/types.h>
75# include <stdio.h>
76
77# ifndef HWCRYPTOHOOK_DECLARE_APPTYPES
78#  define HWCRYPTOHOOK_DECLARE_APPTYPES 1
79# endif
80
81# define HWCRYPTOHOOK_ERROR_FAILED   -1
82# define HWCRYPTOHOOK_ERROR_FALLBACK -2
83# define HWCRYPTOHOOK_ERROR_MPISIZE  -3
84
85# if HWCRYPTOHOOK_DECLARE_APPTYPES
86
87/*-
88 * These structs are defined by the application and opaque to the
89 * crypto plugin.  The application may define these as it sees fit.
90 * Default declarations are provided here, but the application may
91 *  #define HWCRYPTOHOOK_DECLARE_APPTYPES 0
92 * to prevent these declarations, and instead provide its own
93 * declarations of these types.  (Pointers to them must still be
94 * ordinary pointers to structs or unions, or the resulting combined
95 * program will have a type inconsistency.)
96 */
97typedef struct HWCryptoHook_MutexValue HWCryptoHook_Mutex;
98typedef struct HWCryptoHook_CondVarValue HWCryptoHook_CondVar;
99typedef struct HWCryptoHook_PassphraseContextValue
100 HWCryptoHook_PassphraseContext;
101typedef struct HWCryptoHook_CallerContextValue HWCryptoHook_CallerContext;
102
103# endif                         /* HWCRYPTOHOOK_DECLARE_APPTYPES */
104
105/*-
106 * These next two structs are opaque to the application.  The crypto
107 * plugin will return pointers to them; the caller simply manipulates
108 * the pointers.
109 */
110typedef struct HWCryptoHook_Context *HWCryptoHook_ContextHandle;
111typedef struct HWCryptoHook_RSAKey *HWCryptoHook_RSAKeyHandle;
112
113typedef struct {
114    char *buf;
115    size_t size;
116} HWCryptoHook_ErrMsgBuf;
117/*-
118 * Used for error reporting.  When a HWCryptoHook function fails it
119 * will return a sentinel value (0 for pointer-valued functions, or a
120 * negative number, usually HWCRYPTOHOOK_ERROR_FAILED, for
121 * integer-valued ones).  It will, if an ErrMsgBuf is passed, also put
122 * an error message there.
123 *
124 * size is the size of the buffer, and will not be modified.  If you
125 * pass 0 for size you must pass 0 for buf, and nothing will be
126 * recorded (just as if you passed 0 for the struct pointer).
127 * Messages written to the buffer will always be null-terminated, even
128 * when truncated to fit within size bytes.
129 *
130 * The contents of the buffer are not defined if there is no error.
131 */
132
133typedef struct HWCryptoHook_MPIStruct {
134    unsigned char *buf;
135    size_t size;
136} HWCryptoHook_MPI;
137/*-
138 * When one of these is returned, a pointer is passed to the function.
139 * At call, size is the space available.  Afterwards it is updated to
140 * be set to the actual length (which may be more than the space available,
141 * if there was not enough room and the result was truncated).
142 * buf (the pointer) is not updated.
143 *
144 * size is in bytes and may be zero at call or return, but must be a
145 * multiple of the limb size.  Zero limbs at the MS end are not
146 * permitted.
147 */
148
149# define HWCryptoHook_InitFlags_FallbackModExp    0x0002UL
150# define HWCryptoHook_InitFlags_FallbackRSAImmed  0x0004UL
151/*-
152 * Enable requesting fallback to software in case of problems with the
153 * hardware support.  This indicates to the crypto provider that the
154 * application is prepared to fall back to software operation if the
155 * ModExp* or RSAImmed* functions return HWCRYPTOHOOK_ERROR_FALLBACK.
156 * Without this flag those calls will never return
157 * HWCRYPTOHOOK_ERROR_FALLBACK.  The flag will also cause the crypto
158 * provider to avoid repeatedly attempting to contact dead hardware
159 * within a short interval, if appropriate.
160 */
161
162# define HWCryptoHook_InitFlags_SimpleForkCheck   0x0010UL
163/*-
164 * Without _SimpleForkCheck the library is allowed to assume that the
165 * application will not fork and call the library in the child(ren).
166 *
167 * When it is specified, this is allowed.  However, after a fork
168 * neither parent nor child may unload any loaded keys or call
169 * _Finish.  Instead, they should call exit (or die with a signal)
170 * without calling _Finish.  After all the children have died the
171 * parent may unload keys or call _Finish.
172 *
173 * This flag only has any effect on UN*X platforms.
174 */
175
176typedef struct {
177    unsigned long flags;
178    void *logstream;            /* usually a FILE*.  See below. */
179    size_t limbsize;            /* bignum format - size of radix type, must
180                                 * be power of 2 */
181    int mslimbfirst;            /* 0 or 1 */
182    int msbytefirst;            /* 0 or 1; -1 = native */
183    /*-
184     * All the callback functions should return 0 on success, or a
185     * nonzero integer (whose value will be visible in the error message
186     * put in the buffer passed to the call).
187     *
188     * If a callback is not available pass a null function pointer.
189     *
190     * The callbacks may not call down again into the crypto plugin.
191     */
192    /*-
193     * For thread-safety.  Set everything to 0 if you promise only to be
194     * singlethreaded.  maxsimultaneous is the number of calls to
195     * ModExp[Crt]/RSAImmed{Priv,Pub}/RSA.  If you don't know what to
196     * put there then say 0 and the hook library will use a default.
197     *
198     * maxmutexes is a small limit on the number of simultaneous mutexes
199     * which will be requested by the library.  If there is no small
200     * limit, set it to 0.  If the crypto plugin cannot create the
201     * advertised number of mutexes the calls to its functions may fail.
202     * If a low number of mutexes is advertised the plugin will try to
203     * do the best it can.  Making larger numbers of mutexes available
204     * may improve performance and parallelism by reducing contention
205     * over critical sections.  Unavailability of any mutexes, implying
206     * single-threaded operation, should be indicated by the setting
207     * mutex_init et al to 0.
208     */
209    int maxmutexes;
210    int maxsimultaneous;
211    size_t mutexsize;
212    int (*mutex_init) (HWCryptoHook_Mutex *,
213                       HWCryptoHook_CallerContext * cactx);
214    int (*mutex_acquire) (HWCryptoHook_Mutex *);
215    void (*mutex_release) (HWCryptoHook_Mutex *);
216    void (*mutex_destroy) (HWCryptoHook_Mutex *);
217    /*-
218     * For greater efficiency, can use condition vars internally for
219     * synchronisation.  In this case maxsimultaneous is ignored, but
220     * the other mutex stuff must be available.  In singlethreaded
221     * programs, set everything to 0.
222     */
223    size_t condvarsize;
224    int (*condvar_init) (HWCryptoHook_CondVar *,
225                         HWCryptoHook_CallerContext * cactx);
226    int (*condvar_wait) (HWCryptoHook_CondVar *, HWCryptoHook_Mutex *);
227    void (*condvar_signal) (HWCryptoHook_CondVar *);
228    void (*condvar_broadcast) (HWCryptoHook_CondVar *);
229    void (*condvar_destroy) (HWCryptoHook_CondVar *);
230    /*-
231     * The semantics of acquiring and releasing mutexes and broadcasting
232     * and waiting on condition variables are expected to be those from
233     * POSIX threads (pthreads).  The mutexes may be (in pthread-speak)
234     * fast mutexes, recursive mutexes, or nonrecursive ones.
235     *
236     * The _release/_signal/_broadcast and _destroy functions must
237     * always succeed when given a valid argument; if they are given an
238     * invalid argument then the program (crypto plugin + application)
239     * has an internal error, and they should abort the program.
240     */
241    int (*getpassphrase) (const char *prompt_info,
242                          int *len_io, char *buf,
243                          HWCryptoHook_PassphraseContext * ppctx,
244                          HWCryptoHook_CallerContext * cactx);
245    /*-
246     * Passphrases and the prompt_info, if they contain high-bit-set
247     * characters, are UTF-8.  The prompt_info may be a null pointer if
248     * no prompt information is available (it should not be an empty
249     * string).  It will not contain text like `enter passphrase';
250     * instead it might say something like `Operator Card for John
251     * Smith' or `SmartCard in nFast Module #1, Slot #1'.
252     *
253     * buf points to a buffer in which to return the passphrase; on
254     * entry *len_io is the length of the buffer.  It should be updated
255     * by the callback.  The returned passphrase should not be
256     * null-terminated by the callback.
257     */
258    int (*getphystoken) (const char *prompt_info,
259                         const char *wrong_info,
260                         HWCryptoHook_PassphraseContext * ppctx,
261                         HWCryptoHook_CallerContext * cactx);
262    /*-
263     * Requests that the human user physically insert a different
264     * smartcard, DataKey, etc.  The plugin should check whether the
265     * currently inserted token(s) are appropriate, and if they are it
266     * should not make this call.
267     *
268     * prompt_info is as before.  wrong_info is a description of the
269     * currently inserted token(s) so that the user is told what
270     * something is.  wrong_info, like prompt_info, may be null, but
271     * should not be an empty string.  Its contents should be
272     * syntactically similar to that of prompt_info.
273     */
274    /*-
275     * Note that a single LoadKey operation might cause several calls to
276     * getpassphrase and/or requestphystoken.  If requestphystoken is
277     * not provided (ie, a null pointer is passed) then the plugin may
278     * not support loading keys for which authorisation by several cards
279     * is required.  If getpassphrase is not provided then cards with
280     * passphrases may not be supported.
281     *
282     * getpassphrase and getphystoken do not need to check that the
283     * passphrase has been entered correctly or the correct token
284     * inserted; the crypto plugin will do that.  If this is not the
285     * case then the crypto plugin is responsible for calling these
286     * routines again as appropriate until the correct token(s) and
287     * passphrase(s) are supplied as required, or until any retry limits
288     * implemented by the crypto plugin are reached.
289     *
290     * In either case, the application must allow the user to say `no'
291     * or `cancel' to indicate that they do not know the passphrase or
292     * have the appropriate token; this should cause the callback to
293     * return nonzero indicating error.
294     */
295    void (*logmessage) (void *logstream, const char *message);
296    /*-
297     * A log message will be generated at least every time something goes
298     * wrong and an ErrMsgBuf is filled in (or would be if one was
299     * provided).  Other diagnostic information may be written there too,
300     * including more detailed reasons for errors which are reported in an
301     * ErrMsgBuf.
302     *
303     * When a log message is generated, this callback is called.  It
304     * should write a message to the relevant logging arrangements.
305     *
306     * The message string passed will be null-terminated and may be of arbitrary
307     * length.  It will not be prefixed by the time and date, nor by the
308     * name of the library that is generating it - if this is required,
309     * the logmessage callback must do it.  The message will not have a
310     * trailing newline (though it may contain internal newlines).
311     *
312     * If a null pointer is passed for logmessage a default function is
313     * used.  The default function treats logstream as a FILE* which has
314     * been converted to a void*.  If logstream is 0 it does nothing.
315     * Otherwise it prepends the date and time and library name and
316     * writes the message to logstream.  Each line will be prefixed by a
317     * descriptive string containing the date, time and identity of the
318     * crypto plugin.  Errors on the logstream are not reported
319     * anywhere, and the default function doesn't flush the stream, so
320     * the application must set the buffering how it wants it.
321     *
322     * The crypto plugin may also provide a facility to have copies of
323     * log messages sent elsewhere, and or for adjusting the verbosity
324     * of the log messages; any such facilities will be configured by
325     * external means.
326     */
327} HWCryptoHook_InitInfo;
328
329typedef
330HWCryptoHook_ContextHandle HWCryptoHook_Init_t(const HWCryptoHook_InitInfo *
331                                               initinfo, size_t initinfosize,
332                                               const HWCryptoHook_ErrMsgBuf *
333                                               errors,
334                                               HWCryptoHook_CallerContext *
335                                               cactx);
336extern HWCryptoHook_Init_t HWCryptoHook_Init;
337
338/*-
339 * Caller should set initinfosize to the size of the HWCryptoHook struct,
340 * so it can be extended later.
341 *
342 * On success, a message for display or logging by the server,
343 * including the name and version number of the plugin, will be filled
344 * in into *errors; on failure *errors is used for error handling, as
345 * usual.
346 */
347
348/*-
349 * All these functions return 0 on success, HWCRYPTOHOOK_ERROR_FAILED
350 * on most failures.  HWCRYPTOHOOK_ERROR_MPISIZE means at least one of
351 * the output MPI buffer(s) was too small; the sizes of all have been
352 * set to the desired size (and for those where the buffer was large
353 * enough, the value may have been copied in), and no error message
354 * has been recorded.
355 *
356 * You may pass 0 for the errors struct.  In any case, unless you set
357 * _NoStderr at init time then messages may be reported to stderr.
358 */
359
360/*-
361 * The RSAImmed* functions (and key managed RSA) only work with
362 * modules which have an RSA patent licence - currently that means KM
363 * units; the ModExp* ones work with all modules, so you need a patent
364 * licence in the software in the US.  They are otherwise identical.
365 */
366
367typedef
368void HWCryptoHook_Finish_t(HWCryptoHook_ContextHandle hwctx);
369extern HWCryptoHook_Finish_t HWCryptoHook_Finish;
370/* You must not have any calls going or keys loaded when you call this. */
371
372typedef
373int HWCryptoHook_RandomBytes_t(HWCryptoHook_ContextHandle hwctx,
374                               unsigned char *buf, size_t len,
375                               const HWCryptoHook_ErrMsgBuf * errors);
376extern HWCryptoHook_RandomBytes_t HWCryptoHook_RandomBytes;
377
378typedef
379int HWCryptoHook_ModExp_t(HWCryptoHook_ContextHandle hwctx,
380                          HWCryptoHook_MPI a,
381                          HWCryptoHook_MPI p,
382                          HWCryptoHook_MPI n,
383                          HWCryptoHook_MPI * r,
384                          const HWCryptoHook_ErrMsgBuf * errors);
385extern HWCryptoHook_ModExp_t HWCryptoHook_ModExp;
386
387typedef
388int HWCryptoHook_RSAImmedPub_t(HWCryptoHook_ContextHandle hwctx,
389                               HWCryptoHook_MPI m,
390                               HWCryptoHook_MPI e,
391                               HWCryptoHook_MPI n,
392                               HWCryptoHook_MPI * r,
393                               const HWCryptoHook_ErrMsgBuf * errors);
394extern HWCryptoHook_RSAImmedPub_t HWCryptoHook_RSAImmedPub;
395
396typedef
397int HWCryptoHook_ModExpCRT_t(HWCryptoHook_ContextHandle hwctx,
398                             HWCryptoHook_MPI a,
399                             HWCryptoHook_MPI p,
400                             HWCryptoHook_MPI q,
401                             HWCryptoHook_MPI dmp1,
402                             HWCryptoHook_MPI dmq1,
403                             HWCryptoHook_MPI iqmp,
404                             HWCryptoHook_MPI * r,
405                             const HWCryptoHook_ErrMsgBuf * errors);
406extern HWCryptoHook_ModExpCRT_t HWCryptoHook_ModExpCRT;
407
408typedef
409int HWCryptoHook_RSAImmedPriv_t(HWCryptoHook_ContextHandle hwctx,
410                                HWCryptoHook_MPI m,
411                                HWCryptoHook_MPI p,
412                                HWCryptoHook_MPI q,
413                                HWCryptoHook_MPI dmp1,
414                                HWCryptoHook_MPI dmq1,
415                                HWCryptoHook_MPI iqmp,
416                                HWCryptoHook_MPI * r,
417                                const HWCryptoHook_ErrMsgBuf * errors);
418extern HWCryptoHook_RSAImmedPriv_t HWCryptoHook_RSAImmedPriv;
419
420/*-
421 * The RSAImmed* and ModExp* functions may return E_FAILED or
422 * E_FALLBACK for failure.
423 *
424 * E_FAILED means the failure is permanent and definite and there
425 *    should be no attempt to fall back to software.  (Eg, for some
426 *    applications, which support only the acceleration-only
427 *    functions, the `key material' may actually be an encoded key
428 *    identifier, and doing the operation in software would give wrong
429 *    answers.)
430 *
431 * E_FALLBACK means that doing the computation in software would seem
432 *    reasonable.  If an application pays attention to this and is
433 *    able to fall back, it should also set the Fallback init flags.
434 */
435
436typedef
437int HWCryptoHook_RSALoadKey_t(HWCryptoHook_ContextHandle hwctx,
438                              const char *key_ident,
439                              HWCryptoHook_RSAKeyHandle * keyhandle_r,
440                              const HWCryptoHook_ErrMsgBuf * errors,
441                              HWCryptoHook_PassphraseContext * ppctx);
442extern HWCryptoHook_RSALoadKey_t HWCryptoHook_RSALoadKey;
443/*-
444 * The key_ident is a null-terminated string configured by the
445 * user via the application's usual configuration mechanisms.
446 * It is provided to the user by the crypto provider's key management
447 * system.  The user must be able to enter at least any string of between
448 * 1 and 1023 characters inclusive, consisting of printable 7-bit
449 * ASCII characters.  The provider should avoid using
450 * any characters except alphanumerics and the punctuation
451 * characters  _ - + . / @ ~  (the user is expected to be able
452 * to enter these without quoting).  The string may be case-sensitive.
453 * The application may allow the user to enter other NULL-terminated strings,
454 * and the provider must cope (returning an error if the string is not
455 * valid).
456 *
457 * If the key does not exist, no error is recorded and 0 is returned;
458 * keyhandle_r will be set to 0 instead of to a key handle.
459 */
460
461typedef
462int HWCryptoHook_RSAGetPublicKey_t(HWCryptoHook_RSAKeyHandle k,
463                                   HWCryptoHook_MPI * n,
464                                   HWCryptoHook_MPI * e,
465                                   const HWCryptoHook_ErrMsgBuf * errors);
466extern HWCryptoHook_RSAGetPublicKey_t HWCryptoHook_RSAGetPublicKey;
467/*-
468 * The crypto plugin will not store certificates.
469 *
470 * Although this function for acquiring the public key value is
471 * provided, it is not the purpose of this API to deal fully with the
472 * handling of the public key.
473 *
474 * It is expected that the crypto supplier's key generation program
475 * will provide general facilities for producing X.509
476 * self-certificates and certificate requests in PEM format.  These
477 * will be given to the user so that they can configure them in the
478 * application, send them to CAs, or whatever.
479 *
480 * In case this kind of certificate handling is not appropriate, the
481 * crypto supplier's key generation program should be able to be
482 * configured not to generate such a self-certificate or certificate
483 * request.  Then the application will need to do all of this, and
484 * will need to store and handle the public key and certificates
485 * itself.
486 */
487
488typedef
489int HWCryptoHook_RSAUnloadKey_t(HWCryptoHook_RSAKeyHandle k,
490                                const HWCryptoHook_ErrMsgBuf * errors);
491extern HWCryptoHook_RSAUnloadKey_t HWCryptoHook_RSAUnloadKey;
492/* Might fail due to locking problems, or other serious internal problems. */
493
494typedef
495int HWCryptoHook_RSA_t(HWCryptoHook_MPI m,
496                       HWCryptoHook_RSAKeyHandle k,
497                       HWCryptoHook_MPI * r,
498                       const HWCryptoHook_ErrMsgBuf * errors);
499extern HWCryptoHook_RSA_t HWCryptoHook_RSA;
500/* RSA private key operation (sign or decrypt) - raw, unpadded. */
501
502#endif                          /* HWCRYPTOHOOK_H */
503