common.h revision 11973:480f5412d630 
1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
23 * Use is subject to license terms.
24 */
25
26#ifndef _PKTOOL_COMMON_H
27#define	_PKTOOL_COMMON_H
28
29/*
30 * This file contains data and functions shared between all the
31 * modules that comprise this tool.
32 */
33
34#ifdef __cplusplus
35extern "C" {
36#endif
37
38#include <cryptoutil.h>
39
40/* I18N helpers. */
41#include <libintl.h>
42#include <locale.h>
43#include <errno.h>
44#include <kmfapi.h>
45
46/* Defines used throughout */
47
48/* Error codes */
49#define	PK_ERR_NONE		0
50#define	PK_ERR_USAGE		1
51#define	PK_ERR_QUIT		2
52#define	PK_ERR_PK11		3
53#define	PK_ERR_SYSTEM		4
54#define	PK_ERR_OPENSSL		5
55#define	PK_ERR_NSS		6
56
57/* Types of objects for searches. */
58#define	PK_PRIVATE_OBJ		0x0001
59#define	PK_PUBLIC_OBJ		0x0002
60#define	PK_CERT_OBJ		0x0010
61#define	PK_PRIKEY_OBJ		0x0020
62#define	PK_PUBKEY_OBJ		0x0040
63#define	PK_SYMKEY_OBJ		0x0080
64#define	PK_CRL_OBJ		0x0100
65
66#define	PK_KEY_OBJ		(PK_PRIKEY_OBJ | PK_PUBKEY_OBJ | PK_SYMKEY_OBJ)
67#define	PK_ALL_OBJ		(PK_PRIVATE_OBJ | PK_PUBLIC_OBJ |\
68				PK_CERT_OBJ| PK_CRL_OBJ | PK_KEY_OBJ)
69
70#define	PK_DEFAULT_KEYTYPE	"rsa"
71#define	PK_DEFAULT_KEYLENGTH	2048
72#define	PK_DEFAULT_DIRECTORY	"."
73#define	PK_DEFAULT_SERIALNUM	1
74#define	PK_DEFAULT_PK11TOKEN	SOFT_TOKEN_LABEL
75
76/* Constants for attribute templates. */
77extern CK_BBOOL	pk_false;
78extern CK_BBOOL	pk_true;
79
80typedef struct {
81	int	eku_count;
82	int	*critlist;
83	KMF_OID	*ekulist;
84} EKU_LIST;
85
86/* Common functions. */
87extern void	final_pk11(CK_SESSION_HANDLE sess);
88
89extern CK_RV	login_token(CK_SLOT_ID slot_id, CK_UTF8CHAR_PTR pin,
90		    CK_ULONG pinlen, CK_SESSION_HANDLE_PTR sess);
91
92extern CK_RV	quick_start(CK_SLOT_ID slot_id, CK_FLAGS sess_flags,
93		    CK_UTF8CHAR_PTR pin, CK_ULONG pinlen,
94		    CK_SESSION_HANDLE_PTR sess);
95
96extern CK_RV	get_pin(char *prompt1, char *prompt2, CK_UTF8CHAR_PTR *pin,
97		    CK_ULONG *pinlen);
98extern boolean_t	yesno(char *prompt, char *invalid, boolean_t dflt);
99
100extern CK_RV	get_token_slots(CK_SLOT_ID_PTR *slot_list,
101		    CK_ULONG *slot_count);
102
103extern int get_subname(char **);
104extern int get_serial(char **);
105extern int get_certlabel(char **);
106extern int get_filename(char *, char **);
107
108extern int	getopt_av(int argc, char * const argv[], const char *optstring);
109extern char	*optarg_av;
110extern int	optind_av;
111
112int OT2Int(char *);
113int PK2Int(char *);
114KMF_KEYSTORE_TYPE KS2Int(char *);
115int Str2KeyType(char *, KMF_OID *, KMF_KEY_ALG *, KMF_ALGORITHM_INDEX *);
116int Str2SymKeyType(char *, KMF_KEY_ALG *);
117int Str2Lifetime(char *, uint32_t *);
118KMF_RETURN select_token(void *, char *, int);
119KMF_RETURN configure_nss(void *, char *, char *);
120
121KMF_ENCODE_FORMAT Str2Format(char *);
122KMF_RETURN get_pk12_password(KMF_CREDENTIAL *);
123KMF_RETURN hexstring2bytes(uchar_t *, uchar_t **, size_t *);
124KMF_RETURN verify_altname(char *arg, KMF_GENERALNAMECHOICES *, int *);
125KMF_RETURN verify_keyusage(char *arg, uint16_t *, int *);
126KMF_RETURN verify_file(char *);
127KMF_RETURN verify_ekunames(char *, EKU_LIST **);
128KMF_RETURN token_auth_needed(KMF_HANDLE_T, char *, int *);
129KMF_OID *ecc_name_to_oid(char *);
130void show_ecc_curves();
131KMF_RETURN genkeypair_pkcs11(KMF_HANDLE_T, char *, char *, KMF_KEY_ALG,
132	int, KMF_CREDENTIAL *, KMF_OID *,
133	KMF_KEY_HANDLE *, KMF_KEY_HANDLE *);
134
135KMF_RETURN genkeypair_file(KMF_HANDLE_T,
136	KMF_KEY_ALG, int, KMF_ENCODE_FORMAT,
137	char *, KMF_KEY_HANDLE *, KMF_KEY_HANDLE *);
138
139KMF_RETURN genkeypair_nss(KMF_HANDLE_T,
140	char *, char *, char *, char *,
141	KMF_KEY_ALG, int, KMF_CREDENTIAL *,
142	KMF_OID *, KMF_KEY_HANDLE *, KMF_KEY_HANDLE *);
143
144void free_eku_list(EKU_LIST *);
145
146int yn_to_int(char *);
147
148int get_token_password(KMF_KEYSTORE_TYPE, char *, KMF_CREDENTIAL *);
149void display_error(void *, KMF_RETURN, char *);
150
151#define	DEFAULT_NSS_TOKEN	"internal"
152#define	DEFAULT_TOKEN_PROMPT	"Enter PIN for %s: "
153
154#define	EMPTYSTRING(s) (s == NULL || !strlen((char *)s))
155/*
156 * The "dir" option is only valid with the NSS keystore.  This check
157 * forces PK_ERR_USAGE when it is used with non-NSS keystore.
158 */
159#define	DIR_OPTION_CHECK(k, d) \
160if (k != KMF_KEYSTORE_NSS && d != NULL) { \
161	cryptoerror(LOG_STDERR, gettext("The 'dir' option is " \
162	    "not supported with the indicated keystore\n")); \
163	return (PK_ERR_USAGE); \
164}
165
166
167#ifdef __cplusplus
168}
169#endif
170
171#endif /* _PKTOOL_COMMON_H */
172