kmfapi.h revision 3408:67ca9373b99e
1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21/* 22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 * 25 * 26 * Constant definitions and function prototypes for the KMF library. 27 * Commonly used data types are defined in "kmftypes.h". 28 */ 29 30#ifndef _KMFAPI_H 31#define _KMFAPI_H 32 33#pragma ident "%Z%%M% %I% %E% SMI" 34 35#include <kmftypes.h> 36#include <security/cryptoki.h> 37 38#ifdef __cplusplus 39extern "C" { 40#endif 41 42/* 43 * Setup operations. 44 */ 45extern KMF_RETURN KMF_Initialize(KMF_HANDLE_T *, char *, char *); 46extern KMF_RETURN KMF_ConfigureKeystore(KMF_HANDLE_T, KMF_CONFIG_PARAMS *); 47extern KMF_RETURN KMF_Finalize(KMF_HANDLE_T); 48 49/* 50 * Key operations. 51 */ 52extern KMF_RETURN KMF_SignDataWithKey(KMF_HANDLE_T, 53 KMF_KEY_HANDLE *, KMF_OID *, 54 KMF_DATA *, KMF_DATA *); 55 56extern KMF_RETURN KMF_VerifyDataWithKey(KMF_HANDLE_T, 57 KMF_KEY_HANDLE *, KMF_ALGORITHM_INDEX, KMF_DATA *, KMF_DATA *); 58 59extern KMF_RETURN KMF_CreateKeypair(KMF_HANDLE_T, 60 KMF_CREATEKEYPAIR_PARAMS *, KMF_KEY_HANDLE *, KMF_KEY_HANDLE *); 61 62extern KMF_RETURN KMF_DeleteKeyFromKeystore(KMF_HANDLE_T, 63 KMF_DELETEKEY_PARAMS *, KMF_KEY_HANDLE *); 64 65extern KMF_RETURN KMF_SignCertRecord(KMF_HANDLE_T, KMF_KEY_HANDLE *, 66 KMF_X509_CERTIFICATE *, KMF_DATA *); 67 68extern KMF_RETURN KMF_FindKey(KMF_HANDLE_T, KMF_FINDKEY_PARAMS *, 69 KMF_KEY_HANDLE *, uint32_t *); 70 71extern KMF_RETURN KMF_StorePrivateKey(KMF_HANDLE_T, KMF_STOREKEY_PARAMS *, 72 KMF_RAW_KEY_DATA *); 73 74extern KMF_RETURN KMF_CreateSymKey(KMF_HANDLE_T, KMF_CREATESYMKEY_PARAMS *, 75 KMF_KEY_HANDLE *); 76 77extern KMF_RETURN KMF_GetSymKeyValue(KMF_HANDLE_T, KMF_KEY_HANDLE *, 78 KMF_RAW_SYM_KEY *); 79 80/* 81 * Certificate operations. 82 */ 83extern KMF_RETURN KMF_FindCert(KMF_HANDLE_T, KMF_FINDCERT_PARAMS *, 84 KMF_X509_DER_CERT *, uint32_t *); 85 86extern KMF_RETURN KMF_EncodeCertRecord(KMF_X509_CERTIFICATE *, 87 KMF_DATA *); 88extern KMF_RETURN KMF_SignCertWithKey(KMF_HANDLE_T, const KMF_DATA *, 89 KMF_KEY_HANDLE *, KMF_DATA *); 90extern KMF_RETURN KMF_SignCertWithCert(KMF_HANDLE_T, 91 KMF_CRYPTOWITHCERT_PARAMS *, 92 const KMF_DATA *, KMF_DATA *, KMF_DATA *); 93 94extern KMF_RETURN KMF_SignDataWithCert(KMF_HANDLE_T, 95 KMF_CRYPTOWITHCERT_PARAMS *, KMF_DATA *, KMF_DATA *, KMF_DATA *); 96 97extern KMF_RETURN KMF_VerifyCertWithKey(KMF_HANDLE_T, KMF_KEY_HANDLE *, 98 const KMF_DATA *); 99extern KMF_RETURN KMF_VerifyCertWithCert(KMF_HANDLE_T, const KMF_DATA *, 100 const KMF_DATA *); 101extern KMF_RETURN KMF_VerifyDataWithCert(KMF_HANDLE_T, KMF_DATA *, KMF_DATA *, 102 const KMF_DATA *); 103 104extern KMF_RETURN KMF_EncryptWithCert(KMF_HANDLE_T, KMF_DATA *, 105 KMF_DATA *, KMF_DATA *); 106 107extern KMF_RETURN KMF_DecryptWithCert(KMF_HANDLE_T, 108 KMF_CRYPTOWITHCERT_PARAMS *, KMF_DATA *, KMF_DATA *, KMF_DATA *); 109 110extern KMF_RETURN KMF_StoreCert(KMF_HANDLE_T, 111 KMF_STORECERT_PARAMS *, KMF_DATA *); 112extern KMF_RETURN KMF_ImportCert(KMF_HANDLE_T, KMF_IMPORTCERT_PARAMS *); 113extern KMF_RETURN KMF_DeleteCertFromKeystore(KMF_HANDLE_T, 114 KMF_DELETECERT_PARAMS *); 115 116extern KMF_RETURN KMF_ValidateCert(KMF_HANDLE_T, 117 KMF_VALIDATECERT_PARAMS *, int *); 118 119extern KMF_RETURN KMF_CreateCertFile(KMF_DATA *, KMF_ENCODE_FORMAT, char *); 120 121extern KMF_RETURN KMF_DownloadCert(KMF_HANDLE_T, char *, char *, int, 122 unsigned int, char *, KMF_ENCODE_FORMAT *); 123extern KMF_RETURN KMF_IsCertFile(KMF_HANDLE_T, char *, KMF_ENCODE_FORMAT *); 124 125extern KMF_RETURN KMF_CheckCertDate(KMF_HANDLE_T, KMF_DATA *); 126 127/* 128 * CRL operations. 129 */ 130extern KMF_RETURN KMF_ImportCRL(KMF_HANDLE_T, KMF_IMPORTCRL_PARAMS *); 131extern KMF_RETURN KMF_DeleteCRL(KMF_HANDLE_T, KMF_DELETECRL_PARAMS *); 132extern KMF_RETURN KMF_ListCRL(KMF_HANDLE_T, KMF_LISTCRL_PARAMS *, char **); 133extern KMF_RETURN KMF_FindCRL(KMF_HANDLE_T, KMF_FINDCRL_PARAMS *, 134 char **, int *); 135 136extern KMF_RETURN KMF_FindCertInCRL(KMF_HANDLE_T, 137 KMF_FINDCERTINCRL_PARAMS *); 138extern KMF_RETURN KMF_VerifyCRLFile(KMF_HANDLE_T, 139 KMF_VERIFYCRL_PARAMS *); 140 141extern KMF_RETURN KMF_CheckCRLDate(KMF_HANDLE_T, 142 KMF_CHECKCRLDATE_PARAMS *); 143extern KMF_RETURN KMF_DownloadCRL(KMF_HANDLE_T, char *, char *, 144 int, unsigned int, char *, KMF_ENCODE_FORMAT *); 145extern KMF_RETURN KMF_IsCRLFile(KMF_HANDLE_T, char *, KMF_ENCODE_FORMAT *); 146 147/* 148 * CSR operations. 149 */ 150extern KMF_RETURN KMF_SetCSRPubKey(KMF_HANDLE_T, 151 KMF_KEY_HANDLE *, KMF_CSR_DATA *); 152extern KMF_RETURN KMF_SetCSRVersion(KMF_CSR_DATA *, uint32_t); 153extern KMF_RETURN KMF_SetCSRSubjectName(KMF_CSR_DATA *, KMF_X509_NAME *); 154extern KMF_RETURN KMF_CreateCSRFile(KMF_DATA *, KMF_ENCODE_FORMAT, char *); 155extern KMF_RETURN KMF_SetCSRExtension(KMF_CSR_DATA *, KMF_X509_EXTENSION *); 156extern KMF_RETURN KMF_SetCSRSignatureAlgorithm(KMF_CSR_DATA *, 157 KMF_ALGORITHM_INDEX); 158extern KMF_RETURN KMF_SetCSRSubjectAltName(KMF_CSR_DATA *, char *, 159 int, KMF_GENERALNAMECHOICES); 160extern KMF_RETURN KMF_SetCSRKeyUsage(KMF_CSR_DATA *, int, uint16_t); 161extern KMF_RETURN KMF_SignCSR(KMF_HANDLE_T, const KMF_CSR_DATA *, 162 KMF_KEY_HANDLE *, KMF_DATA *); 163 164/* 165 * GetCert operations. 166 */ 167extern KMF_RETURN KMF_GetCertExtensionData(const KMF_DATA *, KMF_OID *, 168 KMF_X509_EXTENSION *); 169 170extern KMF_RETURN KMF_GetCertCriticalExtensions(const KMF_DATA *, 171 KMF_X509_EXTENSION **, int *); 172 173extern KMF_RETURN KMF_GetCertNonCriticalExtensions(const KMF_DATA *, 174 KMF_X509_EXTENSION **, int *); 175 176extern KMF_RETURN KMF_GetCertKeyUsageExt(const KMF_DATA *, 177 KMF_X509EXT_KEY_USAGE *); 178 179extern KMF_RETURN KMF_GetCertEKU(const KMF_DATA *, KMF_X509EXT_EKU *); 180 181extern KMF_RETURN KMF_GetCertBasicConstraintExt(const KMF_DATA *, 182 KMF_BOOL *, KMF_X509EXT_BASICCONSTRAINTS *); 183 184extern KMF_RETURN KMF_GetCertPoliciesExt(const KMF_DATA *, 185 KMF_BOOL *, KMF_X509EXT_CERT_POLICIES *); 186 187extern KMF_RETURN KMF_GetCertAuthInfoAccessExt(const KMF_DATA *, 188 KMF_X509EXT_AUTHINFOACCESS *); 189 190extern KMF_RETURN KMF_GetCertCRLDistributionPointsExt(const KMF_DATA *, 191 KMF_X509EXT_CRLDISTPOINTS *); 192 193extern KMF_RETURN KMF_GetCertVersionString(KMF_HANDLE_T, 194 const KMF_DATA *, char **); 195 196extern KMF_RETURN KMF_GetCertSubjectNameString(KMF_HANDLE_T, const KMF_DATA *, 197 char **); 198 199extern KMF_RETURN KMF_GetCertIssuerNameString(KMF_HANDLE_T, 200 const KMF_DATA *, char **); 201 202extern KMF_RETURN KMF_GetCertSerialNumberString(KMF_HANDLE_T, const KMF_DATA *, 203 char **); 204 205extern KMF_RETURN KMF_GetCertStartDateString(KMF_HANDLE_T, 206 const KMF_DATA *, char **); 207 208extern KMF_RETURN KMF_GetCertEndDateString(KMF_HANDLE_T, 209 const KMF_DATA *, char **); 210 211extern KMF_RETURN KMF_GetCertPubKeyAlgString(KMF_HANDLE_T, 212 const KMF_DATA *, char **); 213 214extern KMF_RETURN KMF_GetCertSignatureAlgString(KMF_HANDLE_T, 215 const KMF_DATA *, char **); 216 217extern KMF_RETURN KMF_GetCertPubKeyDataString(KMF_HANDLE_T, 218 const KMF_DATA *, char **); 219 220extern KMF_RETURN KMF_GetCertEmailString(KMF_HANDLE_T, 221 const KMF_DATA *, char **); 222 223extern KMF_RETURN KMF_GetCertExtensionString(KMF_HANDLE_T, const KMF_DATA *, 224 KMF_PRINTABLE_ITEM, char **); 225 226extern KMF_RETURN KMF_GetCertIDData(const KMF_DATA *, KMF_DATA *); 227extern KMF_RETURN KMF_GetCertIDString(const KMF_DATA *, char **); 228extern KMF_RETURN KMF_GetCertValidity(const KMF_DATA *, time_t *, time_t *); 229 230/* 231 * SetCert operations 232 */ 233extern KMF_RETURN KMF_SetCertPubKey(KMF_HANDLE_T, KMF_KEY_HANDLE *, 234 KMF_X509_CERTIFICATE *); 235 236extern KMF_RETURN KMF_SetCertSubjectName(KMF_X509_CERTIFICATE *, 237 KMF_X509_NAME *); 238 239extern KMF_RETURN KMF_SetCertKeyUsage(KMF_X509_CERTIFICATE *, int, uint16_t); 240 241extern KMF_RETURN KMF_SetCertIssuerName(KMF_X509_CERTIFICATE *, 242 KMF_X509_NAME *); 243 244extern KMF_RETURN KMF_SetCertSignatureAlgorithm(KMF_X509_CERTIFICATE *, 245 KMF_ALGORITHM_INDEX); 246 247extern KMF_RETURN KMF_SetCertValidityTimes(KMF_X509_CERTIFICATE *, 248 time_t, uint32_t); 249 250extern KMF_RETURN KMF_SetCertSerialNumber(KMF_X509_CERTIFICATE *, 251 KMF_BIGINT *); 252 253extern KMF_RETURN KMF_SetCertVersion(KMF_X509_CERTIFICATE *, uint32_t); 254 255extern KMF_RETURN KMF_SetCertIssuerAltName(KMF_X509_CERTIFICATE *, 256 int, KMF_GENERALNAMECHOICES, char *); 257 258extern KMF_RETURN KMF_SetCertSubjectAltName(KMF_X509_CERTIFICATE *, 259 int, KMF_GENERALNAMECHOICES, char *); 260 261extern KMF_RETURN KMF_AddCertEKU(KMF_X509_CERTIFICATE *, KMF_OID *, int); 262 263extern KMF_RETURN KMF_SetCertExtension(KMF_X509_CERTIFICATE *, 264 KMF_X509_EXTENSION *); 265 266extern KMF_RETURN KMF_SetCertBasicConstraintExt(KMF_X509_CERTIFICATE *, 267 KMF_BOOL, KMF_X509EXT_BASICCONSTRAINTS *); 268 269extern KMF_RETURN KMF_ExportPK12(KMF_HANDLE_T, KMF_EXPORTP12_PARAMS *, char *); 270extern KMF_RETURN KMF_ImportPK12(KMF_HANDLE_T, char *, KMF_CREDENTIAL *, 271 KMF_DATA **, int *, KMF_RAW_KEY_DATA **, int *); 272extern KMF_RETURN KMF_ImportKeypair(KMF_HANDLE_T, char *, KMF_CREDENTIAL *, 273 KMF_DATA **, int *, KMF_RAW_KEY_DATA **, int *); 274 275/* 276 * Get OCSP response operation. 277 */ 278extern KMF_RETURN KMF_GetOCSPForCert(KMF_HANDLE_T, KMF_DATA *, KMF_DATA *, 279 KMF_DATA *); 280 281extern KMF_RETURN KMF_CreateOCSPRequest(KMF_HANDLE_T, KMF_OCSPREQUEST_PARAMS *, 282 char *); 283 284extern KMF_RETURN KMF_GetEncodedOCSPResponse(KMF_HANDLE_T, char *, char *, int, 285 char *, int, char *, unsigned int); 286 287extern KMF_RETURN KMF_GetOCSPStatusForCert(KMF_HANDLE_T, 288 KMF_OCSPRESPONSE_PARAMS_INPUT *, 289 KMF_OCSPRESPONSE_PARAMS_OUTPUT *); 290 291/* 292 * Policy Operations 293 */ 294extern KMF_RETURN KMF_SetPolicy(KMF_HANDLE_T, char *, char *); 295 296/* 297 * Error handling. 298 */ 299extern KMF_RETURN KMF_GetPluginErrorString(KMF_HANDLE_T, char **); 300extern KMF_RETURN KMF_GetKMFErrorString(KMF_RETURN, char **); 301 302/* 303 * Miscellaneous 304 */ 305extern KMF_RETURN KMF_DNParser(char *, KMF_X509_NAME *); 306extern KMF_RETURN KMF_DN2Der(KMF_X509_NAME *, KMF_DATA *); 307extern KMF_RETURN KMF_ReadInputFile(KMF_HANDLE_T, char *, KMF_DATA *); 308extern KMF_RETURN KMF_Der2Pem(KMF_OBJECT_TYPE, unsigned char *, 309 int, unsigned char **, int *); 310extern KMF_RETURN KMF_Pem2Der(unsigned char *, int, unsigned char **, int *); 311extern char *KMF_OID2String(KMF_OID *); 312extern KMF_RETURN KMF_String2OID(char *, KMF_OID *); 313extern int KMF_CompareRDNs(KMF_X509_NAME *, KMF_X509_NAME *); 314extern KMF_RETURN KMF_GetFileFormat(char *, KMF_ENCODE_FORMAT *); 315extern uint16_t KMF_StringToKeyUsage(char *); 316extern KMF_RETURN KMF_SetTokenPin(KMF_HANDLE_T, KMF_SETPIN_PARAMS *, 317 KMF_CREDENTIAL *); 318extern KMF_RETURN KMF_HexString2Bytes(unsigned char *, unsigned char **, 319 size_t *); 320 321/* 322 * Memory cleanup operations 323 */ 324extern void KMF_FreeDN(KMF_X509_NAME *); 325extern void KMF_FreeKMFCert(KMF_HANDLE_T, KMF_X509_DER_CERT *); 326extern void KMF_FreeData(KMF_DATA *); 327extern void KMF_FreeAlgOID(KMF_X509_ALGORITHM_IDENTIFIER *); 328extern void KMF_FreeExtension(KMF_X509_EXTENSION *); 329extern void KMF_FreeTBSCSR(KMF_TBS_CSR *); 330extern void KMF_FreeSignedCSR(KMF_CSR_DATA *); 331extern void KMF_FreeTBSCert(KMF_X509_TBS_CERT *); 332extern void KMF_FreeSignedCert(KMF_X509_CERTIFICATE *); 333extern void KMF_FreeString(char *); 334extern void KMF_FreeEKU(KMF_X509EXT_EKU *); 335extern void KMF_FreeSPKI(KMF_X509_SPKI *); 336extern void KMF_FreeKMFKey(KMF_HANDLE_T, KMF_KEY_HANDLE *); 337extern void KMF_FreeBigint(KMF_BIGINT *); 338extern void KMF_FreeRawKey(KMF_RAW_KEY_DATA *); 339extern void KMF_FreeRawSymKey(KMF_RAW_SYM_KEY *); 340extern void KMF_FreeCRLDistributionPoints(KMF_X509EXT_CRLDISTPOINTS *); 341 342/* APIs for PKCS#11 token */ 343extern KMF_RETURN KMF_PK11TokenLookup(KMF_HANDLE_T, char *, CK_SLOT_ID *); 344extern CK_SESSION_HANDLE KMF_GetPK11Handle(KMF_HANDLE_T); 345 346#ifdef __cplusplus 347} 348#endif 349#endif /* _KMFAPI_H */ 350