kmfapi.h revision 3754:79eeec53e95c
1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21/* 22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 * 25 * 26 * Constant definitions and function prototypes for the KMF library. 27 * Commonly used data types are defined in "kmftypes.h". 28 */ 29 30#ifndef _KMFAPI_H 31#define _KMFAPI_H 32 33#pragma ident "%Z%%M% %I% %E% SMI" 34 35#include <kmftypes.h> 36#include <security/cryptoki.h> 37 38#ifdef __cplusplus 39extern "C" { 40#endif 41 42/* 43 * Setup operations. 44 */ 45extern KMF_RETURN KMF_Initialize(KMF_HANDLE_T *, char *, char *); 46extern KMF_RETURN KMF_ConfigureKeystore(KMF_HANDLE_T, KMF_CONFIG_PARAMS *); 47extern KMF_RETURN KMF_Finalize(KMF_HANDLE_T); 48 49/* 50 * Key operations. 51 */ 52extern KMF_RETURN KMF_SignDataWithKey(KMF_HANDLE_T, 53 KMF_KEY_HANDLE *, KMF_OID *, 54 KMF_DATA *, KMF_DATA *); 55 56extern KMF_RETURN KMF_VerifyDataWithKey(KMF_HANDLE_T, 57 KMF_KEY_HANDLE *, KMF_ALGORITHM_INDEX, KMF_DATA *, KMF_DATA *); 58 59extern KMF_RETURN KMF_CreateKeypair(KMF_HANDLE_T, 60 KMF_CREATEKEYPAIR_PARAMS *, KMF_KEY_HANDLE *, KMF_KEY_HANDLE *); 61 62extern KMF_RETURN KMF_DeleteKeyFromKeystore(KMF_HANDLE_T, 63 KMF_DELETEKEY_PARAMS *, KMF_KEY_HANDLE *); 64 65extern KMF_RETURN KMF_SignCertRecord(KMF_HANDLE_T, KMF_KEY_HANDLE *, 66 KMF_X509_CERTIFICATE *, KMF_DATA *); 67 68extern KMF_RETURN KMF_FindKey(KMF_HANDLE_T, KMF_FINDKEY_PARAMS *, 69 KMF_KEY_HANDLE *, uint32_t *); 70 71extern KMF_RETURN KMF_StorePrivateKey(KMF_HANDLE_T, KMF_STOREKEY_PARAMS *, 72 KMF_RAW_KEY_DATA *); 73 74extern KMF_RETURN KMF_CreateSymKey(KMF_HANDLE_T, KMF_CREATESYMKEY_PARAMS *, 75 KMF_KEY_HANDLE *); 76 77extern KMF_RETURN KMF_GetSymKeyValue(KMF_HANDLE_T, KMF_KEY_HANDLE *, 78 KMF_RAW_SYM_KEY *); 79 80/* 81 * Certificate operations. 82 */ 83extern KMF_RETURN KMF_FindCert(KMF_HANDLE_T, KMF_FINDCERT_PARAMS *, 84 KMF_X509_DER_CERT *, uint32_t *); 85 86extern KMF_RETURN KMF_EncodeCertRecord(KMF_X509_CERTIFICATE *, 87 KMF_DATA *); 88extern KMF_RETURN KMF_DecodeCertData(KMF_DATA *, KMF_X509_CERTIFICATE **); 89 90extern KMF_RETURN KMF_SignCertWithKey(KMF_HANDLE_T, const KMF_DATA *, 91 KMF_KEY_HANDLE *, KMF_DATA *); 92extern KMF_RETURN KMF_SignCertWithCert(KMF_HANDLE_T, 93 KMF_CRYPTOWITHCERT_PARAMS *, 94 const KMF_DATA *, KMF_DATA *, KMF_DATA *); 95 96extern KMF_RETURN KMF_SignDataWithCert(KMF_HANDLE_T, 97 KMF_CRYPTOWITHCERT_PARAMS *, KMF_DATA *, KMF_DATA *, KMF_DATA *); 98 99extern KMF_RETURN KMF_VerifyCertWithKey(KMF_HANDLE_T, KMF_KEY_HANDLE *, 100 const KMF_DATA *); 101extern KMF_RETURN KMF_VerifyCertWithCert(KMF_HANDLE_T, const KMF_DATA *, 102 const KMF_DATA *); 103extern KMF_RETURN KMF_VerifyDataWithCert(KMF_HANDLE_T, 104 KMF_KEYSTORE_TYPE, KMF_ALGORITHM_INDEX, KMF_DATA *, KMF_DATA *, 105 const KMF_DATA *); 106 107extern KMF_RETURN KMF_EncryptWithCert(KMF_HANDLE_T, KMF_DATA *, 108 KMF_DATA *, KMF_DATA *); 109 110extern KMF_RETURN KMF_DecryptWithCert(KMF_HANDLE_T, 111 KMF_CRYPTOWITHCERT_PARAMS *, KMF_DATA *, KMF_DATA *, KMF_DATA *); 112 113extern KMF_RETURN KMF_StoreCert(KMF_HANDLE_T, 114 KMF_STORECERT_PARAMS *, KMF_DATA *); 115extern KMF_RETURN KMF_ImportCert(KMF_HANDLE_T, KMF_IMPORTCERT_PARAMS *); 116extern KMF_RETURN KMF_DeleteCertFromKeystore(KMF_HANDLE_T, 117 KMF_DELETECERT_PARAMS *); 118 119extern KMF_RETURN KMF_ValidateCert(KMF_HANDLE_T, 120 KMF_VALIDATECERT_PARAMS *, int *); 121 122extern KMF_RETURN KMF_CreateCertFile(KMF_DATA *, KMF_ENCODE_FORMAT, char *); 123 124extern KMF_RETURN KMF_DownloadCert(KMF_HANDLE_T, char *, char *, int, 125 unsigned int, char *, KMF_ENCODE_FORMAT *); 126extern KMF_RETURN KMF_IsCertFile(KMF_HANDLE_T, char *, KMF_ENCODE_FORMAT *); 127 128extern KMF_RETURN KMF_CheckCertDate(KMF_HANDLE_T, KMF_DATA *); 129 130/* 131 * CRL operations. 132 */ 133extern KMF_RETURN KMF_ImportCRL(KMF_HANDLE_T, KMF_IMPORTCRL_PARAMS *); 134extern KMF_RETURN KMF_DeleteCRL(KMF_HANDLE_T, KMF_DELETECRL_PARAMS *); 135extern KMF_RETURN KMF_ListCRL(KMF_HANDLE_T, KMF_LISTCRL_PARAMS *, char **); 136extern KMF_RETURN KMF_FindCRL(KMF_HANDLE_T, KMF_FINDCRL_PARAMS *, 137 char **, int *); 138 139extern KMF_RETURN KMF_FindCertInCRL(KMF_HANDLE_T, 140 KMF_FINDCERTINCRL_PARAMS *); 141extern KMF_RETURN KMF_VerifyCRLFile(KMF_HANDLE_T, 142 KMF_VERIFYCRL_PARAMS *); 143 144extern KMF_RETURN KMF_CheckCRLDate(KMF_HANDLE_T, 145 KMF_CHECKCRLDATE_PARAMS *); 146extern KMF_RETURN KMF_DownloadCRL(KMF_HANDLE_T, char *, char *, 147 int, unsigned int, char *, KMF_ENCODE_FORMAT *); 148extern KMF_RETURN KMF_IsCRLFile(KMF_HANDLE_T, char *, KMF_ENCODE_FORMAT *); 149 150/* 151 * CSR operations. 152 */ 153extern KMF_RETURN KMF_SetCSRPubKey(KMF_HANDLE_T, 154 KMF_KEY_HANDLE *, KMF_CSR_DATA *); 155extern KMF_RETURN KMF_SetCSRVersion(KMF_CSR_DATA *, uint32_t); 156extern KMF_RETURN KMF_SetCSRSubjectName(KMF_CSR_DATA *, KMF_X509_NAME *); 157extern KMF_RETURN KMF_CreateCSRFile(KMF_DATA *, KMF_ENCODE_FORMAT, char *); 158extern KMF_RETURN KMF_SetCSRExtension(KMF_CSR_DATA *, KMF_X509_EXTENSION *); 159extern KMF_RETURN KMF_SetCSRSignatureAlgorithm(KMF_CSR_DATA *, 160 KMF_ALGORITHM_INDEX); 161extern KMF_RETURN KMF_SetCSRSubjectAltName(KMF_CSR_DATA *, char *, 162 int, KMF_GENERALNAMECHOICES); 163extern KMF_RETURN KMF_SetCSRKeyUsage(KMF_CSR_DATA *, int, uint16_t); 164extern KMF_RETURN KMF_SignCSR(KMF_HANDLE_T, const KMF_CSR_DATA *, 165 KMF_KEY_HANDLE *, KMF_DATA *); 166 167/* 168 * GetCert operations. 169 */ 170extern KMF_RETURN KMF_GetCertExtensionData(const KMF_DATA *, KMF_OID *, 171 KMF_X509_EXTENSION *); 172 173extern KMF_RETURN KMF_GetCertCriticalExtensions(const KMF_DATA *, 174 KMF_X509_EXTENSION **, int *); 175 176extern KMF_RETURN KMF_GetCertNonCriticalExtensions(const KMF_DATA *, 177 KMF_X509_EXTENSION **, int *); 178 179extern KMF_RETURN KMF_GetCertKeyUsageExt(const KMF_DATA *, 180 KMF_X509EXT_KEY_USAGE *); 181 182extern KMF_RETURN KMF_GetCertEKU(const KMF_DATA *, KMF_X509EXT_EKU *); 183 184extern KMF_RETURN KMF_GetCertBasicConstraintExt(const KMF_DATA *, 185 KMF_BOOL *, KMF_X509EXT_BASICCONSTRAINTS *); 186 187extern KMF_RETURN KMF_GetCertPoliciesExt(const KMF_DATA *, 188 KMF_BOOL *, KMF_X509EXT_CERT_POLICIES *); 189 190extern KMF_RETURN KMF_GetCertAuthInfoAccessExt(const KMF_DATA *, 191 KMF_X509EXT_AUTHINFOACCESS *); 192 193extern KMF_RETURN KMF_GetCertCRLDistributionPointsExt(const KMF_DATA *, 194 KMF_X509EXT_CRLDISTPOINTS *); 195 196extern KMF_RETURN KMF_GetCertVersionString(KMF_HANDLE_T, 197 const KMF_DATA *, char **); 198 199extern KMF_RETURN KMF_GetCertSubjectNameString(KMF_HANDLE_T, const KMF_DATA *, 200 char **); 201 202extern KMF_RETURN KMF_GetCertIssuerNameString(KMF_HANDLE_T, 203 const KMF_DATA *, char **); 204 205extern KMF_RETURN KMF_GetCertSerialNumberString(KMF_HANDLE_T, const KMF_DATA *, 206 char **); 207 208extern KMF_RETURN KMF_GetCertStartDateString(KMF_HANDLE_T, 209 const KMF_DATA *, char **); 210 211extern KMF_RETURN KMF_GetCertEndDateString(KMF_HANDLE_T, 212 const KMF_DATA *, char **); 213 214extern KMF_RETURN KMF_GetCertPubKeyAlgString(KMF_HANDLE_T, 215 const KMF_DATA *, char **); 216 217extern KMF_RETURN KMF_GetCertSignatureAlgString(KMF_HANDLE_T, 218 const KMF_DATA *, char **); 219 220extern KMF_RETURN KMF_GetCertPubKeyDataString(KMF_HANDLE_T, 221 const KMF_DATA *, char **); 222 223extern KMF_RETURN KMF_GetCertEmailString(KMF_HANDLE_T, 224 const KMF_DATA *, char **); 225 226extern KMF_RETURN KMF_GetCertExtensionString(KMF_HANDLE_T, const KMF_DATA *, 227 KMF_PRINTABLE_ITEM, char **); 228 229extern KMF_RETURN KMF_GetCertIDData(const KMF_DATA *, KMF_DATA *); 230extern KMF_RETURN KMF_GetCertIDString(const KMF_DATA *, char **); 231extern KMF_RETURN KMF_GetCertValidity(const KMF_DATA *, time_t *, time_t *); 232 233/* 234 * SetCert operations 235 */ 236extern KMF_RETURN KMF_SetCertPubKey(KMF_HANDLE_T, KMF_KEY_HANDLE *, 237 KMF_X509_CERTIFICATE *); 238 239extern KMF_RETURN KMF_SetCertSubjectName(KMF_X509_CERTIFICATE *, 240 KMF_X509_NAME *); 241 242extern KMF_RETURN KMF_SetCertKeyUsage(KMF_X509_CERTIFICATE *, int, uint16_t); 243 244extern KMF_RETURN KMF_SetCertIssuerName(KMF_X509_CERTIFICATE *, 245 KMF_X509_NAME *); 246 247extern KMF_RETURN KMF_SetCertSignatureAlgorithm(KMF_X509_CERTIFICATE *, 248 KMF_ALGORITHM_INDEX); 249 250extern KMF_RETURN KMF_SetCertValidityTimes(KMF_X509_CERTIFICATE *, 251 time_t, uint32_t); 252 253extern KMF_RETURN KMF_SetCertSerialNumber(KMF_X509_CERTIFICATE *, 254 KMF_BIGINT *); 255 256extern KMF_RETURN KMF_SetCertVersion(KMF_X509_CERTIFICATE *, uint32_t); 257 258extern KMF_RETURN KMF_SetCertIssuerAltName(KMF_X509_CERTIFICATE *, 259 int, KMF_GENERALNAMECHOICES, char *); 260 261extern KMF_RETURN KMF_SetCertSubjectAltName(KMF_X509_CERTIFICATE *, 262 int, KMF_GENERALNAMECHOICES, char *); 263 264extern KMF_RETURN KMF_AddCertEKU(KMF_X509_CERTIFICATE *, KMF_OID *, int); 265 266extern KMF_RETURN KMF_SetCertExtension(KMF_X509_CERTIFICATE *, 267 KMF_X509_EXTENSION *); 268 269extern KMF_RETURN KMF_SetCertBasicConstraintExt(KMF_X509_CERTIFICATE *, 270 KMF_BOOL, KMF_X509EXT_BASICCONSTRAINTS *); 271 272extern KMF_RETURN KMF_ExportPK12(KMF_HANDLE_T, KMF_EXPORTP12_PARAMS *, char *); 273extern KMF_RETURN KMF_ImportPK12(KMF_HANDLE_T, char *, KMF_CREDENTIAL *, 274 KMF_DATA **, int *, KMF_RAW_KEY_DATA **, int *); 275extern KMF_RETURN KMF_ImportKeypair(KMF_HANDLE_T, char *, KMF_CREDENTIAL *, 276 KMF_DATA **, int *, KMF_RAW_KEY_DATA **, int *); 277 278/* 279 * Get OCSP response operation. 280 */ 281extern KMF_RETURN KMF_GetOCSPForCert(KMF_HANDLE_T, KMF_DATA *, KMF_DATA *, 282 KMF_DATA *); 283 284extern KMF_RETURN KMF_CreateOCSPRequest(KMF_HANDLE_T, KMF_OCSPREQUEST_PARAMS *, 285 char *); 286 287extern KMF_RETURN KMF_GetEncodedOCSPResponse(KMF_HANDLE_T, char *, char *, int, 288 char *, int, char *, unsigned int); 289 290extern KMF_RETURN KMF_GetOCSPStatusForCert(KMF_HANDLE_T, 291 KMF_OCSPRESPONSE_PARAMS_INPUT *, 292 KMF_OCSPRESPONSE_PARAMS_OUTPUT *); 293 294/* 295 * Policy Operations 296 */ 297extern KMF_RETURN KMF_SetPolicy(KMF_HANDLE_T, char *, char *); 298 299/* 300 * Error handling. 301 */ 302extern KMF_RETURN KMF_GetPluginErrorString(KMF_HANDLE_T, char **); 303extern KMF_RETURN KMF_GetKMFErrorString(KMF_RETURN, char **); 304 305/* 306 * Miscellaneous 307 */ 308extern KMF_RETURN KMF_DNParser(char *, KMF_X509_NAME *); 309extern KMF_RETURN KMF_DN2Der(KMF_X509_NAME *, KMF_DATA *); 310extern KMF_RETURN KMF_ReadInputFile(KMF_HANDLE_T, char *, KMF_DATA *); 311extern KMF_RETURN KMF_Der2Pem(KMF_OBJECT_TYPE, unsigned char *, 312 int, unsigned char **, int *); 313extern KMF_RETURN KMF_Pem2Der(unsigned char *, int, unsigned char **, int *); 314extern char *KMF_OID2String(KMF_OID *); 315extern KMF_RETURN KMF_String2OID(char *, KMF_OID *); 316extern int KMF_CompareRDNs(KMF_X509_NAME *, KMF_X509_NAME *); 317extern KMF_RETURN KMF_GetFileFormat(char *, KMF_ENCODE_FORMAT *); 318extern uint16_t KMF_StringToKeyUsage(char *); 319extern KMF_RETURN KMF_SetTokenPin(KMF_HANDLE_T, KMF_SETPIN_PARAMS *, 320 KMF_CREDENTIAL *); 321extern KMF_RETURN KMF_HexString2Bytes(unsigned char *, unsigned char **, 322 size_t *); 323 324/* 325 * Memory cleanup operations 326 */ 327extern void KMF_FreeDN(KMF_X509_NAME *); 328extern void KMF_FreeKMFCert(KMF_HANDLE_T, KMF_X509_DER_CERT *); 329extern void KMF_FreeData(KMF_DATA *); 330extern void KMF_FreeAlgOID(KMF_X509_ALGORITHM_IDENTIFIER *); 331extern void KMF_FreeExtension(KMF_X509_EXTENSION *); 332extern void KMF_FreeTBSCSR(KMF_TBS_CSR *); 333extern void KMF_FreeSignedCSR(KMF_CSR_DATA *); 334extern void KMF_FreeTBSCert(KMF_X509_TBS_CERT *); 335extern void KMF_FreeSignedCert(KMF_X509_CERTIFICATE *); 336extern void KMF_FreeString(char *); 337extern void KMF_FreeEKU(KMF_X509EXT_EKU *); 338extern void KMF_FreeSPKI(KMF_X509_SPKI *); 339extern void KMF_FreeKMFKey(KMF_HANDLE_T, KMF_KEY_HANDLE *); 340extern void KMF_FreeBigint(KMF_BIGINT *); 341extern void KMF_FreeRawKey(KMF_RAW_KEY_DATA *); 342extern void KMF_FreeRawSymKey(KMF_RAW_SYM_KEY *); 343extern void KMF_FreeCRLDistributionPoints(KMF_X509EXT_CRLDISTPOINTS *); 344 345/* APIs for PKCS#11 token */ 346extern KMF_RETURN KMF_PK11TokenLookup(KMF_HANDLE_T, char *, CK_SLOT_ID *); 347extern CK_SESSION_HANDLE KMF_GetPK11Handle(KMF_HANDLE_T); 348 349#ifdef __cplusplus 350} 351#endif 352#endif /* _KMFAPI_H */ 353