kmfapi.h revision 5051:cbbb7c8b40a9
1162852Sdes/* 292555Sdes * CDDL HEADER START 392555Sdes * 492555Sdes * The contents of this file are subject to the terms of the 592555Sdes * Common Development and Distribution License (the "License"). 692555Sdes * You may not use this file except in compliance with the License. 792555Sdes * 892555Sdes * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 992555Sdes * or http://www.opensolaris.org/os/licensing. 1092555Sdes * See the License for the specific language governing permissions 1192555Sdes * and limitations under the License. 1292555Sdes * 1392555Sdes * When distributing Covered Code, include this CDDL HEADER in each 1492555Sdes * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 1592555Sdes * If applicable, add the following below this CDDL HEADER, with the 1692555Sdes * fields enclosed by brackets "[]" replaced with your own identifying 1792555Sdes * information: Portions Copyright [yyyy] [name of copyright owner] 1892555Sdes * 1992555Sdes * CDDL HEADER END 2092555Sdes */ 2192555Sdes/* 2292555Sdes * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 2392555Sdes * Use is subject to license terms. 2492555Sdes * 2592555Sdes * 2692555Sdes * Constant definitions and function prototypes for the KMF library. 2792555Sdes * Commonly used data types are defined in "kmftypes.h". 28162852Sdes */ 29162852Sdes 30162852Sdes#ifndef _KMFAPI_H 31162852Sdes#define _KMFAPI_H 3292555Sdes 3392555Sdes#pragma ident "%Z%%M% %I% %E% SMI" 3492555Sdes 3592555Sdes#include <kmftypes.h> 3692555Sdes#include <security/cryptoki.h> 3792555Sdes 3892555Sdes#ifdef __cplusplus 3992555Sdesextern "C" { 40162852Sdes#endif 4192555Sdes 4292555Sdes/* 4392555Sdes * Setup operations. 44126274Sdes */ 4592555Sdesextern KMF_RETURN kmf_initialize(KMF_HANDLE_T *, char *, char *); 46extern KMF_RETURN kmf_configure_keystore(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 47extern KMF_RETURN kmf_finalize(KMF_HANDLE_T); 48 49/* 50 * Key operations. 51 */ 52extern KMF_RETURN kmf_create_keypair(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 53 54extern KMF_RETURN kmf_delete_key_from_keystore(KMF_HANDLE_T, int, 55 KMF_ATTRIBUTE *); 56 57extern KMF_RETURN kmf_find_key(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 58 59extern KMF_RETURN kmf_find_prikey_by_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 60 61extern KMF_RETURN kmf_store_key(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 62 63extern KMF_RETURN kmf_create_sym_key(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 64 65extern KMF_RETURN kmf_get_sym_key_value(KMF_HANDLE_T, KMF_KEY_HANDLE *, 66 KMF_RAW_SYM_KEY *); 67 68/* 69 * Certificate operations. 70 */ 71extern KMF_RETURN kmf_find_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 72 73extern KMF_RETURN kmf_encode_cert_record(KMF_X509_CERTIFICATE *, KMF_DATA *); 74 75extern KMF_RETURN kmf_import_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 76 77extern KMF_RETURN kmf_store_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 78 79extern KMF_RETURN kmf_delete_cert_from_keystore(KMF_HANDLE_T, int, 80 KMF_ATTRIBUTE *); 81 82extern KMF_RETURN kmf_validate_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 83 84extern KMF_RETURN kmf_create_cert_file(const KMF_DATA *, KMF_ENCODE_FORMAT, 85 char *); 86 87extern KMF_RETURN kmf_download_cert(KMF_HANDLE_T, char *, char *, int, 88 unsigned int, char *, KMF_ENCODE_FORMAT *); 89 90extern KMF_RETURN kmf_is_cert_file(KMF_HANDLE_T, char *, KMF_ENCODE_FORMAT *); 91 92extern KMF_RETURN kmf_check_cert_date(KMF_HANDLE_T, const KMF_DATA *); 93 94/* 95 * Crypto operations with key or cert. 96 */ 97extern KMF_RETURN kmf_encrypt(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 98extern KMF_RETURN kmf_decrypt(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 99extern KMF_RETURN kmf_sign_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 100extern KMF_RETURN kmf_sign_data(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 101extern KMF_RETURN kmf_verify_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 102extern KMF_RETURN kmf_verify_data(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 103 104/* 105 * CRL operations. 106 */ 107extern KMF_RETURN kmf_import_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 108extern KMF_RETURN kmf_delete_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 109extern KMF_RETURN kmf_list_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 110extern KMF_RETURN kmf_find_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 111extern KMF_RETURN kmf_find_cert_in_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 112extern KMF_RETURN kmf_verify_crl_file(KMF_HANDLE_T, char *, KMF_DATA *); 113extern KMF_RETURN kmf_check_crl_date(KMF_HANDLE_T, char *); 114extern KMF_RETURN kmf_download_crl(KMF_HANDLE_T, char *, char *, 115 int, unsigned int, char *, KMF_ENCODE_FORMAT *); 116extern KMF_RETURN kmf_is_crl_file(KMF_HANDLE_T, char *, KMF_ENCODE_FORMAT *); 117 118/* 119 * CSR operations. 120 */ 121extern KMF_RETURN kmf_create_csr_file(KMF_DATA *, KMF_ENCODE_FORMAT, char *); 122extern KMF_RETURN kmf_set_csr_pubkey(KMF_HANDLE_T, 123 KMF_KEY_HANDLE *, KMF_CSR_DATA *); 124extern KMF_RETURN kmf_set_csr_version(KMF_CSR_DATA *, uint32_t); 125extern KMF_RETURN kmf_set_csr_subject(KMF_CSR_DATA *, KMF_X509_NAME *); 126extern KMF_RETURN kmf_set_csr_extn(KMF_CSR_DATA *, KMF_X509_EXTENSION *); 127extern KMF_RETURN kmf_set_csr_sig_alg(KMF_CSR_DATA *, KMF_ALGORITHM_INDEX); 128extern KMF_RETURN kmf_set_csr_subject_altname(KMF_CSR_DATA *, char *, 129 int, KMF_GENERALNAMECHOICES); 130extern KMF_RETURN kmf_set_csr_ku(KMF_CSR_DATA *, int, uint16_t); 131extern KMF_RETURN kmf_sign_csr(KMF_HANDLE_T, const KMF_CSR_DATA *, 132 KMF_KEY_HANDLE *, KMF_DATA *); 133 134/* 135 * GetCert operations. 136 */ 137extern KMF_RETURN kmf_get_cert_extn(const KMF_DATA *, KMF_OID *, 138 KMF_X509_EXTENSION *); 139 140extern KMF_RETURN kmf_get_cert_extns(const KMF_DATA *, KMF_FLAG_CERT_EXTN, 141 KMF_X509_EXTENSION **, int *); 142 143extern KMF_RETURN kmf_get_cert_ku(const KMF_DATA *, KMF_X509EXT_KEY_USAGE *); 144 145extern KMF_RETURN kmf_get_cert_eku(const KMF_DATA *, KMF_X509EXT_EKU *); 146 147extern KMF_RETURN kmf_get_cert_basic_constraint(const KMF_DATA *, 148 KMF_BOOL *, KMF_X509EXT_BASICCONSTRAINTS *); 149 150extern KMF_RETURN kmf_get_cert_policies(const KMF_DATA *, 151 KMF_BOOL *, KMF_X509EXT_CERT_POLICIES *); 152 153extern KMF_RETURN kmf_get_cert_auth_info_access(const KMF_DATA *, 154 KMF_X509EXT_AUTHINFOACCESS *); 155 156extern KMF_RETURN kmf_get_cert_crl_dist_pts(const KMF_DATA *, 157 KMF_X509EXT_CRLDISTPOINTS *); 158 159extern KMF_RETURN kmf_get_cert_version_str(KMF_HANDLE_T, const KMF_DATA *, 160 char **); 161 162extern KMF_RETURN kmf_get_cert_subject_str(KMF_HANDLE_T, const KMF_DATA *, 163 char **); 164 165extern KMF_RETURN kmf_get_cert_issuer_str(KMF_HANDLE_T, const KMF_DATA *, 166 char **); 167 168extern KMF_RETURN kmf_get_cert_serial_str(KMF_HANDLE_T, const KMF_DATA *, 169 char **); 170 171extern KMF_RETURN kmf_get_cert_start_date_str(KMF_HANDLE_T, const KMF_DATA *, 172 char **); 173 174extern KMF_RETURN kmf_get_cert_end_date_str(KMF_HANDLE_T, const KMF_DATA *, 175 char **); 176 177extern KMF_RETURN kmf_get_cert_pubkey_alg_str(KMF_HANDLE_T, const KMF_DATA *, 178 char **); 179 180extern KMF_RETURN kmf_get_cert_sig_alg_str(KMF_HANDLE_T, const KMF_DATA *, 181 char **); 182 183extern KMF_RETURN kmf_get_cert_pubkey_str(KMF_HANDLE_T, const KMF_DATA *, 184 char **); 185 186extern KMF_RETURN kmf_get_cert_email_str(KMF_HANDLE_T, const KMF_DATA *, 187 char **); 188 189extern KMF_RETURN kmf_get_cert_extn_str(KMF_HANDLE_T, const KMF_DATA *, 190 KMF_PRINTABLE_ITEM, char **); 191 192extern KMF_RETURN kmf_get_cert_id_data(const KMF_DATA *, KMF_DATA *); 193 194extern KMF_RETURN kmf_get_cert_id_str(const KMF_DATA *, char **); 195 196extern KMF_RETURN kmf_get_cert_validity(const KMF_DATA *, time_t *, time_t *); 197 198 199/* 200 * SetCert operations 201 */ 202extern KMF_RETURN kmf_set_cert_pubkey(KMF_HANDLE_T, KMF_KEY_HANDLE *, 203 KMF_X509_CERTIFICATE *); 204 205extern KMF_RETURN kmf_set_cert_subject(KMF_X509_CERTIFICATE *, 206 KMF_X509_NAME *); 207 208extern KMF_RETURN kmf_set_cert_ku(KMF_X509_CERTIFICATE *, int, uint16_t); 209 210extern KMF_RETURN kmf_set_cert_issuer(KMF_X509_CERTIFICATE *, 211 KMF_X509_NAME *); 212 213extern KMF_RETURN kmf_set_cert_sig_alg(KMF_X509_CERTIFICATE *, 214 KMF_ALGORITHM_INDEX); 215 216extern KMF_RETURN kmf_set_cert_validity(KMF_X509_CERTIFICATE *, 217 time_t, uint32_t); 218 219extern KMF_RETURN kmf_set_cert_serial(KMF_X509_CERTIFICATE *, 220 KMF_BIGINT *); 221 222extern KMF_RETURN kmf_set_cert_version(KMF_X509_CERTIFICATE *, uint32_t); 223 224extern KMF_RETURN kmf_set_cert_issuer_altname(KMF_X509_CERTIFICATE *, 225 int, KMF_GENERALNAMECHOICES, char *); 226 227extern KMF_RETURN kmf_set_cert_subject_altname(KMF_X509_CERTIFICATE *, 228 int, KMF_GENERALNAMECHOICES, char *); 229 230extern KMF_RETURN kmf_add_cert_eku(KMF_X509_CERTIFICATE *, KMF_OID *, int); 231 232extern KMF_RETURN kmf_set_cert_extn(KMF_X509_CERTIFICATE *, 233 KMF_X509_EXTENSION *); 234 235extern KMF_RETURN kmf_set_cert_basic_constraint(KMF_X509_CERTIFICATE *, 236 KMF_BOOL, KMF_X509EXT_BASICCONSTRAINTS *); 237 238 239/* 240 * PK12 operations 241 */ 242extern KMF_RETURN kmf_export_pk12(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 243 244extern KMF_RETURN kmf_build_pk12(KMF_HANDLE_T, int, KMF_X509_DER_CERT *, 245 int, KMF_KEY_HANDLE *, KMF_CREDENTIAL *, char *); 246 247extern KMF_RETURN kmf_import_objects(KMF_HANDLE_T, char *, KMF_CREDENTIAL *, 248 KMF_DATA **, int *, KMF_RAW_KEY_DATA **, int *); 249 250/* 251 * OCSP operations 252 */ 253extern KMF_RETURN kmf_get_ocsp_for_cert(KMF_HANDLE_T, KMF_DATA *, KMF_DATA *, 254 KMF_DATA *); 255 256extern KMF_RETURN kmf_create_ocsp_request(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 257 258extern KMF_RETURN kmf_get_encoded_ocsp_response(KMF_HANDLE_T, char *, 259 char *, int, char *, int, char *, unsigned int); 260 261extern KMF_RETURN kmf_get_ocsp_status_for_cert(KMF_HANDLE_T, int, 262 KMF_ATTRIBUTE *); 263 264/* 265 * Policy Operations 266 */ 267extern KMF_RETURN kmf_set_policy(KMF_HANDLE_T, char *, char *); 268 269/* 270 * Error handling. 271 */ 272extern KMF_RETURN kmf_get_plugin_error_str(KMF_HANDLE_T, char **); 273extern KMF_RETURN kmf_get_kmf_error_str(KMF_RETURN, char **); 274 275/* 276 * Miscellaneous 277 */ 278extern KMF_RETURN kmf_dn_parser(char *, KMF_X509_NAME *); 279extern KMF_RETURN kmf_read_input_file(KMF_HANDLE_T, char *, KMF_DATA *); 280extern KMF_RETURN kmf_der_to_pem(KMF_OBJECT_TYPE, unsigned char *, 281 int, unsigned char **, int *); 282extern KMF_RETURN kmf_pem_to_der(unsigned char *, int, unsigned char **, int *); 283extern char *kmf_oid_to_string(KMF_OID *); 284extern KMF_RETURN kmf_string_to_oid(char *, KMF_OID *); 285extern int kmf_compare_rdns(KMF_X509_NAME *, KMF_X509_NAME *); 286extern KMF_RETURN kmf_get_file_format(char *, KMF_ENCODE_FORMAT *); 287extern uint32_t kmf_string_to_ku(char *); 288extern char *kmf_ku_to_string(uint32_t); 289extern KMF_RETURN kmf_hexstr_to_bytes(unsigned char *, unsigned char **, 290 size_t *); 291 292#define KMF_CompareRDNs kmf_compare_rdns 293 294/* 295 * Memory cleanup operations 296 */ 297extern void kmf_free_dn(KMF_X509_NAME *); 298extern void kmf_free_kmf_cert(KMF_HANDLE_T, KMF_X509_DER_CERT *); 299extern void kmf_free_data(KMF_DATA *); 300extern void kmf_free_algoid(KMF_X509_ALGORITHM_IDENTIFIER *); 301extern void kmf_free_extn(KMF_X509_EXTENSION *); 302extern void kmf_free_tbs_csr(KMF_TBS_CSR *); 303extern void kmf_free_signed_csr(KMF_CSR_DATA *); 304extern void kmf_free_tbs_cert(KMF_X509_TBS_CERT *); 305extern void kmf_free_signed_cert(KMF_X509_CERTIFICATE *); 306extern void kmf_free_str(char *); 307extern void kmf_free_eku(KMF_X509EXT_EKU *); 308extern void kmf_free_spki(KMF_X509_SPKI *); 309extern void kmf_free_kmf_key(KMF_HANDLE_T, KMF_KEY_HANDLE *); 310extern void kmf_free_bigint(KMF_BIGINT *); 311extern void kmf_free_raw_key(KMF_RAW_KEY_DATA *); 312extern void kmf_free_raw_sym_key(KMF_RAW_SYM_KEY *); 313extern void kmf_free_crl_dist_pts(KMF_X509EXT_CRLDISTPOINTS *); 314 315/* APIs for PKCS#11 token */ 316extern KMF_RETURN kmf_pk11_token_lookup(KMF_HANDLE_T, char *, CK_SLOT_ID *); 317extern KMF_RETURN kmf_set_token_pin(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 318extern CK_SESSION_HANDLE kmf_get_pk11_handle(KMF_HANDLE_T); 319 320/* 321 * Attribute management routines. 322 */ 323int kmf_find_attr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int); 324void *kmf_get_attr_ptr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int); 325KMF_RETURN kmf_get_attr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int, void *, 326 uint32_t *); 327KMF_RETURN kmf_get_string_attr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int, char **); 328KMF_RETURN kmf_set_attr(KMF_ATTRIBUTE *, int, KMF_ATTR_TYPE, void *, uint32_t); 329void kmf_set_attr_at_index(KMF_ATTRIBUTE *, int, KMF_ATTR_TYPE, 330 void *, uint32_t); 331 332/* 333 * Legacy support only - do not use these APIs - they can be removed at any 334 * time. 335 */ 336extern KMF_RETURN KMF_ConfigureKeystore(KMF_HANDLE_T, KMF_CONFIG_PARAMS *); 337extern KMF_RETURN KMF_CreateCSRFile(KMF_DATA *, KMF_ENCODE_FORMAT, char *); 338extern KMF_RETURN KMF_CreateKeypair(KMF_HANDLE_T, 339 KMF_CREATEKEYPAIR_PARAMS *, KMF_KEY_HANDLE *, KMF_KEY_HANDLE *); 340extern KMF_RETURN KMF_DNParser(char *, KMF_X509_NAME *); 341extern KMF_RETURN KMF_Finalize(KMF_HANDLE_T); 342extern KMF_RETURN KMF_FindCert(KMF_HANDLE_T, KMF_FINDCERT_PARAMS *, 343 KMF_X509_DER_CERT *, uint32_t *); 344extern KMF_RETURN KMF_FindKey(KMF_HANDLE_T, KMF_FINDKEY_PARAMS *, 345 KMF_KEY_HANDLE *, uint32_t *); 346extern void KMF_FreeData(KMF_DATA *); 347extern void KMF_FreeKMFCert(KMF_HANDLE_T, KMF_X509_DER_CERT *); 348extern void KMF_FreeKMFKey(KMF_HANDLE_T, KMF_KEY_HANDLE *); 349extern void KMF_FreeSignedCSR(KMF_CSR_DATA *); 350extern KMF_RETURN KMF_GetCertIDString(const KMF_DATA *, char **); 351extern KMF_RETURN KMF_GetCertIssuerNameString(KMF_HANDLE_T, 352 const KMF_DATA *, char **); 353extern KMF_RETURN KMF_GetCertSubjectNameString(KMF_HANDLE_T, 354 const KMF_DATA *, char **); 355extern KMF_RETURN KMF_GetKMFErrorString(KMF_RETURN, char **); 356extern KMF_RETURN KMF_Initialize(KMF_HANDLE_T *, char *, char *); 357extern KMF_RETURN KMF_ReadInputFile(KMF_HANDLE_T, char *, KMF_DATA *); 358extern KMF_RETURN KMF_SetCSRPubKey(KMF_HANDLE_T, KMF_KEY_HANDLE *, 359 KMF_CSR_DATA *); 360extern KMF_RETURN KMF_SetCSRSignatureAlgorithm(KMF_CSR_DATA *, 361 KMF_ALGORITHM_INDEX); 362extern KMF_RETURN KMF_SetCSRSubjectName(KMF_CSR_DATA *, KMF_X509_NAME *); 363extern KMF_RETURN KMF_SetCSRVersion(KMF_CSR_DATA *, uint32_t); 364extern KMF_RETURN KMF_SignCSR(KMF_HANDLE_T, const KMF_CSR_DATA *, 365 KMF_KEY_HANDLE *, KMF_DATA *); 366extern KMF_RETURN KMF_SignDataWithKey(KMF_HANDLE_T, KMF_KEY_HANDLE *, 367 KMF_OID *, KMF_DATA *, KMF_DATA *); 368extern KMF_RETURN KMF_VerifyCertWithCert(KMF_HANDLE_T, const KMF_DATA *, 369 const KMF_DATA *); 370extern KMF_RETURN KMF_VerifyDataWithCert(KMF_HANDLE_T, 371 KMF_KEYSTORE_TYPE, KMF_ALGORITHM_INDEX, KMF_DATA *, KMF_DATA *, 372 const KMF_DATA *); 373 374#ifdef __cplusplus 375} 376#endif 377#endif /* _KMFAPI_H */ 378