kmfapi.h revision 6051:7b29d160facb
1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21/* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 * 25 * 26 * Constant definitions and function prototypes for the KMF library. 27 * Commonly used data types are defined in "kmftypes.h". 28 */ 29 30#ifndef _KMFAPI_H 31#define _KMFAPI_H 32 33#pragma ident "%Z%%M% %I% %E% SMI" 34 35#include <kmftypes.h> 36#include <security/cryptoki.h> 37 38#ifdef __cplusplus 39extern "C" { 40#endif 41 42/* 43 * Setup operations. 44 */ 45extern KMF_RETURN kmf_initialize(KMF_HANDLE_T *, char *, char *); 46extern KMF_RETURN kmf_configure_keystore(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 47extern KMF_RETURN kmf_finalize(KMF_HANDLE_T); 48 49/* 50 * Key operations. 51 */ 52extern KMF_RETURN kmf_create_keypair(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 53 54extern KMF_RETURN kmf_delete_key_from_keystore(KMF_HANDLE_T, int, 55 KMF_ATTRIBUTE *); 56 57extern KMF_RETURN kmf_find_key(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 58 59extern KMF_RETURN kmf_find_prikey_by_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 60 61extern KMF_RETURN kmf_store_key(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 62 63extern KMF_RETURN kmf_create_sym_key(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 64 65extern KMF_RETURN kmf_get_sym_key_value(KMF_HANDLE_T, KMF_KEY_HANDLE *, 66 KMF_RAW_SYM_KEY *); 67 68/* 69 * Certificate operations. 70 */ 71extern KMF_RETURN kmf_find_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 72 73extern KMF_RETURN kmf_encode_cert_record(KMF_X509_CERTIFICATE *, KMF_DATA *); 74 75extern KMF_RETURN kmf_import_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 76 77extern KMF_RETURN kmf_store_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 78 79extern KMF_RETURN kmf_delete_cert_from_keystore(KMF_HANDLE_T, int, 80 KMF_ATTRIBUTE *); 81 82extern KMF_RETURN kmf_validate_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 83 84extern KMF_RETURN kmf_create_cert_file(const KMF_DATA *, KMF_ENCODE_FORMAT, 85 char *); 86 87extern KMF_RETURN kmf_download_cert(KMF_HANDLE_T, char *, char *, int, 88 unsigned int, char *, KMF_ENCODE_FORMAT *); 89 90extern KMF_RETURN kmf_is_cert_data(KMF_DATA *, KMF_ENCODE_FORMAT *); 91extern KMF_RETURN kmf_is_cert_file(KMF_HANDLE_T, char *, KMF_ENCODE_FORMAT *); 92 93extern KMF_RETURN kmf_check_cert_date(KMF_HANDLE_T, const KMF_DATA *); 94 95/* 96 * Crypto operations with key or cert. 97 */ 98extern KMF_RETURN kmf_encrypt(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 99extern KMF_RETURN kmf_decrypt(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 100extern KMF_RETURN kmf_sign_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 101extern KMF_RETURN kmf_sign_data(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 102extern KMF_RETURN kmf_verify_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 103extern KMF_RETURN kmf_verify_data(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 104 105/* 106 * CRL operations. 107 */ 108extern KMF_RETURN kmf_import_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 109extern KMF_RETURN kmf_delete_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 110extern KMF_RETURN kmf_list_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 111extern KMF_RETURN kmf_find_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 112extern KMF_RETURN kmf_find_cert_in_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 113extern KMF_RETURN kmf_verify_crl_file(KMF_HANDLE_T, char *, KMF_DATA *); 114extern KMF_RETURN kmf_check_crl_date(KMF_HANDLE_T, char *); 115extern KMF_RETURN kmf_download_crl(KMF_HANDLE_T, char *, char *, 116 int, unsigned int, char *, KMF_ENCODE_FORMAT *); 117extern KMF_RETURN kmf_is_crl_file(KMF_HANDLE_T, char *, KMF_ENCODE_FORMAT *); 118 119/* 120 * CSR operations. 121 */ 122extern KMF_RETURN kmf_create_csr_file(KMF_DATA *, KMF_ENCODE_FORMAT, char *); 123extern KMF_RETURN kmf_set_csr_pubkey(KMF_HANDLE_T, 124 KMF_KEY_HANDLE *, KMF_CSR_DATA *); 125extern KMF_RETURN kmf_set_csr_version(KMF_CSR_DATA *, uint32_t); 126extern KMF_RETURN kmf_set_csr_subject(KMF_CSR_DATA *, KMF_X509_NAME *); 127extern KMF_RETURN kmf_set_csr_extn(KMF_CSR_DATA *, KMF_X509_EXTENSION *); 128extern KMF_RETURN kmf_set_csr_sig_alg(KMF_CSR_DATA *, KMF_ALGORITHM_INDEX); 129extern KMF_RETURN kmf_set_csr_subject_altname(KMF_CSR_DATA *, char *, 130 int, KMF_GENERALNAMECHOICES); 131extern KMF_RETURN kmf_set_csr_ku(KMF_CSR_DATA *, int, uint16_t); 132extern KMF_RETURN kmf_decode_csr(KMF_HANDLE_T, KMF_DATA *, KMF_CSR_DATA *); 133extern KMF_RETURN kmf_verify_csr(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 134extern KMF_RETURN kmf_sign_csr(KMF_HANDLE_T, const KMF_CSR_DATA *, 135 KMF_KEY_HANDLE *, KMF_DATA *); 136extern KMF_RETURN kmf_add_csr_eku(KMF_CSR_DATA *, KMF_OID *, int); 137 138/* 139 * GetCert operations. 140 */ 141extern KMF_RETURN kmf_get_cert_extn(const KMF_DATA *, KMF_OID *, 142 KMF_X509_EXTENSION *); 143 144extern KMF_RETURN kmf_get_cert_extns(const KMF_DATA *, KMF_FLAG_CERT_EXTN, 145 KMF_X509_EXTENSION **, int *); 146 147extern KMF_RETURN kmf_get_cert_ku(const KMF_DATA *, KMF_X509EXT_KEY_USAGE *); 148 149extern KMF_RETURN kmf_get_cert_eku(const KMF_DATA *, KMF_X509EXT_EKU *); 150 151extern KMF_RETURN kmf_get_cert_basic_constraint(const KMF_DATA *, 152 KMF_BOOL *, KMF_X509EXT_BASICCONSTRAINTS *); 153 154extern KMF_RETURN kmf_get_cert_policies(const KMF_DATA *, 155 KMF_BOOL *, KMF_X509EXT_CERT_POLICIES *); 156 157extern KMF_RETURN kmf_get_cert_auth_info_access(const KMF_DATA *, 158 KMF_X509EXT_AUTHINFOACCESS *); 159 160extern KMF_RETURN kmf_get_cert_crl_dist_pts(const KMF_DATA *, 161 KMF_X509EXT_CRLDISTPOINTS *); 162 163extern KMF_RETURN kmf_get_cert_version_str(KMF_HANDLE_T, const KMF_DATA *, 164 char **); 165 166extern KMF_RETURN kmf_get_cert_subject_str(KMF_HANDLE_T, const KMF_DATA *, 167 char **); 168 169extern KMF_RETURN kmf_get_cert_issuer_str(KMF_HANDLE_T, const KMF_DATA *, 170 char **); 171 172extern KMF_RETURN kmf_get_cert_serial_str(KMF_HANDLE_T, const KMF_DATA *, 173 char **); 174 175extern KMF_RETURN kmf_get_cert_start_date_str(KMF_HANDLE_T, const KMF_DATA *, 176 char **); 177 178extern KMF_RETURN kmf_get_cert_end_date_str(KMF_HANDLE_T, const KMF_DATA *, 179 char **); 180 181extern KMF_RETURN kmf_get_cert_pubkey_alg_str(KMF_HANDLE_T, const KMF_DATA *, 182 char **); 183 184extern KMF_RETURN kmf_get_cert_sig_alg_str(KMF_HANDLE_T, const KMF_DATA *, 185 char **); 186 187extern KMF_RETURN kmf_get_cert_pubkey_str(KMF_HANDLE_T, const KMF_DATA *, 188 char **); 189 190extern KMF_RETURN kmf_get_cert_email_str(KMF_HANDLE_T, const KMF_DATA *, 191 char **); 192 193extern KMF_RETURN kmf_get_cert_extn_str(KMF_HANDLE_T, const KMF_DATA *, 194 KMF_PRINTABLE_ITEM, char **); 195 196extern KMF_RETURN kmf_get_cert_id_data(const KMF_DATA *, KMF_DATA *); 197 198extern KMF_RETURN kmf_get_cert_id_str(const KMF_DATA *, char **); 199 200extern KMF_RETURN kmf_get_cert_validity(const KMF_DATA *, time_t *, time_t *); 201 202 203/* 204 * SetCert operations 205 */ 206extern KMF_RETURN kmf_set_cert_pubkey(KMF_HANDLE_T, KMF_KEY_HANDLE *, 207 KMF_X509_CERTIFICATE *); 208 209extern KMF_RETURN kmf_set_cert_subject(KMF_X509_CERTIFICATE *, 210 KMF_X509_NAME *); 211 212extern KMF_RETURN kmf_set_cert_ku(KMF_X509_CERTIFICATE *, int, uint16_t); 213 214extern KMF_RETURN kmf_set_cert_issuer(KMF_X509_CERTIFICATE *, 215 KMF_X509_NAME *); 216 217extern KMF_RETURN kmf_set_cert_sig_alg(KMF_X509_CERTIFICATE *, 218 KMF_ALGORITHM_INDEX); 219 220extern KMF_RETURN kmf_set_cert_validity(KMF_X509_CERTIFICATE *, 221 time_t, uint32_t); 222 223extern KMF_RETURN kmf_set_cert_serial(KMF_X509_CERTIFICATE *, 224 KMF_BIGINT *); 225 226extern KMF_RETURN kmf_set_cert_version(KMF_X509_CERTIFICATE *, uint32_t); 227 228extern KMF_RETURN kmf_set_cert_issuer_altname(KMF_X509_CERTIFICATE *, 229 int, KMF_GENERALNAMECHOICES, char *); 230 231extern KMF_RETURN kmf_set_cert_subject_altname(KMF_X509_CERTIFICATE *, 232 int, KMF_GENERALNAMECHOICES, char *); 233 234extern KMF_RETURN kmf_add_cert_eku(KMF_X509_CERTIFICATE *, KMF_OID *, int); 235 236extern KMF_RETURN kmf_set_cert_extn(KMF_X509_CERTIFICATE *, 237 KMF_X509_EXTENSION *); 238 239extern KMF_RETURN kmf_set_cert_basic_constraint(KMF_X509_CERTIFICATE *, 240 KMF_BOOL, KMF_X509EXT_BASICCONSTRAINTS *); 241 242 243/* 244 * PK12 operations 245 */ 246extern KMF_RETURN kmf_export_pk12(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 247 248extern KMF_RETURN kmf_build_pk12(KMF_HANDLE_T, int, KMF_X509_DER_CERT *, 249 int, KMF_KEY_HANDLE *, KMF_CREDENTIAL *, char *); 250 251extern KMF_RETURN kmf_import_objects(KMF_HANDLE_T, char *, KMF_CREDENTIAL *, 252 KMF_X509_DER_CERT **, int *, KMF_RAW_KEY_DATA **, int *); 253 254/* 255 * OCSP operations 256 */ 257extern KMF_RETURN kmf_get_ocsp_for_cert(KMF_HANDLE_T, KMF_DATA *, KMF_DATA *, 258 KMF_DATA *); 259 260extern KMF_RETURN kmf_create_ocsp_request(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 261 262extern KMF_RETURN kmf_get_encoded_ocsp_response(KMF_HANDLE_T, char *, 263 char *, int, char *, int, char *, unsigned int); 264 265extern KMF_RETURN kmf_get_ocsp_status_for_cert(KMF_HANDLE_T, int, 266 KMF_ATTRIBUTE *); 267 268/* 269 * Policy Operations 270 */ 271extern KMF_RETURN kmf_set_policy(KMF_HANDLE_T, char *, char *); 272 273/* 274 * Error handling. 275 */ 276extern KMF_RETURN kmf_get_plugin_error_str(KMF_HANDLE_T, char **); 277extern KMF_RETURN kmf_get_kmf_error_str(KMF_RETURN, char **); 278 279/* 280 * Miscellaneous 281 */ 282extern KMF_RETURN kmf_dn_parser(char *, KMF_X509_NAME *); 283extern KMF_RETURN kmf_read_input_file(KMF_HANDLE_T, char *, KMF_DATA *); 284extern KMF_RETURN kmf_der_to_pem(KMF_OBJECT_TYPE, unsigned char *, 285 int, unsigned char **, int *); 286extern KMF_RETURN kmf_pem_to_der(unsigned char *, int, unsigned char **, int *); 287extern char *kmf_oid_to_string(KMF_OID *); 288extern KMF_RETURN kmf_string_to_oid(char *, KMF_OID *); 289extern int kmf_compare_rdns(KMF_X509_NAME *, KMF_X509_NAME *); 290extern KMF_RETURN kmf_get_data_format(KMF_DATA *, KMF_ENCODE_FORMAT *); 291extern KMF_RETURN kmf_get_file_format(char *, KMF_ENCODE_FORMAT *); 292extern uint32_t kmf_string_to_ku(char *); 293extern char *kmf_ku_to_string(uint32_t); 294extern KMF_RETURN kmf_hexstr_to_bytes(unsigned char *, unsigned char **, 295 size_t *); 296 297extern KMF_RETURN kmf_get_plugin_info(KMF_HANDLE_T, char *, 298 KMF_KEYSTORE_TYPE *, char **); 299 300extern KMF_OID *kmf_ekuname_to_oid(char *); 301extern char *kmf_oid_to_ekuname(KMF_OID *); 302 303#define KMF_CompareRDNs kmf_compare_rdns 304 305/* 306 * Memory cleanup operations 307 */ 308extern void kmf_free_dn(KMF_X509_NAME *); 309extern void kmf_free_kmf_cert(KMF_HANDLE_T, KMF_X509_DER_CERT *); 310extern void kmf_free_data(KMF_DATA *); 311extern void kmf_free_algoid(KMF_X509_ALGORITHM_IDENTIFIER *); 312extern void kmf_free_extn(KMF_X509_EXTENSION *); 313extern void kmf_free_tbs_csr(KMF_TBS_CSR *); 314extern void kmf_free_signed_csr(KMF_CSR_DATA *); 315extern void kmf_free_tbs_cert(KMF_X509_TBS_CERT *); 316extern void kmf_free_signed_cert(KMF_X509_CERTIFICATE *); 317extern void kmf_free_str(char *); 318extern void kmf_free_eku(KMF_X509EXT_EKU *); 319extern void kmf_free_spki(KMF_X509_SPKI *); 320extern void kmf_free_kmf_key(KMF_HANDLE_T, KMF_KEY_HANDLE *); 321extern void kmf_free_bigint(KMF_BIGINT *); 322extern void kmf_free_raw_key(KMF_RAW_KEY_DATA *); 323extern void kmf_free_raw_sym_key(KMF_RAW_SYM_KEY *); 324extern void kmf_free_crl_dist_pts(KMF_X509EXT_CRLDISTPOINTS *); 325 326/* APIs for PKCS#11 token */ 327extern KMF_RETURN kmf_pk11_token_lookup(KMF_HANDLE_T, char *, CK_SLOT_ID *); 328extern KMF_RETURN kmf_set_token_pin(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 329extern CK_SESSION_HANDLE kmf_get_pk11_handle(KMF_HANDLE_T); 330 331/* 332 * Attribute management routines. 333 */ 334int kmf_find_attr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int); 335void *kmf_get_attr_ptr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int); 336KMF_RETURN kmf_get_attr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int, void *, 337 uint32_t *); 338KMF_RETURN kmf_get_string_attr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int, char **); 339KMF_RETURN kmf_set_attr(KMF_ATTRIBUTE *, int, KMF_ATTR_TYPE, void *, uint32_t); 340void kmf_set_attr_at_index(KMF_ATTRIBUTE *, int, KMF_ATTR_TYPE, 341 void *, uint32_t); 342 343/* 344 * Legacy support only - do not use these APIs - they can be removed at any 345 * time. 346 */ 347extern KMF_RETURN KMF_ConfigureKeystore(KMF_HANDLE_T, KMF_CONFIG_PARAMS *); 348extern KMF_RETURN KMF_CreateCSRFile(KMF_DATA *, KMF_ENCODE_FORMAT, char *); 349extern KMF_RETURN KMF_CreateKeypair(KMF_HANDLE_T, 350 KMF_CREATEKEYPAIR_PARAMS *, KMF_KEY_HANDLE *, KMF_KEY_HANDLE *); 351extern KMF_RETURN KMF_DNParser(char *, KMF_X509_NAME *); 352extern KMF_RETURN KMF_Finalize(KMF_HANDLE_T); 353extern KMF_RETURN KMF_FindCert(KMF_HANDLE_T, KMF_FINDCERT_PARAMS *, 354 KMF_X509_DER_CERT *, uint32_t *); 355extern KMF_RETURN KMF_FindKey(KMF_HANDLE_T, KMF_FINDKEY_PARAMS *, 356 KMF_KEY_HANDLE *, uint32_t *); 357extern void KMF_FreeData(KMF_DATA *); 358extern void KMF_FreeKMFCert(KMF_HANDLE_T, KMF_X509_DER_CERT *); 359extern void KMF_FreeKMFKey(KMF_HANDLE_T, KMF_KEY_HANDLE *); 360extern void KMF_FreeSignedCSR(KMF_CSR_DATA *); 361extern KMF_RETURN KMF_GetCertIDString(const KMF_DATA *, char **); 362extern KMF_RETURN KMF_GetCertIssuerNameString(KMF_HANDLE_T, 363 const KMF_DATA *, char **); 364extern KMF_RETURN KMF_GetCertSubjectNameString(KMF_HANDLE_T, 365 const KMF_DATA *, char **); 366extern KMF_RETURN KMF_GetKMFErrorString(KMF_RETURN, char **); 367extern KMF_RETURN KMF_Initialize(KMF_HANDLE_T *, char *, char *); 368extern KMF_RETURN KMF_ReadInputFile(KMF_HANDLE_T, char *, KMF_DATA *); 369extern KMF_RETURN KMF_SetCSRPubKey(KMF_HANDLE_T, KMF_KEY_HANDLE *, 370 KMF_CSR_DATA *); 371extern KMF_RETURN KMF_SetCSRSignatureAlgorithm(KMF_CSR_DATA *, 372 KMF_ALGORITHM_INDEX); 373extern KMF_RETURN KMF_SetCSRSubjectName(KMF_CSR_DATA *, KMF_X509_NAME *); 374extern KMF_RETURN KMF_SetCSRVersion(KMF_CSR_DATA *, uint32_t); 375extern KMF_RETURN KMF_SignCSR(KMF_HANDLE_T, const KMF_CSR_DATA *, 376 KMF_KEY_HANDLE *, KMF_DATA *); 377extern KMF_RETURN KMF_SignDataWithKey(KMF_HANDLE_T, KMF_KEY_HANDLE *, 378 KMF_OID *, KMF_DATA *, KMF_DATA *); 379extern KMF_RETURN KMF_VerifyCertWithCert(KMF_HANDLE_T, const KMF_DATA *, 380 const KMF_DATA *); 381extern KMF_RETURN KMF_VerifyDataWithCert(KMF_HANDLE_T, 382 KMF_KEYSTORE_TYPE, KMF_ALGORITHM_INDEX, KMF_DATA *, KMF_DATA *, 383 const KMF_DATA *); 384 385#ifdef __cplusplus 386} 387#endif 388#endif /* _KMFAPI_H */ 389