kmfapiP.h revision 11973:480f5412d630 
1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
23 * Use is subject to license terms.
24 */
25#ifndef _KMFAPIP_H
26#define	_KMFAPIP_H
27
28#include <kmfapi.h>
29#include <kmfpolicy.h>
30
31#ifdef __cplusplus
32extern "C" {
33#endif
34
35/* Plugin function table */
36typedef struct {
37	ushort_t	version;
38	KMF_RETURN	(*ConfigureKeystore) (
39			KMF_HANDLE_T,
40			int,
41			KMF_ATTRIBUTE *);
42
43	KMF_RETURN	(*FindCert) (
44			KMF_HANDLE_T,
45			int,
46			KMF_ATTRIBUTE *);
47
48	void		(*FreeKMFCert) (
49			KMF_HANDLE_T,
50			KMF_X509_DER_CERT *);
51
52	KMF_RETURN	(*StoreCert) (
53			KMF_HANDLE_T,
54			int, KMF_ATTRIBUTE *);
55
56	KMF_RETURN	(*ImportCert) (
57			KMF_HANDLE_T,
58			int, KMF_ATTRIBUTE *);
59
60	KMF_RETURN	(*ImportCRL) (
61			KMF_HANDLE_T,
62			int, KMF_ATTRIBUTE *);
63
64	KMF_RETURN	(*DeleteCert) (
65			KMF_HANDLE_T,
66			int, KMF_ATTRIBUTE *);
67
68	KMF_RETURN	(*DeleteCRL) (
69			KMF_HANDLE_T,
70			int, KMF_ATTRIBUTE *);
71
72	KMF_RETURN	(*CreateKeypair) (
73			KMF_HANDLE_T,
74			int,
75			KMF_ATTRIBUTE *);
76
77	KMF_RETURN	(*FindKey) (
78			KMF_HANDLE_T,
79			int,
80			KMF_ATTRIBUTE *);
81
82	KMF_RETURN	(*EncodePubkeyData) (
83			KMF_HANDLE_T,
84			KMF_KEY_HANDLE *,
85			KMF_DATA *);
86
87	KMF_RETURN	(*SignData) (
88			KMF_HANDLE_T,
89			KMF_KEY_HANDLE *,
90			KMF_OID *,
91			KMF_DATA *,
92			KMF_DATA *);
93
94	KMF_RETURN	(*DeleteKey) (
95			KMF_HANDLE_T,
96			int,
97			KMF_ATTRIBUTE *);
98
99	KMF_RETURN	(*ListCRL) (
100			KMF_HANDLE_T,
101			int, KMF_ATTRIBUTE *);
102
103	KMF_RETURN	(*FindCRL) (
104			KMF_HANDLE_T,
105			int, KMF_ATTRIBUTE *);
106
107	KMF_RETURN	(*FindCertInCRL) (
108			KMF_HANDLE_T,
109			int, KMF_ATTRIBUTE *);
110
111	KMF_RETURN	(*GetErrorString) (
112			KMF_HANDLE_T,
113			char **);
114
115	KMF_RETURN	(*FindPrikeyByCert) (
116			KMF_HANDLE_T,
117			int,
118			KMF_ATTRIBUTE *);
119
120	KMF_RETURN	(*DecryptData) (
121			KMF_HANDLE_T,
122			KMF_KEY_HANDLE *,
123			KMF_OID *,
124			KMF_DATA *,
125			KMF_DATA *);
126
127	KMF_RETURN	(*ExportPK12)(
128			KMF_HANDLE_T,
129			int,
130			KMF_ATTRIBUTE *);
131
132	KMF_RETURN	(*CreateSymKey) (
133			KMF_HANDLE_T,
134			int,
135			KMF_ATTRIBUTE *);
136
137	KMF_RETURN	(*GetSymKeyValue) (
138			KMF_HANDLE_T,
139			KMF_KEY_HANDLE *,
140			KMF_RAW_SYM_KEY *);
141
142	KMF_RETURN	(*SetTokenPin) (
143			KMF_HANDLE_T,
144			int, KMF_ATTRIBUTE *);
145
146	KMF_RETURN	(*StoreKey) (
147			KMF_HANDLE_T,
148			int,
149			KMF_ATTRIBUTE *);
150
151	void		(*Finalize) ();
152
153} KMF_PLUGIN_FUNCLIST;
154
155typedef struct {
156	KMF_ATTR_TYPE	type;
157	boolean_t	null_value_ok; /* Is the pValue required */
158	uint32_t	minlen;
159	uint32_t	maxlen;
160} KMF_ATTRIBUTE_TESTER;
161
162typedef struct {
163	KMF_KEYSTORE_TYPE	type;
164	char			*applications;
165	char 			*path;
166	void 			*dldesc;
167	KMF_PLUGIN_FUNCLIST	*funclist;
168} KMF_PLUGIN;
169
170typedef struct _KMF_PLUGIN_LIST {
171	KMF_PLUGIN		*plugin;
172	struct _KMF_PLUGIN_LIST *next;
173} KMF_PLUGIN_LIST;
174
175typedef struct _kmf_handle {
176	/*
177	 * session handle opened by kmf_select_token() to talk
178	 * to a specific slot in Crypto framework. It is used
179	 * by pkcs11 plugin module.
180	 */
181	CK_SESSION_HANDLE	pk11handle;
182	KMF_ERROR		lasterr;
183	KMF_POLICY_RECORD	*policy;
184	KMF_PLUGIN_LIST		*plugins;
185} KMF_HANDLE;
186
187#define	CLEAR_ERROR(h, rv) { \
188	if (h == NULL) { \
189		rv = KMF_ERR_BAD_PARAMETER; \
190	} else { \
191		h->lasterr.errcode = 0; \
192		h->lasterr.kstype = 0; \
193		rv = KMF_OK; \
194	} \
195}
196
197#define	KMF_PLUGIN_INIT_SYMBOL	"KMF_Plugin_Initialize"
198
199#ifndef KMF_PLUGIN_PATH
200#if defined(__sparcv9)
201#define	KMF_PLUGIN_PATH "/lib/crypto/sparcv9/"
202#elif defined(__sparc)
203#define	KMF_PLUGIN_PATH "/lib/crypto/"
204#elif defined(__i386)
205#define	KMF_PLUGIN_PATH "/lib/crypto/"
206#elif defined(__amd64)
207#define	KMF_PLUGIN_PATH "/lib/crypto/amd64/"
208#endif
209#endif /* !KMF_PLUGIN_PATH */
210
211KMF_PLUGIN_FUNCLIST *KMF_Plugin_Initialize();
212
213extern KMF_RETURN
214VerifyDataWithKey(KMF_HANDLE_T, KMF_DATA *, KMF_ALGORITHM_INDEX,
215    KMF_DATA *, KMF_DATA *);
216
217extern KMF_BOOL pkcs_algid_to_keytype(
218    KMF_ALGORITHM_INDEX, CK_KEY_TYPE *);
219
220extern KMF_RETURN PKCS_DigestData(KMF_HANDLE_T,
221    CK_SESSION_HANDLE, CK_MECHANISM_TYPE,
222    KMF_DATA *, KMF_DATA *, boolean_t);
223
224extern KMF_RETURN PKCS_VerifyData(
225    KMF_HANDLE *,
226    KMF_ALGORITHM_INDEX,
227    KMF_X509_SPKI *,
228    KMF_DATA *, KMF_DATA *);
229
230extern KMF_RETURN PKCS_EncryptData(
231    KMF_HANDLE *,
232    KMF_ALGORITHM_INDEX,
233    KMF_X509_SPKI *,
234    KMF_DATA *,
235    KMF_DATA *);
236
237extern KMF_PLUGIN *FindPlugin(KMF_HANDLE_T, KMF_KEYSTORE_TYPE);
238
239extern KMF_BOOL IsEqualOid(KMF_OID *, KMF_OID *);
240
241extern KMF_RETURN copy_algoid(KMF_X509_ALGORITHM_IDENTIFIER *destid,
242    KMF_X509_ALGORITHM_IDENTIFIER *srcid);
243
244extern KMF_OID *x509_algid_to_algoid(KMF_ALGORITHM_INDEX);
245extern KMF_ALGORITHM_INDEX x509_algoid_to_algid(KMF_OID *);
246
247extern KMF_RETURN GetIDFromSPKI(KMF_X509_SPKI *, KMF_DATA *);
248extern KMF_RETURN kmf_select_token(KMF_HANDLE_T, char *, int);
249extern KMF_RETURN kmf_set_altname(KMF_X509_EXTENSIONS *,
250    KMF_OID *, int, KMF_GENERALNAMECHOICES, char *);
251extern KMF_RETURN GetSequenceContents(char *, size_t, char **, size_t *);
252extern KMF_X509_EXTENSION *FindExtn(KMF_X509_EXTENSIONS *, KMF_OID *);
253extern KMF_RETURN add_an_extension(KMF_X509_EXTENSIONS *exts,
254    KMF_X509_EXTENSION *newextn);
255extern KMF_RETURN set_integer(KMF_DATA *, void *, int);
256extern void free_keyidlist(KMF_OID *, int);
257extern KMF_RETURN copy_data(KMF_DATA *, KMF_DATA *);
258extern void Cleanup_PK11_Session(KMF_HANDLE_T handle);
259extern void free_dp_name(KMF_CRL_DIST_POINT *);
260extern void free_dp(KMF_CRL_DIST_POINT *);
261extern KMF_RETURN set_key_usage_extension(KMF_X509_EXTENSIONS *,
262    int, uint32_t);
263extern KMF_RETURN init_pk11();
264extern KMF_RETURN test_attributes(int, KMF_ATTRIBUTE_TESTER *,
265    int, KMF_ATTRIBUTE_TESTER *, int, KMF_ATTRIBUTE *);
266
267/* Indexes into the key parts array for RSA keys */
268#define	KMF_RSA_MODULUS			(0)
269#define	KMF_RSA_PUBLIC_EXPONENT		(1)
270#define	KMF_RSA_PRIVATE_EXPONENT	(2)
271#define	KMF_RSA_PRIME1			(3)
272#define	KMF_RSA_PRIME2			(4)
273#define	KMF_RSA_EXPONENT1		(5)
274#define	KMF_RSA_EXPONENT2		(6)
275#define	KMF_RSA_COEFFICIENT		(7)
276
277/* Key part counts for RSA keys */
278#define	KMF_NUMBER_RSA_PUBLIC_KEY_PARTS		(2)
279#define	KMF_NUMBER_RSA_PRIVATE_KEY_PARTS	(8)
280
281/* Key part counts for DSA keys */
282#define	KMF_NUMBER_DSA_PUBLIC_KEY_PARTS		(4)
283#define	KMF_NUMBER_DSA_PRIVATE_KEY_PARTS	(4)
284
285/* Indexes into the key parts array for DSA keys */
286#define	KMF_DSA_PRIME		(0)
287#define	KMF_DSA_SUB_PRIME	(1)
288#define	KMF_DSA_BASE		(2)
289#define	KMF_DSA_PUBLIC_VALUE	(3)
290
291#define	KMF_ECDSA_PARAMS	(0)
292#define	KMF_ECDSA_POINT		(1)
293
294#ifndef max
295#define	max(a, b) ((a) < (b) ? (b) : (a))
296#endif
297
298/* Maximum key parts for all algorithms */
299#define	KMF_MAX_PUBLIC_KEY_PARTS \
300	(max(KMF_NUMBER_RSA_PUBLIC_KEY_PARTS, \
301	KMF_NUMBER_DSA_PUBLIC_KEY_PARTS))
302
303#define	KMF_MAX_PRIVATE_KEY_PARTS \
304	(max(KMF_NUMBER_RSA_PRIVATE_KEY_PARTS, \
305	KMF_NUMBER_DSA_PRIVATE_KEY_PARTS))
306
307#define	KMF_MAX_KEY_PARTS \
308	(max(KMF_MAX_PUBLIC_KEY_PARTS, KMF_MAX_PRIVATE_KEY_PARTS))
309
310typedef enum {
311	KMF_ALGMODE_NONE	= 0,
312	KMF_ALGMODE_CUSTOM,
313	KMF_ALGMODE_PUBLIC_KEY,
314	KMF_ALGMODE_PRIVATE_KEY,
315	KMF_ALGMODE_PKCS1_EMSA_V15
316} KMF_SIGNATURE_MODE;
317
318#define	KMF_CERT_PRINTABLE_LEN	1024
319#define	SHA1_HASH_LENGTH 20
320
321#define	OCSPREQ_TEMPNAME	"/tmp/ocsp.reqXXXXXX"
322#define	OCSPRESP_TEMPNAME	"/tmp/ocsp.respXXXXXX"
323
324#define	_PATH_KMF_CONF	"/etc/crypto/kmf.conf"
325#define	CONF_MODULEPATH	"modulepath="
326#define	CONF_OPTION	"option="
327
328typedef struct {
329	char			*keystore;
330	char			*modulepath;
331	char 			*option;
332	KMF_KEYSTORE_TYPE	kstype;
333} conf_entry_t;
334
335typedef struct conf_entrylist {
336	conf_entry_t		*entry;
337	struct conf_entrylist 	*next;
338} conf_entrylist_t;
339
340extern KMF_RETURN get_pk11_data(KMF_ALGORITHM_INDEX,
341	CK_KEY_TYPE *, CK_MECHANISM_TYPE *, CK_MECHANISM_TYPE *, boolean_t);
342extern KMF_RETURN kmf_create_pk11_session(CK_SESSION_HANDLE *,
343	CK_MECHANISM_TYPE, CK_FLAGS);
344extern KMF_RETURN get_entrylist(conf_entrylist_t **);
345extern void free_entrylist(conf_entrylist_t *);
346extern void free_entry(conf_entry_t *);
347extern conf_entry_t *dup_entry(conf_entry_t *);
348extern boolean_t is_valid_keystore_type(KMF_KEYSTORE_TYPE);
349extern KMF_BOOL is_eku_present(KMF_X509EXT_EKU *, KMF_OID *);
350extern KMF_RETURN parse_eku_data(const KMF_DATA *, KMF_X509EXT_EKU *);
351extern KMF_RETURN
352copy_extension_data(KMF_X509_EXTENSION *, KMF_X509_EXTENSION *);
353
354#ifdef __cplusplus
355}
356#endif
357#endif /* _KMFAPIP_H */
358