kmfapiP.h revision 6051:7b29d160facb
1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21/* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25#ifndef _KMFAPIP_H 26#define _KMFAPIP_H 27 28#pragma ident "%Z%%M% %I% %E% SMI" 29 30#include <kmfapi.h> 31#include <kmfpolicy.h> 32 33#ifdef __cplusplus 34extern "C" { 35#endif 36 37/* Plugin function table */ 38typedef struct { 39 ushort_t version; 40 KMF_RETURN (*ConfigureKeystore) ( 41 KMF_HANDLE_T, 42 int, 43 KMF_ATTRIBUTE *); 44 45 KMF_RETURN (*FindCert) ( 46 KMF_HANDLE_T, 47 int, 48 KMF_ATTRIBUTE *); 49 50 void (*FreeKMFCert) ( 51 KMF_HANDLE_T, 52 KMF_X509_DER_CERT *); 53 54 KMF_RETURN (*StoreCert) ( 55 KMF_HANDLE_T, 56 int, KMF_ATTRIBUTE *); 57 58 KMF_RETURN (*ImportCert) ( 59 KMF_HANDLE_T, 60 int, KMF_ATTRIBUTE *); 61 62 KMF_RETURN (*ImportCRL) ( 63 KMF_HANDLE_T, 64 int, KMF_ATTRIBUTE *); 65 66 KMF_RETURN (*DeleteCert) ( 67 KMF_HANDLE_T, 68 int, KMF_ATTRIBUTE *); 69 70 KMF_RETURN (*DeleteCRL) ( 71 KMF_HANDLE_T, 72 int, KMF_ATTRIBUTE *); 73 74 KMF_RETURN (*CreateKeypair) ( 75 KMF_HANDLE_T, 76 int, 77 KMF_ATTRIBUTE *); 78 79 KMF_RETURN (*FindKey) ( 80 KMF_HANDLE_T, 81 int, 82 KMF_ATTRIBUTE *); 83 84 KMF_RETURN (*EncodePubkeyData) ( 85 KMF_HANDLE_T, 86 KMF_KEY_HANDLE *, 87 KMF_DATA *); 88 89 KMF_RETURN (*SignData) ( 90 KMF_HANDLE_T, 91 KMF_KEY_HANDLE *, 92 KMF_OID *, 93 KMF_DATA *, 94 KMF_DATA *); 95 96 KMF_RETURN (*DeleteKey) ( 97 KMF_HANDLE_T, 98 int, 99 KMF_ATTRIBUTE *); 100 101 KMF_RETURN (*ListCRL) ( 102 KMF_HANDLE_T, 103 int, KMF_ATTRIBUTE *); 104 105 KMF_RETURN (*FindCRL) ( 106 KMF_HANDLE_T, 107 int, KMF_ATTRIBUTE *); 108 109 KMF_RETURN (*FindCertInCRL) ( 110 KMF_HANDLE_T, 111 int, KMF_ATTRIBUTE *); 112 113 KMF_RETURN (*GetErrorString) ( 114 KMF_HANDLE_T, 115 char **); 116 117 KMF_RETURN (*FindPrikeyByCert) ( 118 KMF_HANDLE_T, 119 int, 120 KMF_ATTRIBUTE *); 121 122 KMF_RETURN (*DecryptData) ( 123 KMF_HANDLE_T, 124 KMF_KEY_HANDLE *, 125 KMF_OID *, 126 KMF_DATA *, 127 KMF_DATA *); 128 129 KMF_RETURN (*ExportPK12)( 130 KMF_HANDLE_T, 131 int, 132 KMF_ATTRIBUTE *); 133 134 KMF_RETURN (*CreateSymKey) ( 135 KMF_HANDLE_T, 136 int, 137 KMF_ATTRIBUTE *); 138 139 KMF_RETURN (*GetSymKeyValue) ( 140 KMF_HANDLE_T, 141 KMF_KEY_HANDLE *, 142 KMF_RAW_SYM_KEY *); 143 144 KMF_RETURN (*SetTokenPin) ( 145 KMF_HANDLE_T, 146 int, KMF_ATTRIBUTE *); 147 148 KMF_RETURN (*VerifyDataWithCert) ( 149 KMF_HANDLE_T, 150 KMF_ALGORITHM_INDEX, 151 KMF_DATA *, 152 KMF_DATA *, 153 KMF_DATA *); 154 155 KMF_RETURN (*StoreKey) ( 156 KMF_HANDLE_T, 157 int, 158 KMF_ATTRIBUTE *); 159 160 void (*Finalize) (); 161 162} KMF_PLUGIN_FUNCLIST; 163 164typedef struct { 165 KMF_ATTR_TYPE type; 166 boolean_t null_value_ok; /* Is the pValue required */ 167 uint32_t minlen; 168 uint32_t maxlen; 169} KMF_ATTRIBUTE_TESTER; 170 171typedef struct { 172 KMF_KEYSTORE_TYPE type; 173 char *applications; 174 char *path; 175 void *dldesc; 176 KMF_PLUGIN_FUNCLIST *funclist; 177} KMF_PLUGIN; 178 179typedef struct _KMF_PLUGIN_LIST { 180 KMF_PLUGIN *plugin; 181 struct _KMF_PLUGIN_LIST *next; 182} KMF_PLUGIN_LIST; 183 184typedef struct _kmf_handle { 185 /* 186 * session handle opened by kmf_select_token() to talk 187 * to a specific slot in Crypto framework. It is used 188 * by pkcs11 plugin module. 189 */ 190 CK_SESSION_HANDLE pk11handle; 191 KMF_ERROR lasterr; 192 KMF_POLICY_RECORD *policy; 193 KMF_PLUGIN_LIST *plugins; 194} KMF_HANDLE; 195 196#define CLEAR_ERROR(h, rv) { \ 197 if (h == NULL) { \ 198 rv = KMF_ERR_BAD_PARAMETER; \ 199 } else { \ 200 h->lasterr.errcode = 0; \ 201 h->lasterr.kstype = 0; \ 202 rv = KMF_OK; \ 203 } \ 204} 205 206#define KMF_PLUGIN_INIT_SYMBOL "KMF_Plugin_Initialize" 207 208#ifndef KMF_PLUGIN_PATH 209#if defined(__sparcv9) 210#define KMF_PLUGIN_PATH "/usr/lib/security/sparcv9/" 211#elif defined(__sparc) 212#define KMF_PLUGIN_PATH "/usr/lib/security/" 213#elif defined(__i386) 214#define KMF_PLUGIN_PATH "/usr/lib/security/" 215#elif defined(__amd64) 216#define KMF_PLUGIN_PATH "/usr/lib/security/amd64/" 217#endif 218#endif /* !KMF_PLUGIN_PATH */ 219 220KMF_PLUGIN_FUNCLIST *KMF_Plugin_Initialize(); 221 222extern KMF_RETURN 223VerifyDataWithKey(KMF_HANDLE_T, KMF_DATA *, KMF_ALGORITHM_INDEX, 224 KMF_DATA *, KMF_DATA *); 225 226extern KMF_BOOL pkcs_algid_to_keytype( 227 KMF_ALGORITHM_INDEX, CK_KEY_TYPE *); 228 229extern KMF_RETURN PKCS_VerifyData( 230 KMF_HANDLE *, 231 KMF_ALGORITHM_INDEX, 232 KMF_X509_SPKI *, 233 KMF_DATA *, KMF_DATA *); 234 235extern KMF_RETURN PKCS_EncryptData( 236 KMF_HANDLE *, 237 KMF_ALGORITHM_INDEX, 238 KMF_X509_SPKI *, 239 KMF_DATA *, 240 KMF_DATA *); 241 242extern KMF_PLUGIN *FindPlugin(KMF_HANDLE_T, KMF_KEYSTORE_TYPE); 243 244extern KMF_BOOL IsEqualOid(KMF_OID *, KMF_OID *); 245 246extern KMF_RETURN copy_algoid(KMF_X509_ALGORITHM_IDENTIFIER *destid, 247 KMF_X509_ALGORITHM_IDENTIFIER *srcid); 248 249extern KMF_OID *x509_algid_to_algoid(KMF_ALGORITHM_INDEX); 250extern KMF_ALGORITHM_INDEX x509_algoid_to_algid(KMF_OID *); 251 252extern KMF_RETURN PKCS_AcquirePublicKeyHandle(CK_SESSION_HANDLE ckSession, 253 const KMF_X509_SPKI *, CK_KEY_TYPE, CK_OBJECT_HANDLE *, 254 KMF_BOOL *); 255 256extern KMF_RETURN GetIDFromSPKI(KMF_X509_SPKI *, KMF_DATA *); 257extern KMF_RETURN kmf_select_token(KMF_HANDLE_T, char *, int); 258extern KMF_RETURN kmf_set_altname(KMF_X509_EXTENSIONS *, 259 KMF_OID *, int, KMF_GENERALNAMECHOICES, char *); 260extern KMF_RETURN GetSequenceContents(char *, size_t, char **, size_t *); 261extern KMF_X509_EXTENSION *FindExtn(KMF_X509_EXTENSIONS *, KMF_OID *); 262extern KMF_RETURN add_an_extension(KMF_X509_EXTENSIONS *exts, 263 KMF_X509_EXTENSION *newextn); 264extern KMF_RETURN set_integer(KMF_DATA *, void *, int); 265extern void free_keyidlist(KMF_OID *, int); 266extern KMF_RETURN copy_data(KMF_DATA *, KMF_DATA *); 267extern void Cleanup_PK11_Session(KMF_HANDLE_T handle); 268extern void free_dp_name(KMF_CRL_DIST_POINT *); 269extern void free_dp(KMF_CRL_DIST_POINT *); 270extern KMF_RETURN set_key_usage_extension(KMF_X509_EXTENSIONS *, 271 int, uint32_t); 272extern KMF_RETURN init_pk11(); 273extern KMF_RETURN test_attributes(int, KMF_ATTRIBUTE_TESTER *, 274 int, KMF_ATTRIBUTE_TESTER *, int, KMF_ATTRIBUTE *); 275 276/* Indexes into the key parts array for RSA keys */ 277#define KMF_RSA_MODULUS (0) 278#define KMF_RSA_PUBLIC_EXPONENT (1) 279#define KMF_RSA_PRIVATE_EXPONENT (2) 280#define KMF_RSA_PRIME1 (3) 281#define KMF_RSA_PRIME2 (4) 282#define KMF_RSA_EXPONENT1 (5) 283#define KMF_RSA_EXPONENT2 (6) 284#define KMF_RSA_COEFFICIENT (7) 285 286/* Key part counts for RSA keys */ 287#define KMF_NUMBER_RSA_PUBLIC_KEY_PARTS (2) 288#define KMF_NUMBER_RSA_PRIVATE_KEY_PARTS (8) 289 290/* Key part counts for DSA keys */ 291#define KMF_NUMBER_DSA_PUBLIC_KEY_PARTS (4) 292#define KMF_NUMBER_DSA_PRIVATE_KEY_PARTS (4) 293 294/* Indexes into the key parts array for DSA keys */ 295#define KMF_DSA_PRIME (0) 296#define KMF_DSA_SUB_PRIME (1) 297#define KMF_DSA_BASE (2) 298#define KMF_DSA_PUBLIC_VALUE (3) 299 300#ifndef max 301#define max(a, b) ((a) < (b) ? (b) : (a)) 302#endif 303 304/* Maximum key parts for all algorithms */ 305#define KMF_MAX_PUBLIC_KEY_PARTS \ 306 (max(KMF_NUMBER_RSA_PUBLIC_KEY_PARTS, \ 307 KMF_NUMBER_DSA_PUBLIC_KEY_PARTS)) 308 309#define KMF_MAX_PRIVATE_KEY_PARTS \ 310 (max(KMF_NUMBER_RSA_PRIVATE_KEY_PARTS, \ 311 KMF_NUMBER_DSA_PRIVATE_KEY_PARTS)) 312 313#define KMF_MAX_KEY_PARTS \ 314 (max(KMF_MAX_PUBLIC_KEY_PARTS, KMF_MAX_PRIVATE_KEY_PARTS)) 315 316typedef enum { 317 KMF_ALGMODE_NONE = 0, 318 KMF_ALGMODE_CUSTOM, 319 KMF_ALGMODE_PUBLIC_KEY, 320 KMF_ALGMODE_PRIVATE_KEY, 321 KMF_ALGMODE_PKCS1_EMSA_V15 322} KMF_SIGNATURE_MODE; 323 324#define KMF_CERT_PRINTABLE_LEN 1024 325#define SHA1_HASH_LENGTH 20 326 327#define OCSPREQ_TEMPNAME "/tmp/ocsp.reqXXXXXX" 328#define OCSPRESP_TEMPNAME "/tmp/ocsp.respXXXXXX" 329 330#define _PATH_KMF_CONF "/etc/crypto/kmf.conf" 331#define CONF_MODULEPATH "modulepath=" 332#define CONF_OPTION "option=" 333 334typedef struct { 335 char *keystore; 336 char *modulepath; 337 char *option; 338 KMF_KEYSTORE_TYPE kstype; 339} conf_entry_t; 340 341typedef struct conf_entrylist { 342 conf_entry_t *entry; 343 struct conf_entrylist *next; 344} conf_entrylist_t; 345 346 347extern KMF_RETURN get_entrylist(conf_entrylist_t **); 348extern void free_entrylist(conf_entrylist_t *); 349extern void free_entry(conf_entry_t *); 350extern conf_entry_t *dup_entry(conf_entry_t *); 351extern boolean_t is_valid_keystore_type(KMF_KEYSTORE_TYPE); 352extern KMF_BOOL is_eku_present(KMF_X509EXT_EKU *, KMF_OID *); 353extern KMF_RETURN parse_eku_data(const KMF_DATA *, KMF_X509EXT_EKU *); 354 355#ifdef __cplusplus 356} 357#endif 358#endif /* _KMFAPIP_H */ 359