kmfapiP.h revision 8192:1e71c4032126 
1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23 * Use is subject to license terms.
24 */
25#ifndef _KMFAPIP_H
26#define	_KMFAPIP_H
27
28#include <kmfapi.h>
29#include <kmfpolicy.h>
30
31#ifdef __cplusplus
32extern "C" {
33#endif
34
35/* Plugin function table */
36typedef struct {
37	ushort_t	version;
38	KMF_RETURN	(*ConfigureKeystore) (
39			KMF_HANDLE_T,
40			int,
41			KMF_ATTRIBUTE *);
42
43	KMF_RETURN	(*FindCert) (
44			KMF_HANDLE_T,
45			int,
46			KMF_ATTRIBUTE *);
47
48	void		(*FreeKMFCert) (
49			KMF_HANDLE_T,
50			KMF_X509_DER_CERT *);
51
52	KMF_RETURN	(*StoreCert) (
53			KMF_HANDLE_T,
54			int, KMF_ATTRIBUTE *);
55
56	KMF_RETURN	(*ImportCert) (
57			KMF_HANDLE_T,
58			int, KMF_ATTRIBUTE *);
59
60	KMF_RETURN	(*ImportCRL) (
61			KMF_HANDLE_T,
62			int, KMF_ATTRIBUTE *);
63
64	KMF_RETURN	(*DeleteCert) (
65			KMF_HANDLE_T,
66			int, KMF_ATTRIBUTE *);
67
68	KMF_RETURN	(*DeleteCRL) (
69			KMF_HANDLE_T,
70			int, KMF_ATTRIBUTE *);
71
72	KMF_RETURN	(*CreateKeypair) (
73			KMF_HANDLE_T,
74			int,
75			KMF_ATTRIBUTE *);
76
77	KMF_RETURN	(*FindKey) (
78			KMF_HANDLE_T,
79			int,
80			KMF_ATTRIBUTE *);
81
82	KMF_RETURN	(*EncodePubkeyData) (
83			KMF_HANDLE_T,
84			KMF_KEY_HANDLE *,
85			KMF_DATA *);
86
87	KMF_RETURN	(*SignData) (
88			KMF_HANDLE_T,
89			KMF_KEY_HANDLE *,
90			KMF_OID *,
91			KMF_DATA *,
92			KMF_DATA *);
93
94	KMF_RETURN	(*DeleteKey) (
95			KMF_HANDLE_T,
96			int,
97			KMF_ATTRIBUTE *);
98
99	KMF_RETURN	(*ListCRL) (
100			KMF_HANDLE_T,
101			int, KMF_ATTRIBUTE *);
102
103	KMF_RETURN	(*FindCRL) (
104			KMF_HANDLE_T,
105			int, KMF_ATTRIBUTE *);
106
107	KMF_RETURN	(*FindCertInCRL) (
108			KMF_HANDLE_T,
109			int, KMF_ATTRIBUTE *);
110
111	KMF_RETURN	(*GetErrorString) (
112			KMF_HANDLE_T,
113			char **);
114
115	KMF_RETURN	(*FindPrikeyByCert) (
116			KMF_HANDLE_T,
117			int,
118			KMF_ATTRIBUTE *);
119
120	KMF_RETURN	(*DecryptData) (
121			KMF_HANDLE_T,
122			KMF_KEY_HANDLE *,
123			KMF_OID *,
124			KMF_DATA *,
125			KMF_DATA *);
126
127	KMF_RETURN	(*ExportPK12)(
128			KMF_HANDLE_T,
129			int,
130			KMF_ATTRIBUTE *);
131
132	KMF_RETURN	(*CreateSymKey) (
133			KMF_HANDLE_T,
134			int,
135			KMF_ATTRIBUTE *);
136
137	KMF_RETURN	(*GetSymKeyValue) (
138			KMF_HANDLE_T,
139			KMF_KEY_HANDLE *,
140			KMF_RAW_SYM_KEY *);
141
142	KMF_RETURN	(*SetTokenPin) (
143			KMF_HANDLE_T,
144			int, KMF_ATTRIBUTE *);
145
146	KMF_RETURN	(*VerifyDataWithCert) (
147			KMF_HANDLE_T,
148			KMF_ALGORITHM_INDEX,
149			KMF_DATA *,
150			KMF_DATA *,
151			KMF_DATA *);
152
153	KMF_RETURN	(*StoreKey) (
154			KMF_HANDLE_T,
155			int,
156			KMF_ATTRIBUTE *);
157
158	void		(*Finalize) ();
159
160} KMF_PLUGIN_FUNCLIST;
161
162typedef struct {
163	KMF_ATTR_TYPE	type;
164	boolean_t	null_value_ok; /* Is the pValue required */
165	uint32_t	minlen;
166	uint32_t	maxlen;
167} KMF_ATTRIBUTE_TESTER;
168
169typedef struct {
170	KMF_KEYSTORE_TYPE	type;
171	char			*applications;
172	char 			*path;
173	void 			*dldesc;
174	KMF_PLUGIN_FUNCLIST	*funclist;
175} KMF_PLUGIN;
176
177typedef struct _KMF_PLUGIN_LIST {
178	KMF_PLUGIN		*plugin;
179	struct _KMF_PLUGIN_LIST *next;
180} KMF_PLUGIN_LIST;
181
182typedef struct _kmf_handle {
183	/*
184	 * session handle opened by kmf_select_token() to talk
185	 * to a specific slot in Crypto framework. It is used
186	 * by pkcs11 plugin module.
187	 */
188	CK_SESSION_HANDLE	pk11handle;
189	KMF_ERROR		lasterr;
190	KMF_POLICY_RECORD	*policy;
191	KMF_PLUGIN_LIST		*plugins;
192} KMF_HANDLE;
193
194#define	CLEAR_ERROR(h, rv) { \
195	if (h == NULL) { \
196		rv = KMF_ERR_BAD_PARAMETER; \
197	} else { \
198		h->lasterr.errcode = 0; \
199		h->lasterr.kstype = 0; \
200		rv = KMF_OK; \
201	} \
202}
203
204#define	KMF_PLUGIN_INIT_SYMBOL	"KMF_Plugin_Initialize"
205
206#ifndef KMF_PLUGIN_PATH
207#if defined(__sparcv9)
208#define	KMF_PLUGIN_PATH "/lib/crypto/sparcv9/"
209#elif defined(__sparc)
210#define	KMF_PLUGIN_PATH "/lib/crypto/"
211#elif defined(__i386)
212#define	KMF_PLUGIN_PATH "/lib/crypto/"
213#elif defined(__amd64)
214#define	KMF_PLUGIN_PATH "/lib/crypto/amd64/"
215#endif
216#endif /* !KMF_PLUGIN_PATH */
217
218KMF_PLUGIN_FUNCLIST *KMF_Plugin_Initialize();
219
220extern KMF_RETURN
221VerifyDataWithKey(KMF_HANDLE_T, KMF_DATA *, KMF_ALGORITHM_INDEX,
222    KMF_DATA *, KMF_DATA *);
223
224extern KMF_BOOL pkcs_algid_to_keytype(
225    KMF_ALGORITHM_INDEX, CK_KEY_TYPE *);
226
227extern KMF_RETURN PKCS_VerifyData(
228    KMF_HANDLE *,
229    KMF_ALGORITHM_INDEX,
230    KMF_X509_SPKI *,
231    KMF_DATA *, KMF_DATA *);
232
233extern KMF_RETURN PKCS_EncryptData(
234    KMF_HANDLE *,
235    KMF_ALGORITHM_INDEX,
236    KMF_X509_SPKI *,
237    KMF_DATA *,
238    KMF_DATA *);
239
240extern KMF_PLUGIN *FindPlugin(KMF_HANDLE_T, KMF_KEYSTORE_TYPE);
241
242extern KMF_BOOL IsEqualOid(KMF_OID *, KMF_OID *);
243
244extern KMF_RETURN copy_algoid(KMF_X509_ALGORITHM_IDENTIFIER *destid,
245    KMF_X509_ALGORITHM_IDENTIFIER *srcid);
246
247extern KMF_OID *x509_algid_to_algoid(KMF_ALGORITHM_INDEX);
248extern KMF_ALGORITHM_INDEX x509_algoid_to_algid(KMF_OID *);
249
250extern KMF_RETURN PKCS_AcquirePublicKeyHandle(CK_SESSION_HANDLE ckSession,
251    const KMF_X509_SPKI *, CK_KEY_TYPE, CK_OBJECT_HANDLE *,
252    KMF_BOOL *);
253
254extern KMF_RETURN GetIDFromSPKI(KMF_X509_SPKI *, KMF_DATA *);
255extern KMF_RETURN kmf_select_token(KMF_HANDLE_T, char *, int);
256extern KMF_RETURN kmf_set_altname(KMF_X509_EXTENSIONS *,
257    KMF_OID *, int, KMF_GENERALNAMECHOICES, char *);
258extern KMF_RETURN GetSequenceContents(char *, size_t, char **, size_t *);
259extern KMF_X509_EXTENSION *FindExtn(KMF_X509_EXTENSIONS *, KMF_OID *);
260extern KMF_RETURN add_an_extension(KMF_X509_EXTENSIONS *exts,
261    KMF_X509_EXTENSION *newextn);
262extern KMF_RETURN set_integer(KMF_DATA *, void *, int);
263extern void free_keyidlist(KMF_OID *, int);
264extern KMF_RETURN copy_data(KMF_DATA *, KMF_DATA *);
265extern void Cleanup_PK11_Session(KMF_HANDLE_T handle);
266extern void free_dp_name(KMF_CRL_DIST_POINT *);
267extern void free_dp(KMF_CRL_DIST_POINT *);
268extern KMF_RETURN set_key_usage_extension(KMF_X509_EXTENSIONS *,
269    int, uint32_t);
270extern KMF_RETURN init_pk11();
271extern KMF_RETURN test_attributes(int, KMF_ATTRIBUTE_TESTER *,
272    int, KMF_ATTRIBUTE_TESTER *, int, KMF_ATTRIBUTE *);
273
274/* Indexes into the key parts array for RSA keys */
275#define	KMF_RSA_MODULUS			(0)
276#define	KMF_RSA_PUBLIC_EXPONENT		(1)
277#define	KMF_RSA_PRIVATE_EXPONENT	(2)
278#define	KMF_RSA_PRIME1			(3)
279#define	KMF_RSA_PRIME2			(4)
280#define	KMF_RSA_EXPONENT1		(5)
281#define	KMF_RSA_EXPONENT2		(6)
282#define	KMF_RSA_COEFFICIENT		(7)
283
284/* Key part counts for RSA keys */
285#define	KMF_NUMBER_RSA_PUBLIC_KEY_PARTS		(2)
286#define	KMF_NUMBER_RSA_PRIVATE_KEY_PARTS	(8)
287
288/* Key part counts for DSA keys */
289#define	KMF_NUMBER_DSA_PUBLIC_KEY_PARTS		(4)
290#define	KMF_NUMBER_DSA_PRIVATE_KEY_PARTS	(4)
291
292/* Indexes into the key parts array for DSA keys */
293#define	KMF_DSA_PRIME		(0)
294#define	KMF_DSA_SUB_PRIME	(1)
295#define	KMF_DSA_BASE		(2)
296#define	KMF_DSA_PUBLIC_VALUE	(3)
297
298#ifndef max
299#define	max(a, b) ((a) < (b) ? (b) : (a))
300#endif
301
302/* Maximum key parts for all algorithms */
303#define	KMF_MAX_PUBLIC_KEY_PARTS \
304	(max(KMF_NUMBER_RSA_PUBLIC_KEY_PARTS, \
305	KMF_NUMBER_DSA_PUBLIC_KEY_PARTS))
306
307#define	KMF_MAX_PRIVATE_KEY_PARTS \
308	(max(KMF_NUMBER_RSA_PRIVATE_KEY_PARTS, \
309	KMF_NUMBER_DSA_PRIVATE_KEY_PARTS))
310
311#define	KMF_MAX_KEY_PARTS \
312	(max(KMF_MAX_PUBLIC_KEY_PARTS, KMF_MAX_PRIVATE_KEY_PARTS))
313
314typedef enum {
315	KMF_ALGMODE_NONE	= 0,
316	KMF_ALGMODE_CUSTOM,
317	KMF_ALGMODE_PUBLIC_KEY,
318	KMF_ALGMODE_PRIVATE_KEY,
319	KMF_ALGMODE_PKCS1_EMSA_V15
320} KMF_SIGNATURE_MODE;
321
322#define	KMF_CERT_PRINTABLE_LEN	1024
323#define	SHA1_HASH_LENGTH 20
324
325#define	OCSPREQ_TEMPNAME	"/tmp/ocsp.reqXXXXXX"
326#define	OCSPRESP_TEMPNAME	"/tmp/ocsp.respXXXXXX"
327
328#define	_PATH_KMF_CONF	"/etc/crypto/kmf.conf"
329#define	CONF_MODULEPATH	"modulepath="
330#define	CONF_OPTION	"option="
331
332typedef struct {
333	char			*keystore;
334	char			*modulepath;
335	char 			*option;
336	KMF_KEYSTORE_TYPE	kstype;
337} conf_entry_t;
338
339typedef struct conf_entrylist {
340	conf_entry_t		*entry;
341	struct conf_entrylist 	*next;
342} conf_entrylist_t;
343
344
345extern KMF_RETURN get_entrylist(conf_entrylist_t **);
346extern void free_entrylist(conf_entrylist_t *);
347extern void free_entry(conf_entry_t *);
348extern conf_entry_t *dup_entry(conf_entry_t *);
349extern boolean_t is_valid_keystore_type(KMF_KEYSTORE_TYPE);
350extern KMF_BOOL is_eku_present(KMF_X509EXT_EKU *, KMF_OID *);
351extern KMF_RETURN parse_eku_data(const KMF_DATA *, KMF_X509EXT_EKU *);
352extern KMF_RETURN
353copy_extension_data(KMF_X509_EXTENSION *, KMF_X509_EXTENSION *);
354
355#ifdef __cplusplus
356}
357#endif
358#endif /* _KMFAPIP_H */
359