17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate  * CDDL HEADER START
37c478bd9Sstevel@tonic-gate  *
47c478bd9Sstevel@tonic-gate  * The contents of this file are subject to the terms of the
599ebb4caSwyllys  * Common Development and Distribution License (the "License").
699ebb4caSwyllys  * You may not use this file except in compliance with the License.
77c478bd9Sstevel@tonic-gate  *
87c478bd9Sstevel@tonic-gate  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bd9Sstevel@tonic-gate  * or http://www.opensolaris.org/os/licensing.
107c478bd9Sstevel@tonic-gate  * See the License for the specific language governing permissions
117c478bd9Sstevel@tonic-gate  * and limitations under the License.
127c478bd9Sstevel@tonic-gate  *
137c478bd9Sstevel@tonic-gate  * When distributing Covered Code, include this CDDL HEADER in each
147c478bd9Sstevel@tonic-gate  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bd9Sstevel@tonic-gate  * If applicable, add the following below this CDDL HEADER, with the
167c478bd9Sstevel@tonic-gate  * fields enclosed by brackets "[]" replaced with your own identifying
177c478bd9Sstevel@tonic-gate  * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bd9Sstevel@tonic-gate  *
197c478bd9Sstevel@tonic-gate  * CDDL HEADER END
207c478bd9Sstevel@tonic-gate  */
217c478bd9Sstevel@tonic-gate /*
22*e65e5c2dSWyllys Ingersoll  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
237c478bd9Sstevel@tonic-gate  * Use is subject to license terms.
247c478bd9Sstevel@tonic-gate  */
257c478bd9Sstevel@tonic-gate 
267c478bd9Sstevel@tonic-gate #ifndef _PKTOOL_COMMON_H
277c478bd9Sstevel@tonic-gate #define	_PKTOOL_COMMON_H
287c478bd9Sstevel@tonic-gate 
297c478bd9Sstevel@tonic-gate /*
307c478bd9Sstevel@tonic-gate  * This file contains data and functions shared between all the
317c478bd9Sstevel@tonic-gate  * modules that comprise this tool.
327c478bd9Sstevel@tonic-gate  */
337c478bd9Sstevel@tonic-gate 
347c478bd9Sstevel@tonic-gate #ifdef __cplusplus
357c478bd9Sstevel@tonic-gate extern "C" {
367c478bd9Sstevel@tonic-gate #endif
377c478bd9Sstevel@tonic-gate 
387c478bd9Sstevel@tonic-gate #include <cryptoutil.h>
397c478bd9Sstevel@tonic-gate 
407c478bd9Sstevel@tonic-gate /* I18N helpers. */
417c478bd9Sstevel@tonic-gate #include <libintl.h>
427c478bd9Sstevel@tonic-gate #include <locale.h>
4399ebb4caSwyllys #include <errno.h>
4499ebb4caSwyllys #include <kmfapi.h>
457c478bd9Sstevel@tonic-gate 
467711facfSdinak /* Defines used throughout */
477711facfSdinak 
487c478bd9Sstevel@tonic-gate /* Error codes */
497c478bd9Sstevel@tonic-gate #define	PK_ERR_NONE		0
507c478bd9Sstevel@tonic-gate #define	PK_ERR_USAGE		1
517c478bd9Sstevel@tonic-gate #define	PK_ERR_QUIT		2
527711facfSdinak #define	PK_ERR_PK11		3
537711facfSdinak #define	PK_ERR_SYSTEM		4
547711facfSdinak #define	PK_ERR_OPENSSL		5
5599ebb4caSwyllys #define	PK_ERR_NSS		6
567711facfSdinak 
577711facfSdinak /* Types of objects for searches. */
587711facfSdinak #define	PK_PRIVATE_OBJ		0x0001
597711facfSdinak #define	PK_PUBLIC_OBJ		0x0002
607711facfSdinak #define	PK_CERT_OBJ		0x0010
617711facfSdinak #define	PK_PRIKEY_OBJ		0x0020
627711facfSdinak #define	PK_PUBKEY_OBJ		0x0040
6399ebb4caSwyllys #define	PK_SYMKEY_OBJ		0x0080
6499ebb4caSwyllys #define	PK_CRL_OBJ		0x0100
657711facfSdinak 
6699ebb4caSwyllys #define	PK_KEY_OBJ		(PK_PRIKEY_OBJ | PK_PUBKEY_OBJ | PK_SYMKEY_OBJ)
6799ebb4caSwyllys #define	PK_ALL_OBJ		(PK_PRIVATE_OBJ | PK_PUBLIC_OBJ |\
6899ebb4caSwyllys 				PK_CERT_OBJ| PK_CRL_OBJ | PK_KEY_OBJ)
6999ebb4caSwyllys 
7099ebb4caSwyllys #define	PK_DEFAULT_KEYTYPE	"rsa"
71*e65e5c2dSWyllys Ingersoll #define	PK_DEFAULT_KEYLENGTH	2048
7299ebb4caSwyllys #define	PK_DEFAULT_DIRECTORY	"."
7399ebb4caSwyllys #define	PK_DEFAULT_SERIALNUM	1
7499ebb4caSwyllys #define	PK_DEFAULT_PK11TOKEN	SOFT_TOKEN_LABEL
757711facfSdinak 
767711facfSdinak /* Constants for attribute templates. */
777711facfSdinak extern CK_BBOOL	pk_false;
787711facfSdinak extern CK_BBOOL	pk_true;
797711facfSdinak 
80d00756ccSwyllys typedef struct {
81d00756ccSwyllys 	int	eku_count;
82d00756ccSwyllys 	int	*critlist;
83d00756ccSwyllys 	KMF_OID	*ekulist;
84d00756ccSwyllys } EKU_LIST;
857711facfSdinak 
867711facfSdinak /* Common functions. */
877711facfSdinak extern void	final_pk11(CK_SESSION_HANDLE sess);
887711facfSdinak 
897711facfSdinak extern CK_RV	login_token(CK_SLOT_ID slot_id, CK_UTF8CHAR_PTR pin,
907711facfSdinak 		    CK_ULONG pinlen, CK_SESSION_HANDLE_PTR sess);
917711facfSdinak 
927711facfSdinak extern CK_RV	quick_start(CK_SLOT_ID slot_id, CK_FLAGS sess_flags,
937711facfSdinak 		    CK_UTF8CHAR_PTR pin, CK_ULONG pinlen,
947711facfSdinak 		    CK_SESSION_HANDLE_PTR sess);
957711facfSdinak 
967711facfSdinak extern CK_RV	get_pin(char *prompt1, char *prompt2, CK_UTF8CHAR_PTR *pin,
977711facfSdinak 		    CK_ULONG *pinlen);
987711facfSdinak extern boolean_t	yesno(char *prompt, char *invalid, boolean_t dflt);
997711facfSdinak 
1007711facfSdinak extern CK_RV	get_token_slots(CK_SLOT_ID_PTR *slot_list,
1017711facfSdinak 		    CK_ULONG *slot_count);
10299ebb4caSwyllys 
10399ebb4caSwyllys extern int get_subname(char **);
1042cbed729Swyllys extern int get_serial(char **);
1052cbed729Swyllys extern int get_certlabel(char **);
1062cbed729Swyllys extern int get_filename(char *, char **);
1077c478bd9Sstevel@tonic-gate 
10849e21299Sdinak extern int	getopt_av(int argc, char * const argv[], const char *optstring);
10949e21299Sdinak extern char	*optarg_av;
11049e21299Sdinak extern int	optind_av;
11149e21299Sdinak 
11299ebb4caSwyllys int OT2Int(char *);
11399ebb4caSwyllys int PK2Int(char *);
11499ebb4caSwyllys KMF_KEYSTORE_TYPE KS2Int(char *);
115*e65e5c2dSWyllys Ingersoll int Str2KeyType(char *, KMF_OID *, KMF_KEY_ALG *, KMF_ALGORITHM_INDEX *);
11699ebb4caSwyllys int Str2SymKeyType(char *, KMF_KEY_ALG *);
11799ebb4caSwyllys int Str2Lifetime(char *, uint32_t *);
11899ebb4caSwyllys KMF_RETURN select_token(void *, char *, int);
11999ebb4caSwyllys KMF_RETURN configure_nss(void *, char *, char *);
12099ebb4caSwyllys 
12199ebb4caSwyllys KMF_ENCODE_FORMAT Str2Format(char *);
12299ebb4caSwyllys KMF_RETURN get_pk12_password(KMF_CREDENTIAL *);
12399ebb4caSwyllys KMF_RETURN hexstring2bytes(uchar_t *, uchar_t **, size_t *);
12499ebb4caSwyllys KMF_RETURN verify_altname(char *arg, KMF_GENERALNAMECHOICES *, int *);
12599ebb4caSwyllys KMF_RETURN verify_keyusage(char *arg, uint16_t *, int *);
12699ebb4caSwyllys KMF_RETURN verify_file(char *);
127d00756ccSwyllys KMF_RETURN verify_ekunames(char *, EKU_LIST **);
128fa60c371Swyllys KMF_RETURN token_auth_needed(KMF_HANDLE_T, char *, int *);
129*e65e5c2dSWyllys Ingersoll KMF_OID *ecc_name_to_oid(char *);
130*e65e5c2dSWyllys Ingersoll void show_ecc_curves();
131*e65e5c2dSWyllys Ingersoll KMF_RETURN genkeypair_pkcs11(KMF_HANDLE_T, char *, char *, KMF_KEY_ALG,
132*e65e5c2dSWyllys Ingersoll 	int, KMF_CREDENTIAL *, KMF_OID *,
133*e65e5c2dSWyllys Ingersoll 	KMF_KEY_HANDLE *, KMF_KEY_HANDLE *);
134*e65e5c2dSWyllys Ingersoll 
135*e65e5c2dSWyllys Ingersoll KMF_RETURN genkeypair_file(KMF_HANDLE_T,
136*e65e5c2dSWyllys Ingersoll 	KMF_KEY_ALG, int, KMF_ENCODE_FORMAT,
137*e65e5c2dSWyllys Ingersoll 	char *, KMF_KEY_HANDLE *, KMF_KEY_HANDLE *);
138*e65e5c2dSWyllys Ingersoll 
139*e65e5c2dSWyllys Ingersoll KMF_RETURN genkeypair_nss(KMF_HANDLE_T,
140*e65e5c2dSWyllys Ingersoll 	char *, char *, char *, char *,
141*e65e5c2dSWyllys Ingersoll 	KMF_KEY_ALG, int, KMF_CREDENTIAL *,
142*e65e5c2dSWyllys Ingersoll 	KMF_OID *, KMF_KEY_HANDLE *, KMF_KEY_HANDLE *);
143d00756ccSwyllys 
144d00756ccSwyllys void free_eku_list(EKU_LIST *);
145d00756ccSwyllys 
146d00756ccSwyllys int yn_to_int(char *);
147d00756ccSwyllys 
14899ebb4caSwyllys int get_token_password(KMF_KEYSTORE_TYPE, char *, KMF_CREDENTIAL *);
14999ebb4caSwyllys void display_error(void *, KMF_RETURN, char *);
150fa60c371Swyllys 
15199ebb4caSwyllys #define	DEFAULT_NSS_TOKEN	"internal"
15269648175Shylee #define	DEFAULT_TOKEN_PROMPT	"Enter PIN for %s: "
15399ebb4caSwyllys 
15499ebb4caSwyllys #define	EMPTYSTRING(s) (s == NULL || !strlen((char *)s))
155577f4726Swyllys /*
156577f4726Swyllys  * The "dir" option is only valid with the NSS keystore.  This check
157577f4726Swyllys  * forces PK_ERR_USAGE when it is used with non-NSS keystore.
158577f4726Swyllys  */
159577f4726Swyllys #define	DIR_OPTION_CHECK(k, d) \
160577f4726Swyllys if (k != KMF_KEYSTORE_NSS && d != NULL) { \
161577f4726Swyllys 	cryptoerror(LOG_STDERR, gettext("The 'dir' option is " \
162577f4726Swyllys 	    "not supported with the indicated keystore\n")); \
163577f4726Swyllys 	return (PK_ERR_USAGE); \
164577f4726Swyllys }
165577f4726Swyllys 
16699ebb4caSwyllys 
1677c478bd9Sstevel@tonic-gate #ifdef __cplusplus
1687c478bd9Sstevel@tonic-gate }
1697c478bd9Sstevel@tonic-gate #endif
1707c478bd9Sstevel@tonic-gate 
1717c478bd9Sstevel@tonic-gate #endif /* _PKTOOL_COMMON_H */
172