cryptoki.h revision 17e2ff97562e18c6231f411e74f504236650a9a1
1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright 2008 Sun Microsystems, Inc.   All rights reserved.
23 * Use is subject to license terms.
24 */
25
26#ifndef	_CRYPTOKI_H
27#define	_CRYPTOKI_H
28
29#pragma ident	"%Z%%M%	%I%	%E% SMI"
30
31#ifdef	__cplusplus
32extern "C" {
33#endif
34
35#ifndef	CK_PTR
36#define	CK_PTR *
37#endif
38
39#ifndef CK_DEFINE_FUNCTION
40#define	CK_DEFINE_FUNCTION(returnType, name) returnType name
41#endif
42
43#ifndef CK_DECLARE_FUNCTION
44#define	CK_DECLARE_FUNCTION(returnType, name) returnType name
45#endif
46
47#ifndef CK_DECLARE_FUNCTION_POINTER
48#define	CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType (* name)
49#endif
50
51#ifndef CK_CALLBACK_FUNCTION
52#define	CK_CALLBACK_FUNCTION(returnType, name) returnType (* name)
53#endif
54
55#ifndef NULL_PTR
56#include <unistd.h>	/* For NULL */
57#define	NULL_PTR NULL
58#endif
59
60/*
61 * pkcs11t.h defines TRUE and FALSE in a way that upsets lint
62 */
63#ifndef	CK_DISABLE_TRUE_FALSE
64#define	CK_DISABLE_TRUE_FALSE
65#ifndef	TRUE
66#define	TRUE	1
67#endif /* TRUE */
68#ifndef	FALSE
69#define	FALSE	0
70#endif /* FALSE */
71#endif /* CK_DISABLE_TRUE_FALSE */
72
73#undef CK_PKCS11_FUNCTION_INFO
74
75#include <security/pkcs11.h>
76
77/* Default salt len to generate PKCS#5 key */
78#define	CK_PKCS5_PBKD2_SALT_SIZE	(16UL)
79
80/* Default number of iterations to generate PKCS#5 key */
81#define	CK_PKCS5_PBKD2_ITERATIONS	(1000UL)
82
83/* Solaris specific functions */
84
85#include <stdlib.h>
86
87/*
88 * pkcs11_GetCriteriaSession will initialize the framework and do all
89 * the necessary work of calling C_GetSlotList(), C_GetMechanismInfo()
90 * C_OpenSession() to create a session that meets all the criteria in
91 * the given function pointer.
92 */
93CK_RV pkcs11_GetCriteriaSession(
94    boolean_t (*criteria)(CK_SLOT_ID slot_id, void *args, CK_RV *rv),
95    void *args, CK_SESSION_HANDLE_PTR hSession);
96
97/*
98 * SUNW_C_GetMechSession will initialize the framework and do all
99 * the necessary PKCS#11 calls to create a session capable of
100 * providing operations on the requested mechanism
101 */
102CK_RV SUNW_C_GetMechSession(CK_MECHANISM_TYPE mech,
103    CK_SESSION_HANDLE_PTR hSession);
104
105/*
106 * SUNW_C_KeyToObject will create a secret key object for the given
107 * mechanism from the rawkey data.
108 */
109CK_RV SUNW_C_KeyToObject(CK_SESSION_HANDLE hSession,
110    CK_MECHANISM_TYPE mech, const void *rawkey, size_t rawkey_len,
111    CK_OBJECT_HANDLE_PTR obj);
112
113/*
114 * pkcs11_PasswdToPBKD2Object will create a secret key from the given string
115 * (e.g. passphrase) using PKCS#5 Password-Based Key Derivation Function 2
116 * (PBKD2).
117 */
118CK_RV
119pkcs11_PasswdToPBKD2Object(CK_SESSION_HANDLE hSession, char *passphrase,
120    size_t passphrase_len, void *salt, size_t salt_len, CK_ULONG iterations,
121    CK_KEY_TYPE key_type, CK_ULONG key_len, CK_FLAGS key_flags,
122    CK_OBJECT_HANDLE_PTR obj);
123
124/*
125 * pkcs11_ObjectToKey gets the rawkey data from a secret key object.
126 * The caller is responsible to free the allocated rawkey data.
127 */
128CK_RV
129pkcs11_ObjectToKey(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE obj,
130    void **rawkey, size_t *rawkey_len, boolean_t destroy_obj);
131
132/*
133 * pkcs11_PasswdToKey will create PKCS#5 PBKD2 rawkey data from the
134 * given passphrase.  The caller is responsible to free the allocated
135 * rawkey data.
136 */
137CK_RV
138pkcs11_PasswdToKey(CK_SESSION_HANDLE hSession, char *passphrase,
139    size_t passphrase_len, void *salt, size_t salt_len, CK_KEY_TYPE key_type,
140    CK_ULONG key_len, void **rawkey, size_t *rawkey_len);
141
142#ifdef	__cplusplus
143}
144#endif
145
146#endif	/* _CRYPTOKI_H */
147