cryptoki.h revision b106467fd72e9bfd9e2bd78fbaa00a96a4eead45
1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright 2008 Sun Microsystems, Inc.   All rights reserved.
23 * Use is subject to license terms.
24 */
25
26#ifndef	_CRYPTOKI_H
27#define	_CRYPTOKI_H
28
29#ifdef	__cplusplus
30extern "C" {
31#endif
32
33#ifndef	CK_PTR
34#define	CK_PTR *
35#endif
36
37#ifndef CK_DEFINE_FUNCTION
38#define	CK_DEFINE_FUNCTION(returnType, name) returnType name
39#endif
40
41#ifndef CK_DECLARE_FUNCTION
42#define	CK_DECLARE_FUNCTION(returnType, name) returnType name
43#endif
44
45#ifndef CK_DECLARE_FUNCTION_POINTER
46#define	CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType (* name)
47#endif
48
49#ifndef CK_CALLBACK_FUNCTION
50#define	CK_CALLBACK_FUNCTION(returnType, name) returnType (* name)
51#endif
52
53#ifndef NULL_PTR
54#include <unistd.h>	/* For NULL */
55#define	NULL_PTR NULL
56#endif
57
58/*
59 * pkcs11t.h defines TRUE and FALSE in a way that upsets lint
60 */
61#ifndef	CK_DISABLE_TRUE_FALSE
62#define	CK_DISABLE_TRUE_FALSE
63#ifndef	TRUE
64#define	TRUE	1
65#endif /* TRUE */
66#ifndef	FALSE
67#define	FALSE	0
68#endif /* FALSE */
69#endif /* CK_DISABLE_TRUE_FALSE */
70
71#undef CK_PKCS11_FUNCTION_INFO
72
73#include <security/pkcs11.h>
74
75/* Default salt len to generate PKCS#5 key */
76#define	CK_PKCS5_PBKD2_SALT_SIZE	(16UL)
77
78/* Default number of iterations to generate PKCS#5 key */
79#define	CK_PKCS5_PBKD2_ITERATIONS	(1000UL)
80
81/* Solaris specific functions */
82
83#include <stdlib.h>
84
85/*
86 * pkcs11_GetCriteriaSession will initialize the framework and do all
87 * the necessary work of calling C_GetSlotList(), C_GetMechanismInfo()
88 * C_OpenSession() to create a session that meets all the criteria in
89 * the given function pointer.
90 */
91CK_RV pkcs11_GetCriteriaSession(
92    boolean_t (*criteria)(CK_SLOT_ID slot_id, void *args, CK_RV *rv),
93    void *args, CK_SESSION_HANDLE_PTR hSession);
94
95/*
96 * SUNW_C_GetMechSession will initialize the framework and do all
97 * the necessary PKCS#11 calls to create a session capable of
98 * providing operations on the requested mechanism
99 */
100CK_RV SUNW_C_GetMechSession(CK_MECHANISM_TYPE mech,
101    CK_SESSION_HANDLE_PTR hSession);
102
103/*
104 * SUNW_C_KeyToObject will create a secret key object for the given
105 * mechanism from the rawkey data.
106 */
107CK_RV SUNW_C_KeyToObject(CK_SESSION_HANDLE hSession,
108    CK_MECHANISM_TYPE mech, const void *rawkey, size_t rawkey_len,
109    CK_OBJECT_HANDLE_PTR obj);
110
111/*
112 * pkcs11_PasswdToPBKD2Object will create a secret key from the given string
113 * (e.g. passphrase) using PKCS#5 Password-Based Key Derivation Function 2
114 * (PBKD2).
115 */
116CK_RV
117pkcs11_PasswdToPBKD2Object(CK_SESSION_HANDLE hSession, char *passphrase,
118    size_t passphrase_len, void *salt, size_t salt_len, CK_ULONG iterations,
119    CK_KEY_TYPE key_type, CK_ULONG key_len, CK_FLAGS key_flags,
120    CK_OBJECT_HANDLE_PTR obj);
121
122/*
123 * pkcs11_ObjectToKey gets the rawkey data from a secret key object.
124 * The caller is responsible to free the allocated rawkey data.
125 */
126CK_RV
127pkcs11_ObjectToKey(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE obj,
128    void **rawkey, size_t *rawkey_len, boolean_t destroy_obj);
129
130/*
131 * pkcs11_PasswdToKey will create PKCS#5 PBKD2 rawkey data from the
132 * given passphrase.  The caller is responsible to free the allocated
133 * rawkey data.
134 */
135CK_RV
136pkcs11_PasswdToKey(CK_SESSION_HANDLE hSession, char *passphrase,
137    size_t passphrase_len, void *salt, size_t salt_len, CK_KEY_TYPE key_type,
138    CK_ULONG key_len, void **rawkey, size_t *rawkey_len);
139
140#ifdef	__cplusplus
141}
142#endif
143
144#endif	/* _CRYPTOKI_H */
145