1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 * 21 * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved. 22 * 23 * Constant definitions and function prototypes for the KMF library. 24 * Commonly used data types are defined in "kmftypes.h". 25 */ 26 27 #ifndef _KMFAPI_H 28 #define _KMFAPI_H 29 30 #include <kmftypes.h> 31 #include <security/cryptoki.h> 32 33 #ifdef __cplusplus 34 extern "C" { 35 #endif 36 37 /* 38 * Setup operations. 39 */ 40 extern KMF_RETURN kmf_initialize(KMF_HANDLE_T *, char *, char *); 41 extern KMF_RETURN kmf_configure_keystore(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 42 extern KMF_RETURN kmf_finalize(KMF_HANDLE_T); 43 44 /* 45 * Key operations. 46 */ 47 extern KMF_RETURN kmf_create_keypair(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 48 49 extern KMF_RETURN kmf_delete_key_from_keystore(KMF_HANDLE_T, int, 50 KMF_ATTRIBUTE *); 51 52 extern KMF_RETURN kmf_find_key(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 53 54 extern KMF_RETURN kmf_find_prikey_by_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 55 56 extern KMF_RETURN kmf_store_key(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 57 58 extern KMF_RETURN kmf_create_sym_key(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 59 60 extern KMF_RETURN kmf_get_sym_key_value(KMF_HANDLE_T, KMF_KEY_HANDLE *, 61 KMF_RAW_SYM_KEY *); 62 63 /* 64 * Certificate operations. 65 */ 66 extern KMF_RETURN kmf_find_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 67 68 extern KMF_RETURN kmf_encode_cert_record(KMF_X509_CERTIFICATE *, KMF_DATA *); 69 70 extern KMF_RETURN kmf_import_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 71 72 extern KMF_RETURN kmf_store_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 73 74 extern KMF_RETURN kmf_delete_cert_from_keystore(KMF_HANDLE_T, int, 75 KMF_ATTRIBUTE *); 76 77 extern KMF_RETURN kmf_validate_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 78 79 extern KMF_RETURN kmf_create_cert_file(const KMF_DATA *, KMF_ENCODE_FORMAT, 80 char *); 81 82 extern KMF_RETURN kmf_download_cert(KMF_HANDLE_T, char *, char *, int, 83 unsigned int, char *, KMF_ENCODE_FORMAT *); 84 85 extern KMF_RETURN kmf_is_cert_data(KMF_DATA *, KMF_ENCODE_FORMAT *); 86 extern KMF_RETURN kmf_is_cert_file(KMF_HANDLE_T, char *, KMF_ENCODE_FORMAT *); 87 88 extern KMF_RETURN kmf_check_cert_date(KMF_HANDLE_T, const KMF_DATA *); 89 90 /* 91 * Crypto operations with key or cert. 92 */ 93 extern KMF_RETURN kmf_encrypt(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 94 extern KMF_RETURN kmf_decrypt(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 95 extern KMF_RETURN kmf_sign_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 96 extern KMF_RETURN kmf_sign_data(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 97 extern KMF_RETURN kmf_verify_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 98 extern KMF_RETURN kmf_verify_data(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 99 100 /* 101 * CRL operations. 102 */ 103 extern KMF_RETURN kmf_import_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 104 extern KMF_RETURN kmf_delete_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 105 extern KMF_RETURN kmf_list_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 106 extern KMF_RETURN kmf_find_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 107 extern KMF_RETURN kmf_find_cert_in_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 108 extern KMF_RETURN kmf_verify_crl_file(KMF_HANDLE_T, char *, KMF_DATA *); 109 extern KMF_RETURN kmf_check_crl_date(KMF_HANDLE_T, char *); 110 extern KMF_RETURN kmf_download_crl(KMF_HANDLE_T, char *, char *, 111 int, unsigned int, char *, KMF_ENCODE_FORMAT *); 112 extern KMF_RETURN kmf_is_crl_file(KMF_HANDLE_T, char *, KMF_ENCODE_FORMAT *); 113 114 /* 115 * CSR operations. 116 */ 117 extern KMF_RETURN kmf_create_csr_file(KMF_DATA *, KMF_ENCODE_FORMAT, char *); 118 extern KMF_RETURN kmf_set_csr_pubkey(KMF_HANDLE_T, 119 KMF_KEY_HANDLE *, KMF_CSR_DATA *); 120 extern KMF_RETURN kmf_set_csr_version(KMF_CSR_DATA *, uint32_t); 121 extern KMF_RETURN kmf_set_csr_subject(KMF_CSR_DATA *, KMF_X509_NAME *); 122 extern KMF_RETURN kmf_set_csr_extn(KMF_CSR_DATA *, KMF_X509_EXTENSION *); 123 extern KMF_RETURN kmf_set_csr_sig_alg(KMF_CSR_DATA *, KMF_ALGORITHM_INDEX); 124 extern KMF_RETURN kmf_set_csr_subject_altname(KMF_CSR_DATA *, char *, 125 int, KMF_GENERALNAMECHOICES); 126 extern KMF_RETURN kmf_set_csr_ku(KMF_CSR_DATA *, int, uint16_t); 127 extern KMF_RETURN kmf_decode_csr(KMF_HANDLE_T, KMF_DATA *, KMF_CSR_DATA *); 128 extern KMF_RETURN kmf_verify_csr(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 129 extern KMF_RETURN kmf_sign_csr(KMF_HANDLE_T, const KMF_CSR_DATA *, 130 KMF_KEY_HANDLE *, KMF_DATA *); 131 extern KMF_RETURN kmf_add_csr_eku(KMF_CSR_DATA *, KMF_OID *, int); 132 133 /* 134 * GetCert operations. 135 */ 136 extern KMF_RETURN kmf_get_cert_extn(const KMF_DATA *, KMF_OID *, 137 KMF_X509_EXTENSION *); 138 139 extern KMF_RETURN kmf_get_cert_extns(const KMF_DATA *, KMF_FLAG_CERT_EXTN, 140 KMF_X509_EXTENSION **, int *); 141 142 extern KMF_RETURN kmf_get_cert_ku(const KMF_DATA *, KMF_X509EXT_KEY_USAGE *); 143 144 extern KMF_RETURN kmf_get_cert_eku(const KMF_DATA *, KMF_X509EXT_EKU *); 145 146 extern KMF_RETURN kmf_get_cert_basic_constraint(const KMF_DATA *, 147 KMF_BOOL *, KMF_X509EXT_BASICCONSTRAINTS *); 148 149 extern KMF_RETURN kmf_get_cert_policies(const KMF_DATA *, 150 KMF_BOOL *, KMF_X509EXT_CERT_POLICIES *); 151 152 extern KMF_RETURN kmf_get_cert_auth_info_access(const KMF_DATA *, 153 KMF_X509EXT_AUTHINFOACCESS *); 154 155 extern KMF_RETURN kmf_get_cert_crl_dist_pts(const KMF_DATA *, 156 KMF_X509EXT_CRLDISTPOINTS *); 157 158 extern KMF_RETURN kmf_get_cert_version_str(KMF_HANDLE_T, const KMF_DATA *, 159 char **); 160 161 extern KMF_RETURN kmf_get_cert_subject_str(KMF_HANDLE_T, const KMF_DATA *, 162 char **); 163 164 extern KMF_RETURN kmf_get_cert_issuer_str(KMF_HANDLE_T, const KMF_DATA *, 165 char **); 166 167 extern KMF_RETURN kmf_get_cert_serial_str(KMF_HANDLE_T, const KMF_DATA *, 168 char **); 169 170 extern KMF_RETURN kmf_get_cert_start_date_str(KMF_HANDLE_T, const KMF_DATA *, 171 char **); 172 173 extern KMF_RETURN kmf_get_cert_end_date_str(KMF_HANDLE_T, const KMF_DATA *, 174 char **); 175 176 extern KMF_RETURN kmf_get_cert_pubkey_alg_str(KMF_HANDLE_T, const KMF_DATA *, 177 char **); 178 179 extern KMF_RETURN kmf_get_cert_sig_alg_str(KMF_HANDLE_T, const KMF_DATA *, 180 char **); 181 182 extern KMF_RETURN kmf_get_cert_pubkey_str(KMF_HANDLE_T, const KMF_DATA *, 183 char **); 184 185 extern KMF_RETURN kmf_get_cert_email_str(KMF_HANDLE_T, const KMF_DATA *, 186 char **); 187 188 extern KMF_RETURN kmf_get_cert_extn_str(KMF_HANDLE_T, const KMF_DATA *, 189 KMF_PRINTABLE_ITEM, char **); 190 191 extern KMF_RETURN kmf_get_cert_id_data(const KMF_DATA *, KMF_DATA *); 192 193 extern KMF_RETURN kmf_get_cert_id_str(const KMF_DATA *, char **); 194 195 extern KMF_RETURN kmf_get_cert_validity(const KMF_DATA *, time_t *, time_t *); 196 197 198 /* 199 * SetCert operations 200 */ 201 extern KMF_RETURN kmf_set_cert_pubkey(KMF_HANDLE_T, KMF_KEY_HANDLE *, 202 KMF_X509_CERTIFICATE *); 203 204 extern KMF_RETURN kmf_set_cert_subject(KMF_X509_CERTIFICATE *, 205 KMF_X509_NAME *); 206 207 extern KMF_RETURN kmf_set_cert_ku(KMF_X509_CERTIFICATE *, int, uint16_t); 208 209 extern KMF_RETURN kmf_set_cert_issuer(KMF_X509_CERTIFICATE *, 210 KMF_X509_NAME *); 211 212 extern KMF_RETURN kmf_set_cert_sig_alg(KMF_X509_CERTIFICATE *, 213 KMF_ALGORITHM_INDEX); 214 215 extern KMF_RETURN kmf_set_cert_validity(KMF_X509_CERTIFICATE *, 216 time_t, uint32_t); 217 218 extern KMF_RETURN kmf_set_cert_serial(KMF_X509_CERTIFICATE *, 219 KMF_BIGINT *); 220 221 extern KMF_RETURN kmf_set_cert_version(KMF_X509_CERTIFICATE *, uint32_t); 222 223 extern KMF_RETURN kmf_set_cert_issuer_altname(KMF_X509_CERTIFICATE *, 224 int, KMF_GENERALNAMECHOICES, char *); 225 226 extern KMF_RETURN kmf_set_cert_subject_altname(KMF_X509_CERTIFICATE *, 227 int, KMF_GENERALNAMECHOICES, char *); 228 229 extern KMF_RETURN kmf_add_cert_eku(KMF_X509_CERTIFICATE *, KMF_OID *, int); 230 231 extern KMF_RETURN kmf_set_cert_extn(KMF_X509_CERTIFICATE *, 232 KMF_X509_EXTENSION *); 233 234 extern KMF_RETURN kmf_set_cert_basic_constraint(KMF_X509_CERTIFICATE *, 235 KMF_BOOL, KMF_X509EXT_BASICCONSTRAINTS *); 236 237 238 /* 239 * PK12 operations 240 */ 241 extern KMF_RETURN kmf_export_pk12(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 242 243 extern KMF_RETURN kmf_build_pk12(KMF_HANDLE_T, int, KMF_X509_DER_CERT *, 244 int, KMF_KEY_HANDLE *, KMF_CREDENTIAL *, char *); 245 246 extern KMF_RETURN kmf_import_objects(KMF_HANDLE_T, char *, KMF_CREDENTIAL *, 247 KMF_X509_DER_CERT **, int *, KMF_RAW_KEY_DATA **, int *); 248 249 /* 250 * OCSP operations 251 */ 252 extern KMF_RETURN kmf_get_ocsp_for_cert(KMF_HANDLE_T, KMF_DATA *, KMF_DATA *, 253 KMF_DATA *); 254 255 extern KMF_RETURN kmf_create_ocsp_request(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 256 257 extern KMF_RETURN kmf_get_encoded_ocsp_response(KMF_HANDLE_T, char *, 258 char *, int, char *, int, char *, unsigned int); 259 260 extern KMF_RETURN kmf_get_ocsp_status_for_cert(KMF_HANDLE_T, int, 261 KMF_ATTRIBUTE *); 262 263 /* 264 * Policy Operations 265 */ 266 extern KMF_RETURN kmf_set_policy(KMF_HANDLE_T, char *, char *); 267 268 /* 269 * Error handling. 270 */ 271 extern KMF_RETURN kmf_get_plugin_error_str(KMF_HANDLE_T, char **); 272 extern KMF_RETURN kmf_get_kmf_error_str(KMF_RETURN, char **); 273 274 /* 275 * Miscellaneous 276 */ 277 extern KMF_RETURN kmf_dn_parser(char *, KMF_X509_NAME *); 278 extern KMF_RETURN kmf_read_input_file(KMF_HANDLE_T, char *, KMF_DATA *); 279 extern KMF_RETURN kmf_der_to_pem(KMF_OBJECT_TYPE, unsigned char *, 280 int, unsigned char **, int *); 281 extern KMF_RETURN kmf_pem_to_der(unsigned char *, int, unsigned char **, int *); 282 extern char *kmf_oid_to_string(KMF_OID *); 283 extern KMF_RETURN kmf_string_to_oid(char *, KMF_OID *); 284 extern int kmf_compare_rdns(KMF_X509_NAME *, KMF_X509_NAME *); 285 extern KMF_RETURN kmf_get_data_format(KMF_DATA *, KMF_ENCODE_FORMAT *); 286 extern KMF_RETURN kmf_get_file_format(char *, KMF_ENCODE_FORMAT *); 287 extern uint32_t kmf_string_to_ku(char *); 288 extern char *kmf_ku_to_string(uint32_t); 289 extern KMF_RETURN kmf_hexstr_to_bytes(unsigned char *, unsigned char **, 290 size_t *); 291 292 extern KMF_RETURN kmf_get_plugin_info(KMF_HANDLE_T, char *, 293 KMF_KEYSTORE_TYPE *, char **); 294 295 extern KMF_OID *kmf_ekuname_to_oid(char *); 296 extern char *kmf_oid_to_ekuname(KMF_OID *); 297 298 #define KMF_CompareRDNs kmf_compare_rdns 299 300 /* 301 * Memory cleanup operations 302 */ 303 extern void kmf_free_dn(KMF_X509_NAME *); 304 extern void kmf_free_kmf_cert(KMF_HANDLE_T, KMF_X509_DER_CERT *); 305 extern void kmf_free_data(KMF_DATA *); 306 extern void kmf_free_algoid(KMF_X509_ALGORITHM_IDENTIFIER *); 307 extern void kmf_free_extn(KMF_X509_EXTENSION *); 308 extern void kmf_free_tbs_csr(KMF_TBS_CSR *); 309 extern void kmf_free_signed_csr(KMF_CSR_DATA *); 310 extern void kmf_free_tbs_cert(KMF_X509_TBS_CERT *); 311 extern void kmf_free_signed_cert(KMF_X509_CERTIFICATE *); 312 extern void kmf_free_str(char *); 313 extern void kmf_free_eku(KMF_X509EXT_EKU *); 314 extern void kmf_free_spki(KMF_X509_SPKI *); 315 extern void kmf_free_kmf_key(KMF_HANDLE_T, KMF_KEY_HANDLE *); 316 extern void kmf_free_bigint(KMF_BIGINT *); 317 extern void kmf_free_raw_key(KMF_RAW_KEY_DATA *); 318 extern void kmf_free_raw_sym_key(KMF_RAW_SYM_KEY *); 319 extern void kmf_free_crl_dist_pts(KMF_X509EXT_CRLDISTPOINTS *); 320 321 /* APIs for PKCS#11 token */ 322 extern KMF_RETURN kmf_pk11_token_lookup(KMF_HANDLE_T, char *, CK_SLOT_ID *); 323 extern KMF_RETURN kmf_pk11_init_token(KMF_HANDLE_T, 324 char *, char *, CK_UTF8CHAR_PTR, CK_ULONG); 325 extern KMF_RETURN kmf_set_token_pin(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 326 extern CK_SESSION_HANDLE kmf_get_pk11_handle(KMF_HANDLE_T); 327 328 /* 329 * Attribute management routines. 330 */ 331 int kmf_find_attr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int); 332 void *kmf_get_attr_ptr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int); 333 KMF_RETURN kmf_get_attr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int, void *, 334 uint32_t *); 335 KMF_RETURN kmf_get_string_attr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int, char **); 336 KMF_RETURN kmf_set_attr(KMF_ATTRIBUTE *, int, KMF_ATTR_TYPE, void *, uint32_t); 337 void kmf_set_attr_at_index(KMF_ATTRIBUTE *, int, KMF_ATTR_TYPE, 338 void *, uint32_t); 339 340 /* 341 * Certificate to name mapping functions. 342 */ 343 KMF_RETURN kmf_cert_to_name_mapping_initialize(KMF_HANDLE_T, int, 344 KMF_ATTRIBUTE *); 345 KMF_RETURN kmf_cert_to_name_mapping_finalize(KMF_HANDLE_T); 346 KMF_RETURN kmf_map_cert_to_name(KMF_HANDLE_T, KMF_DATA *, KMF_DATA *); 347 KMF_RETURN kmf_match_cert_to_name(KMF_HANDLE_T, KMF_DATA *, KMF_DATA *, 348 KMF_DATA *); 349 KMF_RETURN kmf_get_mapper_error_str(KMF_HANDLE_T, char **); 350 /* 351 * Helper functions for handling the mapper internal state. They are part of the 352 * public interface, too. 353 */ 354 void kmf_set_mapper_lasterror(KMF_HANDLE_T, uint32_t); 355 uint32_t kmf_get_mapper_lasterror(KMF_HANDLE_T); 356 void kmf_set_mapper_options(KMF_HANDLE_T, void *); 357 void *kmf_get_mapper_options(KMF_HANDLE_T); 358 359 #ifdef __cplusplus 360 } 361 #endif 362 #endif /* _KMFAPI_H */ 363