1*99ebb4caSwyllys /* 2*99ebb4caSwyllys * CDDL HEADER START 3*99ebb4caSwyllys * 4*99ebb4caSwyllys * The contents of this file are subject to the terms of the 5*99ebb4caSwyllys * Common Development and Distribution License (the "License"). 6*99ebb4caSwyllys * You may not use this file except in compliance with the License. 7*99ebb4caSwyllys * 8*99ebb4caSwyllys * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9*99ebb4caSwyllys * or http://www.opensolaris.org/os/licensing. 10*99ebb4caSwyllys * See the License for the specific language governing permissions 11*99ebb4caSwyllys * and limitations under the License. 12*99ebb4caSwyllys * 13*99ebb4caSwyllys * When distributing Covered Code, include this CDDL HEADER in each 14*99ebb4caSwyllys * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15*99ebb4caSwyllys * If applicable, add the following below this CDDL HEADER, with the 16*99ebb4caSwyllys * fields enclosed by brackets "[]" replaced with your own identifying 17*99ebb4caSwyllys * information: Portions Copyright [yyyy] [name of copyright owner] 18*99ebb4caSwyllys * 19*99ebb4caSwyllys * CDDL HEADER END 20*99ebb4caSwyllys */ 21*99ebb4caSwyllys /* 22*99ebb4caSwyllys * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 23*99ebb4caSwyllys * Use is subject to license terms. 24*99ebb4caSwyllys */ 25*99ebb4caSwyllys #ifndef _KMFAPIP_H 26*99ebb4caSwyllys #define _KMFAPIP_H 27*99ebb4caSwyllys 28*99ebb4caSwyllys #pragma ident "%Z%%M% %I% %E% SMI" 29*99ebb4caSwyllys 30*99ebb4caSwyllys #include <kmfapi.h> 31*99ebb4caSwyllys #include <kmfpolicy.h> 32*99ebb4caSwyllys 33*99ebb4caSwyllys #ifdef __cplusplus 34*99ebb4caSwyllys extern "C" { 35*99ebb4caSwyllys #endif 36*99ebb4caSwyllys 37*99ebb4caSwyllys /* Plugin function table */ 38*99ebb4caSwyllys typedef struct { 39*99ebb4caSwyllys ushort_t version; 40*99ebb4caSwyllys KMF_RETURN (*ConfigureKeystore) ( 41*99ebb4caSwyllys KMF_HANDLE_T, 42*99ebb4caSwyllys KMF_CONFIG_PARAMS *); 43*99ebb4caSwyllys 44*99ebb4caSwyllys KMF_RETURN (*FindCert) ( 45*99ebb4caSwyllys KMF_HANDLE_T, 46*99ebb4caSwyllys KMF_FINDCERT_PARAMS *, 47*99ebb4caSwyllys KMF_X509_DER_CERT *, 48*99ebb4caSwyllys uint32_t *); 49*99ebb4caSwyllys 50*99ebb4caSwyllys void (*FreeKMFCert) ( 51*99ebb4caSwyllys KMF_HANDLE_T, 52*99ebb4caSwyllys KMF_X509_DER_CERT *); 53*99ebb4caSwyllys 54*99ebb4caSwyllys KMF_RETURN (*StoreCert) ( 55*99ebb4caSwyllys KMF_HANDLE_T, 56*99ebb4caSwyllys KMF_STORECERT_PARAMS *, 57*99ebb4caSwyllys KMF_DATA *); 58*99ebb4caSwyllys 59*99ebb4caSwyllys KMF_RETURN (*ImportCert) ( 60*99ebb4caSwyllys KMF_HANDLE_T, 61*99ebb4caSwyllys KMF_IMPORTCERT_PARAMS *); 62*99ebb4caSwyllys 63*99ebb4caSwyllys KMF_RETURN (*ImportCRL) ( 64*99ebb4caSwyllys KMF_HANDLE_T, 65*99ebb4caSwyllys KMF_IMPORTCRL_PARAMS *); 66*99ebb4caSwyllys 67*99ebb4caSwyllys KMF_RETURN (*DeleteCert) ( 68*99ebb4caSwyllys KMF_HANDLE_T, 69*99ebb4caSwyllys KMF_DELETECERT_PARAMS *); 70*99ebb4caSwyllys 71*99ebb4caSwyllys KMF_RETURN (*DeleteCRL) ( 72*99ebb4caSwyllys KMF_HANDLE_T, 73*99ebb4caSwyllys KMF_DELETECRL_PARAMS *); 74*99ebb4caSwyllys 75*99ebb4caSwyllys KMF_RETURN (*CreateKeypair) ( 76*99ebb4caSwyllys KMF_HANDLE_T, 77*99ebb4caSwyllys KMF_CREATEKEYPAIR_PARAMS *, 78*99ebb4caSwyllys KMF_KEY_HANDLE *, 79*99ebb4caSwyllys KMF_KEY_HANDLE *); 80*99ebb4caSwyllys 81*99ebb4caSwyllys KMF_RETURN (*FindKey) ( 82*99ebb4caSwyllys KMF_HANDLE_T, 83*99ebb4caSwyllys KMF_FINDKEY_PARAMS *, 84*99ebb4caSwyllys KMF_KEY_HANDLE *, 85*99ebb4caSwyllys uint32_t *); 86*99ebb4caSwyllys 87*99ebb4caSwyllys KMF_RETURN (*EncodePubkeyData) ( 88*99ebb4caSwyllys KMF_HANDLE_T, 89*99ebb4caSwyllys KMF_KEY_HANDLE *, 90*99ebb4caSwyllys KMF_DATA *); 91*99ebb4caSwyllys 92*99ebb4caSwyllys KMF_RETURN (*SignData) ( 93*99ebb4caSwyllys KMF_HANDLE_T, 94*99ebb4caSwyllys KMF_KEY_HANDLE *, 95*99ebb4caSwyllys KMF_OID *, 96*99ebb4caSwyllys KMF_DATA *, 97*99ebb4caSwyllys KMF_DATA *); 98*99ebb4caSwyllys 99*99ebb4caSwyllys KMF_RETURN (*DeleteKey) ( 100*99ebb4caSwyllys KMF_HANDLE_T, 101*99ebb4caSwyllys KMF_DELETEKEY_PARAMS *, 102*99ebb4caSwyllys KMF_KEY_HANDLE *, 103*99ebb4caSwyllys boolean_t); 104*99ebb4caSwyllys 105*99ebb4caSwyllys KMF_RETURN (*ListCRL) ( 106*99ebb4caSwyllys KMF_HANDLE_T, 107*99ebb4caSwyllys KMF_LISTCRL_PARAMS *, 108*99ebb4caSwyllys char **); 109*99ebb4caSwyllys 110*99ebb4caSwyllys KMF_RETURN (*FindCRL) ( 111*99ebb4caSwyllys KMF_HANDLE_T, 112*99ebb4caSwyllys KMF_FINDCRL_PARAMS *, 113*99ebb4caSwyllys char **, 114*99ebb4caSwyllys int *); 115*99ebb4caSwyllys 116*99ebb4caSwyllys KMF_RETURN (*FindCertInCRL) ( 117*99ebb4caSwyllys KMF_HANDLE_T, 118*99ebb4caSwyllys KMF_FINDCERTINCRL_PARAMS *); 119*99ebb4caSwyllys 120*99ebb4caSwyllys KMF_RETURN (*GetErrorString) ( 121*99ebb4caSwyllys KMF_HANDLE_T, 122*99ebb4caSwyllys char **); 123*99ebb4caSwyllys 124*99ebb4caSwyllys KMF_RETURN (*GetPrikeyByCert) ( 125*99ebb4caSwyllys KMF_HANDLE_T, 126*99ebb4caSwyllys KMF_CRYPTOWITHCERT_PARAMS *, 127*99ebb4caSwyllys KMF_DATA *, 128*99ebb4caSwyllys KMF_KEY_HANDLE *, 129*99ebb4caSwyllys KMF_KEY_ALG); 130*99ebb4caSwyllys 131*99ebb4caSwyllys KMF_RETURN (*DecryptData) ( 132*99ebb4caSwyllys KMF_HANDLE_T, 133*99ebb4caSwyllys KMF_KEY_HANDLE *, 134*99ebb4caSwyllys KMF_OID *, 135*99ebb4caSwyllys KMF_DATA *, 136*99ebb4caSwyllys KMF_DATA *); 137*99ebb4caSwyllys 138*99ebb4caSwyllys KMF_RETURN (*ExportP12)( 139*99ebb4caSwyllys KMF_HANDLE_T, 140*99ebb4caSwyllys KMF_EXPORTP12_PARAMS *, 141*99ebb4caSwyllys int, KMF_X509_DER_CERT *, 142*99ebb4caSwyllys int, KMF_KEY_HANDLE *, 143*99ebb4caSwyllys char *); 144*99ebb4caSwyllys 145*99ebb4caSwyllys KMF_RETURN (*StorePrivateKey)( 146*99ebb4caSwyllys KMF_HANDLE_T, 147*99ebb4caSwyllys KMF_STOREKEY_PARAMS *, 148*99ebb4caSwyllys KMF_RAW_KEY_DATA *); 149*99ebb4caSwyllys 150*99ebb4caSwyllys KMF_RETURN (*CreateSymKey) ( 151*99ebb4caSwyllys KMF_HANDLE_T, 152*99ebb4caSwyllys KMF_CREATESYMKEY_PARAMS *, 153*99ebb4caSwyllys KMF_KEY_HANDLE *); 154*99ebb4caSwyllys 155*99ebb4caSwyllys KMF_RETURN (*GetSymKeyValue) ( 156*99ebb4caSwyllys KMF_HANDLE_T, 157*99ebb4caSwyllys KMF_KEY_HANDLE *, 158*99ebb4caSwyllys KMF_RAW_SYM_KEY *); 159*99ebb4caSwyllys 160*99ebb4caSwyllys KMF_RETURN (*SetTokenPin) ( 161*99ebb4caSwyllys KMF_HANDLE_T, 162*99ebb4caSwyllys KMF_SETPIN_PARAMS *, 163*99ebb4caSwyllys KMF_CREDENTIAL *); 164*99ebb4caSwyllys 165*99ebb4caSwyllys void (*Finalize) (); 166*99ebb4caSwyllys 167*99ebb4caSwyllys } KMF_PLUGIN_FUNCLIST; 168*99ebb4caSwyllys 169*99ebb4caSwyllys typedef struct { 170*99ebb4caSwyllys KMF_KEYSTORE_TYPE type; 171*99ebb4caSwyllys char *applications; 172*99ebb4caSwyllys char *path; 173*99ebb4caSwyllys void *dldesc; 174*99ebb4caSwyllys KMF_PLUGIN_FUNCLIST *funclist; 175*99ebb4caSwyllys } KMF_PLUGIN; 176*99ebb4caSwyllys 177*99ebb4caSwyllys typedef struct _KMF_PLUGIN_LIST { 178*99ebb4caSwyllys KMF_PLUGIN *plugin; 179*99ebb4caSwyllys struct _KMF_PLUGIN_LIST *next; 180*99ebb4caSwyllys } KMF_PLUGIN_LIST; 181*99ebb4caSwyllys 182*99ebb4caSwyllys typedef struct _kmf_handle { 183*99ebb4caSwyllys /* 184*99ebb4caSwyllys * session handle opened by KMF_SelectToken() to talk 185*99ebb4caSwyllys * to a specific slot in Crypto framework. It is used 186*99ebb4caSwyllys * by pkcs11 plugin module. 187*99ebb4caSwyllys */ 188*99ebb4caSwyllys CK_SESSION_HANDLE pk11handle; 189*99ebb4caSwyllys KMF_ERROR lasterr; 190*99ebb4caSwyllys KMF_POLICY_RECORD *policy; 191*99ebb4caSwyllys KMF_PLUGIN_LIST *plugins; 192*99ebb4caSwyllys } KMF_HANDLE; 193*99ebb4caSwyllys 194*99ebb4caSwyllys #define CLEAR_ERROR(h, rv) { \ 195*99ebb4caSwyllys if (h == NULL) { \ 196*99ebb4caSwyllys rv = KMF_ERR_BAD_PARAMETER; \ 197*99ebb4caSwyllys } else { \ 198*99ebb4caSwyllys h->lasterr.errcode = 0; \ 199*99ebb4caSwyllys h->lasterr.kstype = 0; \ 200*99ebb4caSwyllys rv = KMF_OK; \ 201*99ebb4caSwyllys } \ 202*99ebb4caSwyllys } 203*99ebb4caSwyllys 204*99ebb4caSwyllys #define KMF_PLUGIN_INIT_SYMBOL "KMF_Plugin_Initialize" 205*99ebb4caSwyllys 206*99ebb4caSwyllys #ifndef KMF_PLUGIN_PATH 207*99ebb4caSwyllys #if defined(__sparcv9) 208*99ebb4caSwyllys #define KMF_PLUGIN_PATH "/usr/lib/security/sparcv9/" 209*99ebb4caSwyllys #elif defined(__sparc) 210*99ebb4caSwyllys #define KMF_PLUGIN_PATH "/usr/lib/security/" 211*99ebb4caSwyllys #elif defined(__i386) 212*99ebb4caSwyllys #define KMF_PLUGIN_PATH "/usr/lib/security/" 213*99ebb4caSwyllys #elif defined(__amd64) 214*99ebb4caSwyllys #define KMF_PLUGIN_PATH "/usr/lib/security/amd64/" 215*99ebb4caSwyllys #endif 216*99ebb4caSwyllys #endif /* !KMF_PLUGIN_PATH */ 217*99ebb4caSwyllys 218*99ebb4caSwyllys KMF_PLUGIN_FUNCLIST *KMF_Plugin_Initialize(); 219*99ebb4caSwyllys 220*99ebb4caSwyllys KMF_RETURN 221*99ebb4caSwyllys SignCert(KMF_HANDLE_T, const KMF_DATA *, KMF_KEY_HANDLE *, KMF_DATA *); 222*99ebb4caSwyllys 223*99ebb4caSwyllys KMF_RETURN 224*99ebb4caSwyllys VerifyCertWithKey(KMF_HANDLE_T, KMF_DATA *, const KMF_DATA *); 225*99ebb4caSwyllys 226*99ebb4caSwyllys KMF_RETURN 227*99ebb4caSwyllys VerifyCertWithCert(KMF_HANDLE_T, const KMF_DATA *, const KMF_DATA *); 228*99ebb4caSwyllys 229*99ebb4caSwyllys KMF_RETURN 230*99ebb4caSwyllys VerifyDataWithCert(KMF_HANDLE_T, KMF_DATA *, KMF_DATA *, const KMF_DATA *); 231*99ebb4caSwyllys 232*99ebb4caSwyllys KMF_RETURN 233*99ebb4caSwyllys VerifyDataWithKey(KMF_HANDLE_T, KMF_DATA *, KMF_ALGORITHM_INDEX, KMF_DATA *, 234*99ebb4caSwyllys KMF_DATA *); 235*99ebb4caSwyllys 236*99ebb4caSwyllys KMF_RETURN 237*99ebb4caSwyllys EncryptWithCert(KMF_HANDLE_T, KMF_DATA *, KMF_DATA *, KMF_DATA *); 238*99ebb4caSwyllys 239*99ebb4caSwyllys KMF_RETURN 240*99ebb4caSwyllys DecryptWithCert(KMF_HANDLE_T, KMF_DATA *, KMF_KEY_HANDLE *, KMF_DATA *, 241*99ebb4caSwyllys KMF_DATA *); 242*99ebb4caSwyllys 243*99ebb4caSwyllys KMF_RETURN 244*99ebb4caSwyllys SignCsr(KMF_HANDLE_T, const KMF_DATA *, KMF_KEY_HANDLE *, 245*99ebb4caSwyllys KMF_X509_ALGORITHM_IDENTIFIER *, KMF_DATA *); 246*99ebb4caSwyllys 247*99ebb4caSwyllys KMF_BOOL PKCS_ConvertAlgorithmId2PKCSKeyType( 248*99ebb4caSwyllys KMF_ALGORITHM_INDEX, CK_KEY_TYPE *); 249*99ebb4caSwyllys 250*99ebb4caSwyllys KMF_RETURN PKCS_VerifyData( 251*99ebb4caSwyllys KMF_HANDLE *, 252*99ebb4caSwyllys KMF_ALGORITHM_INDEX, 253*99ebb4caSwyllys KMF_X509_SPKI *, 254*99ebb4caSwyllys KMF_DATA *, KMF_DATA *); 255*99ebb4caSwyllys 256*99ebb4caSwyllys KMF_RETURN PKCS_EncryptData( 257*99ebb4caSwyllys KMF_HANDLE *, 258*99ebb4caSwyllys KMF_ALGORITHM_INDEX, 259*99ebb4caSwyllys KMF_X509_SPKI *, 260*99ebb4caSwyllys KMF_DATA *, 261*99ebb4caSwyllys KMF_DATA *); 262*99ebb4caSwyllys 263*99ebb4caSwyllys KMF_PLUGIN *FindPlugin(KMF_HANDLE_T, KMF_KEYSTORE_TYPE); 264*99ebb4caSwyllys 265*99ebb4caSwyllys KMF_BOOL IsEqualOid(KMF_OID *, KMF_OID *); 266*99ebb4caSwyllys 267*99ebb4caSwyllys KMF_OID *X509_AlgIdToAlgorithmOid(KMF_ALGORITHM_INDEX); 268*99ebb4caSwyllys 269*99ebb4caSwyllys KMF_ALGORITHM_INDEX X509_AlgorithmOidToAlgId(KMF_OID *); 270*99ebb4caSwyllys KMF_RETURN GetIDFromSPKI(KMF_X509_SPKI *, KMF_DATA *); 271*99ebb4caSwyllys CK_RV DigestData(CK_SESSION_HANDLE, KMF_DATA *, KMF_DATA *); 272*99ebb4caSwyllys 273*99ebb4caSwyllys KMF_RETURN KMF_SetAltName(KMF_X509_EXTENSIONS *, 274*99ebb4caSwyllys KMF_OID *, int, KMF_GENERALNAMECHOICES, char *); 275*99ebb4caSwyllys KMF_RETURN GetSequenceContents(char *, size_t, char **, size_t *); 276*99ebb4caSwyllys KMF_X509_EXTENSION *FindExtn(KMF_X509_EXTENSIONS *, KMF_OID *); 277*99ebb4caSwyllys KMF_RETURN add_an_extension(KMF_X509_EXTENSIONS *exts, 278*99ebb4caSwyllys KMF_X509_EXTENSION *newextn); 279*99ebb4caSwyllys KMF_RETURN set_integer(KMF_DATA *, void *, int); 280*99ebb4caSwyllys void free_keyidlist(KMF_OID *, int); 281*99ebb4caSwyllys KMF_RETURN copy_data(KMF_DATA *, KMF_DATA *); 282*99ebb4caSwyllys void Cleanup_PK11_Session(KMF_HANDLE_T handle); 283*99ebb4caSwyllys void free_dp_name(KMF_CRL_DIST_POINT *); 284*99ebb4caSwyllys void free_dp(KMF_CRL_DIST_POINT *); 285*99ebb4caSwyllys KMF_RETURN set_key_usage_extension(KMF_X509_EXTENSIONS *, 286*99ebb4caSwyllys int, uint32_t); 287*99ebb4caSwyllys int is_pk11_ready(); 288*99ebb4caSwyllys KMF_RETURN KMF_SelectToken(KMF_HANDLE_T, char *, int); 289*99ebb4caSwyllys 290*99ebb4caSwyllys 291*99ebb4caSwyllys /* Indexes into the key parts array for RSA keys */ 292*99ebb4caSwyllys #define KMF_RSA_MODULUS (0) 293*99ebb4caSwyllys #define KMF_RSA_PUBLIC_EXPONENT (1) 294*99ebb4caSwyllys #define KMF_RSA_PRIVATE_EXPONENT (2) 295*99ebb4caSwyllys #define KMF_RSA_PRIME1 (3) 296*99ebb4caSwyllys #define KMF_RSA_PRIME2 (4) 297*99ebb4caSwyllys #define KMF_RSA_EXPONENT1 (5) 298*99ebb4caSwyllys #define KMF_RSA_EXPONENT2 (6) 299*99ebb4caSwyllys #define KMF_RSA_COEFFICIENT (7) 300*99ebb4caSwyllys 301*99ebb4caSwyllys /* Key part counts for RSA keys */ 302*99ebb4caSwyllys #define KMF_NUMBER_RSA_PUBLIC_KEY_PARTS (2) 303*99ebb4caSwyllys #define KMF_NUMBER_RSA_PRIVATE_KEY_PARTS (8) 304*99ebb4caSwyllys 305*99ebb4caSwyllys /* Key part counts for DSA keys */ 306*99ebb4caSwyllys #define KMF_NUMBER_DSA_PUBLIC_KEY_PARTS (4) 307*99ebb4caSwyllys #define KMF_NUMBER_DSA_PRIVATE_KEY_PARTS (4) 308*99ebb4caSwyllys 309*99ebb4caSwyllys /* Indexes into the key parts array for DSA keys */ 310*99ebb4caSwyllys #define KMF_DSA_PRIME (0) 311*99ebb4caSwyllys #define KMF_DSA_SUB_PRIME (1) 312*99ebb4caSwyllys #define KMF_DSA_BASE (2) 313*99ebb4caSwyllys #define KMF_DSA_PUBLIC_VALUE (3) 314*99ebb4caSwyllys 315*99ebb4caSwyllys #ifndef max 316*99ebb4caSwyllys #define max(a, b) ((a) < (b) ? (b) : (a)) 317*99ebb4caSwyllys #endif 318*99ebb4caSwyllys 319*99ebb4caSwyllys /* Maximum key parts for all algorithms */ 320*99ebb4caSwyllys #define KMF_MAX_PUBLIC_KEY_PARTS \ 321*99ebb4caSwyllys (max(KMF_NUMBER_RSA_PUBLIC_KEY_PARTS, \ 322*99ebb4caSwyllys KMF_NUMBER_DSA_PUBLIC_KEY_PARTS)) 323*99ebb4caSwyllys 324*99ebb4caSwyllys #define KMF_MAX_PRIVATE_KEY_PARTS \ 325*99ebb4caSwyllys (max(KMF_NUMBER_RSA_PRIVATE_KEY_PARTS, \ 326*99ebb4caSwyllys KMF_NUMBER_DSA_PRIVATE_KEY_PARTS)) 327*99ebb4caSwyllys 328*99ebb4caSwyllys #define KMF_MAX_KEY_PARTS \ 329*99ebb4caSwyllys (max(KMF_MAX_PUBLIC_KEY_PARTS, KMF_MAX_PRIVATE_KEY_PARTS)) 330*99ebb4caSwyllys 331*99ebb4caSwyllys typedef enum { 332*99ebb4caSwyllys KMF_ALGMODE_NONE = 0, 333*99ebb4caSwyllys KMF_ALGMODE_CUSTOM, 334*99ebb4caSwyllys KMF_ALGMODE_PUBLIC_KEY, 335*99ebb4caSwyllys KMF_ALGMODE_PRIVATE_KEY, 336*99ebb4caSwyllys KMF_ALGMODE_PKCS1_EMSA_V15 337*99ebb4caSwyllys } KMF_SIGNATURE_MODE; 338*99ebb4caSwyllys 339*99ebb4caSwyllys #define KMF_CERT_PRINTABLE_LEN 1024 340*99ebb4caSwyllys #define SHA1_HASH_LENGTH 20 341*99ebb4caSwyllys 342*99ebb4caSwyllys #define OCSPREQ_TEMPNAME "/tmp/ocsp.reqXXXXXX" 343*99ebb4caSwyllys #define OCSPRESP_TEMPNAME "/tmp/ocsp.respXXXXXX" 344*99ebb4caSwyllys 345*99ebb4caSwyllys #ifdef __cplusplus 346*99ebb4caSwyllys } 347*99ebb4caSwyllys #endif 348*99ebb4caSwyllys #endif /* _KMFAPIP_H */ 349