1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 #ifndef _KMFAPIP_H
26 #define	_KMFAPIP_H
27 
28 #pragma ident	"%Z%%M%	%I%	%E% SMI"
29 
30 #include <kmfapi.h>
31 #include <kmfpolicy.h>
32 
33 #ifdef __cplusplus
34 extern "C" {
35 #endif
36 
37 /* Plugin function table */
38 typedef struct {
39 	ushort_t	version;
40 	KMF_RETURN	(*ConfigureKeystore) (
41 			KMF_HANDLE_T,
42 			KMF_CONFIG_PARAMS *);
43 
44 	KMF_RETURN	(*FindCert) (
45 			KMF_HANDLE_T,
46 			KMF_FINDCERT_PARAMS	*,
47 			KMF_X509_DER_CERT *,
48 			uint32_t *);
49 
50 	void		(*FreeKMFCert) (
51 			KMF_HANDLE_T,
52 			KMF_X509_DER_CERT *);
53 
54 	KMF_RETURN	(*StoreCert) (
55 			KMF_HANDLE_T,
56 			KMF_STORECERT_PARAMS *,
57 			KMF_DATA *);
58 
59 	KMF_RETURN	(*ImportCert) (
60 			KMF_HANDLE_T,
61 			KMF_IMPORTCERT_PARAMS *);
62 
63 	KMF_RETURN	(*ImportCRL) (
64 			KMF_HANDLE_T,
65 			KMF_IMPORTCRL_PARAMS *);
66 
67 	KMF_RETURN	(*DeleteCert) (
68 			KMF_HANDLE_T,
69 			KMF_DELETECERT_PARAMS *);
70 
71 	KMF_RETURN	(*DeleteCRL) (
72 			KMF_HANDLE_T,
73 			KMF_DELETECRL_PARAMS *);
74 
75 	KMF_RETURN	(*CreateKeypair) (
76 			KMF_HANDLE_T,
77 			KMF_CREATEKEYPAIR_PARAMS *,
78 			KMF_KEY_HANDLE *,
79 			KMF_KEY_HANDLE *);
80 
81 	KMF_RETURN	(*FindKey) (
82 			KMF_HANDLE_T,
83 			KMF_FINDKEY_PARAMS *,
84 			KMF_KEY_HANDLE *,
85 			uint32_t *);
86 
87 	KMF_RETURN	(*EncodePubkeyData) (
88 			KMF_HANDLE_T,
89 			KMF_KEY_HANDLE *,
90 			KMF_DATA *);
91 
92 	KMF_RETURN	(*SignData) (
93 			KMF_HANDLE_T,
94 			KMF_KEY_HANDLE *,
95 			KMF_OID *,
96 			KMF_DATA *,
97 			KMF_DATA *);
98 
99 	KMF_RETURN	(*DeleteKey) (
100 			KMF_HANDLE_T,
101 			KMF_DELETEKEY_PARAMS *,
102 			KMF_KEY_HANDLE *,
103 			boolean_t);
104 
105 	KMF_RETURN	(*ListCRL) (
106 			KMF_HANDLE_T,
107 			KMF_LISTCRL_PARAMS *,
108 			char **);
109 
110 	KMF_RETURN	(*FindCRL) (
111 			KMF_HANDLE_T,
112 			KMF_FINDCRL_PARAMS *,
113 			char **,
114 			int *);
115 
116 	KMF_RETURN	(*FindCertInCRL) (
117 			KMF_HANDLE_T,
118 			KMF_FINDCERTINCRL_PARAMS *);
119 
120 	KMF_RETURN	(*GetErrorString) (
121 			KMF_HANDLE_T,
122 			char **);
123 
124 	KMF_RETURN	(*GetPrikeyByCert) (
125 			KMF_HANDLE_T,
126 			KMF_CRYPTOWITHCERT_PARAMS *,
127 			KMF_DATA *,
128 			KMF_KEY_HANDLE *,
129 			KMF_KEY_ALG);
130 
131 	KMF_RETURN	(*DecryptData) (
132 			KMF_HANDLE_T,
133 			KMF_KEY_HANDLE *,
134 			KMF_OID *,
135 			KMF_DATA *,
136 			KMF_DATA *);
137 
138 	KMF_RETURN	(*ExportP12)(
139 			KMF_HANDLE_T,
140 			KMF_EXPORTP12_PARAMS *,
141 			int, KMF_X509_DER_CERT *,
142 			int, KMF_KEY_HANDLE *,
143 			char *);
144 
145 	KMF_RETURN	(*StorePrivateKey)(
146 			KMF_HANDLE_T,
147 			KMF_STOREKEY_PARAMS *,
148 			KMF_RAW_KEY_DATA *);
149 
150 	KMF_RETURN	(*CreateSymKey) (
151 			KMF_HANDLE_T,
152 			KMF_CREATESYMKEY_PARAMS *,
153 			KMF_KEY_HANDLE *);
154 
155 	KMF_RETURN	(*GetSymKeyValue) (
156 			KMF_HANDLE_T,
157 			KMF_KEY_HANDLE *,
158 			KMF_RAW_SYM_KEY *);
159 
160 	KMF_RETURN	(*SetTokenPin) (
161 			KMF_HANDLE_T,
162 			KMF_SETPIN_PARAMS *,
163 			KMF_CREDENTIAL *);
164 
165 	KMF_RETURN	(*VerifyDataWithCert) (
166 			KMF_HANDLE_T,
167 			KMF_ALGORITHM_INDEX,
168 			KMF_DATA *,
169 			KMF_DATA *,
170 			KMF_DATA *);
171 
172 	void		(*Finalize) ();
173 
174 } KMF_PLUGIN_FUNCLIST;
175 
176 typedef struct {
177 	KMF_KEYSTORE_TYPE	type;
178 	char			*applications;
179 	char 			*path;
180 	void 			*dldesc;
181 	KMF_PLUGIN_FUNCLIST	*funclist;
182 } KMF_PLUGIN;
183 
184 typedef struct _KMF_PLUGIN_LIST {
185 	KMF_PLUGIN		*plugin;
186 	struct _KMF_PLUGIN_LIST *next;
187 } KMF_PLUGIN_LIST;
188 
189 typedef struct _kmf_handle {
190 	/*
191 	 * session handle opened by KMF_SelectToken() to talk
192 	 * to a specific slot in Crypto framework. It is used
193 	 * by pkcs11 plugin module.
194 	 */
195 	CK_SESSION_HANDLE	pk11handle;
196 	KMF_ERROR		lasterr;
197 	KMF_POLICY_RECORD	*policy;
198 	KMF_PLUGIN_LIST		*plugins;
199 } KMF_HANDLE;
200 
201 #define	CLEAR_ERROR(h, rv) { \
202 	if (h == NULL) { \
203 		rv = KMF_ERR_BAD_PARAMETER; \
204 	} else { \
205 		h->lasterr.errcode = 0; \
206 		h->lasterr.kstype = 0; \
207 		rv = KMF_OK; \
208 	} \
209 }
210 
211 #define	KMF_PLUGIN_INIT_SYMBOL	"KMF_Plugin_Initialize"
212 
213 #ifndef KMF_PLUGIN_PATH
214 #if defined(__sparcv9)
215 #define	KMF_PLUGIN_PATH "/usr/lib/security/sparcv9/"
216 #elif defined(__sparc)
217 #define	KMF_PLUGIN_PATH "/usr/lib/security/"
218 #elif defined(__i386)
219 #define	KMF_PLUGIN_PATH "/usr/lib/security/"
220 #elif defined(__amd64)
221 #define	KMF_PLUGIN_PATH "/usr/lib/security/amd64/"
222 #endif
223 #endif /* !KMF_PLUGIN_PATH */
224 
225 KMF_PLUGIN_FUNCLIST *KMF_Plugin_Initialize();
226 
227 KMF_RETURN
228 VerifyDataWithKey(KMF_HANDLE_T, KMF_DATA *, KMF_ALGORITHM_INDEX, KMF_DATA *,
229 	KMF_DATA *);
230 
231 KMF_RETURN
232 SignCsr(KMF_HANDLE_T, const KMF_DATA *, KMF_KEY_HANDLE *,
233 		KMF_X509_ALGORITHM_IDENTIFIER *, KMF_DATA *);
234 
235 KMF_BOOL PKCS_ConvertAlgorithmId2PKCSKeyType(
236 	KMF_ALGORITHM_INDEX, CK_KEY_TYPE *);
237 
238 KMF_RETURN PKCS_VerifyData(
239 	KMF_HANDLE *,
240 	KMF_ALGORITHM_INDEX,
241 	KMF_X509_SPKI *,
242 	KMF_DATA *, KMF_DATA *);
243 
244 KMF_RETURN PKCS_EncryptData(
245 	KMF_HANDLE *,
246 	KMF_ALGORITHM_INDEX,
247 	KMF_X509_SPKI *,
248 	KMF_DATA *,
249 	KMF_DATA *);
250 
251 KMF_PLUGIN *FindPlugin(KMF_HANDLE_T, KMF_KEYSTORE_TYPE);
252 
253 KMF_BOOL IsEqualOid(KMF_OID *, KMF_OID *);
254 
255 KMF_OID *X509_AlgIdToAlgorithmOid(KMF_ALGORITHM_INDEX);
256 KMF_ALGORITHM_INDEX X509_AlgorithmOidToAlgId(KMF_OID *);
257 KMF_RETURN PKCS_AcquirePublicKeyHandle(CK_SESSION_HANDLE ckSession,
258 	const KMF_X509_SPKI *, CK_KEY_TYPE, CK_OBJECT_HANDLE *,
259 	KMF_BOOL *);
260 
261 KMF_RETURN GetIDFromSPKI(KMF_X509_SPKI *, KMF_DATA *);
262 CK_RV DigestData(CK_SESSION_HANDLE, KMF_DATA *, KMF_DATA *);
263 
264 KMF_RETURN KMF_SetAltName(KMF_X509_EXTENSIONS *,
265 	KMF_OID *, int, KMF_GENERALNAMECHOICES, char *);
266 KMF_RETURN GetSequenceContents(char *, size_t, char **, size_t *);
267 KMF_X509_EXTENSION *FindExtn(KMF_X509_EXTENSIONS *, KMF_OID *);
268 KMF_RETURN add_an_extension(KMF_X509_EXTENSIONS *exts,
269 	KMF_X509_EXTENSION *newextn);
270 KMF_RETURN set_integer(KMF_DATA *, void *, int);
271 void free_keyidlist(KMF_OID *, int);
272 KMF_RETURN copy_data(KMF_DATA *, KMF_DATA *);
273 void Cleanup_PK11_Session(KMF_HANDLE_T handle);
274 void free_dp_name(KMF_CRL_DIST_POINT *);
275 void free_dp(KMF_CRL_DIST_POINT *);
276 KMF_RETURN set_key_usage_extension(KMF_X509_EXTENSIONS *,
277 	int, uint32_t);
278 int is_pk11_ready();
279 KMF_RETURN KMF_SelectToken(KMF_HANDLE_T, char *, int);
280 
281 
282 /* Indexes into the key parts array for RSA keys */
283 #define	KMF_RSA_MODULUS			(0)
284 #define	KMF_RSA_PUBLIC_EXPONENT		(1)
285 #define	KMF_RSA_PRIVATE_EXPONENT	(2)
286 #define	KMF_RSA_PRIME1			(3)
287 #define	KMF_RSA_PRIME2			(4)
288 #define	KMF_RSA_EXPONENT1		(5)
289 #define	KMF_RSA_EXPONENT2		(6)
290 #define	KMF_RSA_COEFFICIENT		(7)
291 
292 /* Key part counts for RSA keys */
293 #define	KMF_NUMBER_RSA_PUBLIC_KEY_PARTS		(2)
294 #define	KMF_NUMBER_RSA_PRIVATE_KEY_PARTS	(8)
295 
296 /* Key part counts for DSA keys */
297 #define	KMF_NUMBER_DSA_PUBLIC_KEY_PARTS		(4)
298 #define	KMF_NUMBER_DSA_PRIVATE_KEY_PARTS	(4)
299 
300 /* Indexes into the key parts array for DSA keys */
301 #define	KMF_DSA_PRIME		(0)
302 #define	KMF_DSA_SUB_PRIME	(1)
303 #define	KMF_DSA_BASE		(2)
304 #define	KMF_DSA_PUBLIC_VALUE	(3)
305 
306 #ifndef max
307 #define	max(a, b) ((a) < (b) ? (b) : (a))
308 #endif
309 
310 /* Maximum key parts for all algorithms */
311 #define	KMF_MAX_PUBLIC_KEY_PARTS \
312 	(max(KMF_NUMBER_RSA_PUBLIC_KEY_PARTS, \
313 	KMF_NUMBER_DSA_PUBLIC_KEY_PARTS))
314 
315 #define	KMF_MAX_PRIVATE_KEY_PARTS \
316 	(max(KMF_NUMBER_RSA_PRIVATE_KEY_PARTS, \
317 	KMF_NUMBER_DSA_PRIVATE_KEY_PARTS))
318 
319 #define	KMF_MAX_KEY_PARTS \
320 	(max(KMF_MAX_PUBLIC_KEY_PARTS, KMF_MAX_PRIVATE_KEY_PARTS))
321 
322 typedef enum {
323 	KMF_ALGMODE_NONE	= 0,
324 	KMF_ALGMODE_CUSTOM,
325 	KMF_ALGMODE_PUBLIC_KEY,
326 	KMF_ALGMODE_PRIVATE_KEY,
327 	KMF_ALGMODE_PKCS1_EMSA_V15
328 } KMF_SIGNATURE_MODE;
329 
330 #define	KMF_CERT_PRINTABLE_LEN	1024
331 #define	SHA1_HASH_LENGTH 20
332 
333 #define	OCSPREQ_TEMPNAME	"/tmp/ocsp.reqXXXXXX"
334 #define	OCSPRESP_TEMPNAME	"/tmp/ocsp.respXXXXXX"
335 
336 #ifdef __cplusplus
337 }
338 #endif
339 #endif /* _KMFAPIP_H */
340