xref: /titanic_41/usr/src/lib/libpkg/common/p12lib.h (revision 5c51f1241dbbdf2656d0e10011981411ed0c9673) 
1 /*
2  * ====================================================================
3  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  *
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  *
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in
14  *    the documentation and/or other materials provided with the
15  *    distribution.
16  *
17  * 3. All advertising materials mentioning features or use of this
18  *    software must display the following acknowledgment:
19  *    "This product includes software developed by the OpenSSL Project
20  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21  *
22  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23  *    endorse or promote products derived from this software without
24  *    prior written permission. For written permission, please contact
25  *    licensing@OpenSSL.org.
26  *
27  * 5. Products derived from this software may not be called "OpenSSL"
28  *    nor may "OpenSSL" appear in their names without prior written
29  *    permission of the OpenSSL Project.
30  *
31  * 6. Redistributions of any form whatsoever must retain the following
32  *    acknowledgment:
33  *    "This product includes software developed by the OpenSSL Project
34  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35  *
36  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
40  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47  * OF THE POSSIBILITY OF SUCH DAMAGE.
48  * ====================================================================
49  *
50  * This product includes cryptographic software written by Eric Young
51  * (eay@cryptsoft.com).  This product includes software written by Tim
52  * Hudson (tjh@cryptsoft.com).
53  *
54  */
55 
56 /*
57  * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
58  * Use is subject to license terms.
59  */
60 
61 #ifndef _P12LIB_H
62 #define	_P12LIB_H
63 
64 
65 #include <openssl/pkcs12.h>
66 #include <openssl/pem.h>
67 
68 /*
69  * PKCS12 file routines borrowed from SNT's libwanboot.
70  */
71 
72 #ifdef __cplusplus
73 extern "C" {
74 #endif
75 
76 /* These declarations allow us to make stacks of EVP_PKEY objects */
77 DECLARE_STACK_OF(EVP_PKEY)
78 #define	sk_EVP_PKEY_new_null() SKM_sk_new_null(EVP_PKEY)
79 #define	sk_EVP_PKEY_free(st) SKM_sk_free(EVP_PKEY, (st))
80 #define	sk_EVP_PKEY_num(st) SKM_sk_num(EVP_PKEY, (st))
81 #define	sk_EVP_PKEY_value(st, i) SKM_sk_value(EVP_PKEY, (st), (i))
82 #define	sk_EVP_PKEY_push(st, val) SKM_sk_push(EVP_PKEY, (st), (val))
83 #define	sk_EVP_PKEY_find(st, val) SKM_sk_find(EVP_PKEY, (st), (val))
84 #define	sk_EVP_PKEY_delete(st, i) SKM_sk_delete(EVP_PKEY, (st), (i))
85 #define	sk_EVP_PKEY_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PKEY, (st), (ptr))
86 #define	sk_EVP_PKEY_insert(st, val, i) SKM_sk_insert(EVP_PKEY, (st), (val), (i))
87 #define	sk_EVP_PKEY_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY, (st), \
88 	    (free_func))
89 #define	sk_EVP_PKEY_pop(st) SKM_sk_pop(EVP_PKEY, (st))
90 
91 /* Error reporting routines required by OpenSSL */
92 #define	SUNW_LIB_NAME	"SUNW_PKCS12"
93 #define	SUNWerr(f, r)	ERR_SUNW_error((f), (r), __FILE__, __LINE__)
94 
95 /* Error codes for the SUNW functions. */
96 /* OpenSSL prefers codes to start at 100 */
97 
98 /* Function codes. */
99 typedef enum {
100 	SUNW_F_USE_X509CERT = 100,
101 	SUNW_F_USE_PKEY,
102 	SUNW_F_USE_TASTORE,
103 	SUNW_F_USE_CERTFILE,
104 	SUNW_F_USE_KEYFILE,
105 	SUNW_F_USE_TRUSTFILE,
106 	SUNW_F_READ_FILE,
107 	SUNW_F_DOPARSE,
108 	SUNW_F_PKCS12_PARSE,
109 	SUNW_F_PKCS12_CONTENTS,
110 	SUNW_F_PARSE_ONE_BAG,
111 	SUNW_F_PKCS12_CREATE,
112 	SUNW_F_SPLIT_CERTS,
113 	SUNW_F_FIND_LOCALKEYID,
114 	SUNW_F_SET_LOCALKEYID,
115 	SUNW_F_SET_FNAME,
116 	SUNW_F_GET_LOCALKEYID,
117 	SUNW_F_GET_PKEY_FNAME,
118 	SUNW_F_APPEND_KEYS,
119 	SUNW_F_PEM_CONTENTS,
120 	SUNW_F_PEM_INFO,
121 	SUNW_F_ASC2BMPSTRING,
122 	SUNW_F_UTF82ASCSTR,
123 	SUNW_F_FINDATTR,
124 	SUNW_F_TYPE2ATTRIB,
125 	SUNW_F_MOVE_CERTS,
126 	SUNW_F_FIND_FNAME,
127 	SUNW_F_PARSE_OUTER,
128 	SUNW_F_CHECKFILE
129 } sunw_err_func_t;
130 
131 /* Reason codes. */
132 typedef enum {
133 	SUNW_R_INVALID_ARG = 100,
134 	SUNW_R_MEMORY_FAILURE,
135 	SUNW_R_MAC_VERIFY_FAILURE,
136 	SUNW_R_MAC_CREATE_FAILURE,
137 	SUNW_R_BAD_FILETYPE,
138 	SUNW_R_BAD_PKEY,
139 	SUNW_R_BAD_PKEYTYPE,
140 	SUNW_R_PKEY_READ_ERR,
141 	SUNW_R_NO_TRUST_ANCHOR,
142 	SUNW_R_READ_TRUST_ERR,
143 	SUNW_R_ADD_TRUST_ERR,
144 	SUNW_R_PKCS12_PARSE_ERR,
145 	SUNW_R_PKCS12_CREATE_ERR,
146 	SUNW_R_PARSE_BAG_ERR,
147 	SUNW_R_MAKE_BAG_ERR,
148 	SUNW_R_BAD_CERTTYPE,
149 	SUNW_R_PARSE_CERT_ERR,
150 	SUNW_R_BAD_LKID,
151 	SUNW_R_SET_LKID_ERR,
152 	SUNW_R_BAD_FNAME,
153 	SUNW_R_SET_FNAME_ERR,
154 	SUNW_R_BAD_TRUST,
155 	SUNW_R_BAD_BAGTYPE,
156 	SUNW_R_CERT_ERR,
157 	SUNW_R_PKEY_ERR,
158 	SUNW_R_READ_ERR,
159 	SUNW_R_ADD_ATTR_ERR,
160 	SUNW_R_STR_CONVERT_ERR,
161 	SUNW_R_PKCS12_EMPTY_ERR,
162 	SUNW_R_PASSWORD_ERR
163 } sunw_err_reason_t;
164 
165 /*
166  * Type of checking to perform when calling sunw_check_cert_times
167  */
168 typedef enum {
169 	CHK_NOT_BEFORE = 1,	/* Check 'not before' date */
170 	CHK_NOT_AFTER,		/* Check 'not after' date */
171 	CHK_BOTH		/* Check both dates */
172 } chk_actions_t;
173 
174 /*
175  * Return type for sunw_check_cert_times
176  */
177 typedef enum {
178 	CHKERR_TIME_OK = 0,	/* Current time meets requested checks */
179 	CHKERR_TIME_BEFORE_BAD,	/* 'not before' field is invalid */
180 	CHKERR_TIME_AFTER_BAD,	/* 'not after' field is invalid */
181 	CHKERR_TIME_IS_BEFORE,	/* Current time is before 'not before' */
182 	CHKERR_TIME_HAS_EXPIRED	/* Current time is after 'not after' */
183 } chk_errs_t;
184 
185 /*
186  * This type indicates what to do with an attribute being returned.
187  */
188 typedef enum {
189 	GETDO_COPY = 1,		/* Simply return the value of the attribute */
190 	GETDO_DEL		/* Delete the attribute at the same time. */
191 } getdo_actions_t;
192 
193 /*
194  * For sunw_pkcs12_parse, the following are values for bits that indicate
195  * various types of searches/matching to do. Any of these values can be
196  * OR'd together. However, the order in which an attempt will be made
197  * to satisfy them is the order in which they are listed below. The
198  * exception is DO_NONE. It should not be OR'd with any other value.
199  */
200 #define	DO_NONE		0x00	/* Don't even try to match */
201 #define	DO_FIND_KEYID	0x01	/* 1st cert, key with matching localkeyid */
202 #define	DO_FIND_FN	0x02	/* 1st cert, key with matching friendlyname */
203 #define	DO_FIRST_PAIR	0x04	/* Return first matching cert/key pair found */
204 #define	DO_LAST_PAIR	0x08	/* Return last matching cert/key pair found */
205 #define	DO_UNMATCHING	0x10	/* Return first cert and/or key */
206 
207 /* Bits returned, which indicate what values were found. */
208 #define	FOUND_PKEY	0x01	/* Found one or more private key */
209 #define	FOUND_CERT	0x02	/* Found one or more client certificate */
210 #define	FOUND_CA_CERTS	0x04	/* Added at least one cert to the CA list */
211 #define	FOUND_XPKEY	0x08	/* Found at least one private key which does */
212 				/* not match a certificate in the certs list */
213 
214 /* p12lib.c */
215 PKCS12	*sunw_PKCS12_create(const char *, STACK_OF(EVP_PKEY) *,
216     STACK_OF(X509) *, STACK_OF(X509) *);
217 
218 int	sunw_split_certs(STACK_OF(EVP_PKEY) *, STACK_OF(X509) *,
219     STACK_OF(X509) **, STACK_OF(EVP_PKEY) **);
220 
221 void	sunw_evp_pkey_free(EVP_PKEY *);
222 int	sunw_set_localkeyid(const char *, int, EVP_PKEY *, X509 *);
223 int	sunw_get_pkey_localkeyid(getdo_actions_t, EVP_PKEY *, char **, int *);
224 int	sunw_get_pkey_fname(getdo_actions_t, EVP_PKEY *, char **);
225 int	sunw_find_localkeyid(char *, int, STACK_OF(EVP_PKEY) *,
226     STACK_OF(X509) *, EVP_PKEY **, X509 **);
227 int	sunw_find_fname(char *, STACK_OF(EVP_PKEY) *, STACK_OF(X509) *,
228     EVP_PKEY **, X509 **);
229 int	sunw_set_fname(const char *, EVP_PKEY *, X509 *);
230 int	sunw_check_keys(X509 *, EVP_PKEY *);
231 
232 chk_errs_t	sunw_check_cert_times(chk_actions_t, X509 *);
233 extern void	ERR_SUNW_error(int function, int reason, char *file, int line);
234 extern void	ERR_load_SUNW_strings(void);
235 int		sunw_PKCS12_contents(PKCS12 *, const char *,
236     STACK_OF(EVP_PKEY) **, STACK_OF(X509) **);
237 int		sunw_get_cert_fname(getdo_actions_t, X509 *, char **);
238 int		sunw_PEM_contents(FILE *, pem_password_cb, void *,
239     STACK_OF(EVP_PKEY) **, STACK_OF(X509) **);
240 
241 #ifdef __cplusplus
242 }
243 #endif
244 
245 #endif /* _P12LIB_H */
246