1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 * 21 * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved. 22 */ 23 #ifndef _KMFAPIP_H 24 #define _KMFAPIP_H 25 26 #include <kmfapi.h> 27 #include <kmfpolicy.h> 28 29 #ifdef __cplusplus 30 extern "C" { 31 #endif 32 33 /* Plugin function table */ 34 typedef struct { 35 ushort_t version; 36 KMF_RETURN (*ConfigureKeystore) ( 37 KMF_HANDLE_T, 38 int, 39 KMF_ATTRIBUTE *); 40 41 KMF_RETURN (*FindCert) ( 42 KMF_HANDLE_T, 43 int, 44 KMF_ATTRIBUTE *); 45 46 void (*FreeKMFCert) ( 47 KMF_HANDLE_T, 48 KMF_X509_DER_CERT *); 49 50 KMF_RETURN (*StoreCert) ( 51 KMF_HANDLE_T, 52 int, KMF_ATTRIBUTE *); 53 54 KMF_RETURN (*ImportCert) ( 55 KMF_HANDLE_T, 56 int, KMF_ATTRIBUTE *); 57 58 KMF_RETURN (*ImportCRL) ( 59 KMF_HANDLE_T, 60 int, KMF_ATTRIBUTE *); 61 62 KMF_RETURN (*DeleteCert) ( 63 KMF_HANDLE_T, 64 int, KMF_ATTRIBUTE *); 65 66 KMF_RETURN (*DeleteCRL) ( 67 KMF_HANDLE_T, 68 int, KMF_ATTRIBUTE *); 69 70 KMF_RETURN (*CreateKeypair) ( 71 KMF_HANDLE_T, 72 int, 73 KMF_ATTRIBUTE *); 74 75 KMF_RETURN (*FindKey) ( 76 KMF_HANDLE_T, 77 int, 78 KMF_ATTRIBUTE *); 79 80 KMF_RETURN (*EncodePubkeyData) ( 81 KMF_HANDLE_T, 82 KMF_KEY_HANDLE *, 83 KMF_DATA *); 84 85 KMF_RETURN (*SignData) ( 86 KMF_HANDLE_T, 87 KMF_KEY_HANDLE *, 88 KMF_OID *, 89 KMF_DATA *, 90 KMF_DATA *); 91 92 KMF_RETURN (*DeleteKey) ( 93 KMF_HANDLE_T, 94 int, 95 KMF_ATTRIBUTE *); 96 97 KMF_RETURN (*ListCRL) ( 98 KMF_HANDLE_T, 99 int, KMF_ATTRIBUTE *); 100 101 KMF_RETURN (*FindCRL) ( 102 KMF_HANDLE_T, 103 int, KMF_ATTRIBUTE *); 104 105 KMF_RETURN (*FindCertInCRL) ( 106 KMF_HANDLE_T, 107 int, KMF_ATTRIBUTE *); 108 109 KMF_RETURN (*GetErrorString) ( 110 KMF_HANDLE_T, 111 char **); 112 113 KMF_RETURN (*FindPrikeyByCert) ( 114 KMF_HANDLE_T, 115 int, 116 KMF_ATTRIBUTE *); 117 118 KMF_RETURN (*DecryptData) ( 119 KMF_HANDLE_T, 120 KMF_KEY_HANDLE *, 121 KMF_OID *, 122 KMF_DATA *, 123 KMF_DATA *); 124 125 KMF_RETURN (*ExportPK12)( 126 KMF_HANDLE_T, 127 int, 128 KMF_ATTRIBUTE *); 129 130 KMF_RETURN (*CreateSymKey) ( 131 KMF_HANDLE_T, 132 int, 133 KMF_ATTRIBUTE *); 134 135 KMF_RETURN (*GetSymKeyValue) ( 136 KMF_HANDLE_T, 137 KMF_KEY_HANDLE *, 138 KMF_RAW_SYM_KEY *); 139 140 KMF_RETURN (*SetTokenPin) ( 141 KMF_HANDLE_T, 142 int, KMF_ATTRIBUTE *); 143 144 KMF_RETURN (*StoreKey) ( 145 KMF_HANDLE_T, 146 int, 147 KMF_ATTRIBUTE *); 148 149 void (*Finalize) (); 150 151 } KMF_PLUGIN_FUNCLIST; 152 153 typedef struct { 154 KMF_ATTR_TYPE type; 155 boolean_t null_value_ok; /* Is the pValue required */ 156 uint32_t minlen; 157 uint32_t maxlen; 158 } KMF_ATTRIBUTE_TESTER; 159 160 typedef struct { 161 KMF_KEYSTORE_TYPE type; 162 char *applications; 163 char *path; 164 void *dldesc; 165 KMF_PLUGIN_FUNCLIST *funclist; 166 } KMF_PLUGIN; 167 168 typedef struct _KMF_PLUGIN_LIST { 169 KMF_PLUGIN *plugin; 170 struct _KMF_PLUGIN_LIST *next; 171 } KMF_PLUGIN_LIST; 172 173 typedef struct _kmf_handle { 174 /* 175 * session handle opened by kmf_select_token() to talk 176 * to a specific slot in Crypto framework. It is used 177 * by pkcs11 plugin module. 178 */ 179 CK_SESSION_HANDLE pk11handle; 180 KMF_ERROR lasterr; 181 KMF_POLICY_RECORD *policy; 182 KMF_PLUGIN_LIST *plugins; 183 KMF_MAPPER_STATE *mapstate; 184 } KMF_HANDLE; 185 186 #define CLEAR_ERROR(h, rv) { \ 187 if (h == NULL) { \ 188 rv = KMF_ERR_BAD_PARAMETER; \ 189 } else { \ 190 h->lasterr.errcode = 0; \ 191 h->lasterr.kstype = 0; \ 192 rv = KMF_OK; \ 193 } \ 194 } 195 196 #define KMF_PLUGIN_INIT_SYMBOL "KMF_Plugin_Initialize" 197 198 #ifndef KMF_PLUGIN_PATH 199 #if defined(__sparcv9) 200 #define KMF_PLUGIN_PATH "/lib/crypto/sparcv9/" 201 #elif defined(__sparc) 202 #define KMF_PLUGIN_PATH "/lib/crypto/" 203 #elif defined(__i386) 204 #define KMF_PLUGIN_PATH "/lib/crypto/" 205 #elif defined(__amd64) 206 #define KMF_PLUGIN_PATH "/lib/crypto/amd64/" 207 #endif 208 #endif /* !KMF_PLUGIN_PATH */ 209 210 KMF_PLUGIN_FUNCLIST *KMF_Plugin_Initialize(); 211 212 extern KMF_RETURN 213 VerifyDataWithKey(KMF_HANDLE_T, KMF_DATA *, KMF_ALGORITHM_INDEX, 214 KMF_DATA *, KMF_DATA *); 215 216 extern KMF_BOOL pkcs_algid_to_keytype( 217 KMF_ALGORITHM_INDEX, CK_KEY_TYPE *); 218 219 extern KMF_RETURN PKCS_DigestData(KMF_HANDLE_T, 220 CK_SESSION_HANDLE, CK_MECHANISM_TYPE, 221 KMF_DATA *, KMF_DATA *, boolean_t); 222 223 extern KMF_RETURN PKCS_VerifyData( 224 KMF_HANDLE *, 225 KMF_ALGORITHM_INDEX, 226 KMF_X509_SPKI *, 227 KMF_DATA *, KMF_DATA *); 228 229 extern KMF_RETURN PKCS_EncryptData( 230 KMF_HANDLE *, 231 KMF_ALGORITHM_INDEX, 232 KMF_X509_SPKI *, 233 KMF_DATA *, 234 KMF_DATA *); 235 236 extern KMF_PLUGIN *FindPlugin(KMF_HANDLE_T, KMF_KEYSTORE_TYPE); 237 238 extern KMF_BOOL IsEqualOid(KMF_OID *, KMF_OID *); 239 240 extern KMF_RETURN copy_algoid(KMF_X509_ALGORITHM_IDENTIFIER *destid, 241 KMF_X509_ALGORITHM_IDENTIFIER *srcid); 242 243 extern KMF_OID *x509_algid_to_algoid(KMF_ALGORITHM_INDEX); 244 extern KMF_ALGORITHM_INDEX x509_algoid_to_algid(KMF_OID *); 245 246 extern KMF_RETURN GetIDFromSPKI(KMF_X509_SPKI *, KMF_DATA *); 247 extern KMF_RETURN kmf_select_token(KMF_HANDLE_T, char *, int); 248 extern KMF_RETURN kmf_set_altname(KMF_X509_EXTENSIONS *, 249 KMF_OID *, int, KMF_GENERALNAMECHOICES, char *); 250 extern KMF_RETURN GetSequenceContents(char *, size_t, char **, size_t *); 251 extern KMF_X509_EXTENSION *FindExtn(KMF_X509_EXTENSIONS *, KMF_OID *); 252 extern KMF_RETURN add_an_extension(KMF_X509_EXTENSIONS *exts, 253 KMF_X509_EXTENSION *newextn); 254 extern KMF_RETURN set_integer(KMF_DATA *, void *, int); 255 extern void free_keyidlist(KMF_OID *, int); 256 extern KMF_RETURN copy_data(KMF_DATA *, KMF_DATA *); 257 extern void Cleanup_PK11_Session(KMF_HANDLE_T handle); 258 extern void free_dp_name(KMF_CRL_DIST_POINT *); 259 extern void free_dp(KMF_CRL_DIST_POINT *); 260 extern KMF_RETURN set_key_usage_extension(KMF_X509_EXTENSIONS *, 261 int, uint32_t); 262 extern KMF_RETURN init_pk11(); 263 extern KMF_RETURN test_attributes(int, KMF_ATTRIBUTE_TESTER *, 264 int, KMF_ATTRIBUTE_TESTER *, int, KMF_ATTRIBUTE *); 265 266 /* Indexes into the key parts array for RSA keys */ 267 #define KMF_RSA_MODULUS (0) 268 #define KMF_RSA_PUBLIC_EXPONENT (1) 269 #define KMF_RSA_PRIVATE_EXPONENT (2) 270 #define KMF_RSA_PRIME1 (3) 271 #define KMF_RSA_PRIME2 (4) 272 #define KMF_RSA_EXPONENT1 (5) 273 #define KMF_RSA_EXPONENT2 (6) 274 #define KMF_RSA_COEFFICIENT (7) 275 276 /* Key part counts for RSA keys */ 277 #define KMF_NUMBER_RSA_PUBLIC_KEY_PARTS (2) 278 #define KMF_NUMBER_RSA_PRIVATE_KEY_PARTS (8) 279 280 /* Key part counts for DSA keys */ 281 #define KMF_NUMBER_DSA_PUBLIC_KEY_PARTS (4) 282 #define KMF_NUMBER_DSA_PRIVATE_KEY_PARTS (4) 283 284 /* Indexes into the key parts array for DSA keys */ 285 #define KMF_DSA_PRIME (0) 286 #define KMF_DSA_SUB_PRIME (1) 287 #define KMF_DSA_BASE (2) 288 #define KMF_DSA_PUBLIC_VALUE (3) 289 290 #define KMF_ECDSA_PARAMS (0) 291 #define KMF_ECDSA_POINT (1) 292 293 #ifndef max 294 #define max(a, b) ((a) < (b) ? (b) : (a)) 295 #endif 296 297 /* Maximum key parts for all algorithms */ 298 #define KMF_MAX_PUBLIC_KEY_PARTS \ 299 (max(KMF_NUMBER_RSA_PUBLIC_KEY_PARTS, \ 300 KMF_NUMBER_DSA_PUBLIC_KEY_PARTS)) 301 302 #define KMF_MAX_PRIVATE_KEY_PARTS \ 303 (max(KMF_NUMBER_RSA_PRIVATE_KEY_PARTS, \ 304 KMF_NUMBER_DSA_PRIVATE_KEY_PARTS)) 305 306 #define KMF_MAX_KEY_PARTS \ 307 (max(KMF_MAX_PUBLIC_KEY_PARTS, KMF_MAX_PRIVATE_KEY_PARTS)) 308 309 typedef enum { 310 KMF_ALGMODE_NONE = 0, 311 KMF_ALGMODE_CUSTOM, 312 KMF_ALGMODE_PUBLIC_KEY, 313 KMF_ALGMODE_PRIVATE_KEY, 314 KMF_ALGMODE_PKCS1_EMSA_V15 315 } KMF_SIGNATURE_MODE; 316 317 #define KMF_CERT_PRINTABLE_LEN 1024 318 #define SHA1_HASH_LENGTH 20 319 320 #define OCSPREQ_TEMPNAME "/tmp/ocsp.reqXXXXXX" 321 #define OCSPRESP_TEMPNAME "/tmp/ocsp.respXXXXXX" 322 323 #define _PATH_KMF_CONF "/etc/crypto/kmf.conf" 324 #define CONF_MODULEPATH "modulepath=" 325 #define CONF_OPTION "option=" 326 327 typedef struct { 328 char *keystore; 329 char *modulepath; 330 char *option; 331 KMF_KEYSTORE_TYPE kstype; 332 } conf_entry_t; 333 334 typedef struct conf_entrylist { 335 conf_entry_t *entry; 336 struct conf_entrylist *next; 337 } conf_entrylist_t; 338 339 extern KMF_RETURN get_pk11_data(KMF_ALGORITHM_INDEX, 340 CK_KEY_TYPE *, CK_MECHANISM_TYPE *, CK_MECHANISM_TYPE *, boolean_t); 341 extern KMF_RETURN kmf_create_pk11_session(CK_SESSION_HANDLE *, 342 CK_MECHANISM_TYPE, CK_FLAGS); 343 extern KMF_RETURN get_entrylist(conf_entrylist_t **); 344 extern void free_entrylist(conf_entrylist_t *); 345 extern void free_entry(conf_entry_t *); 346 extern conf_entry_t *dup_entry(conf_entry_t *); 347 extern boolean_t is_valid_keystore_type(KMF_KEYSTORE_TYPE); 348 extern KMF_BOOL is_eku_present(KMF_X509EXT_EKU *, KMF_OID *); 349 extern KMF_RETURN parse_eku_data(const KMF_DATA *, KMF_X509EXT_EKU *); 350 extern KMF_RETURN copy_extension_data(KMF_X509_EXTENSION *, 351 KMF_X509_EXTENSION *); 352 extern char *get_mapper_pathname(char *, char *); 353 354 #ifdef __cplusplus 355 } 356 #endif 357 #endif /* _KMFAPIP_H */ 358