xref: /illumos-gate/usr/src/lib/libkmf/include/kmfapi.h (revision 13b136d3061155363c62c9f6568d25b8b27da8f6)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  *
21  * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
22  * Copyright 2018, Joyent, Inc.
23  *
24  * Constant definitions and function prototypes for the KMF library.
25  * Commonly used data types are defined in "kmftypes.h".
26  */
27 
28 #ifndef _KMFAPI_H
29 #define	_KMFAPI_H
30 
31 #include <kmftypes.h>
32 #include <security/cryptoki.h>
33 
34 #ifdef __cplusplus
35 extern "C" {
36 #endif
37 
38 /*
39  * Setup operations.
40  */
41 extern KMF_RETURN kmf_initialize(KMF_HANDLE_T *, char *, char *);
42 extern KMF_RETURN kmf_configure_keystore(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
43 extern KMF_RETURN kmf_finalize(KMF_HANDLE_T);
44 
45 /*
46  * Key operations.
47  */
48 extern KMF_RETURN kmf_create_keypair(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
49 
50 extern KMF_RETURN kmf_delete_key_from_keystore(KMF_HANDLE_T, int,
51 	KMF_ATTRIBUTE *);
52 
53 extern KMF_RETURN kmf_find_key(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
54 
55 extern KMF_RETURN kmf_find_prikey_by_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
56 
57 extern KMF_RETURN kmf_store_key(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
58 
59 extern KMF_RETURN kmf_create_sym_key(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
60 
61 extern KMF_RETURN kmf_get_sym_key_value(KMF_HANDLE_T, KMF_KEY_HANDLE *,
62 	KMF_RAW_SYM_KEY *);
63 
64 /*
65  * Certificate operations.
66  */
67 extern KMF_RETURN kmf_find_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
68 
69 extern KMF_RETURN kmf_encode_cert_record(KMF_X509_CERTIFICATE *, KMF_DATA *);
70 
71 extern KMF_RETURN kmf_import_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
72 
73 extern KMF_RETURN kmf_store_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
74 
75 extern KMF_RETURN kmf_delete_cert_from_keystore(KMF_HANDLE_T, int,
76 	KMF_ATTRIBUTE *);
77 
78 extern KMF_RETURN kmf_validate_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
79 
80 extern KMF_RETURN kmf_create_cert_file(const KMF_DATA *, KMF_ENCODE_FORMAT,
81 	char *);
82 
83 extern KMF_RETURN kmf_download_cert(KMF_HANDLE_T, char *, char *, int,
84 	unsigned int, char *, KMF_ENCODE_FORMAT *);
85 
86 extern KMF_RETURN kmf_is_cert_data(KMF_DATA *, KMF_ENCODE_FORMAT *);
87 extern KMF_RETURN kmf_is_cert_file(KMF_HANDLE_T, char *, KMF_ENCODE_FORMAT *);
88 
89 extern KMF_RETURN kmf_check_cert_date(KMF_HANDLE_T, const KMF_DATA *);
90 
91 /*
92  * Crypto operations with key or cert.
93  */
94 extern KMF_RETURN kmf_encrypt(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
95 extern KMF_RETURN kmf_decrypt(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
96 extern KMF_RETURN kmf_sign_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
97 extern KMF_RETURN kmf_sign_data(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
98 extern KMF_RETURN kmf_verify_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
99 extern KMF_RETURN kmf_verify_data(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
100 
101 /*
102  * CRL operations.
103  */
104 extern KMF_RETURN kmf_import_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
105 extern KMF_RETURN kmf_delete_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
106 extern KMF_RETURN kmf_list_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
107 extern KMF_RETURN kmf_find_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
108 extern KMF_RETURN kmf_find_cert_in_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
109 extern KMF_RETURN kmf_verify_crl_file(KMF_HANDLE_T, char *, KMF_DATA *);
110 extern KMF_RETURN kmf_check_crl_date(KMF_HANDLE_T, char *);
111 extern KMF_RETURN kmf_download_crl(KMF_HANDLE_T, char *, char *,
112 	int, unsigned int, char *, KMF_ENCODE_FORMAT *);
113 extern KMF_RETURN kmf_is_crl_file(KMF_HANDLE_T, char *, KMF_ENCODE_FORMAT *);
114 
115 /*
116  * CSR operations.
117  */
118 extern KMF_RETURN kmf_create_csr_file(KMF_DATA *, KMF_ENCODE_FORMAT, char *);
119 extern KMF_RETURN kmf_set_csr_pubkey(KMF_HANDLE_T,
120 	KMF_KEY_HANDLE *, KMF_CSR_DATA *);
121 extern KMF_RETURN kmf_set_csr_version(KMF_CSR_DATA *, uint32_t);
122 extern KMF_RETURN kmf_set_csr_subject(KMF_CSR_DATA *, KMF_X509_NAME *);
123 extern KMF_RETURN kmf_set_csr_extn(KMF_CSR_DATA *, KMF_X509_EXTENSION *);
124 extern KMF_RETURN kmf_set_csr_sig_alg(KMF_CSR_DATA *, KMF_ALGORITHM_INDEX);
125 extern KMF_RETURN kmf_set_csr_subject_altname(KMF_CSR_DATA *, char *,
126 	int, KMF_GENERALNAMECHOICES);
127 extern KMF_RETURN kmf_set_csr_ku(KMF_CSR_DATA *, int, uint16_t);
128 extern KMF_RETURN kmf_decode_csr(KMF_HANDLE_T, KMF_DATA *, KMF_CSR_DATA *);
129 extern KMF_RETURN kmf_verify_csr(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
130 extern KMF_RETURN kmf_sign_csr(KMF_HANDLE_T, const KMF_CSR_DATA *,
131 	KMF_KEY_HANDLE *, KMF_DATA *);
132 extern KMF_RETURN kmf_add_csr_eku(KMF_CSR_DATA *, KMF_OID *, int);
133 
134 /*
135  * GetCert operations.
136  */
137 extern KMF_RETURN kmf_get_cert_extn(const KMF_DATA *, KMF_OID *,
138 	KMF_X509_EXTENSION *);
139 
140 extern KMF_RETURN kmf_get_cert_extns(const KMF_DATA *, KMF_FLAG_CERT_EXTN,
141 	KMF_X509_EXTENSION **, int *);
142 
143 extern KMF_RETURN kmf_get_cert_ku(const KMF_DATA *, KMF_X509EXT_KEY_USAGE *);
144 
145 extern KMF_RETURN kmf_get_cert_eku(const KMF_DATA *, KMF_X509EXT_EKU *);
146 
147 extern KMF_RETURN kmf_get_cert_basic_constraint(const KMF_DATA *,
148 	KMF_BOOL *, KMF_X509EXT_BASICCONSTRAINTS *);
149 
150 extern KMF_RETURN kmf_get_cert_policies(const KMF_DATA *,
151 	KMF_BOOL *, KMF_X509EXT_CERT_POLICIES *);
152 
153 extern KMF_RETURN kmf_get_cert_auth_info_access(const KMF_DATA *,
154 	KMF_X509EXT_AUTHINFOACCESS *);
155 
156 extern KMF_RETURN kmf_get_cert_crl_dist_pts(const KMF_DATA *,
157 	KMF_X509EXT_CRLDISTPOINTS *);
158 
159 extern KMF_RETURN kmf_get_cert_version_str(KMF_HANDLE_T, const KMF_DATA *,
160 	char **);
161 
162 extern KMF_RETURN kmf_get_cert_subject_str(KMF_HANDLE_T, const KMF_DATA *,
163 	char **);
164 
165 extern KMF_RETURN kmf_get_cert_issuer_str(KMF_HANDLE_T,	const KMF_DATA *,
166 	char **);
167 
168 extern KMF_RETURN kmf_get_cert_serial_str(KMF_HANDLE_T, const KMF_DATA *,
169 	char **);
170 
171 extern KMF_RETURN kmf_get_cert_start_date_str(KMF_HANDLE_T, const KMF_DATA *,
172 	char **);
173 
174 extern KMF_RETURN kmf_get_cert_end_date_str(KMF_HANDLE_T, const KMF_DATA *,
175 	char **);
176 
177 extern KMF_RETURN kmf_get_cert_pubkey_alg_str(KMF_HANDLE_T, const KMF_DATA *,
178 	char **);
179 
180 extern KMF_RETURN kmf_get_cert_sig_alg_str(KMF_HANDLE_T, const KMF_DATA *,
181 	char **);
182 
183 extern KMF_RETURN kmf_get_cert_pubkey_str(KMF_HANDLE_T,	const KMF_DATA *,
184 	char **);
185 
186 extern KMF_RETURN kmf_get_cert_email_str(KMF_HANDLE_T, const KMF_DATA *,
187 	char **);
188 
189 extern KMF_RETURN kmf_get_cert_extn_str(KMF_HANDLE_T, const KMF_DATA *,
190 	KMF_PRINTABLE_ITEM, char **);
191 
192 extern KMF_RETURN kmf_get_cert_id_data(const KMF_DATA *, KMF_DATA *);
193 
194 extern KMF_RETURN kmf_get_cert_id_str(const KMF_DATA *, char **);
195 
196 extern KMF_RETURN kmf_get_cert_validity(const KMF_DATA *, time_t *, time_t *);
197 
198 
199 /*
200  * SetCert operations
201  */
202 extern KMF_RETURN kmf_set_cert_pubkey(KMF_HANDLE_T, KMF_KEY_HANDLE *,
203 	KMF_X509_CERTIFICATE *);
204 
205 extern KMF_RETURN kmf_set_cert_subject(KMF_X509_CERTIFICATE *,
206 	KMF_X509_NAME *);
207 
208 extern KMF_RETURN kmf_set_cert_ku(KMF_X509_CERTIFICATE *, int, uint16_t);
209 
210 extern KMF_RETURN kmf_set_cert_issuer(KMF_X509_CERTIFICATE *,
211 	KMF_X509_NAME *);
212 
213 extern KMF_RETURN kmf_set_cert_sig_alg(KMF_X509_CERTIFICATE *,
214 	KMF_ALGORITHM_INDEX);
215 
216 extern KMF_RETURN kmf_set_cert_validity(KMF_X509_CERTIFICATE *,
217 	time_t, uint32_t);
218 
219 extern KMF_RETURN kmf_set_cert_serial(KMF_X509_CERTIFICATE *,
220 	KMF_BIGINT *);
221 
222 extern KMF_RETURN kmf_set_cert_version(KMF_X509_CERTIFICATE *, uint32_t);
223 
224 extern KMF_RETURN kmf_set_cert_issuer_altname(KMF_X509_CERTIFICATE *,
225 	int, KMF_GENERALNAMECHOICES, char *);
226 
227 extern KMF_RETURN kmf_set_cert_subject_altname(KMF_X509_CERTIFICATE *,
228 	int, KMF_GENERALNAMECHOICES, char *);
229 
230 extern KMF_RETURN kmf_add_cert_eku(KMF_X509_CERTIFICATE *, KMF_OID *, int);
231 
232 extern KMF_RETURN kmf_set_cert_extn(KMF_X509_CERTIFICATE *,
233 	KMF_X509_EXTENSION *);
234 
235 extern KMF_RETURN kmf_set_cert_basic_constraint(KMF_X509_CERTIFICATE *,
236 	KMF_BOOL, KMF_X509EXT_BASICCONSTRAINTS *);
237 
238 
239 /*
240  *  PK12 operations
241  */
242 extern KMF_RETURN kmf_export_pk12(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
243 
244 extern KMF_RETURN kmf_build_pk12(KMF_HANDLE_T, int, KMF_X509_DER_CERT *,
245 	int, KMF_KEY_HANDLE *, KMF_CREDENTIAL *, char *);
246 
247 extern KMF_RETURN kmf_import_objects(KMF_HANDLE_T, char *, KMF_CREDENTIAL *,
248 	KMF_X509_DER_CERT **, int *, KMF_RAW_KEY_DATA **, int *);
249 
250 /*
251  * OCSP operations
252  */
253 extern KMF_RETURN kmf_get_ocsp_for_cert(KMF_HANDLE_T, KMF_DATA *, KMF_DATA *,
254 	KMF_DATA *);
255 
256 extern KMF_RETURN kmf_create_ocsp_request(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
257 
258 extern KMF_RETURN kmf_get_encoded_ocsp_response(KMF_HANDLE_T, char *,
259 	char *, int, char *, int, char *, unsigned int);
260 
261 extern KMF_RETURN kmf_get_ocsp_status_for_cert(KMF_HANDLE_T, int,
262 	KMF_ATTRIBUTE *);
263 
264 /*
265  * Policy Operations
266  */
267 extern KMF_RETURN kmf_set_policy(KMF_HANDLE_T, char *, char *);
268 
269 /*
270  * Error handling.
271  */
272 extern KMF_RETURN kmf_get_plugin_error_str(KMF_HANDLE_T, char **);
273 extern KMF_RETURN kmf_get_kmf_error_str(KMF_RETURN, char **);
274 
275 /*
276  * Miscellaneous
277  */
278 extern KMF_RETURN kmf_dn_parser(char *, KMF_X509_NAME *);
279 extern KMF_RETURN kmf_dn_to_string(KMF_X509_NAME *, char **);
280 extern KMF_RETURN kmf_read_input_file(KMF_HANDLE_T, char *, KMF_DATA *);
281 extern KMF_RETURN kmf_der_to_pem(KMF_OBJECT_TYPE, unsigned char *,
282 	int, unsigned char **, int *);
283 extern KMF_RETURN kmf_pem_to_der(unsigned char *, int, unsigned char **, int *);
284 extern char *kmf_oid_to_string(KMF_OID *);
285 extern KMF_RETURN kmf_string_to_oid(char *, KMF_OID *);
286 extern int kmf_compare_rdns(KMF_X509_NAME *, KMF_X509_NAME *);
287 extern KMF_RETURN kmf_get_data_format(KMF_DATA *, KMF_ENCODE_FORMAT *);
288 extern KMF_RETURN kmf_get_file_format(char *, KMF_ENCODE_FORMAT *);
289 extern uint32_t kmf_string_to_ku(char *);
290 extern char *kmf_ku_to_string(uint32_t);
291 extern KMF_RETURN kmf_hexstr_to_bytes(unsigned char *, unsigned char **,
292 	size_t *);
293 
294 extern KMF_RETURN kmf_get_plugin_info(KMF_HANDLE_T, char *,
295 	KMF_KEYSTORE_TYPE *, char **);
296 
297 extern KMF_OID *kmf_ekuname_to_oid(char *);
298 extern char *kmf_oid_to_ekuname(KMF_OID *);
299 
300 #define	KMF_CompareRDNs kmf_compare_rdns
301 
302 /*
303  * Memory cleanup operations
304  */
305 extern void kmf_free_dn(KMF_X509_NAME *);
306 extern void kmf_free_kmf_cert(KMF_HANDLE_T, KMF_X509_DER_CERT *);
307 extern void kmf_free_data(KMF_DATA *);
308 extern void kmf_free_algoid(KMF_X509_ALGORITHM_IDENTIFIER *);
309 extern void kmf_free_extn(KMF_X509_EXTENSION *);
310 extern void kmf_free_tbs_csr(KMF_TBS_CSR *);
311 extern void kmf_free_signed_csr(KMF_CSR_DATA *);
312 extern void kmf_free_tbs_cert(KMF_X509_TBS_CERT *);
313 extern void kmf_free_signed_cert(KMF_X509_CERTIFICATE *);
314 extern void kmf_free_str(char *);
315 extern void kmf_free_eku(KMF_X509EXT_EKU *);
316 extern void kmf_free_spki(KMF_X509_SPKI *);
317 extern void kmf_free_kmf_key(KMF_HANDLE_T, KMF_KEY_HANDLE *);
318 extern void kmf_free_bigint(KMF_BIGINT *);
319 extern void kmf_free_raw_key(KMF_RAW_KEY_DATA *);
320 extern void kmf_free_raw_sym_key(KMF_RAW_SYM_KEY *);
321 extern void kmf_free_crl_dist_pts(KMF_X509EXT_CRLDISTPOINTS *);
322 
323 /* APIs for PKCS#11 token */
324 extern KMF_RETURN kmf_pk11_token_lookup(KMF_HANDLE_T, char *, CK_SLOT_ID *);
325 extern KMF_RETURN kmf_pk11_init_token(KMF_HANDLE_T,
326 	char *, char *, CK_UTF8CHAR_PTR, CK_ULONG);
327 extern KMF_RETURN kmf_set_token_pin(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
328 extern CK_SESSION_HANDLE kmf_get_pk11_handle(KMF_HANDLE_T);
329 
330 /*
331  * Attribute management routines.
332  */
333 int kmf_find_attr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int);
334 void *kmf_get_attr_ptr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int);
335 KMF_RETURN kmf_get_attr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int, void *,
336 	uint32_t *);
337 KMF_RETURN kmf_get_string_attr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int, char **);
338 KMF_RETURN kmf_set_attr(KMF_ATTRIBUTE *, int, KMF_ATTR_TYPE, void *, uint32_t);
339 void kmf_set_attr_at_index(KMF_ATTRIBUTE *, int, KMF_ATTR_TYPE,
340 	void *, uint32_t);
341 
342 /*
343  * Certificate to name mapping functions.
344  */
345 KMF_RETURN kmf_cert_to_name_mapping_initialize(KMF_HANDLE_T, int,
346 	KMF_ATTRIBUTE *);
347 KMF_RETURN kmf_cert_to_name_mapping_finalize(KMF_HANDLE_T);
348 KMF_RETURN kmf_map_cert_to_name(KMF_HANDLE_T, KMF_DATA *, KMF_DATA *);
349 KMF_RETURN kmf_match_cert_to_name(KMF_HANDLE_T, KMF_DATA *, KMF_DATA *,
350 	KMF_DATA *);
351 KMF_RETURN kmf_get_mapper_error_str(KMF_HANDLE_T, char **);
352 /*
353  * Helper functions for handling the mapper internal state. They are part of the
354  * public interface, too.
355  */
356 void kmf_set_mapper_lasterror(KMF_HANDLE_T, uint32_t);
357 uint32_t kmf_get_mapper_lasterror(KMF_HANDLE_T);
358 void kmf_set_mapper_options(KMF_HANDLE_T, void *);
359 void *kmf_get_mapper_options(KMF_HANDLE_T);
360 
361 #ifdef __cplusplus
362 }
363 #endif
364 #endif /* _KMFAPI_H */
365