1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 * 21 * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved. 22 * Copyright 2018, Joyent, Inc. 23 * 24 * Constant definitions and function prototypes for the KMF library. 25 * Commonly used data types are defined in "kmftypes.h". 26 */ 27 28 #ifndef _KMFAPI_H 29 #define _KMFAPI_H 30 31 #include <kmftypes.h> 32 #include <security/cryptoki.h> 33 34 #ifdef __cplusplus 35 extern "C" { 36 #endif 37 38 /* 39 * Setup operations. 40 */ 41 extern KMF_RETURN kmf_initialize(KMF_HANDLE_T *, char *, char *); 42 extern KMF_RETURN kmf_configure_keystore(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 43 extern KMF_RETURN kmf_finalize(KMF_HANDLE_T); 44 45 /* 46 * Key operations. 47 */ 48 extern KMF_RETURN kmf_create_keypair(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 49 50 extern KMF_RETURN kmf_delete_key_from_keystore(KMF_HANDLE_T, int, 51 KMF_ATTRIBUTE *); 52 53 extern KMF_RETURN kmf_find_key(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 54 55 extern KMF_RETURN kmf_find_prikey_by_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 56 57 extern KMF_RETURN kmf_store_key(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 58 59 extern KMF_RETURN kmf_create_sym_key(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 60 61 extern KMF_RETURN kmf_get_sym_key_value(KMF_HANDLE_T, KMF_KEY_HANDLE *, 62 KMF_RAW_SYM_KEY *); 63 64 /* 65 * Certificate operations. 66 */ 67 extern KMF_RETURN kmf_find_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 68 69 extern KMF_RETURN kmf_encode_cert_record(KMF_X509_CERTIFICATE *, KMF_DATA *); 70 71 extern KMF_RETURN kmf_import_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 72 73 extern KMF_RETURN kmf_store_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 74 75 extern KMF_RETURN kmf_delete_cert_from_keystore(KMF_HANDLE_T, int, 76 KMF_ATTRIBUTE *); 77 78 extern KMF_RETURN kmf_validate_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 79 80 extern KMF_RETURN kmf_create_cert_file(const KMF_DATA *, KMF_ENCODE_FORMAT, 81 char *); 82 83 extern KMF_RETURN kmf_download_cert(KMF_HANDLE_T, char *, char *, int, 84 unsigned int, char *, KMF_ENCODE_FORMAT *); 85 86 extern KMF_RETURN kmf_is_cert_data(KMF_DATA *, KMF_ENCODE_FORMAT *); 87 extern KMF_RETURN kmf_is_cert_file(KMF_HANDLE_T, char *, KMF_ENCODE_FORMAT *); 88 89 extern KMF_RETURN kmf_check_cert_date(KMF_HANDLE_T, const KMF_DATA *); 90 91 /* 92 * Crypto operations with key or cert. 93 */ 94 extern KMF_RETURN kmf_encrypt(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 95 extern KMF_RETURN kmf_decrypt(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 96 extern KMF_RETURN kmf_sign_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 97 extern KMF_RETURN kmf_sign_data(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 98 extern KMF_RETURN kmf_verify_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 99 extern KMF_RETURN kmf_verify_data(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 100 101 /* 102 * CRL operations. 103 */ 104 extern KMF_RETURN kmf_import_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 105 extern KMF_RETURN kmf_delete_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 106 extern KMF_RETURN kmf_list_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 107 extern KMF_RETURN kmf_find_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 108 extern KMF_RETURN kmf_find_cert_in_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 109 extern KMF_RETURN kmf_verify_crl_file(KMF_HANDLE_T, char *, KMF_DATA *); 110 extern KMF_RETURN kmf_check_crl_date(KMF_HANDLE_T, char *); 111 extern KMF_RETURN kmf_download_crl(KMF_HANDLE_T, char *, char *, 112 int, unsigned int, char *, KMF_ENCODE_FORMAT *); 113 extern KMF_RETURN kmf_is_crl_file(KMF_HANDLE_T, char *, KMF_ENCODE_FORMAT *); 114 115 /* 116 * CSR operations. 117 */ 118 extern KMF_RETURN kmf_create_csr_file(KMF_DATA *, KMF_ENCODE_FORMAT, char *); 119 extern KMF_RETURN kmf_set_csr_pubkey(KMF_HANDLE_T, 120 KMF_KEY_HANDLE *, KMF_CSR_DATA *); 121 extern KMF_RETURN kmf_set_csr_version(KMF_CSR_DATA *, uint32_t); 122 extern KMF_RETURN kmf_set_csr_subject(KMF_CSR_DATA *, KMF_X509_NAME *); 123 extern KMF_RETURN kmf_set_csr_extn(KMF_CSR_DATA *, KMF_X509_EXTENSION *); 124 extern KMF_RETURN kmf_set_csr_sig_alg(KMF_CSR_DATA *, KMF_ALGORITHM_INDEX); 125 extern KMF_RETURN kmf_set_csr_subject_altname(KMF_CSR_DATA *, char *, 126 int, KMF_GENERALNAMECHOICES); 127 extern KMF_RETURN kmf_set_csr_ku(KMF_CSR_DATA *, int, uint16_t); 128 extern KMF_RETURN kmf_decode_csr(KMF_HANDLE_T, KMF_DATA *, KMF_CSR_DATA *); 129 extern KMF_RETURN kmf_verify_csr(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 130 extern KMF_RETURN kmf_sign_csr(KMF_HANDLE_T, const KMF_CSR_DATA *, 131 KMF_KEY_HANDLE *, KMF_DATA *); 132 extern KMF_RETURN kmf_add_csr_eku(KMF_CSR_DATA *, KMF_OID *, int); 133 134 /* 135 * GetCert operations. 136 */ 137 extern KMF_RETURN kmf_get_cert_extn(const KMF_DATA *, KMF_OID *, 138 KMF_X509_EXTENSION *); 139 140 extern KMF_RETURN kmf_get_cert_extns(const KMF_DATA *, KMF_FLAG_CERT_EXTN, 141 KMF_X509_EXTENSION **, int *); 142 143 extern KMF_RETURN kmf_get_cert_ku(const KMF_DATA *, KMF_X509EXT_KEY_USAGE *); 144 145 extern KMF_RETURN kmf_get_cert_eku(const KMF_DATA *, KMF_X509EXT_EKU *); 146 147 extern KMF_RETURN kmf_get_cert_basic_constraint(const KMF_DATA *, 148 KMF_BOOL *, KMF_X509EXT_BASICCONSTRAINTS *); 149 150 extern KMF_RETURN kmf_get_cert_policies(const KMF_DATA *, 151 KMF_BOOL *, KMF_X509EXT_CERT_POLICIES *); 152 153 extern KMF_RETURN kmf_get_cert_auth_info_access(const KMF_DATA *, 154 KMF_X509EXT_AUTHINFOACCESS *); 155 156 extern KMF_RETURN kmf_get_cert_crl_dist_pts(const KMF_DATA *, 157 KMF_X509EXT_CRLDISTPOINTS *); 158 159 extern KMF_RETURN kmf_get_cert_version_str(KMF_HANDLE_T, const KMF_DATA *, 160 char **); 161 162 extern KMF_RETURN kmf_get_cert_subject_str(KMF_HANDLE_T, const KMF_DATA *, 163 char **); 164 165 extern KMF_RETURN kmf_get_cert_issuer_str(KMF_HANDLE_T, const KMF_DATA *, 166 char **); 167 168 extern KMF_RETURN kmf_get_cert_serial_str(KMF_HANDLE_T, const KMF_DATA *, 169 char **); 170 171 extern KMF_RETURN kmf_get_cert_start_date_str(KMF_HANDLE_T, const KMF_DATA *, 172 char **); 173 174 extern KMF_RETURN kmf_get_cert_end_date_str(KMF_HANDLE_T, const KMF_DATA *, 175 char **); 176 177 extern KMF_RETURN kmf_get_cert_pubkey_alg_str(KMF_HANDLE_T, const KMF_DATA *, 178 char **); 179 180 extern KMF_RETURN kmf_get_cert_sig_alg_str(KMF_HANDLE_T, const KMF_DATA *, 181 char **); 182 183 extern KMF_RETURN kmf_get_cert_pubkey_str(KMF_HANDLE_T, const KMF_DATA *, 184 char **); 185 186 extern KMF_RETURN kmf_get_cert_email_str(KMF_HANDLE_T, const KMF_DATA *, 187 char **); 188 189 extern KMF_RETURN kmf_get_cert_extn_str(KMF_HANDLE_T, const KMF_DATA *, 190 KMF_PRINTABLE_ITEM, char **); 191 192 extern KMF_RETURN kmf_get_cert_id_data(const KMF_DATA *, KMF_DATA *); 193 194 extern KMF_RETURN kmf_get_cert_id_str(const KMF_DATA *, char **); 195 196 extern KMF_RETURN kmf_get_cert_validity(const KMF_DATA *, time_t *, time_t *); 197 198 199 /* 200 * SetCert operations 201 */ 202 extern KMF_RETURN kmf_set_cert_pubkey(KMF_HANDLE_T, KMF_KEY_HANDLE *, 203 KMF_X509_CERTIFICATE *); 204 205 extern KMF_RETURN kmf_set_cert_subject(KMF_X509_CERTIFICATE *, 206 KMF_X509_NAME *); 207 208 extern KMF_RETURN kmf_set_cert_ku(KMF_X509_CERTIFICATE *, int, uint16_t); 209 210 extern KMF_RETURN kmf_set_cert_issuer(KMF_X509_CERTIFICATE *, 211 KMF_X509_NAME *); 212 213 extern KMF_RETURN kmf_set_cert_sig_alg(KMF_X509_CERTIFICATE *, 214 KMF_ALGORITHM_INDEX); 215 216 extern KMF_RETURN kmf_set_cert_validity(KMF_X509_CERTIFICATE *, 217 time_t, uint32_t); 218 219 extern KMF_RETURN kmf_set_cert_serial(KMF_X509_CERTIFICATE *, 220 KMF_BIGINT *); 221 222 extern KMF_RETURN kmf_set_cert_version(KMF_X509_CERTIFICATE *, uint32_t); 223 224 extern KMF_RETURN kmf_set_cert_issuer_altname(KMF_X509_CERTIFICATE *, 225 int, KMF_GENERALNAMECHOICES, char *); 226 227 extern KMF_RETURN kmf_set_cert_subject_altname(KMF_X509_CERTIFICATE *, 228 int, KMF_GENERALNAMECHOICES, char *); 229 230 extern KMF_RETURN kmf_add_cert_eku(KMF_X509_CERTIFICATE *, KMF_OID *, int); 231 232 extern KMF_RETURN kmf_set_cert_extn(KMF_X509_CERTIFICATE *, 233 KMF_X509_EXTENSION *); 234 235 extern KMF_RETURN kmf_set_cert_basic_constraint(KMF_X509_CERTIFICATE *, 236 KMF_BOOL, KMF_X509EXT_BASICCONSTRAINTS *); 237 238 239 /* 240 * PK12 operations 241 */ 242 extern KMF_RETURN kmf_export_pk12(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 243 244 extern KMF_RETURN kmf_build_pk12(KMF_HANDLE_T, int, KMF_X509_DER_CERT *, 245 int, KMF_KEY_HANDLE *, KMF_CREDENTIAL *, char *); 246 247 extern KMF_RETURN kmf_import_objects(KMF_HANDLE_T, char *, KMF_CREDENTIAL *, 248 KMF_X509_DER_CERT **, int *, KMF_RAW_KEY_DATA **, int *); 249 250 /* 251 * OCSP operations 252 */ 253 extern KMF_RETURN kmf_get_ocsp_for_cert(KMF_HANDLE_T, KMF_DATA *, KMF_DATA *, 254 KMF_DATA *); 255 256 extern KMF_RETURN kmf_create_ocsp_request(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 257 258 extern KMF_RETURN kmf_get_encoded_ocsp_response(KMF_HANDLE_T, char *, 259 char *, int, char *, int, char *, unsigned int); 260 261 extern KMF_RETURN kmf_get_ocsp_status_for_cert(KMF_HANDLE_T, int, 262 KMF_ATTRIBUTE *); 263 264 /* 265 * Policy Operations 266 */ 267 extern KMF_RETURN kmf_set_policy(KMF_HANDLE_T, char *, char *); 268 269 /* 270 * Error handling. 271 */ 272 extern KMF_RETURN kmf_get_plugin_error_str(KMF_HANDLE_T, char **); 273 extern KMF_RETURN kmf_get_kmf_error_str(KMF_RETURN, char **); 274 275 /* 276 * Miscellaneous 277 */ 278 extern KMF_RETURN kmf_dn_parser(char *, KMF_X509_NAME *); 279 extern KMF_RETURN kmf_dn_to_string(KMF_X509_NAME *, char **); 280 extern KMF_RETURN kmf_read_input_file(KMF_HANDLE_T, char *, KMF_DATA *); 281 extern KMF_RETURN kmf_der_to_pem(KMF_OBJECT_TYPE, unsigned char *, 282 int, unsigned char **, int *); 283 extern KMF_RETURN kmf_pem_to_der(unsigned char *, int, unsigned char **, int *); 284 extern char *kmf_oid_to_string(KMF_OID *); 285 extern KMF_RETURN kmf_string_to_oid(char *, KMF_OID *); 286 extern int kmf_compare_rdns(KMF_X509_NAME *, KMF_X509_NAME *); 287 extern KMF_RETURN kmf_get_data_format(KMF_DATA *, KMF_ENCODE_FORMAT *); 288 extern KMF_RETURN kmf_get_file_format(char *, KMF_ENCODE_FORMAT *); 289 extern uint32_t kmf_string_to_ku(char *); 290 extern char *kmf_ku_to_string(uint32_t); 291 extern KMF_RETURN kmf_hexstr_to_bytes(unsigned char *, unsigned char **, 292 size_t *); 293 294 extern KMF_RETURN kmf_get_plugin_info(KMF_HANDLE_T, char *, 295 KMF_KEYSTORE_TYPE *, char **); 296 297 extern KMF_OID *kmf_ekuname_to_oid(char *); 298 extern char *kmf_oid_to_ekuname(KMF_OID *); 299 300 #define KMF_CompareRDNs kmf_compare_rdns 301 302 /* 303 * Memory cleanup operations 304 */ 305 extern void kmf_free_dn(KMF_X509_NAME *); 306 extern void kmf_free_kmf_cert(KMF_HANDLE_T, KMF_X509_DER_CERT *); 307 extern void kmf_free_data(KMF_DATA *); 308 extern void kmf_free_algoid(KMF_X509_ALGORITHM_IDENTIFIER *); 309 extern void kmf_free_extn(KMF_X509_EXTENSION *); 310 extern void kmf_free_tbs_csr(KMF_TBS_CSR *); 311 extern void kmf_free_signed_csr(KMF_CSR_DATA *); 312 extern void kmf_free_tbs_cert(KMF_X509_TBS_CERT *); 313 extern void kmf_free_signed_cert(KMF_X509_CERTIFICATE *); 314 extern void kmf_free_str(char *); 315 extern void kmf_free_eku(KMF_X509EXT_EKU *); 316 extern void kmf_free_spki(KMF_X509_SPKI *); 317 extern void kmf_free_kmf_key(KMF_HANDLE_T, KMF_KEY_HANDLE *); 318 extern void kmf_free_bigint(KMF_BIGINT *); 319 extern void kmf_free_raw_key(KMF_RAW_KEY_DATA *); 320 extern void kmf_free_raw_sym_key(KMF_RAW_SYM_KEY *); 321 extern void kmf_free_crl_dist_pts(KMF_X509EXT_CRLDISTPOINTS *); 322 323 /* APIs for PKCS#11 token */ 324 extern KMF_RETURN kmf_pk11_token_lookup(KMF_HANDLE_T, char *, CK_SLOT_ID *); 325 extern KMF_RETURN kmf_pk11_init_token(KMF_HANDLE_T, 326 char *, char *, CK_UTF8CHAR_PTR, CK_ULONG); 327 extern KMF_RETURN kmf_set_token_pin(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 328 extern CK_SESSION_HANDLE kmf_get_pk11_handle(KMF_HANDLE_T); 329 330 /* 331 * Attribute management routines. 332 */ 333 int kmf_find_attr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int); 334 void *kmf_get_attr_ptr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int); 335 KMF_RETURN kmf_get_attr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int, void *, 336 uint32_t *); 337 KMF_RETURN kmf_get_string_attr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int, char **); 338 KMF_RETURN kmf_set_attr(KMF_ATTRIBUTE *, int, KMF_ATTR_TYPE, void *, uint32_t); 339 void kmf_set_attr_at_index(KMF_ATTRIBUTE *, int, KMF_ATTR_TYPE, 340 void *, uint32_t); 341 342 /* 343 * Certificate to name mapping functions. 344 */ 345 KMF_RETURN kmf_cert_to_name_mapping_initialize(KMF_HANDLE_T, int, 346 KMF_ATTRIBUTE *); 347 KMF_RETURN kmf_cert_to_name_mapping_finalize(KMF_HANDLE_T); 348 KMF_RETURN kmf_map_cert_to_name(KMF_HANDLE_T, KMF_DATA *, KMF_DATA *); 349 KMF_RETURN kmf_match_cert_to_name(KMF_HANDLE_T, KMF_DATA *, KMF_DATA *, 350 KMF_DATA *); 351 KMF_RETURN kmf_get_mapper_error_str(KMF_HANDLE_T, char **); 352 /* 353 * Helper functions for handling the mapper internal state. They are part of the 354 * public interface, too. 355 */ 356 void kmf_set_mapper_lasterror(KMF_HANDLE_T, uint32_t); 357 uint32_t kmf_get_mapper_lasterror(KMF_HANDLE_T); 358 void kmf_set_mapper_options(KMF_HANDLE_T, void *); 359 void *kmf_get_mapper_options(KMF_HANDLE_T); 360 361 #ifdef __cplusplus 362 } 363 #endif 364 #endif /* _KMFAPI_H */ 365