xref: /illumos-gate/usr/src/lib/libkmf/include/kmfapiP.h (revision 150d2c5288c645a1c1a7d2bee61199a3729406c7) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 #ifndef _KMFAPIP_H
26 #define	_KMFAPIP_H
27 
28 #pragma ident	"%Z%%M%	%I%	%E% SMI"
29 
30 #include <kmfapi.h>
31 #include <kmfpolicy.h>
32 
33 #ifdef __cplusplus
34 extern "C" {
35 #endif
36 
37 /* Plugin function table */
38 typedef struct {
39 	ushort_t	version;
40 	KMF_RETURN	(*ConfigureKeystore) (
41 			KMF_HANDLE_T,
42 			KMF_CONFIG_PARAMS *);
43 
44 	KMF_RETURN	(*FindCert) (
45 			KMF_HANDLE_T,
46 			KMF_FINDCERT_PARAMS	*,
47 			KMF_X509_DER_CERT *,
48 			uint32_t *);
49 
50 	void		(*FreeKMFCert) (
51 			KMF_HANDLE_T,
52 			KMF_X509_DER_CERT *);
53 
54 	KMF_RETURN	(*StoreCert) (
55 			KMF_HANDLE_T,
56 			KMF_STORECERT_PARAMS *,
57 			KMF_DATA *);
58 
59 	KMF_RETURN	(*ImportCert) (
60 			KMF_HANDLE_T,
61 			KMF_IMPORTCERT_PARAMS *);
62 
63 	KMF_RETURN	(*ImportCRL) (
64 			KMF_HANDLE_T,
65 			KMF_IMPORTCRL_PARAMS *);
66 
67 	KMF_RETURN	(*DeleteCert) (
68 			KMF_HANDLE_T,
69 			KMF_DELETECERT_PARAMS *);
70 
71 	KMF_RETURN	(*DeleteCRL) (
72 			KMF_HANDLE_T,
73 			KMF_DELETECRL_PARAMS *);
74 
75 	KMF_RETURN	(*CreateKeypair) (
76 			KMF_HANDLE_T,
77 			KMF_CREATEKEYPAIR_PARAMS *,
78 			KMF_KEY_HANDLE *,
79 			KMF_KEY_HANDLE *);
80 
81 	KMF_RETURN	(*FindKey) (
82 			KMF_HANDLE_T,
83 			KMF_FINDKEY_PARAMS *,
84 			KMF_KEY_HANDLE *,
85 			uint32_t *);
86 
87 	KMF_RETURN	(*EncodePubkeyData) (
88 			KMF_HANDLE_T,
89 			KMF_KEY_HANDLE *,
90 			KMF_DATA *);
91 
92 	KMF_RETURN	(*SignData) (
93 			KMF_HANDLE_T,
94 			KMF_KEY_HANDLE *,
95 			KMF_OID *,
96 			KMF_DATA *,
97 			KMF_DATA *);
98 
99 	KMF_RETURN	(*DeleteKey) (
100 			KMF_HANDLE_T,
101 			KMF_DELETEKEY_PARAMS *,
102 			KMF_KEY_HANDLE *,
103 			boolean_t);
104 
105 	KMF_RETURN	(*ListCRL) (
106 			KMF_HANDLE_T,
107 			KMF_LISTCRL_PARAMS *,
108 			char **);
109 
110 	KMF_RETURN	(*FindCRL) (
111 			KMF_HANDLE_T,
112 			KMF_FINDCRL_PARAMS *,
113 			char **,
114 			int *);
115 
116 	KMF_RETURN	(*FindCertInCRL) (
117 			KMF_HANDLE_T,
118 			KMF_FINDCERTINCRL_PARAMS *);
119 
120 	KMF_RETURN	(*GetErrorString) (
121 			KMF_HANDLE_T,
122 			char **);
123 
124 	KMF_RETURN	(*GetPrikeyByCert) (
125 			KMF_HANDLE_T,
126 			KMF_CRYPTOWITHCERT_PARAMS *,
127 			KMF_DATA *,
128 			KMF_KEY_HANDLE *,
129 			KMF_KEY_ALG);
130 
131 	KMF_RETURN	(*DecryptData) (
132 			KMF_HANDLE_T,
133 			KMF_KEY_HANDLE *,
134 			KMF_OID *,
135 			KMF_DATA *,
136 			KMF_DATA *);
137 
138 	KMF_RETURN	(*ExportP12)(
139 			KMF_HANDLE_T,
140 			KMF_EXPORTP12_PARAMS *,
141 			int, KMF_X509_DER_CERT *,
142 			int, KMF_KEY_HANDLE *,
143 			char *);
144 
145 	KMF_RETURN	(*StorePrivateKey)(
146 			KMF_HANDLE_T,
147 			KMF_STOREKEY_PARAMS *,
148 			KMF_RAW_KEY_DATA *);
149 
150 	KMF_RETURN	(*CreateSymKey) (
151 			KMF_HANDLE_T,
152 			KMF_CREATESYMKEY_PARAMS *,
153 			KMF_KEY_HANDLE *);
154 
155 	KMF_RETURN	(*GetSymKeyValue) (
156 			KMF_HANDLE_T,
157 			KMF_KEY_HANDLE *,
158 			KMF_RAW_SYM_KEY *);
159 
160 	KMF_RETURN	(*SetTokenPin) (
161 			KMF_HANDLE_T,
162 			KMF_SETPIN_PARAMS *,
163 			KMF_CREDENTIAL *);
164 
165 	void		(*Finalize) ();
166 
167 } KMF_PLUGIN_FUNCLIST;
168 
169 typedef struct {
170 	KMF_KEYSTORE_TYPE	type;
171 	char			*applications;
172 	char 			*path;
173 	void 			*dldesc;
174 	KMF_PLUGIN_FUNCLIST	*funclist;
175 } KMF_PLUGIN;
176 
177 typedef struct _KMF_PLUGIN_LIST {
178 	KMF_PLUGIN		*plugin;
179 	struct _KMF_PLUGIN_LIST *next;
180 } KMF_PLUGIN_LIST;
181 
182 typedef struct _kmf_handle {
183 	/*
184 	 * session handle opened by KMF_SelectToken() to talk
185 	 * to a specific slot in Crypto framework. It is used
186 	 * by pkcs11 plugin module.
187 	 */
188 	CK_SESSION_HANDLE	pk11handle;
189 	KMF_ERROR		lasterr;
190 	KMF_POLICY_RECORD	*policy;
191 	KMF_PLUGIN_LIST		*plugins;
192 } KMF_HANDLE;
193 
194 #define	CLEAR_ERROR(h, rv) { \
195 	if (h == NULL) { \
196 		rv = KMF_ERR_BAD_PARAMETER; \
197 	} else { \
198 		h->lasterr.errcode = 0; \
199 		h->lasterr.kstype = 0; \
200 		rv = KMF_OK; \
201 	} \
202 }
203 
204 #define	KMF_PLUGIN_INIT_SYMBOL	"KMF_Plugin_Initialize"
205 
206 #ifndef KMF_PLUGIN_PATH
207 #if defined(__sparcv9)
208 #define	KMF_PLUGIN_PATH "/usr/lib/security/sparcv9/"
209 #elif defined(__sparc)
210 #define	KMF_PLUGIN_PATH "/usr/lib/security/"
211 #elif defined(__i386)
212 #define	KMF_PLUGIN_PATH "/usr/lib/security/"
213 #elif defined(__amd64)
214 #define	KMF_PLUGIN_PATH "/usr/lib/security/amd64/"
215 #endif
216 #endif /* !KMF_PLUGIN_PATH */
217 
218 KMF_PLUGIN_FUNCLIST *KMF_Plugin_Initialize();
219 
220 KMF_RETURN
221 SignCert(KMF_HANDLE_T, const KMF_DATA *, KMF_KEY_HANDLE *, KMF_DATA *);
222 
223 KMF_RETURN
224 VerifyCertWithKey(KMF_HANDLE_T, KMF_DATA *, const KMF_DATA *);
225 
226 KMF_RETURN
227 VerifyCertWithCert(KMF_HANDLE_T, const KMF_DATA *, const KMF_DATA *);
228 
229 KMF_RETURN
230 VerifyDataWithCert(KMF_HANDLE_T, KMF_DATA *, KMF_DATA *, const KMF_DATA *);
231 
232 KMF_RETURN
233 VerifyDataWithKey(KMF_HANDLE_T, KMF_DATA *, KMF_ALGORITHM_INDEX, KMF_DATA *,
234 	KMF_DATA *);
235 
236 KMF_RETURN
237 EncryptWithCert(KMF_HANDLE_T, KMF_DATA *, KMF_DATA *, KMF_DATA *);
238 
239 KMF_RETURN
240 DecryptWithCert(KMF_HANDLE_T, KMF_DATA *, KMF_KEY_HANDLE *, KMF_DATA *,
241 	KMF_DATA *);
242 
243 KMF_RETURN
244 SignCsr(KMF_HANDLE_T, const KMF_DATA *, KMF_KEY_HANDLE *,
245 		KMF_X509_ALGORITHM_IDENTIFIER *, KMF_DATA *);
246 
247 KMF_BOOL PKCS_ConvertAlgorithmId2PKCSKeyType(
248 	KMF_ALGORITHM_INDEX, CK_KEY_TYPE *);
249 
250 KMF_RETURN PKCS_VerifyData(
251 	KMF_HANDLE *,
252 	KMF_ALGORITHM_INDEX,
253 	KMF_X509_SPKI *,
254 	KMF_DATA *, KMF_DATA *);
255 
256 KMF_RETURN PKCS_EncryptData(
257 	KMF_HANDLE *,
258 	KMF_ALGORITHM_INDEX,
259 	KMF_X509_SPKI *,
260 	KMF_DATA *,
261 	KMF_DATA *);
262 
263 KMF_PLUGIN *FindPlugin(KMF_HANDLE_T, KMF_KEYSTORE_TYPE);
264 
265 KMF_BOOL IsEqualOid(KMF_OID *, KMF_OID *);
266 
267 KMF_OID *X509_AlgIdToAlgorithmOid(KMF_ALGORITHM_INDEX);
268 
269 KMF_ALGORITHM_INDEX X509_AlgorithmOidToAlgId(KMF_OID *);
270 KMF_RETURN GetIDFromSPKI(KMF_X509_SPKI *, KMF_DATA *);
271 CK_RV DigestData(CK_SESSION_HANDLE, KMF_DATA *, KMF_DATA *);
272 
273 KMF_RETURN KMF_SetAltName(KMF_X509_EXTENSIONS *,
274 	KMF_OID *, int, KMF_GENERALNAMECHOICES, char *);
275 KMF_RETURN GetSequenceContents(char *, size_t, char **, size_t *);
276 KMF_X509_EXTENSION *FindExtn(KMF_X509_EXTENSIONS *, KMF_OID *);
277 KMF_RETURN add_an_extension(KMF_X509_EXTENSIONS *exts,
278 	KMF_X509_EXTENSION *newextn);
279 KMF_RETURN set_integer(KMF_DATA *, void *, int);
280 void free_keyidlist(KMF_OID *, int);
281 KMF_RETURN copy_data(KMF_DATA *, KMF_DATA *);
282 void Cleanup_PK11_Session(KMF_HANDLE_T handle);
283 void free_dp_name(KMF_CRL_DIST_POINT *);
284 void free_dp(KMF_CRL_DIST_POINT *);
285 KMF_RETURN set_key_usage_extension(KMF_X509_EXTENSIONS *,
286 	int, uint32_t);
287 int is_pk11_ready();
288 KMF_RETURN KMF_SelectToken(KMF_HANDLE_T, char *, int);
289 
290 
291 /* Indexes into the key parts array for RSA keys */
292 #define	KMF_RSA_MODULUS			(0)
293 #define	KMF_RSA_PUBLIC_EXPONENT		(1)
294 #define	KMF_RSA_PRIVATE_EXPONENT	(2)
295 #define	KMF_RSA_PRIME1			(3)
296 #define	KMF_RSA_PRIME2			(4)
297 #define	KMF_RSA_EXPONENT1		(5)
298 #define	KMF_RSA_EXPONENT2		(6)
299 #define	KMF_RSA_COEFFICIENT		(7)
300 
301 /* Key part counts for RSA keys */
302 #define	KMF_NUMBER_RSA_PUBLIC_KEY_PARTS		(2)
303 #define	KMF_NUMBER_RSA_PRIVATE_KEY_PARTS	(8)
304 
305 /* Key part counts for DSA keys */
306 #define	KMF_NUMBER_DSA_PUBLIC_KEY_PARTS		(4)
307 #define	KMF_NUMBER_DSA_PRIVATE_KEY_PARTS	(4)
308 
309 /* Indexes into the key parts array for DSA keys */
310 #define	KMF_DSA_PRIME		(0)
311 #define	KMF_DSA_SUB_PRIME	(1)
312 #define	KMF_DSA_BASE		(2)
313 #define	KMF_DSA_PUBLIC_VALUE	(3)
314 
315 #ifndef max
316 #define	max(a, b) ((a) < (b) ? (b) : (a))
317 #endif
318 
319 /* Maximum key parts for all algorithms */
320 #define	KMF_MAX_PUBLIC_KEY_PARTS \
321 	(max(KMF_NUMBER_RSA_PUBLIC_KEY_PARTS, \
322 	KMF_NUMBER_DSA_PUBLIC_KEY_PARTS))
323 
324 #define	KMF_MAX_PRIVATE_KEY_PARTS \
325 	(max(KMF_NUMBER_RSA_PRIVATE_KEY_PARTS, \
326 	KMF_NUMBER_DSA_PRIVATE_KEY_PARTS))
327 
328 #define	KMF_MAX_KEY_PARTS \
329 	(max(KMF_MAX_PUBLIC_KEY_PARTS, KMF_MAX_PRIVATE_KEY_PARTS))
330 
331 typedef enum {
332 	KMF_ALGMODE_NONE	= 0,
333 	KMF_ALGMODE_CUSTOM,
334 	KMF_ALGMODE_PUBLIC_KEY,
335 	KMF_ALGMODE_PRIVATE_KEY,
336 	KMF_ALGMODE_PKCS1_EMSA_V15
337 } KMF_SIGNATURE_MODE;
338 
339 #define	KMF_CERT_PRINTABLE_LEN	1024
340 #define	SHA1_HASH_LENGTH 20
341 
342 #define	OCSPREQ_TEMPNAME	"/tmp/ocsp.reqXXXXXX"
343 #define	OCSPRESP_TEMPNAME	"/tmp/ocsp.respXXXXXX"
344 
345 #ifdef __cplusplus
346 }
347 #endif
348 #endif /* _KMFAPIP_H */
349