xref: /illumos-gate/usr/src/lib/libkmf/include/kmfapiP.h (revision 394707299ee511c373a7a164a534980fb01d39d0)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 #ifndef _KMFAPIP_H
26 #define	_KMFAPIP_H
27 
28 #pragma ident	"%Z%%M%	%I%	%E% SMI"
29 
30 #include <kmfapi.h>
31 #include <kmfpolicy.h>
32 
33 #ifdef __cplusplus
34 extern "C" {
35 #endif
36 
37 /* Plugin function table */
38 typedef struct {
39 	ushort_t	version;
40 	KMF_RETURN	(*ConfigureKeystore) (
41 			KMF_HANDLE_T,
42 			KMF_CONFIG_PARAMS *);
43 
44 	KMF_RETURN	(*FindCert) (
45 			KMF_HANDLE_T,
46 			KMF_FINDCERT_PARAMS	*,
47 			KMF_X509_DER_CERT *,
48 			uint32_t *);
49 
50 	void		(*FreeKMFCert) (
51 			KMF_HANDLE_T,
52 			KMF_X509_DER_CERT *);
53 
54 	KMF_RETURN	(*StoreCert) (
55 			KMF_HANDLE_T,
56 			KMF_STORECERT_PARAMS *,
57 			KMF_DATA *);
58 
59 	KMF_RETURN	(*ImportCert) (
60 			KMF_HANDLE_T,
61 			KMF_IMPORTCERT_PARAMS *);
62 
63 	KMF_RETURN	(*ImportCRL) (
64 			KMF_HANDLE_T,
65 			KMF_IMPORTCRL_PARAMS *);
66 
67 	KMF_RETURN	(*DeleteCert) (
68 			KMF_HANDLE_T,
69 			KMF_DELETECERT_PARAMS *);
70 
71 	KMF_RETURN	(*DeleteCRL) (
72 			KMF_HANDLE_T,
73 			KMF_DELETECRL_PARAMS *);
74 
75 	KMF_RETURN	(*CreateKeypair) (
76 			KMF_HANDLE_T,
77 			KMF_CREATEKEYPAIR_PARAMS *,
78 			KMF_KEY_HANDLE *,
79 			KMF_KEY_HANDLE *);
80 
81 	KMF_RETURN	(*FindKey) (
82 			KMF_HANDLE_T,
83 			KMF_FINDKEY_PARAMS *,
84 			KMF_KEY_HANDLE *,
85 			uint32_t *);
86 
87 	KMF_RETURN	(*EncodePubkeyData) (
88 			KMF_HANDLE_T,
89 			KMF_KEY_HANDLE *,
90 			KMF_DATA *);
91 
92 	KMF_RETURN	(*SignData) (
93 			KMF_HANDLE_T,
94 			KMF_KEY_HANDLE *,
95 			KMF_OID *,
96 			KMF_DATA *,
97 			KMF_DATA *);
98 
99 	KMF_RETURN	(*DeleteKey) (
100 			KMF_HANDLE_T,
101 			KMF_DELETEKEY_PARAMS *,
102 			KMF_KEY_HANDLE *,
103 			boolean_t);
104 
105 	KMF_RETURN	(*ListCRL) (
106 			KMF_HANDLE_T,
107 			KMF_LISTCRL_PARAMS *,
108 			char **);
109 
110 	KMF_RETURN	(*FindCRL) (
111 			KMF_HANDLE_T,
112 			KMF_FINDCRL_PARAMS *,
113 			char **,
114 			int *);
115 
116 	KMF_RETURN	(*FindCertInCRL) (
117 			KMF_HANDLE_T,
118 			KMF_FINDCERTINCRL_PARAMS *);
119 
120 	KMF_RETURN	(*GetErrorString) (
121 			KMF_HANDLE_T,
122 			char **);
123 
124 	KMF_RETURN	(*GetPrikeyByCert) (
125 			KMF_HANDLE_T,
126 			KMF_CRYPTOWITHCERT_PARAMS *,
127 			KMF_DATA *,
128 			KMF_KEY_HANDLE *,
129 			KMF_KEY_ALG);
130 
131 	KMF_RETURN	(*DecryptData) (
132 			KMF_HANDLE_T,
133 			KMF_KEY_HANDLE *,
134 			KMF_OID *,
135 			KMF_DATA *,
136 			KMF_DATA *);
137 
138 	KMF_RETURN	(*ExportP12)(
139 			KMF_HANDLE_T,
140 			KMF_EXPORTP12_PARAMS *,
141 			int, KMF_X509_DER_CERT *,
142 			int, KMF_KEY_HANDLE *,
143 			char *);
144 
145 	KMF_RETURN	(*StorePrivateKey)(
146 			KMF_HANDLE_T,
147 			KMF_STOREKEY_PARAMS *,
148 			KMF_RAW_KEY_DATA *);
149 
150 	KMF_RETURN	(*CreateSymKey) (
151 			KMF_HANDLE_T,
152 			KMF_CREATESYMKEY_PARAMS *,
153 			KMF_KEY_HANDLE *);
154 
155 	KMF_RETURN	(*GetSymKeyValue) (
156 			KMF_HANDLE_T,
157 			KMF_KEY_HANDLE *,
158 			KMF_RAW_SYM_KEY *);
159 
160 	KMF_RETURN	(*SetTokenPin) (
161 			KMF_HANDLE_T,
162 			KMF_SETPIN_PARAMS *,
163 			KMF_CREDENTIAL *);
164 
165 	KMF_RETURN	(*VerifyDataWithCert) (
166 			KMF_HANDLE_T,
167 			KMF_ALGORITHM_INDEX,
168 			KMF_DATA *,
169 			KMF_DATA *,
170 			KMF_DATA *);
171 
172 	void		(*Finalize) ();
173 
174 } KMF_PLUGIN_FUNCLIST;
175 
176 typedef struct {
177 	KMF_KEYSTORE_TYPE	type;
178 	char			*applications;
179 	char 			*path;
180 	void 			*dldesc;
181 	KMF_PLUGIN_FUNCLIST	*funclist;
182 } KMF_PLUGIN;
183 
184 typedef struct _KMF_PLUGIN_LIST {
185 	KMF_PLUGIN		*plugin;
186 	struct _KMF_PLUGIN_LIST *next;
187 } KMF_PLUGIN_LIST;
188 
189 typedef struct _kmf_handle {
190 	/*
191 	 * session handle opened by KMF_SelectToken() to talk
192 	 * to a specific slot in Crypto framework. It is used
193 	 * by pkcs11 plugin module.
194 	 */
195 	CK_SESSION_HANDLE	pk11handle;
196 	KMF_ERROR		lasterr;
197 	KMF_POLICY_RECORD	*policy;
198 	KMF_PLUGIN_LIST		*plugins;
199 } KMF_HANDLE;
200 
201 #define	CLEAR_ERROR(h, rv) { \
202 	if (h == NULL) { \
203 		rv = KMF_ERR_BAD_PARAMETER; \
204 	} else { \
205 		h->lasterr.errcode = 0; \
206 		h->lasterr.kstype = 0; \
207 		rv = KMF_OK; \
208 	} \
209 }
210 
211 #define	KMF_PLUGIN_INIT_SYMBOL	"KMF_Plugin_Initialize"
212 
213 #ifndef KMF_PLUGIN_PATH
214 #if defined(__sparcv9)
215 #define	KMF_PLUGIN_PATH "/usr/lib/security/sparcv9/"
216 #elif defined(__sparc)
217 #define	KMF_PLUGIN_PATH "/usr/lib/security/"
218 #elif defined(__i386)
219 #define	KMF_PLUGIN_PATH "/usr/lib/security/"
220 #elif defined(__amd64)
221 #define	KMF_PLUGIN_PATH "/usr/lib/security/amd64/"
222 #endif
223 #endif /* !KMF_PLUGIN_PATH */
224 
225 KMF_PLUGIN_FUNCLIST *KMF_Plugin_Initialize();
226 
227 KMF_RETURN
228 VerifyDataWithKey(KMF_HANDLE_T, KMF_DATA *, KMF_ALGORITHM_INDEX, KMF_DATA *,
229 	KMF_DATA *);
230 
231 KMF_RETURN
232 SignCsr(KMF_HANDLE_T, const KMF_DATA *, KMF_KEY_HANDLE *,
233 		KMF_X509_ALGORITHM_IDENTIFIER *, KMF_DATA *);
234 
235 KMF_BOOL PKCS_ConvertAlgorithmId2PKCSKeyType(
236 	KMF_ALGORITHM_INDEX, CK_KEY_TYPE *);
237 
238 KMF_RETURN PKCS_VerifyData(
239 	KMF_HANDLE *,
240 	KMF_ALGORITHM_INDEX,
241 	KMF_X509_SPKI *,
242 	KMF_DATA *, KMF_DATA *);
243 
244 KMF_RETURN PKCS_EncryptData(
245 	KMF_HANDLE *,
246 	KMF_ALGORITHM_INDEX,
247 	KMF_X509_SPKI *,
248 	KMF_DATA *,
249 	KMF_DATA *);
250 
251 KMF_PLUGIN *FindPlugin(KMF_HANDLE_T, KMF_KEYSTORE_TYPE);
252 
253 KMF_BOOL IsEqualOid(KMF_OID *, KMF_OID *);
254 
255 KMF_OID *X509_AlgIdToAlgorithmOid(KMF_ALGORITHM_INDEX);
256 KMF_ALGORITHM_INDEX X509_AlgorithmOidToAlgId(KMF_OID *);
257 KMF_RETURN PKCS_AcquirePublicKeyHandle(CK_SESSION_HANDLE ckSession,
258 	const KMF_X509_SPKI *, CK_KEY_TYPE, CK_OBJECT_HANDLE *,
259 	KMF_BOOL *);
260 
261 KMF_RETURN GetIDFromSPKI(KMF_X509_SPKI *, KMF_DATA *);
262 
263 KMF_RETURN KMF_SetAltName(KMF_X509_EXTENSIONS *,
264 	KMF_OID *, int, KMF_GENERALNAMECHOICES, char *);
265 KMF_RETURN GetSequenceContents(char *, size_t, char **, size_t *);
266 KMF_X509_EXTENSION *FindExtn(KMF_X509_EXTENSIONS *, KMF_OID *);
267 KMF_RETURN add_an_extension(KMF_X509_EXTENSIONS *exts,
268 	KMF_X509_EXTENSION *newextn);
269 KMF_RETURN set_integer(KMF_DATA *, void *, int);
270 void free_keyidlist(KMF_OID *, int);
271 KMF_RETURN copy_data(KMF_DATA *, KMF_DATA *);
272 void Cleanup_PK11_Session(KMF_HANDLE_T handle);
273 void free_dp_name(KMF_CRL_DIST_POINT *);
274 void free_dp(KMF_CRL_DIST_POINT *);
275 KMF_RETURN set_key_usage_extension(KMF_X509_EXTENSIONS *,
276 	int, uint32_t);
277 KMF_RETURN init_pk11();
278 KMF_RETURN KMF_SelectToken(KMF_HANDLE_T, char *, int);
279 
280 
281 /* Indexes into the key parts array for RSA keys */
282 #define	KMF_RSA_MODULUS			(0)
283 #define	KMF_RSA_PUBLIC_EXPONENT		(1)
284 #define	KMF_RSA_PRIVATE_EXPONENT	(2)
285 #define	KMF_RSA_PRIME1			(3)
286 #define	KMF_RSA_PRIME2			(4)
287 #define	KMF_RSA_EXPONENT1		(5)
288 #define	KMF_RSA_EXPONENT2		(6)
289 #define	KMF_RSA_COEFFICIENT		(7)
290 
291 /* Key part counts for RSA keys */
292 #define	KMF_NUMBER_RSA_PUBLIC_KEY_PARTS		(2)
293 #define	KMF_NUMBER_RSA_PRIVATE_KEY_PARTS	(8)
294 
295 /* Key part counts for DSA keys */
296 #define	KMF_NUMBER_DSA_PUBLIC_KEY_PARTS		(4)
297 #define	KMF_NUMBER_DSA_PRIVATE_KEY_PARTS	(4)
298 
299 /* Indexes into the key parts array for DSA keys */
300 #define	KMF_DSA_PRIME		(0)
301 #define	KMF_DSA_SUB_PRIME	(1)
302 #define	KMF_DSA_BASE		(2)
303 #define	KMF_DSA_PUBLIC_VALUE	(3)
304 
305 #ifndef max
306 #define	max(a, b) ((a) < (b) ? (b) : (a))
307 #endif
308 
309 /* Maximum key parts for all algorithms */
310 #define	KMF_MAX_PUBLIC_KEY_PARTS \
311 	(max(KMF_NUMBER_RSA_PUBLIC_KEY_PARTS, \
312 	KMF_NUMBER_DSA_PUBLIC_KEY_PARTS))
313 
314 #define	KMF_MAX_PRIVATE_KEY_PARTS \
315 	(max(KMF_NUMBER_RSA_PRIVATE_KEY_PARTS, \
316 	KMF_NUMBER_DSA_PRIVATE_KEY_PARTS))
317 
318 #define	KMF_MAX_KEY_PARTS \
319 	(max(KMF_MAX_PUBLIC_KEY_PARTS, KMF_MAX_PRIVATE_KEY_PARTS))
320 
321 typedef enum {
322 	KMF_ALGMODE_NONE	= 0,
323 	KMF_ALGMODE_CUSTOM,
324 	KMF_ALGMODE_PUBLIC_KEY,
325 	KMF_ALGMODE_PRIVATE_KEY,
326 	KMF_ALGMODE_PKCS1_EMSA_V15
327 } KMF_SIGNATURE_MODE;
328 
329 #define	KMF_CERT_PRINTABLE_LEN	1024
330 #define	SHA1_HASH_LENGTH 20
331 
332 #define	OCSPREQ_TEMPNAME	"/tmp/ocsp.reqXXXXXX"
333 #define	OCSPRESP_TEMPNAME	"/tmp/ocsp.respXXXXXX"
334 
335 #ifdef __cplusplus
336 }
337 #endif
338 #endif /* _KMFAPIP_H */
339