1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #ifndef _SLP_AMI_H 28 #define _SLP_AMI_H 29 30 #ifdef __cplusplus 31 extern "C" { 32 #endif 33 34 #include <sys/types.h> 35 36 typedef struct ami_oid { 37 unsigned short count; 38 unsigned long *value; 39 } ami_oid; 40 41 typedef struct Any { 42 unsigned long length; 43 unsigned char *value; 44 } Any; 45 46 typedef struct ami_rdn_seq *ami_dname; 47 48 typedef struct ami_name { 49 unsigned short choice; 50 #define distinguishedName_chosen 1 51 union { 52 struct ami_rdn_seq *distinguishedName; 53 } u; 54 } ami_name; 55 56 typedef struct ami_rdn_seq { 57 struct ami_rdn_seq *next; 58 struct ami_rdname *value; 59 } *ami_rdn_seq; 60 61 typedef struct ami_rdname { 62 struct ami_rdname *next; 63 struct ami_ava *value; 64 } *ami_rdname; 65 66 typedef Any ami_attr_value; 67 68 typedef struct ami_ava { 69 struct ami_oid *objid; 70 ami_attr_value *value; 71 } ami_ava; 72 73 typedef struct ami_attr_list { 74 struct ami_attr_list *next; 75 struct ami_attr *value; 76 } *ami_attr_list; 77 78 typedef struct ami_attr { 79 struct ami_oid *type; 80 struct ami_attr_value_set *values; 81 } ami_attr; 82 83 typedef struct ami_attr_value_set { 84 struct ami_attr_value_set *next; 85 ami_attr_value *value; 86 } *ami_attr_value_set; 87 88 typedef struct CaseIgnoreString { 89 unsigned short choice; 90 #define CaseIgnoreString_t61String_chosen 1 91 #define CaseIgnoreString_printableString_chosen 2 92 union { 93 char *CaseIgnoreString_t61String; 94 char *CaseIgnoreString_printableString; 95 } u; 96 } CaseIgnoreString; 97 98 typedef CaseIgnoreString ami_case_ignore_string; 99 100 typedef char *ami_printable_string; 101 102 typedef struct ami_cert_pair { 103 struct ami_cert *forward; /* NULL for not present */ 104 struct ami_cert *reverse; /* NULL for not present */ 105 } ami_cert_pair; 106 107 typedef struct ami_cert_serialnum { 108 unsigned short length; 109 unsigned char *value; 110 } ami_cert_serialnum; 111 112 typedef struct ami_cert_info { 113 unsigned char bit_mask; 114 #define version_present 0x80 115 #define extensions_present 0x40 116 int version; /* default assumed if omitted */ 117 #define version_v1 0 118 #define version_v2 1 119 #define version_v3 2 120 ami_cert_serialnum serial; 121 struct ami_algid *signature; 122 struct ami_name *issuer; 123 struct ami_validity *validity; 124 struct ami_name *subject; 125 struct ami_pubkey_info *pubKeyInfo; 126 struct ami_uid *issuerUID; /* NULL for not present */ 127 struct ami_uid *subjectUID; /* NULL for not present */ 128 struct ami_cert_extn_list *extensions; /* optional */ 129 } ami_cert_info; 130 131 typedef struct ami_bitstring { 132 unsigned int length; /* number of significant bits */ 133 unsigned char *value; 134 } ami_bitstring; 135 136 typedef struct ami_cert { 137 ami_cert_info info; 138 struct ami_algid *algorithm; 139 ami_bitstring signature; 140 } ami_cert; 141 142 typedef struct ami_uid { 143 unsigned int length; /* number of significant bits */ 144 unsigned char *value; 145 } ami_uid; 146 147 typedef struct ami_octetstring { 148 unsigned int length; 149 unsigned char *value; 150 } ami_octetstring; 151 152 typedef int ami_cert_version; 153 #define CertificateVersion_v1 0 154 #define CertificateVersion_v2 1 155 #define CertificateVersion_v3 2 156 157 typedef char amiBoolean; 158 159 typedef struct { 160 short year; /* YYYY format when used for GeneralizedTime */ 161 /* YY format when used for UTCTime */ 162 short month; 163 short day; 164 short hour; 165 short minute; 166 short second; 167 short millisec; 168 short mindiff; /* UTC +/- minute differential */ 169 amiBoolean utc; /* TRUE means UTC time */ 170 } GeneralizedTime; 171 172 typedef GeneralizedTime UTCTime; 173 174 typedef struct ami_validity { 175 UTCTime *notBefore; 176 UTCTime *notAfter; 177 } ami_validity; 178 179 typedef struct ami_pubkey_info { 180 struct ami_algid *algorithm; 181 ami_bitstring pubKey; 182 } ami_pubkey_info; 183 184 typedef Any ami_alg_params; 185 186 typedef struct ami_algid { 187 struct ami_oid *algorithm; 188 ami_alg_params *parameters; /* NULL for not present */ 189 } ami_algid; 190 191 192 typedef struct ami_cert_extn { 193 unsigned char bit_mask; 194 #define critical_present 0x80 195 struct ami_oid *extend; 196 amiBoolean critical; 197 ami_octetstring extnValue; 198 } ami_cert_extn; 199 200 typedef struct ami_cert_extn_list { 201 struct ami_cert_extn_list *next; 202 struct ami_cert_extn *value; 203 } *ami_cert_extn_list; 204 205 typedef struct ami_cert_list_contents { 206 unsigned char bit_mask; 207 #define nextUpdate_present 0x80 208 #define CertListContents_revokedCertificates_present 0x40 209 ami_algid signature; 210 ami_name issuer; 211 UTCTime thisUpdate; 212 UTCTime nextUpdate; 213 struct _seqof1 { 214 struct _seqof1 *next; 215 struct { 216 ami_cert_serialnum userCertificate; 217 UTCTime revocationDate; 218 } value; 219 } *CertListContents_revokedCertificates; 220 } ami_cert_list_contents; 221 222 typedef struct ami_cert_list { 223 ami_cert_list_contents certListContents; 224 ami_algid algId; 225 ami_bitstring signature; 226 } ami_cert_list; 227 228 typedef struct ami_rc2_cbc_param { 229 unsigned short choice; 230 #define iv_chosen 1 231 #define sequence_chosen 2 232 union { 233 ami_octetstring iv; 234 struct _seq1 { 235 int version; 236 ami_octetstring iv; 237 } sequence; 238 } u; 239 } ami_rc2_cbc_param; 240 241 typedef int INT; 242 243 typedef struct ami_keypkg_info { 244 unsigned char bit_mask; 245 #define keypkgAttrs_present 0x80 246 #define tKeys_present 0x40 247 char *version; 248 char *keypkgId; 249 struct ami_name *owner; 250 struct ami_pubkey_info *pubKeyInfo; 251 struct ami_encr_privkey_info *encrPrivKeyInfo; 252 struct ami_attr_list *keypkgAttrs; /* optional */ 253 int usage; 254 struct ami_tkey_list *tKeys; /* optional */ 255 } ami_keypkg_info; 256 257 typedef struct ami_keypkg { 258 ami_keypkg_info info; 259 struct ami_algid *algorithm; 260 ami_bitstring signature; 261 } ami_keypkg; 262 263 typedef struct ami_tkey_list { 264 struct ami_tkey_list *next; 265 struct ami_tkey *value; 266 } *ami_tkey_list; 267 268 typedef struct ami_tkey { 269 unsigned char bit_mask; 270 #define TrustedKey_extensions_present 0x80 271 struct ami_name *owner; 272 struct ami_pubkey_info *pubKeyInfo; 273 struct ami_name *issuer; /* NULL for not present */ 274 struct ami_validity *validity; /* NULL for not present */ 275 struct ami_cert_serialnum *serial; /* NULL for not present */ 276 struct ami_cert_extn_list *TrustedKey_extensions; /* optional */ 277 } ami_tkey; 278 279 typedef struct ami_serv_key_info { 280 Any keyAlgId; 281 int uid; 282 int flags; 283 Any privKey; 284 char *keypkgId; 285 char *hostIP; 286 Any keypkg; 287 } ami_serv_key_info; 288 289 typedef struct _octet1 { 290 unsigned int length; 291 unsigned char *value; 292 } _octet1; 293 294 typedef struct ami_digest_info { 295 struct ami_algid *digestAlgorithm; 296 _octet1 digest; 297 } ami_digest_info; 298 299 typedef struct ami_crl_set { 300 struct ami_crl_set *next; 301 struct ami_crl *value; 302 } *ami_crl_set; 303 304 typedef struct ami_crl_entry { 305 int userCertificate; 306 UTCTime *revocationDate; 307 } ami_crl_entry; 308 309 typedef struct ami_crl_info { 310 unsigned char bit_mask; 311 #define CertificateRevocationListInfo_revokedCertificates_present 0x80 312 struct ami_algid *signature; 313 struct ami_name *issuer; 314 UTCTime *lastUpdate; 315 UTCTime *nextUpdate; 316 struct _seqof2 { 317 struct _seqof2 *next; 318 ami_crl_entry value; 319 } *CertificateRevocationListInfo_revokedCertificates; 320 } ami_crl_info; 321 322 typedef struct ami_crl { 323 ami_crl_info info; 324 struct ami_algid *algorithm; 325 ami_bitstring signature; 326 } ami_crl; 327 328 typedef struct ami_pbe_param { 329 struct { 330 unsigned short length; 331 unsigned char value[8]; 332 } salt; 333 int iterationCount; 334 } ami_pbe_param; 335 336 typedef struct ami_extcert_info { 337 int version; 338 struct ami_cert *certificate; 339 struct ami_attr_list *attributes; 340 } ami_extcert_info; 341 342 typedef struct ami_extcert { 343 struct ami_extcert_info *extendedCertificateInfo; 344 struct ami_algid *signatureAlgorithm; 345 ami_bitstring signature; 346 } ami_extcert; 347 348 typedef struct ami_extcerts_and_certs { 349 struct ami_extcerts_and_certs *next; 350 struct ami_extcert_or_cert *value; 351 } *ami_extcerts_and_certs; 352 353 typedef struct ami_extcert_or_cert { 354 unsigned short choice; 355 #define cert_chosen 1 356 #define extendedCert_chosen 2 357 union { 358 struct ami_cert *cert; 359 struct ami_extcert *extendedCert; 360 } u; 361 } ami_extcert_or_cert; 362 363 typedef Any Content; 364 365 typedef struct ami_content_info { 366 struct ami_oid *contentType; 367 Content *content; /* NULL for not present */ 368 } ami_content_info; 369 370 typedef struct ami_content_info_fm { 371 struct ami_oid *contentType; 372 Content *content; /* NULL for not present */ 373 } ami_content_info_fm; 374 375 typedef struct ami_enveloped_data { 376 int version; 377 struct ami_rcpt_info_list *recipientInfos; 378 struct ami_encr_content_info *encryptedContentInfo; 379 } ami_enveloped_data; 380 381 typedef struct ami_encr_data { 382 int version; 383 struct ami_encr_content_info *encryptedContentInfo; 384 } ami_encr_data; 385 386 typedef struct ami_signed_data { 387 unsigned char bit_mask; 388 #define SignedData_certs_present 0x80 389 #define SignedData_crls_present 0x40 390 int version; 391 struct ami_digest_alg_list *digestAlgorithms; 392 struct ami_content_info *contentInfo; 393 struct ami_extcerts_and_certs *SignedData_certs; /* optional */ 394 struct ami_crl_set *SignedData_crls; /* optional */ 395 struct ami_signer_info_list *signerInfos; 396 } ami_signed_data; 397 398 typedef struct ami_signed_data_fm { 399 unsigned char bit_mask; 400 #define SignedDataFm_certs_present 0x80 401 #define SignedDataFm_crls_present 0x40 402 int version; 403 struct ami_digest_alg_list *digestAlgorithms; 404 struct ami_content_info_fm *contentInfo; 405 struct ami_extcerts_and_certs *SignedDataFm_certs; /* optional */ 406 struct ami_crl_set *SignedDataFm_crls; /* optional */ 407 struct ami_signer_info_list *signerInfos; 408 } ami_signed_data_fm; 409 410 typedef struct ami_rcpt_info_list { 411 struct ami_rcpt_info_list *next; 412 struct ami_rcpt_info *value; 413 } *ami_rcpt_info_list; 414 415 typedef struct ami_encr_content_info { 416 struct ami_oid *contentType; 417 struct ami_algid *contentEncryptionAlgorithm; 418 struct ami_encr_content *encryptedContent; /* NULL for not present */ 419 } ami_encr_content_info; 420 421 typedef struct ami_pkcs_data { 422 unsigned int length; 423 unsigned char *value; 424 } ami_pkcs_data; 425 426 typedef struct ami_pkcs_data_fm { 427 unsigned int length; 428 unsigned char *value; 429 } ami_pkcs_data_fm; 430 431 typedef struct ami_encr_content { 432 unsigned int length; 433 unsigned char *value; 434 } ami_encr_content; 435 436 typedef struct ami_rcpt_info { 437 int version; 438 struct ami_issuer_and_serialnum *issuerAndSerialNumber; 439 struct ami_algid *keyEncryptionAlgorithm; 440 _octet1 encryptedKey; 441 } ami_rcpt_info; 442 443 typedef struct ami_signer_info { 444 unsigned char bit_mask; 445 #define authenticatedAttributes_present 0x80 446 #define unauthenticatedAttributes_present 0x40 447 int version; 448 struct ami_issuer_and_serialnum *issuerAndSerialNumber; 449 struct ami_algid *digestAlgorithm; 450 struct ami_attr_list *authenticatedAttributes; /* optional */ 451 struct ami_algid *digestEncryptionAlgorithm; 452 _octet1 encryptedDigest; 453 struct ami_attr_list *unauthenticatedAttributes; /* optional */ 454 } ami_signer_info; 455 456 typedef struct ami_signer_info_list { 457 struct ami_signer_info_list *next; 458 struct ami_signer_info *value; 459 } *ami_signer_info_list; 460 461 typedef struct ami_issuer_and_serialnum { 462 struct ami_name *issuer; 463 ami_cert_serialnum serial; 464 } ami_issuer_and_serialnum; 465 466 typedef struct ami_digest_alg_list { 467 struct ami_digest_alg_list *next; 468 struct ami_algid *value; 469 } *ami_digest_alg_list; 470 471 typedef struct ami_privkey_info { 472 unsigned char bit_mask; 473 #define attributes_present 0x80 474 int version; 475 struct ami_algid *privateKeyAlgorithm; 476 _octet1 privateKey; 477 struct ami_attr_list *attributes; /* optional */ 478 } ami_privkey_info; 479 480 typedef struct ami_encr_privkey_info { 481 struct ami_algid *encryptionAlgorithm; 482 ami_octetstring encryptedData; 483 } ami_encr_privkey_info; 484 485 typedef struct ami_certreq_info { 486 int version; 487 struct ami_name *subject; 488 struct ami_pubkey_info *pubKeyInfo; 489 struct ami_attr_list *attributes; 490 } ami_certreq_info; 491 492 typedef struct ami_certreq { 493 ami_certreq_info info; 494 struct ami_algid *algorithm; 495 ami_bitstring signature; 496 } ami_certreq; 497 498 typedef struct ami_challenge_pwd { 499 unsigned short choice; 500 #define ChallengePassword_printableString_chosen 1 501 #define ChallengePassword_t61String_chosen 2 502 union { 503 char *ChallengePassword_printableString; 504 char *ChallengePassword_t61String; 505 } u; 506 } ami_challenge_pwd; 507 508 typedef char *ami_email_addr; 509 510 typedef struct ami_pubkey_and_challenge { 511 struct ami_pubkey_info *spki; 512 char *challenge; 513 } ami_pubkey_and_challenge; 514 515 typedef struct ami_signed_pubkey_and_challenge { 516 ami_pubkey_and_challenge pubKeyAndChallenge; 517 struct ami_algid *sigAlg; 518 ami_bitstring signature; 519 } ami_signed_pubkey_and_challenge; 520 521 extern ami_oid *AMI_MD2_OID; 522 extern ami_oid *AMI_MD4_OID; 523 extern ami_oid *AMI_MD5_OID; 524 extern ami_oid *AMI_SHA_1_OID; 525 extern ami_oid *AMI_RSA_ENCR_OID; 526 extern ami_oid *AMI_MD2WithRSAEncryption_OID; 527 extern ami_oid *AMI_MD5WithRSAEncryption_OID; 528 extern ami_oid *AMI_DSA_OID; 529 extern ami_oid *AMI_SHA1WithDSASignature_OID; 530 extern ami_oid *AMI_DES_ECB_OID; 531 extern ami_oid *AMI_DES_CBC_OID; 532 extern ami_oid *AMI_DES3_CBC_OID; 533 extern ami_oid *AMI_DES_MAC_OID; 534 extern ami_oid *AMI_RC2_CBC_OID; 535 extern ami_oid *AMI_RC4_OID; 536 537 /* 538 * Misc. AlgIDs 539 */ 540 extern struct ami_algid *AMI_RSA_ENCR_AID; 541 extern struct ami_algid *AMI_MD2WithRSAEncryption_AID; 542 extern struct ami_algid *AMI_MD5WithRSAEncryption_AID; 543 extern struct ami_algid *AMI_DSA_AID; 544 extern struct ami_algid *AMI_SHA1WithDSASignature_AID; 545 extern struct ami_algid *AMI_DH_AID; 546 extern struct ami_algid *AMI_MD2_AID; 547 extern struct ami_algid *AMI_MD4_AID; 548 extern struct ami_algid *AMI_MD5_AID; 549 extern struct ami_algid *AMI_SHA1_AID; 550 extern struct ami_algid *AMI_RC4_AID; 551 552 /* Algorithm types */ 553 typedef enum { 554 AMI_OTHER_ALG = -1, 555 AMI_SYM_ENC_ALG, 556 AMI_ASYM_ENC_ALG, 557 AMI_HASH_ALG, 558 AMI_SIG_ALG, 559 AMI_KEYED_INTEGRITY_ALG 560 } ami_alg_type; 561 562 /* Parameter types */ 563 typedef enum { 564 AMI_PARM_OTHER = -1, 565 AMI_PARM_ABSENT, 566 AMI_PARM_INTEGER, 567 AMI_PARM_OCTETSTRING, 568 AMI_PARM_NULL, 569 AMI_PARM_RC2_CBC, 570 AMI_PARM_PBE 571 } ami_parm_type; 572 573 /* Algorithm table */ 574 #define AMI_NO_EXPORT_KEYSIZE_LIMIT 0 575 typedef struct ami_alg_list { 576 ami_oid *oid; 577 char *name; 578 ami_alg_type algType; 579 ami_parm_type parmType; 580 size_t keysize_limit; 581 } ami_alg_list; 582 583 /* 584 * AMI function return values 585 */ 586 587 #define AMI_OK 0 588 #define AMI_EBUFSIZE 1 589 #define AMI_ENOMEM 2 /* ENOMEM MUST be 2 */ 590 #define AMI_BAD_FILE 3 591 #define AMI_FILE_NOT_FOUND 4 592 #define AMI_FILE_IO_ERR 5 593 #define AMI_BAD_PASSWD 6 594 #define AMI_UNKNOWN_USER 7 595 #define AMI_ALGORITHM_UNKNOWN 8 596 #define AMI_ASN1_ENCODE_ERR 9 597 #define AMI_ASN1_DECODE_ERR 10 598 #define AMI_BAD_KEY 11 599 #define AMI_KEYGEN_ERR 12 600 #define AMI_ENCRYPT_ERR 13 601 #define AMI_DECRYPT_ERR 14 602 #define AMI_SIGN_ERR 15 603 #define AMI_VERIFY_ERR 16 604 #define AMI_DIGEST_ERR 17 605 #define AMI_OUTPUT_FORMAT_ERR 18 606 #define AMI_SYSTEM_ERR 19 /* General Errors */ 607 #define AMI_ATTRIBUTE_UNKNOWN 20 608 #define AMI_AMILOGIN_ERR 21 609 #define AMI_AMILOGOUT_ERR 22 610 #define AMI_NO_SUCH_ENTRY 23 611 #define AMI_ENTRY_ALREADY_EXISTS 24 612 #define AMI_AMISERV_DECRYPT_ERR 25 613 #define AMI_AMISERV_SIGN_ERR 26 614 #define AMI_USER_DID_NOT_AMILOGIN 27 615 #define AMI_AMISERV_CONNECT 28 616 #define AMI_KEYPKG_NOT_FOUND 29 617 #define AMI_TIME_INVALID 30 618 #define AMI_UNTRUSTED_PUBLIC_KEY 31 619 #define AMI_EPARM 32 /* EPARM MUST be 32 */ 620 #define AMI_BINARY_TO_RFC1421_ERR 33 621 #define AMI_RFC1421_TO_BINARY_ERR 34 622 #define AMI_RANDOM_NUM_ERR 35 623 #define AMI_XFN_ERR 36 624 #define AMI_CERT_CHAIN_ERR 37 625 #define AMI_RDN_MISSING_EQUAL 38 626 #define AMI_AVA_TYPE_MISSING 39 627 #define AMI_AVA_VALUE_MISSING 40 628 #define AMI_CERT_NOT_FOUND 41 629 #define AMI_DN_NOT_FOUND 42 630 #define AMI_CRITICAL_EXTNS_ERR 43 631 #define AMI_ASN1_INIT_ERROR 44 632 #define AMI_WRAP_ERROR 45 633 #define AMI_UNWRAP_ERROR 46 634 #define AMI_UNSUPPORTED_KEY_TYPE 47 635 #define AMI_DH_PART1_ERR 48 636 #define AMI_DH_PART2_ERR 49 637 #define AMI_DOUBLE_ENCRYPT 50 638 #define AMI_AMISERV_KEYPKG_UPDATE 51 639 #define AMI_AMISERV_STAT_ERR 52 640 #define AMI_GLOBAL_ERR 53 641 #define AMI_TRUSTED_KEY_EXPIRED 54 642 #define AMI_OPEN_ERR 55 643 #define AMI_TOTAL_ERRNUM 56 644 #define AMI_CERT_ERR 57 645 #define AMI_KEYPKG_ERR 58 646 647 /* flags for ami_encrypt, ami_decrypt, ami_sign, ami_verify, ami_digest */ 648 #define AMI_ADD_DATA 1 649 #define AMI_END_DATA 2 650 #define AMI_DIGESTED_DATA 3 /* for ami_verify for digested data */ 651 652 /* AMI Handle and status */ 653 typedef struct ami_handle ami_handle_t; 654 655 /* AMI return variable */ 656 typedef int AMI_STATUS; 657 658 /* 659 * Parameter 660 */ 661 662 typedef struct ami_rsa_keygen_param_t { 663 uint_t modulusBits; 664 uchar_t *publicExponent; /* const */ 665 size_t publicExponentLen; 666 } ami_rsa_keygen_param; 667 668 typedef struct ami_des_keygen_param_t { 669 uchar_t *saltVal; /* const */ 670 size_t saltLen; 671 char *passwd; /* const */ 672 int iterationCount; 673 } ami_des_keygen_param; 674 675 /* 676 * PROTOTYPES should be set to one if and only if the compiler supports 677 * function argument prototyping. 678 * The following makes PROTOTYPES default to 1 if it has not already been 679 * defined as 0 with C compiler flags. 680 */ 681 #ifndef PROTOTYPES 682 #define PROTOTYPES 1 683 #endif 684 685 /* 686 * PROTO_LIST is defined depending on how PROTOTYPES is defined above. 687 * If using PROTOTYPES, then PROTO_LIST returns the list, otherwise it 688 * returns an empty list. 689 */ 690 691 #if PROTOTYPES 692 #define PROTO_LIST(list) list 693 #else 694 #define PROTO_LIST(list) () 695 #endif 696 697 /* 698 * AMI prototypes 699 */ 700 701 /* Init and Terminate a AMI session */ 702 AMI_STATUS ami_init PROTO_LIST(( 703 ami_handle_t **, 704 const char *, 705 const char *, 706 const uint_t, 707 const uint_t, 708 const char *)); 709 710 AMI_STATUS ami_end PROTO_LIST(( 711 ami_handle_t *)); 712 713 char *ami_strerror PROTO_LIST(( 714 ami_handle_t *, 715 const AMI_STATUS)); /* errno */ 716 717 /* Key generation */ 718 AMI_STATUS ami_gen_des_key PROTO_LIST(( 719 const ami_handle_t *, /* IN: ami handle */ 720 uchar_t **, /* OUT: DES session key */ 721 ami_alg_params **)); /* OUT: IV */ 722 723 AMI_STATUS ami_gen_des3_key PROTO_LIST(( 724 const ami_handle_t *, /* IN: ami handle */ 725 uchar_t **, /* OUT: triple DES session key */ 726 ami_alg_params **)); /* OUT: IV */ 727 728 AMI_STATUS ami_gen_rc2_key PROTO_LIST(( 729 const ami_handle_t *, /* IN: AMI handle */ 730 const size_t, /* IN: key length */ 731 const uint_t, /* IN: effective key size in bits */ 732 uchar_t **, /* OUT: RC2 session key */ 733 ami_alg_params **)); /* OUT: RC2 parameter */ 734 735 AMI_STATUS ami_gen_rc4_key PROTO_LIST(( 736 const ami_handle_t *, /* IN: ami handle */ 737 const size_t, /* IN: key length in bytes */ 738 uchar_t **)); /* OUT: RC4 key */ 739 740 AMI_STATUS ami_gen_rsa_keypair PROTO_LIST(( 741 const ami_handle_t *, /* IN: ami handle */ 742 const ami_rsa_keygen_param *, /* IN: keypair generation parameters */ 743 const uchar_t *, 744 const size_t, 745 uchar_t **, /* OUT: public key */ 746 size_t *, /* OUT: public key length */ 747 uchar_t **, /* OUT: private key */ 748 size_t *)); /* OUT: private key length */ 749 750 /* crypto */ 751 AMI_STATUS ami_digest PROTO_LIST(( 752 ami_handle_t *, /* IN: ami handle */ 753 const uchar_t *, /* IN: input data */ 754 const size_t, /* IN: length of data in bytes */ 755 const int, /* IN: more input data flag */ 756 const ami_algid *, /* IN: digest algorithm */ 757 uchar_t **, /* OUT: digest */ 758 size_t *)); /* OUT: length of digest */ 759 AMI_STATUS ami_sign PROTO_LIST(( 760 ami_handle_t *, /* IN: ami handle */ 761 const uchar_t *, /* IN: data to be signed */ 762 const size_t, /* IN: data length */ 763 const int, /* IN: more input data flag */ 764 const ami_algid *, /* IN: signature key algorithm */ 765 const uchar_t *, /* IN: signature key */ 766 const size_t, /* IN: signature key length */ 767 const ami_algid *, /* IN: signature algorithm */ 768 uchar_t **, /* OUT: signature */ 769 size_t *)); /* OUT: signature length */ 770 AMI_STATUS ami_verify PROTO_LIST(( 771 ami_handle_t *, /* IN: ami handle */ 772 const uchar_t *, /* IN: data to be verified */ 773 const size_t, /* IN: data length */ 774 const int, /* IN: more input data flag */ 775 const ami_algid *, /* IN: verification key algorithm */ 776 const uchar_t *, /* IN: verification key */ 777 const size_t, /* IN: verification key length */ 778 const ami_algid *, /* IN: verification algorithm */ 779 const uchar_t *, /* IN: signature */ 780 const size_t)); /* IN: signature length */ 781 AMI_STATUS ami_encrypt PROTO_LIST(( 782 ami_handle_t *, /* IN: ami handle */ 783 const uchar_t *, /* IN: input data */ 784 const size_t, /* IN: input data length */ 785 const int, /* IN: more input data flag */ 786 const ami_algid *, /* IN: encryption key algorithm */ 787 const uchar_t *, /* IN: encryption key */ 788 const size_t, /* IN: encryption key length */ 789 const ami_algid *, /* IN: encryption algorithm */ 790 uchar_t **, /* OUT: ciphertext */ 791 size_t *)); /* OUT: ciphertext length */ 792 AMI_STATUS ami_decrypt PROTO_LIST(( 793 ami_handle_t *, /* IN: ami handle */ 794 const uchar_t *, /* IN: ciphertext */ 795 const size_t, /* IN: ciphertext length */ 796 const int, /* IN: more input data flag */ 797 const ami_algid *, /* IN: decryption key algorithm */ 798 const uchar_t *, /* IN: decryption key */ 799 const size_t, /* IN: decryption key length */ 800 const ami_algid *, /* IN: decryption algorithm */ 801 uchar_t **, /* OUT: cleartext */ 802 size_t *)); /* OUT: cleartext length */ 803 AMI_STATUS ami_wrap_key PROTO_LIST(( 804 const ami_handle_t *, /* IN: ami handle */ 805 const uchar_t *, /* IN: key to be wrapped */ 806 const size_t, /* IN: length of key to be wrapped */ 807 const ami_algid *, /* IN: wrapping key algorithm */ 808 const uchar_t *, /* IN: wrapping key */ 809 const size_t, /* IN: wrapping key length */ 810 const ami_algid *, /* IN: wrapping algorithm */ 811 uchar_t **, /* OUT: wrapped key */ 812 size_t *)); /* IN/OUT: wrapped key length */ 813 AMI_STATUS ami_unwrap_key PROTO_LIST(( 814 const ami_handle_t *, /* IN: ami handle */ 815 const uchar_t *, /* IN: wrapped key */ 816 const size_t, /* IN: wrapped key length */ 817 const ami_algid *, /* IN: unwrapping key algorithm */ 818 const uchar_t *, /* IN: unwrapping key */ 819 const size_t, /* IN: unwrapping key length */ 820 const ami_algid *, /* IN: unwrapping algorithm */ 821 uchar_t **, /* OUT: unwrapped key */ 822 size_t *)); /* OUT: unwrapped key length */ 823 824 /* certificate verification */ 825 AMI_STATUS ami_verify_cert PROTO_LIST(( 826 const ami_handle_t *, /* IN: ami handle */ 827 const ami_cert *, /* IN: certificate to be verified */ 828 const ami_pubkey_info *, /* IN: public verification key */ 829 const int)); /* IN: flags (unused) */ 830 AMI_STATUS ami_verify_cert_chain PROTO_LIST(( 831 const ami_handle_t *, /* IN: ami handle */ 832 const ami_cert *, /* IN: certificate chain to be verified */ 833 const int, /* IN: length of cert chain */ 834 const struct ami_tkey_list *, /* IN: trusted key list */ 835 const int, /* IN: flags (unused) */ 836 ami_cert **)); /* OUT: first expired certificate */ 837 AMI_STATUS ami_verify_cert_est_chain PROTO_LIST(( 838 const ami_handle_t *, /* IN: ami handle */ 839 const ami_cert *, /* IN: certificate to be verified */ 840 const struct ami_tkey_list *, /* IN: trusted key list */ 841 const char **, /* IN: CA Name list */ 842 const int, /* IN: flags (unused) */ 843 ami_cert **, /* OUT: first expired certificate */ 844 ami_cert **, /* OUT: certificate chain */ 845 int *)); /* OUT: length of cert chain */ 846 847 /* certificate chain establishment */ 848 AMI_STATUS ami_get_cert_chain PROTO_LIST(( 849 const ami_handle_t *, /* IN: ami handle */ 850 const ami_cert *, /* IN: user certificate */ 851 const char **, /* IN: CA name list */ 852 int flags, /* IN: flags (unused) */ 853 ami_cert **, /* OUT: certificate chain */ 854 int *)); /* OUT: length of cert chain */ 855 856 /* I/O */ 857 AMI_STATUS ami_set_keypkg PROTO_LIST(( 858 const ami_handle_t *, /* IN: ami handle */ 859 const char *, /* IN: keypkg filename or repository index */ 860 const ami_keypkg *)); /* IN: keypkg to be stored */ 861 AMI_STATUS ami_get_keypkg PROTO_LIST(( 862 const ami_handle_t *, /* IN: ami handle */ 863 const char *, /* IN: keypkg_filename or repository index */ 864 ami_keypkg **)); /* OUT: keypkg */ 865 AMI_STATUS ami_set_cert PROTO_LIST(( 866 const ami_handle_t *, /* IN: ami handle */ 867 const char *, /* IN: cert filename or repository index */ 868 const ami_cert *)); /* IN: certificate */ 869 AMI_STATUS ami_get_cert PROTO_LIST(( 870 const ami_handle_t *, /* IN: ami handle */ 871 const char *, /* IN: certificate filename, rep index, DN */ 872 ami_cert **, /* OUT: set of certificates */ 873 int *)); /* OUT: certificate set length */ 874 875 /* generate random bytes */ 876 AMI_STATUS ami_random PROTO_LIST(( 877 const ushort_t, /* IN: requested number of random bytes */ 878 uchar_t **)); /* OUT: random byte buffer */ 879 880 881 /* Free */ 882 void ami_free_keypkg PROTO_LIST((ami_keypkg **)); 883 void ami_free_cert PROTO_LIST((ami_cert **)); 884 void ami_free_cert_list PROTO_LIST((ami_cert **, int)); 885 void ami_free_dn PROTO_LIST((ami_name **)); 886 887 /* DN */ 888 AMI_STATUS ami_str2dn PROTO_LIST(( 889 const ami_handle_t *, char *, ami_name **)); 890 AMI_STATUS ami_dn2str PROTO_LIST(( 891 const ami_handle_t *, ami_name *, char **)); 892 893 /* Supported algorithms */ 894 AMI_STATUS ami_get_alglist PROTO_LIST((ami_alg_list **)); 895 896 #ifdef __cplusplus 897 } 898 #endif 899 900 #endif /* _SLP_AMI_H */ 901