1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 * 25 * 26 * Constant definitions and function prototypes for the KMF library. 27 * Commonly used data types are defined in "kmftypes.h". 28 */ 29 30 #ifndef _KMFAPI_H 31 #define _KMFAPI_H 32 33 #pragma ident "%Z%%M% %I% %E% SMI" 34 35 #include <kmftypes.h> 36 #include <security/cryptoki.h> 37 38 #ifdef __cplusplus 39 extern "C" { 40 #endif 41 42 /* 43 * Setup operations. 44 */ 45 extern KMF_RETURN KMF_Initialize(KMF_HANDLE_T *, char *, char *); 46 extern KMF_RETURN KMF_ConfigureKeystore(KMF_HANDLE_T, KMF_CONFIG_PARAMS *); 47 extern KMF_RETURN KMF_Finalize(KMF_HANDLE_T); 48 49 /* 50 * Key operations. 51 */ 52 extern KMF_RETURN KMF_SignDataWithKey(KMF_HANDLE_T, 53 KMF_KEY_HANDLE *, KMF_OID *, 54 KMF_DATA *, KMF_DATA *); 55 56 extern KMF_RETURN KMF_VerifyDataWithKey(KMF_HANDLE_T, 57 KMF_KEY_HANDLE *, KMF_ALGORITHM_INDEX, KMF_DATA *, KMF_DATA *); 58 59 extern KMF_RETURN KMF_CreateKeypair(KMF_HANDLE_T, 60 KMF_CREATEKEYPAIR_PARAMS *, KMF_KEY_HANDLE *, KMF_KEY_HANDLE *); 61 62 extern KMF_RETURN KMF_DeleteKeyFromKeystore(KMF_HANDLE_T, 63 KMF_DELETEKEY_PARAMS *, KMF_KEY_HANDLE *); 64 65 extern KMF_RETURN KMF_SignCertRecord(KMF_HANDLE_T, KMF_KEY_HANDLE *, 66 KMF_X509_CERTIFICATE *, KMF_DATA *); 67 68 extern KMF_RETURN KMF_FindKey(KMF_HANDLE_T, KMF_FINDKEY_PARAMS *, 69 KMF_KEY_HANDLE *, uint32_t *); 70 71 extern KMF_RETURN KMF_StorePrivateKey(KMF_HANDLE_T, KMF_STOREKEY_PARAMS *, 72 KMF_RAW_KEY_DATA *); 73 74 extern KMF_RETURN KMF_CreateSymKey(KMF_HANDLE_T, KMF_CREATESYMKEY_PARAMS *, 75 KMF_KEY_HANDLE *); 76 77 extern KMF_RETURN KMF_GetSymKeyValue(KMF_HANDLE_T, KMF_KEY_HANDLE *, 78 KMF_RAW_SYM_KEY *); 79 80 /* 81 * Certificate operations. 82 */ 83 extern KMF_RETURN KMF_FindCert(KMF_HANDLE_T, KMF_FINDCERT_PARAMS *, 84 KMF_X509_DER_CERT *, uint32_t *); 85 86 extern KMF_RETURN KMF_EncodeCertRecord(KMF_X509_CERTIFICATE *, 87 KMF_DATA *); 88 extern KMF_RETURN KMF_DecodeCertData(KMF_DATA *, KMF_X509_CERTIFICATE **); 89 90 extern KMF_RETURN KMF_SignCertWithKey(KMF_HANDLE_T, const KMF_DATA *, 91 KMF_KEY_HANDLE *, KMF_DATA *); 92 extern KMF_RETURN KMF_SignCertWithCert(KMF_HANDLE_T, 93 KMF_CRYPTOWITHCERT_PARAMS *, 94 const KMF_DATA *, KMF_DATA *, KMF_DATA *); 95 96 extern KMF_RETURN KMF_SignDataWithCert(KMF_HANDLE_T, 97 KMF_CRYPTOWITHCERT_PARAMS *, KMF_DATA *, KMF_DATA *, KMF_DATA *); 98 99 extern KMF_RETURN KMF_VerifyCertWithKey(KMF_HANDLE_T, KMF_KEY_HANDLE *, 100 const KMF_DATA *); 101 extern KMF_RETURN KMF_VerifyCertWithCert(KMF_HANDLE_T, const KMF_DATA *, 102 const KMF_DATA *); 103 extern KMF_RETURN KMF_VerifyDataWithCert(KMF_HANDLE_T, 104 KMF_KEYSTORE_TYPE, KMF_ALGORITHM_INDEX, KMF_DATA *, KMF_DATA *, 105 const KMF_DATA *); 106 107 extern KMF_RETURN KMF_EncryptWithCert(KMF_HANDLE_T, KMF_DATA *, 108 KMF_DATA *, KMF_DATA *); 109 110 extern KMF_RETURN KMF_DecryptWithCert(KMF_HANDLE_T, 111 KMF_CRYPTOWITHCERT_PARAMS *, KMF_DATA *, KMF_DATA *, KMF_DATA *); 112 113 extern KMF_RETURN KMF_StoreCert(KMF_HANDLE_T, 114 KMF_STORECERT_PARAMS *, KMF_DATA *); 115 extern KMF_RETURN KMF_ImportCert(KMF_HANDLE_T, KMF_IMPORTCERT_PARAMS *); 116 extern KMF_RETURN KMF_DeleteCertFromKeystore(KMF_HANDLE_T, 117 KMF_DELETECERT_PARAMS *); 118 119 extern KMF_RETURN KMF_ValidateCert(KMF_HANDLE_T, 120 KMF_VALIDATECERT_PARAMS *, int *); 121 122 extern KMF_RETURN KMF_CreateCertFile(KMF_DATA *, KMF_ENCODE_FORMAT, char *); 123 124 extern KMF_RETURN KMF_DownloadCert(KMF_HANDLE_T, char *, char *, int, 125 unsigned int, char *, KMF_ENCODE_FORMAT *); 126 extern KMF_RETURN KMF_IsCertFile(KMF_HANDLE_T, char *, KMF_ENCODE_FORMAT *); 127 128 extern KMF_RETURN KMF_CheckCertDate(KMF_HANDLE_T, KMF_DATA *); 129 130 /* 131 * CRL operations. 132 */ 133 extern KMF_RETURN KMF_ImportCRL(KMF_HANDLE_T, KMF_IMPORTCRL_PARAMS *); 134 extern KMF_RETURN KMF_DeleteCRL(KMF_HANDLE_T, KMF_DELETECRL_PARAMS *); 135 extern KMF_RETURN KMF_ListCRL(KMF_HANDLE_T, KMF_LISTCRL_PARAMS *, char **); 136 extern KMF_RETURN KMF_FindCRL(KMF_HANDLE_T, KMF_FINDCRL_PARAMS *, 137 char **, int *); 138 139 extern KMF_RETURN KMF_FindCertInCRL(KMF_HANDLE_T, 140 KMF_FINDCERTINCRL_PARAMS *); 141 extern KMF_RETURN KMF_VerifyCRLFile(KMF_HANDLE_T, 142 KMF_VERIFYCRL_PARAMS *); 143 144 extern KMF_RETURN KMF_CheckCRLDate(KMF_HANDLE_T, 145 KMF_CHECKCRLDATE_PARAMS *); 146 extern KMF_RETURN KMF_DownloadCRL(KMF_HANDLE_T, char *, char *, 147 int, unsigned int, char *, KMF_ENCODE_FORMAT *); 148 extern KMF_RETURN KMF_IsCRLFile(KMF_HANDLE_T, char *, KMF_ENCODE_FORMAT *); 149 150 /* 151 * CSR operations. 152 */ 153 extern KMF_RETURN KMF_SetCSRPubKey(KMF_HANDLE_T, 154 KMF_KEY_HANDLE *, KMF_CSR_DATA *); 155 extern KMF_RETURN KMF_SetCSRVersion(KMF_CSR_DATA *, uint32_t); 156 extern KMF_RETURN KMF_SetCSRSubjectName(KMF_CSR_DATA *, KMF_X509_NAME *); 157 extern KMF_RETURN KMF_CreateCSRFile(KMF_DATA *, KMF_ENCODE_FORMAT, char *); 158 extern KMF_RETURN KMF_SetCSRExtension(KMF_CSR_DATA *, KMF_X509_EXTENSION *); 159 extern KMF_RETURN KMF_SetCSRSignatureAlgorithm(KMF_CSR_DATA *, 160 KMF_ALGORITHM_INDEX); 161 extern KMF_RETURN KMF_SetCSRSubjectAltName(KMF_CSR_DATA *, char *, 162 int, KMF_GENERALNAMECHOICES); 163 extern KMF_RETURN KMF_SetCSRKeyUsage(KMF_CSR_DATA *, int, uint16_t); 164 extern KMF_RETURN KMF_SignCSR(KMF_HANDLE_T, const KMF_CSR_DATA *, 165 KMF_KEY_HANDLE *, KMF_DATA *); 166 167 /* 168 * GetCert operations. 169 */ 170 extern KMF_RETURN KMF_GetCertExtensionData(const KMF_DATA *, KMF_OID *, 171 KMF_X509_EXTENSION *); 172 173 extern KMF_RETURN KMF_GetCertCriticalExtensions(const KMF_DATA *, 174 KMF_X509_EXTENSION **, int *); 175 176 extern KMF_RETURN KMF_GetCertNonCriticalExtensions(const KMF_DATA *, 177 KMF_X509_EXTENSION **, int *); 178 179 extern KMF_RETURN KMF_GetCertKeyUsageExt(const KMF_DATA *, 180 KMF_X509EXT_KEY_USAGE *); 181 182 extern KMF_RETURN KMF_GetCertEKU(const KMF_DATA *, KMF_X509EXT_EKU *); 183 184 extern KMF_RETURN KMF_GetCertBasicConstraintExt(const KMF_DATA *, 185 KMF_BOOL *, KMF_X509EXT_BASICCONSTRAINTS *); 186 187 extern KMF_RETURN KMF_GetCertPoliciesExt(const KMF_DATA *, 188 KMF_BOOL *, KMF_X509EXT_CERT_POLICIES *); 189 190 extern KMF_RETURN KMF_GetCertAuthInfoAccessExt(const KMF_DATA *, 191 KMF_X509EXT_AUTHINFOACCESS *); 192 193 extern KMF_RETURN KMF_GetCertCRLDistributionPointsExt(const KMF_DATA *, 194 KMF_X509EXT_CRLDISTPOINTS *); 195 196 extern KMF_RETURN KMF_GetCertVersionString(KMF_HANDLE_T, 197 const KMF_DATA *, char **); 198 199 extern KMF_RETURN KMF_GetCertSubjectNameString(KMF_HANDLE_T, const KMF_DATA *, 200 char **); 201 202 extern KMF_RETURN KMF_GetCertIssuerNameString(KMF_HANDLE_T, 203 const KMF_DATA *, char **); 204 205 extern KMF_RETURN KMF_GetCertSerialNumberString(KMF_HANDLE_T, const KMF_DATA *, 206 char **); 207 208 extern KMF_RETURN KMF_GetCertStartDateString(KMF_HANDLE_T, 209 const KMF_DATA *, char **); 210 211 extern KMF_RETURN KMF_GetCertEndDateString(KMF_HANDLE_T, 212 const KMF_DATA *, char **); 213 214 extern KMF_RETURN KMF_GetCertPubKeyAlgString(KMF_HANDLE_T, 215 const KMF_DATA *, char **); 216 217 extern KMF_RETURN KMF_GetCertSignatureAlgString(KMF_HANDLE_T, 218 const KMF_DATA *, char **); 219 220 extern KMF_RETURN KMF_GetCertPubKeyDataString(KMF_HANDLE_T, 221 const KMF_DATA *, char **); 222 223 extern KMF_RETURN KMF_GetCertEmailString(KMF_HANDLE_T, 224 const KMF_DATA *, char **); 225 226 extern KMF_RETURN KMF_GetCertExtensionString(KMF_HANDLE_T, const KMF_DATA *, 227 KMF_PRINTABLE_ITEM, char **); 228 229 extern KMF_RETURN KMF_GetCertIDData(const KMF_DATA *, KMF_DATA *); 230 extern KMF_RETURN KMF_GetCertIDString(const KMF_DATA *, char **); 231 extern KMF_RETURN KMF_GetCertValidity(const KMF_DATA *, time_t *, time_t *); 232 233 /* 234 * SetCert operations 235 */ 236 extern KMF_RETURN KMF_SetCertPubKey(KMF_HANDLE_T, KMF_KEY_HANDLE *, 237 KMF_X509_CERTIFICATE *); 238 239 extern KMF_RETURN KMF_SetCertSubjectName(KMF_X509_CERTIFICATE *, 240 KMF_X509_NAME *); 241 242 extern KMF_RETURN KMF_SetCertKeyUsage(KMF_X509_CERTIFICATE *, int, uint16_t); 243 244 extern KMF_RETURN KMF_SetCertIssuerName(KMF_X509_CERTIFICATE *, 245 KMF_X509_NAME *); 246 247 extern KMF_RETURN KMF_SetCertSignatureAlgorithm(KMF_X509_CERTIFICATE *, 248 KMF_ALGORITHM_INDEX); 249 250 extern KMF_RETURN KMF_SetCertValidityTimes(KMF_X509_CERTIFICATE *, 251 time_t, uint32_t); 252 253 extern KMF_RETURN KMF_SetCertSerialNumber(KMF_X509_CERTIFICATE *, 254 KMF_BIGINT *); 255 256 extern KMF_RETURN KMF_SetCertVersion(KMF_X509_CERTIFICATE *, uint32_t); 257 258 extern KMF_RETURN KMF_SetCertIssuerAltName(KMF_X509_CERTIFICATE *, 259 int, KMF_GENERALNAMECHOICES, char *); 260 261 extern KMF_RETURN KMF_SetCertSubjectAltName(KMF_X509_CERTIFICATE *, 262 int, KMF_GENERALNAMECHOICES, char *); 263 264 extern KMF_RETURN KMF_AddCertEKU(KMF_X509_CERTIFICATE *, KMF_OID *, int); 265 266 extern KMF_RETURN KMF_SetCertExtension(KMF_X509_CERTIFICATE *, 267 KMF_X509_EXTENSION *); 268 269 extern KMF_RETURN KMF_SetCertBasicConstraintExt(KMF_X509_CERTIFICATE *, 270 KMF_BOOL, KMF_X509EXT_BASICCONSTRAINTS *); 271 272 extern KMF_RETURN KMF_ExportPK12(KMF_HANDLE_T, KMF_EXPORTP12_PARAMS *, char *); 273 extern KMF_RETURN KMF_ImportPK12(KMF_HANDLE_T, char *, KMF_CREDENTIAL *, 274 KMF_DATA **, int *, KMF_RAW_KEY_DATA **, int *); 275 extern KMF_RETURN KMF_ImportKeypair(KMF_HANDLE_T, char *, KMF_CREDENTIAL *, 276 KMF_DATA **, int *, KMF_RAW_KEY_DATA **, int *); 277 278 /* 279 * Get OCSP response operation. 280 */ 281 extern KMF_RETURN KMF_GetOCSPForCert(KMF_HANDLE_T, KMF_DATA *, KMF_DATA *, 282 KMF_DATA *); 283 284 extern KMF_RETURN KMF_CreateOCSPRequest(KMF_HANDLE_T, KMF_OCSPREQUEST_PARAMS *, 285 char *); 286 287 extern KMF_RETURN KMF_GetEncodedOCSPResponse(KMF_HANDLE_T, char *, char *, int, 288 char *, int, char *, unsigned int); 289 290 extern KMF_RETURN KMF_GetOCSPStatusForCert(KMF_HANDLE_T, 291 KMF_OCSPRESPONSE_PARAMS_INPUT *, 292 KMF_OCSPRESPONSE_PARAMS_OUTPUT *); 293 294 /* 295 * Policy Operations 296 */ 297 extern KMF_RETURN KMF_SetPolicy(KMF_HANDLE_T, char *, char *); 298 299 /* 300 * Error handling. 301 */ 302 extern KMF_RETURN KMF_GetPluginErrorString(KMF_HANDLE_T, char **); 303 extern KMF_RETURN KMF_GetKMFErrorString(KMF_RETURN, char **); 304 305 /* 306 * Miscellaneous 307 */ 308 extern KMF_RETURN KMF_DNParser(char *, KMF_X509_NAME *); 309 extern KMF_RETURN KMF_DN2Der(KMF_X509_NAME *, KMF_DATA *); 310 extern KMF_RETURN KMF_ReadInputFile(KMF_HANDLE_T, char *, KMF_DATA *); 311 extern KMF_RETURN KMF_Der2Pem(KMF_OBJECT_TYPE, unsigned char *, 312 int, unsigned char **, int *); 313 extern KMF_RETURN KMF_Pem2Der(unsigned char *, int, unsigned char **, int *); 314 extern char *KMF_OID2String(KMF_OID *); 315 extern KMF_RETURN KMF_String2OID(char *, KMF_OID *); 316 extern int KMF_CompareRDNs(KMF_X509_NAME *, KMF_X509_NAME *); 317 extern KMF_RETURN KMF_GetFileFormat(char *, KMF_ENCODE_FORMAT *); 318 extern uint16_t KMF_StringToKeyUsage(char *); 319 extern KMF_RETURN KMF_SetTokenPin(KMF_HANDLE_T, KMF_SETPIN_PARAMS *, 320 KMF_CREDENTIAL *); 321 extern KMF_RETURN KMF_HexString2Bytes(unsigned char *, unsigned char **, 322 size_t *); 323 324 /* 325 * Memory cleanup operations 326 */ 327 extern void KMF_FreeDN(KMF_X509_NAME *); 328 extern void KMF_FreeKMFCert(KMF_HANDLE_T, KMF_X509_DER_CERT *); 329 extern void KMF_FreeData(KMF_DATA *); 330 extern void KMF_FreeAlgOID(KMF_X509_ALGORITHM_IDENTIFIER *); 331 extern void KMF_FreeExtension(KMF_X509_EXTENSION *); 332 extern void KMF_FreeTBSCSR(KMF_TBS_CSR *); 333 extern void KMF_FreeSignedCSR(KMF_CSR_DATA *); 334 extern void KMF_FreeTBSCert(KMF_X509_TBS_CERT *); 335 extern void KMF_FreeSignedCert(KMF_X509_CERTIFICATE *); 336 extern void KMF_FreeString(char *); 337 extern void KMF_FreeEKU(KMF_X509EXT_EKU *); 338 extern void KMF_FreeSPKI(KMF_X509_SPKI *); 339 extern void KMF_FreeKMFKey(KMF_HANDLE_T, KMF_KEY_HANDLE *); 340 extern void KMF_FreeBigint(KMF_BIGINT *); 341 extern void KMF_FreeRawKey(KMF_RAW_KEY_DATA *); 342 extern void KMF_FreeRawSymKey(KMF_RAW_SYM_KEY *); 343 extern void KMF_FreeCRLDistributionPoints(KMF_X509EXT_CRLDISTPOINTS *); 344 345 /* APIs for PKCS#11 token */ 346 extern KMF_RETURN KMF_PK11TokenLookup(KMF_HANDLE_T, char *, CK_SLOT_ID *); 347 extern CK_SESSION_HANDLE KMF_GetPK11Handle(KMF_HANDLE_T); 348 349 #ifdef __cplusplus 350 } 351 #endif 352 #endif /* _KMFAPI_H */ 353