1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 * 25 * 26 * Constant definitions and function prototypes for the KMF library. 27 * Commonly used data types are defined in "kmftypes.h". 28 */ 29 30 #ifndef _KMFAPI_H 31 #define _KMFAPI_H 32 33 #include <kmftypes.h> 34 #include <security/cryptoki.h> 35 36 #ifdef __cplusplus 37 extern "C" { 38 #endif 39 40 /* 41 * Setup operations. 42 */ 43 extern KMF_RETURN kmf_initialize(KMF_HANDLE_T *, char *, char *); 44 extern KMF_RETURN kmf_configure_keystore(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 45 extern KMF_RETURN kmf_finalize(KMF_HANDLE_T); 46 47 /* 48 * Key operations. 49 */ 50 extern KMF_RETURN kmf_create_keypair(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 51 52 extern KMF_RETURN kmf_delete_key_from_keystore(KMF_HANDLE_T, int, 53 KMF_ATTRIBUTE *); 54 55 extern KMF_RETURN kmf_find_key(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 56 57 extern KMF_RETURN kmf_find_prikey_by_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 58 59 extern KMF_RETURN kmf_store_key(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 60 61 extern KMF_RETURN kmf_create_sym_key(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 62 63 extern KMF_RETURN kmf_get_sym_key_value(KMF_HANDLE_T, KMF_KEY_HANDLE *, 64 KMF_RAW_SYM_KEY *); 65 66 /* 67 * Certificate operations. 68 */ 69 extern KMF_RETURN kmf_find_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 70 71 extern KMF_RETURN kmf_encode_cert_record(KMF_X509_CERTIFICATE *, KMF_DATA *); 72 73 extern KMF_RETURN kmf_import_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 74 75 extern KMF_RETURN kmf_store_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 76 77 extern KMF_RETURN kmf_delete_cert_from_keystore(KMF_HANDLE_T, int, 78 KMF_ATTRIBUTE *); 79 80 extern KMF_RETURN kmf_validate_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 81 82 extern KMF_RETURN kmf_create_cert_file(const KMF_DATA *, KMF_ENCODE_FORMAT, 83 char *); 84 85 extern KMF_RETURN kmf_download_cert(KMF_HANDLE_T, char *, char *, int, 86 unsigned int, char *, KMF_ENCODE_FORMAT *); 87 88 extern KMF_RETURN kmf_is_cert_data(KMF_DATA *, KMF_ENCODE_FORMAT *); 89 extern KMF_RETURN kmf_is_cert_file(KMF_HANDLE_T, char *, KMF_ENCODE_FORMAT *); 90 91 extern KMF_RETURN kmf_check_cert_date(KMF_HANDLE_T, const KMF_DATA *); 92 93 /* 94 * Crypto operations with key or cert. 95 */ 96 extern KMF_RETURN kmf_encrypt(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 97 extern KMF_RETURN kmf_decrypt(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 98 extern KMF_RETURN kmf_sign_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 99 extern KMF_RETURN kmf_sign_data(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 100 extern KMF_RETURN kmf_verify_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 101 extern KMF_RETURN kmf_verify_data(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 102 103 /* 104 * CRL operations. 105 */ 106 extern KMF_RETURN kmf_import_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 107 extern KMF_RETURN kmf_delete_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 108 extern KMF_RETURN kmf_list_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 109 extern KMF_RETURN kmf_find_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 110 extern KMF_RETURN kmf_find_cert_in_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 111 extern KMF_RETURN kmf_verify_crl_file(KMF_HANDLE_T, char *, KMF_DATA *); 112 extern KMF_RETURN kmf_check_crl_date(KMF_HANDLE_T, char *); 113 extern KMF_RETURN kmf_download_crl(KMF_HANDLE_T, char *, char *, 114 int, unsigned int, char *, KMF_ENCODE_FORMAT *); 115 extern KMF_RETURN kmf_is_crl_file(KMF_HANDLE_T, char *, KMF_ENCODE_FORMAT *); 116 117 /* 118 * CSR operations. 119 */ 120 extern KMF_RETURN kmf_create_csr_file(KMF_DATA *, KMF_ENCODE_FORMAT, char *); 121 extern KMF_RETURN kmf_set_csr_pubkey(KMF_HANDLE_T, 122 KMF_KEY_HANDLE *, KMF_CSR_DATA *); 123 extern KMF_RETURN kmf_set_csr_version(KMF_CSR_DATA *, uint32_t); 124 extern KMF_RETURN kmf_set_csr_subject(KMF_CSR_DATA *, KMF_X509_NAME *); 125 extern KMF_RETURN kmf_set_csr_extn(KMF_CSR_DATA *, KMF_X509_EXTENSION *); 126 extern KMF_RETURN kmf_set_csr_sig_alg(KMF_CSR_DATA *, KMF_ALGORITHM_INDEX); 127 extern KMF_RETURN kmf_set_csr_subject_altname(KMF_CSR_DATA *, char *, 128 int, KMF_GENERALNAMECHOICES); 129 extern KMF_RETURN kmf_set_csr_ku(KMF_CSR_DATA *, int, uint16_t); 130 extern KMF_RETURN kmf_decode_csr(KMF_HANDLE_T, KMF_DATA *, KMF_CSR_DATA *); 131 extern KMF_RETURN kmf_verify_csr(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 132 extern KMF_RETURN kmf_sign_csr(KMF_HANDLE_T, const KMF_CSR_DATA *, 133 KMF_KEY_HANDLE *, KMF_DATA *); 134 extern KMF_RETURN kmf_add_csr_eku(KMF_CSR_DATA *, KMF_OID *, int); 135 136 /* 137 * GetCert operations. 138 */ 139 extern KMF_RETURN kmf_get_cert_extn(const KMF_DATA *, KMF_OID *, 140 KMF_X509_EXTENSION *); 141 142 extern KMF_RETURN kmf_get_cert_extns(const KMF_DATA *, KMF_FLAG_CERT_EXTN, 143 KMF_X509_EXTENSION **, int *); 144 145 extern KMF_RETURN kmf_get_cert_ku(const KMF_DATA *, KMF_X509EXT_KEY_USAGE *); 146 147 extern KMF_RETURN kmf_get_cert_eku(const KMF_DATA *, KMF_X509EXT_EKU *); 148 149 extern KMF_RETURN kmf_get_cert_basic_constraint(const KMF_DATA *, 150 KMF_BOOL *, KMF_X509EXT_BASICCONSTRAINTS *); 151 152 extern KMF_RETURN kmf_get_cert_policies(const KMF_DATA *, 153 KMF_BOOL *, KMF_X509EXT_CERT_POLICIES *); 154 155 extern KMF_RETURN kmf_get_cert_auth_info_access(const KMF_DATA *, 156 KMF_X509EXT_AUTHINFOACCESS *); 157 158 extern KMF_RETURN kmf_get_cert_crl_dist_pts(const KMF_DATA *, 159 KMF_X509EXT_CRLDISTPOINTS *); 160 161 extern KMF_RETURN kmf_get_cert_version_str(KMF_HANDLE_T, const KMF_DATA *, 162 char **); 163 164 extern KMF_RETURN kmf_get_cert_subject_str(KMF_HANDLE_T, const KMF_DATA *, 165 char **); 166 167 extern KMF_RETURN kmf_get_cert_issuer_str(KMF_HANDLE_T, const KMF_DATA *, 168 char **); 169 170 extern KMF_RETURN kmf_get_cert_serial_str(KMF_HANDLE_T, const KMF_DATA *, 171 char **); 172 173 extern KMF_RETURN kmf_get_cert_start_date_str(KMF_HANDLE_T, const KMF_DATA *, 174 char **); 175 176 extern KMF_RETURN kmf_get_cert_end_date_str(KMF_HANDLE_T, const KMF_DATA *, 177 char **); 178 179 extern KMF_RETURN kmf_get_cert_pubkey_alg_str(KMF_HANDLE_T, const KMF_DATA *, 180 char **); 181 182 extern KMF_RETURN kmf_get_cert_sig_alg_str(KMF_HANDLE_T, const KMF_DATA *, 183 char **); 184 185 extern KMF_RETURN kmf_get_cert_pubkey_str(KMF_HANDLE_T, const KMF_DATA *, 186 char **); 187 188 extern KMF_RETURN kmf_get_cert_email_str(KMF_HANDLE_T, const KMF_DATA *, 189 char **); 190 191 extern KMF_RETURN kmf_get_cert_extn_str(KMF_HANDLE_T, const KMF_DATA *, 192 KMF_PRINTABLE_ITEM, char **); 193 194 extern KMF_RETURN kmf_get_cert_id_data(const KMF_DATA *, KMF_DATA *); 195 196 extern KMF_RETURN kmf_get_cert_id_str(const KMF_DATA *, char **); 197 198 extern KMF_RETURN kmf_get_cert_validity(const KMF_DATA *, time_t *, time_t *); 199 200 201 /* 202 * SetCert operations 203 */ 204 extern KMF_RETURN kmf_set_cert_pubkey(KMF_HANDLE_T, KMF_KEY_HANDLE *, 205 KMF_X509_CERTIFICATE *); 206 207 extern KMF_RETURN kmf_set_cert_subject(KMF_X509_CERTIFICATE *, 208 KMF_X509_NAME *); 209 210 extern KMF_RETURN kmf_set_cert_ku(KMF_X509_CERTIFICATE *, int, uint16_t); 211 212 extern KMF_RETURN kmf_set_cert_issuer(KMF_X509_CERTIFICATE *, 213 KMF_X509_NAME *); 214 215 extern KMF_RETURN kmf_set_cert_sig_alg(KMF_X509_CERTIFICATE *, 216 KMF_ALGORITHM_INDEX); 217 218 extern KMF_RETURN kmf_set_cert_validity(KMF_X509_CERTIFICATE *, 219 time_t, uint32_t); 220 221 extern KMF_RETURN kmf_set_cert_serial(KMF_X509_CERTIFICATE *, 222 KMF_BIGINT *); 223 224 extern KMF_RETURN kmf_set_cert_version(KMF_X509_CERTIFICATE *, uint32_t); 225 226 extern KMF_RETURN kmf_set_cert_issuer_altname(KMF_X509_CERTIFICATE *, 227 int, KMF_GENERALNAMECHOICES, char *); 228 229 extern KMF_RETURN kmf_set_cert_subject_altname(KMF_X509_CERTIFICATE *, 230 int, KMF_GENERALNAMECHOICES, char *); 231 232 extern KMF_RETURN kmf_add_cert_eku(KMF_X509_CERTIFICATE *, KMF_OID *, int); 233 234 extern KMF_RETURN kmf_set_cert_extn(KMF_X509_CERTIFICATE *, 235 KMF_X509_EXTENSION *); 236 237 extern KMF_RETURN kmf_set_cert_basic_constraint(KMF_X509_CERTIFICATE *, 238 KMF_BOOL, KMF_X509EXT_BASICCONSTRAINTS *); 239 240 241 /* 242 * PK12 operations 243 */ 244 extern KMF_RETURN kmf_export_pk12(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 245 246 extern KMF_RETURN kmf_build_pk12(KMF_HANDLE_T, int, KMF_X509_DER_CERT *, 247 int, KMF_KEY_HANDLE *, KMF_CREDENTIAL *, char *); 248 249 extern KMF_RETURN kmf_import_objects(KMF_HANDLE_T, char *, KMF_CREDENTIAL *, 250 KMF_X509_DER_CERT **, int *, KMF_RAW_KEY_DATA **, int *); 251 252 /* 253 * OCSP operations 254 */ 255 extern KMF_RETURN kmf_get_ocsp_for_cert(KMF_HANDLE_T, KMF_DATA *, KMF_DATA *, 256 KMF_DATA *); 257 258 extern KMF_RETURN kmf_create_ocsp_request(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 259 260 extern KMF_RETURN kmf_get_encoded_ocsp_response(KMF_HANDLE_T, char *, 261 char *, int, char *, int, char *, unsigned int); 262 263 extern KMF_RETURN kmf_get_ocsp_status_for_cert(KMF_HANDLE_T, int, 264 KMF_ATTRIBUTE *); 265 266 /* 267 * Policy Operations 268 */ 269 extern KMF_RETURN kmf_set_policy(KMF_HANDLE_T, char *, char *); 270 271 /* 272 * Error handling. 273 */ 274 extern KMF_RETURN kmf_get_plugin_error_str(KMF_HANDLE_T, char **); 275 extern KMF_RETURN kmf_get_kmf_error_str(KMF_RETURN, char **); 276 277 /* 278 * Miscellaneous 279 */ 280 extern KMF_RETURN kmf_dn_parser(char *, KMF_X509_NAME *); 281 extern KMF_RETURN kmf_read_input_file(KMF_HANDLE_T, char *, KMF_DATA *); 282 extern KMF_RETURN kmf_der_to_pem(KMF_OBJECT_TYPE, unsigned char *, 283 int, unsigned char **, int *); 284 extern KMF_RETURN kmf_pem_to_der(unsigned char *, int, unsigned char **, int *); 285 extern char *kmf_oid_to_string(KMF_OID *); 286 extern KMF_RETURN kmf_string_to_oid(char *, KMF_OID *); 287 extern int kmf_compare_rdns(KMF_X509_NAME *, KMF_X509_NAME *); 288 extern KMF_RETURN kmf_get_data_format(KMF_DATA *, KMF_ENCODE_FORMAT *); 289 extern KMF_RETURN kmf_get_file_format(char *, KMF_ENCODE_FORMAT *); 290 extern uint32_t kmf_string_to_ku(char *); 291 extern char *kmf_ku_to_string(uint32_t); 292 extern KMF_RETURN kmf_hexstr_to_bytes(unsigned char *, unsigned char **, 293 size_t *); 294 295 extern KMF_RETURN kmf_get_plugin_info(KMF_HANDLE_T, char *, 296 KMF_KEYSTORE_TYPE *, char **); 297 298 extern KMF_OID *kmf_ekuname_to_oid(char *); 299 extern char *kmf_oid_to_ekuname(KMF_OID *); 300 301 #define KMF_CompareRDNs kmf_compare_rdns 302 303 /* 304 * Memory cleanup operations 305 */ 306 extern void kmf_free_dn(KMF_X509_NAME *); 307 extern void kmf_free_kmf_cert(KMF_HANDLE_T, KMF_X509_DER_CERT *); 308 extern void kmf_free_data(KMF_DATA *); 309 extern void kmf_free_algoid(KMF_X509_ALGORITHM_IDENTIFIER *); 310 extern void kmf_free_extn(KMF_X509_EXTENSION *); 311 extern void kmf_free_tbs_csr(KMF_TBS_CSR *); 312 extern void kmf_free_signed_csr(KMF_CSR_DATA *); 313 extern void kmf_free_tbs_cert(KMF_X509_TBS_CERT *); 314 extern void kmf_free_signed_cert(KMF_X509_CERTIFICATE *); 315 extern void kmf_free_str(char *); 316 extern void kmf_free_eku(KMF_X509EXT_EKU *); 317 extern void kmf_free_spki(KMF_X509_SPKI *); 318 extern void kmf_free_kmf_key(KMF_HANDLE_T, KMF_KEY_HANDLE *); 319 extern void kmf_free_bigint(KMF_BIGINT *); 320 extern void kmf_free_raw_key(KMF_RAW_KEY_DATA *); 321 extern void kmf_free_raw_sym_key(KMF_RAW_SYM_KEY *); 322 extern void kmf_free_crl_dist_pts(KMF_X509EXT_CRLDISTPOINTS *); 323 324 /* APIs for PKCS#11 token */ 325 extern KMF_RETURN kmf_pk11_token_lookup(KMF_HANDLE_T, char *, CK_SLOT_ID *); 326 extern KMF_RETURN kmf_pk11_init_token(KMF_HANDLE_T, 327 char *, char *, CK_UTF8CHAR_PTR, CK_ULONG); 328 extern KMF_RETURN kmf_set_token_pin(KMF_HANDLE_T, int, KMF_ATTRIBUTE *); 329 extern CK_SESSION_HANDLE kmf_get_pk11_handle(KMF_HANDLE_T); 330 331 /* 332 * Attribute management routines. 333 */ 334 int kmf_find_attr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int); 335 void *kmf_get_attr_ptr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int); 336 KMF_RETURN kmf_get_attr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int, void *, 337 uint32_t *); 338 KMF_RETURN kmf_get_string_attr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int, char **); 339 KMF_RETURN kmf_set_attr(KMF_ATTRIBUTE *, int, KMF_ATTR_TYPE, void *, uint32_t); 340 void kmf_set_attr_at_index(KMF_ATTRIBUTE *, int, KMF_ATTR_TYPE, 341 void *, uint32_t); 342 343 /* 344 * Legacy support only - do not use these APIs - they can be removed at any 345 * time. 346 */ 347 extern KMF_RETURN KMF_ConfigureKeystore(KMF_HANDLE_T, KMF_CONFIG_PARAMS *); 348 extern KMF_RETURN KMF_CreateCSRFile(KMF_DATA *, KMF_ENCODE_FORMAT, char *); 349 extern KMF_RETURN KMF_CreateKeypair(KMF_HANDLE_T, 350 KMF_CREATEKEYPAIR_PARAMS *, KMF_KEY_HANDLE *, KMF_KEY_HANDLE *); 351 extern KMF_RETURN KMF_DNParser(char *, KMF_X509_NAME *); 352 extern KMF_RETURN KMF_Finalize(KMF_HANDLE_T); 353 extern KMF_RETURN KMF_FindCert(KMF_HANDLE_T, KMF_FINDCERT_PARAMS *, 354 KMF_X509_DER_CERT *, uint32_t *); 355 extern KMF_RETURN KMF_FindKey(KMF_HANDLE_T, KMF_FINDKEY_PARAMS *, 356 KMF_KEY_HANDLE *, uint32_t *); 357 extern void KMF_FreeData(KMF_DATA *); 358 extern void KMF_FreeKMFCert(KMF_HANDLE_T, KMF_X509_DER_CERT *); 359 extern void KMF_FreeKMFKey(KMF_HANDLE_T, KMF_KEY_HANDLE *); 360 extern void KMF_FreeSignedCSR(KMF_CSR_DATA *); 361 extern KMF_RETURN KMF_GetCertIDString(const KMF_DATA *, char **); 362 extern KMF_RETURN KMF_GetCertIssuerNameString(KMF_HANDLE_T, 363 const KMF_DATA *, char **); 364 extern KMF_RETURN KMF_GetCertSubjectNameString(KMF_HANDLE_T, 365 const KMF_DATA *, char **); 366 extern KMF_RETURN KMF_GetKMFErrorString(KMF_RETURN, char **); 367 extern KMF_RETURN KMF_Initialize(KMF_HANDLE_T *, char *, char *); 368 extern KMF_RETURN KMF_ReadInputFile(KMF_HANDLE_T, char *, KMF_DATA *); 369 extern KMF_RETURN KMF_SetCSRPubKey(KMF_HANDLE_T, KMF_KEY_HANDLE *, 370 KMF_CSR_DATA *); 371 extern KMF_RETURN KMF_SetCSRSignatureAlgorithm(KMF_CSR_DATA *, 372 KMF_ALGORITHM_INDEX); 373 extern KMF_RETURN KMF_SetCSRSubjectName(KMF_CSR_DATA *, KMF_X509_NAME *); 374 extern KMF_RETURN KMF_SetCSRVersion(KMF_CSR_DATA *, uint32_t); 375 extern KMF_RETURN KMF_SignCSR(KMF_HANDLE_T, const KMF_CSR_DATA *, 376 KMF_KEY_HANDLE *, KMF_DATA *); 377 extern KMF_RETURN KMF_SignDataWithKey(KMF_HANDLE_T, KMF_KEY_HANDLE *, 378 KMF_OID *, KMF_DATA *, KMF_DATA *); 379 extern KMF_RETURN KMF_VerifyCertWithCert(KMF_HANDLE_T, const KMF_DATA *, 380 const KMF_DATA *); 381 extern KMF_RETURN KMF_VerifyDataWithCert(KMF_HANDLE_T, 382 KMF_KEYSTORE_TYPE, KMF_ALGORITHM_INDEX, KMF_DATA *, KMF_DATA *, 383 const KMF_DATA *); 384 385 #ifdef __cplusplus 386 } 387 #endif 388 #endif /* _KMFAPI_H */ 389