xref: /titanic_41/usr/src/lib/libkmf/include/kmfapiP.h (revision 4a2e944d74dafc80c85d74c8b11430bbecd98824)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 #ifndef _KMFAPIP_H
26 #define	_KMFAPIP_H
27 
28 #include <kmfapi.h>
29 #include <kmfpolicy.h>
30 
31 #ifdef __cplusplus
32 extern "C" {
33 #endif
34 
35 /* Plugin function table */
36 typedef struct {
37 	ushort_t	version;
38 	KMF_RETURN	(*ConfigureKeystore) (
39 			KMF_HANDLE_T,
40 			int,
41 			KMF_ATTRIBUTE *);
42 
43 	KMF_RETURN	(*FindCert) (
44 			KMF_HANDLE_T,
45 			int,
46 			KMF_ATTRIBUTE *);
47 
48 	void		(*FreeKMFCert) (
49 			KMF_HANDLE_T,
50 			KMF_X509_DER_CERT *);
51 
52 	KMF_RETURN	(*StoreCert) (
53 			KMF_HANDLE_T,
54 			int, KMF_ATTRIBUTE *);
55 
56 	KMF_RETURN	(*ImportCert) (
57 			KMF_HANDLE_T,
58 			int, KMF_ATTRIBUTE *);
59 
60 	KMF_RETURN	(*ImportCRL) (
61 			KMF_HANDLE_T,
62 			int, KMF_ATTRIBUTE *);
63 
64 	KMF_RETURN	(*DeleteCert) (
65 			KMF_HANDLE_T,
66 			int, KMF_ATTRIBUTE *);
67 
68 	KMF_RETURN	(*DeleteCRL) (
69 			KMF_HANDLE_T,
70 			int, KMF_ATTRIBUTE *);
71 
72 	KMF_RETURN	(*CreateKeypair) (
73 			KMF_HANDLE_T,
74 			int,
75 			KMF_ATTRIBUTE *);
76 
77 	KMF_RETURN	(*FindKey) (
78 			KMF_HANDLE_T,
79 			int,
80 			KMF_ATTRIBUTE *);
81 
82 	KMF_RETURN	(*EncodePubkeyData) (
83 			KMF_HANDLE_T,
84 			KMF_KEY_HANDLE *,
85 			KMF_DATA *);
86 
87 	KMF_RETURN	(*SignData) (
88 			KMF_HANDLE_T,
89 			KMF_KEY_HANDLE *,
90 			KMF_OID *,
91 			KMF_DATA *,
92 			KMF_DATA *);
93 
94 	KMF_RETURN	(*DeleteKey) (
95 			KMF_HANDLE_T,
96 			int,
97 			KMF_ATTRIBUTE *);
98 
99 	KMF_RETURN	(*ListCRL) (
100 			KMF_HANDLE_T,
101 			int, KMF_ATTRIBUTE *);
102 
103 	KMF_RETURN	(*FindCRL) (
104 			KMF_HANDLE_T,
105 			int, KMF_ATTRIBUTE *);
106 
107 	KMF_RETURN	(*FindCertInCRL) (
108 			KMF_HANDLE_T,
109 			int, KMF_ATTRIBUTE *);
110 
111 	KMF_RETURN	(*GetErrorString) (
112 			KMF_HANDLE_T,
113 			char **);
114 
115 	KMF_RETURN	(*FindPrikeyByCert) (
116 			KMF_HANDLE_T,
117 			int,
118 			KMF_ATTRIBUTE *);
119 
120 	KMF_RETURN	(*DecryptData) (
121 			KMF_HANDLE_T,
122 			KMF_KEY_HANDLE *,
123 			KMF_OID *,
124 			KMF_DATA *,
125 			KMF_DATA *);
126 
127 	KMF_RETURN	(*ExportPK12)(
128 			KMF_HANDLE_T,
129 			int,
130 			KMF_ATTRIBUTE *);
131 
132 	KMF_RETURN	(*CreateSymKey) (
133 			KMF_HANDLE_T,
134 			int,
135 			KMF_ATTRIBUTE *);
136 
137 	KMF_RETURN	(*GetSymKeyValue) (
138 			KMF_HANDLE_T,
139 			KMF_KEY_HANDLE *,
140 			KMF_RAW_SYM_KEY *);
141 
142 	KMF_RETURN	(*SetTokenPin) (
143 			KMF_HANDLE_T,
144 			int, KMF_ATTRIBUTE *);
145 
146 	KMF_RETURN	(*StoreKey) (
147 			KMF_HANDLE_T,
148 			int,
149 			KMF_ATTRIBUTE *);
150 
151 	void		(*Finalize) ();
152 
153 } KMF_PLUGIN_FUNCLIST;
154 
155 typedef struct {
156 	KMF_ATTR_TYPE	type;
157 	boolean_t	null_value_ok; /* Is the pValue required */
158 	uint32_t	minlen;
159 	uint32_t	maxlen;
160 } KMF_ATTRIBUTE_TESTER;
161 
162 typedef struct {
163 	KMF_KEYSTORE_TYPE	type;
164 	char			*applications;
165 	char 			*path;
166 	void 			*dldesc;
167 	KMF_PLUGIN_FUNCLIST	*funclist;
168 } KMF_PLUGIN;
169 
170 typedef struct _KMF_PLUGIN_LIST {
171 	KMF_PLUGIN		*plugin;
172 	struct _KMF_PLUGIN_LIST *next;
173 } KMF_PLUGIN_LIST;
174 
175 typedef struct _kmf_handle {
176 	/*
177 	 * session handle opened by kmf_select_token() to talk
178 	 * to a specific slot in Crypto framework. It is used
179 	 * by pkcs11 plugin module.
180 	 */
181 	CK_SESSION_HANDLE	pk11handle;
182 	KMF_ERROR		lasterr;
183 	KMF_POLICY_RECORD	*policy;
184 	KMF_PLUGIN_LIST		*plugins;
185 } KMF_HANDLE;
186 
187 #define	CLEAR_ERROR(h, rv) { \
188 	if (h == NULL) { \
189 		rv = KMF_ERR_BAD_PARAMETER; \
190 	} else { \
191 		h->lasterr.errcode = 0; \
192 		h->lasterr.kstype = 0; \
193 		rv = KMF_OK; \
194 	} \
195 }
196 
197 #define	KMF_PLUGIN_INIT_SYMBOL	"KMF_Plugin_Initialize"
198 
199 #ifndef KMF_PLUGIN_PATH
200 #if defined(__sparcv9)
201 #define	KMF_PLUGIN_PATH "/lib/crypto/sparcv9/"
202 #elif defined(__sparc)
203 #define	KMF_PLUGIN_PATH "/lib/crypto/"
204 #elif defined(__i386)
205 #define	KMF_PLUGIN_PATH "/lib/crypto/"
206 #elif defined(__amd64)
207 #define	KMF_PLUGIN_PATH "/lib/crypto/amd64/"
208 #endif
209 #endif /* !KMF_PLUGIN_PATH */
210 
211 KMF_PLUGIN_FUNCLIST *KMF_Plugin_Initialize();
212 
213 extern KMF_RETURN
214 VerifyDataWithKey(KMF_HANDLE_T, KMF_DATA *, KMF_ALGORITHM_INDEX,
215     KMF_DATA *, KMF_DATA *);
216 
217 extern KMF_BOOL pkcs_algid_to_keytype(
218     KMF_ALGORITHM_INDEX, CK_KEY_TYPE *);
219 
220 extern KMF_RETURN PKCS_DigestData(KMF_HANDLE_T,
221     CK_SESSION_HANDLE, CK_MECHANISM_TYPE,
222     KMF_DATA *, KMF_DATA *, boolean_t);
223 
224 extern KMF_RETURN PKCS_VerifyData(
225     KMF_HANDLE *,
226     KMF_ALGORITHM_INDEX,
227     KMF_X509_SPKI *,
228     KMF_DATA *, KMF_DATA *);
229 
230 extern KMF_RETURN PKCS_EncryptData(
231     KMF_HANDLE *,
232     KMF_ALGORITHM_INDEX,
233     KMF_X509_SPKI *,
234     KMF_DATA *,
235     KMF_DATA *);
236 
237 extern KMF_PLUGIN *FindPlugin(KMF_HANDLE_T, KMF_KEYSTORE_TYPE);
238 
239 extern KMF_BOOL IsEqualOid(KMF_OID *, KMF_OID *);
240 
241 extern KMF_RETURN copy_algoid(KMF_X509_ALGORITHM_IDENTIFIER *destid,
242     KMF_X509_ALGORITHM_IDENTIFIER *srcid);
243 
244 extern KMF_OID *x509_algid_to_algoid(KMF_ALGORITHM_INDEX);
245 extern KMF_ALGORITHM_INDEX x509_algoid_to_algid(KMF_OID *);
246 
247 extern KMF_RETURN GetIDFromSPKI(KMF_X509_SPKI *, KMF_DATA *);
248 extern KMF_RETURN kmf_select_token(KMF_HANDLE_T, char *, int);
249 extern KMF_RETURN kmf_set_altname(KMF_X509_EXTENSIONS *,
250     KMF_OID *, int, KMF_GENERALNAMECHOICES, char *);
251 extern KMF_RETURN GetSequenceContents(char *, size_t, char **, size_t *);
252 extern KMF_X509_EXTENSION *FindExtn(KMF_X509_EXTENSIONS *, KMF_OID *);
253 extern KMF_RETURN add_an_extension(KMF_X509_EXTENSIONS *exts,
254     KMF_X509_EXTENSION *newextn);
255 extern KMF_RETURN set_integer(KMF_DATA *, void *, int);
256 extern void free_keyidlist(KMF_OID *, int);
257 extern KMF_RETURN copy_data(KMF_DATA *, KMF_DATA *);
258 extern void Cleanup_PK11_Session(KMF_HANDLE_T handle);
259 extern void free_dp_name(KMF_CRL_DIST_POINT *);
260 extern void free_dp(KMF_CRL_DIST_POINT *);
261 extern KMF_RETURN set_key_usage_extension(KMF_X509_EXTENSIONS *,
262     int, uint32_t);
263 extern KMF_RETURN init_pk11();
264 extern KMF_RETURN test_attributes(int, KMF_ATTRIBUTE_TESTER *,
265     int, KMF_ATTRIBUTE_TESTER *, int, KMF_ATTRIBUTE *);
266 
267 /* Indexes into the key parts array for RSA keys */
268 #define	KMF_RSA_MODULUS			(0)
269 #define	KMF_RSA_PUBLIC_EXPONENT		(1)
270 #define	KMF_RSA_PRIVATE_EXPONENT	(2)
271 #define	KMF_RSA_PRIME1			(3)
272 #define	KMF_RSA_PRIME2			(4)
273 #define	KMF_RSA_EXPONENT1		(5)
274 #define	KMF_RSA_EXPONENT2		(6)
275 #define	KMF_RSA_COEFFICIENT		(7)
276 
277 /* Key part counts for RSA keys */
278 #define	KMF_NUMBER_RSA_PUBLIC_KEY_PARTS		(2)
279 #define	KMF_NUMBER_RSA_PRIVATE_KEY_PARTS	(8)
280 
281 /* Key part counts for DSA keys */
282 #define	KMF_NUMBER_DSA_PUBLIC_KEY_PARTS		(4)
283 #define	KMF_NUMBER_DSA_PRIVATE_KEY_PARTS	(4)
284 
285 /* Indexes into the key parts array for DSA keys */
286 #define	KMF_DSA_PRIME		(0)
287 #define	KMF_DSA_SUB_PRIME	(1)
288 #define	KMF_DSA_BASE		(2)
289 #define	KMF_DSA_PUBLIC_VALUE	(3)
290 
291 #define	KMF_ECDSA_PARAMS	(0)
292 #define	KMF_ECDSA_POINT		(1)
293 
294 #ifndef max
295 #define	max(a, b) ((a) < (b) ? (b) : (a))
296 #endif
297 
298 /* Maximum key parts for all algorithms */
299 #define	KMF_MAX_PUBLIC_KEY_PARTS \
300 	(max(KMF_NUMBER_RSA_PUBLIC_KEY_PARTS, \
301 	KMF_NUMBER_DSA_PUBLIC_KEY_PARTS))
302 
303 #define	KMF_MAX_PRIVATE_KEY_PARTS \
304 	(max(KMF_NUMBER_RSA_PRIVATE_KEY_PARTS, \
305 	KMF_NUMBER_DSA_PRIVATE_KEY_PARTS))
306 
307 #define	KMF_MAX_KEY_PARTS \
308 	(max(KMF_MAX_PUBLIC_KEY_PARTS, KMF_MAX_PRIVATE_KEY_PARTS))
309 
310 typedef enum {
311 	KMF_ALGMODE_NONE	= 0,
312 	KMF_ALGMODE_CUSTOM,
313 	KMF_ALGMODE_PUBLIC_KEY,
314 	KMF_ALGMODE_PRIVATE_KEY,
315 	KMF_ALGMODE_PKCS1_EMSA_V15
316 } KMF_SIGNATURE_MODE;
317 
318 #define	KMF_CERT_PRINTABLE_LEN	1024
319 #define	SHA1_HASH_LENGTH 20
320 
321 #define	OCSPREQ_TEMPNAME	"/tmp/ocsp.reqXXXXXX"
322 #define	OCSPRESP_TEMPNAME	"/tmp/ocsp.respXXXXXX"
323 
324 #define	_PATH_KMF_CONF	"/etc/crypto/kmf.conf"
325 #define	CONF_MODULEPATH	"modulepath="
326 #define	CONF_OPTION	"option="
327 
328 typedef struct {
329 	char			*keystore;
330 	char			*modulepath;
331 	char 			*option;
332 	KMF_KEYSTORE_TYPE	kstype;
333 } conf_entry_t;
334 
335 typedef struct conf_entrylist {
336 	conf_entry_t		*entry;
337 	struct conf_entrylist 	*next;
338 } conf_entrylist_t;
339 
340 extern KMF_RETURN get_pk11_data(KMF_ALGORITHM_INDEX,
341 	CK_KEY_TYPE *, CK_MECHANISM_TYPE *, CK_MECHANISM_TYPE *, boolean_t);
342 extern KMF_RETURN kmf_create_pk11_session(CK_SESSION_HANDLE *,
343 	CK_MECHANISM_TYPE, CK_FLAGS);
344 extern KMF_RETURN get_entrylist(conf_entrylist_t **);
345 extern void free_entrylist(conf_entrylist_t *);
346 extern void free_entry(conf_entry_t *);
347 extern conf_entry_t *dup_entry(conf_entry_t *);
348 extern boolean_t is_valid_keystore_type(KMF_KEYSTORE_TYPE);
349 extern KMF_BOOL is_eku_present(KMF_X509EXT_EKU *, KMF_OID *);
350 extern KMF_RETURN parse_eku_data(const KMF_DATA *, KMF_X509EXT_EKU *);
351 extern KMF_RETURN
352 copy_extension_data(KMF_X509_EXTENSION *, KMF_X509_EXTENSION *);
353 
354 #ifdef __cplusplus
355 }
356 #endif
357 #endif /* _KMFAPIP_H */
358