xref: /titanic_41/usr/src/lib/libkmf/include/kmfapiP.h (revision d0698e0d179f97729cacdbc2f13446a6b0a3f22a)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  *
21  * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
22  */
23 #ifndef _KMFAPIP_H
24 #define	_KMFAPIP_H
25 
26 #include <kmfapi.h>
27 #include <kmfpolicy.h>
28 
29 #ifdef __cplusplus
30 extern "C" {
31 #endif
32 
33 /* Plugin function table */
34 typedef struct {
35 	ushort_t	version;
36 	KMF_RETURN	(*ConfigureKeystore) (
37 			KMF_HANDLE_T,
38 			int,
39 			KMF_ATTRIBUTE *);
40 
41 	KMF_RETURN	(*FindCert) (
42 			KMF_HANDLE_T,
43 			int,
44 			KMF_ATTRIBUTE *);
45 
46 	void		(*FreeKMFCert) (
47 			KMF_HANDLE_T,
48 			KMF_X509_DER_CERT *);
49 
50 	KMF_RETURN	(*StoreCert) (
51 			KMF_HANDLE_T,
52 			int, KMF_ATTRIBUTE *);
53 
54 	KMF_RETURN	(*ImportCert) (
55 			KMF_HANDLE_T,
56 			int, KMF_ATTRIBUTE *);
57 
58 	KMF_RETURN	(*ImportCRL) (
59 			KMF_HANDLE_T,
60 			int, KMF_ATTRIBUTE *);
61 
62 	KMF_RETURN	(*DeleteCert) (
63 			KMF_HANDLE_T,
64 			int, KMF_ATTRIBUTE *);
65 
66 	KMF_RETURN	(*DeleteCRL) (
67 			KMF_HANDLE_T,
68 			int, KMF_ATTRIBUTE *);
69 
70 	KMF_RETURN	(*CreateKeypair) (
71 			KMF_HANDLE_T,
72 			int,
73 			KMF_ATTRIBUTE *);
74 
75 	KMF_RETURN	(*FindKey) (
76 			KMF_HANDLE_T,
77 			int,
78 			KMF_ATTRIBUTE *);
79 
80 	KMF_RETURN	(*EncodePubkeyData) (
81 			KMF_HANDLE_T,
82 			KMF_KEY_HANDLE *,
83 			KMF_DATA *);
84 
85 	KMF_RETURN	(*SignData) (
86 			KMF_HANDLE_T,
87 			KMF_KEY_HANDLE *,
88 			KMF_OID *,
89 			KMF_DATA *,
90 			KMF_DATA *);
91 
92 	KMF_RETURN	(*DeleteKey) (
93 			KMF_HANDLE_T,
94 			int,
95 			KMF_ATTRIBUTE *);
96 
97 	KMF_RETURN	(*ListCRL) (
98 			KMF_HANDLE_T,
99 			int, KMF_ATTRIBUTE *);
100 
101 	KMF_RETURN	(*FindCRL) (
102 			KMF_HANDLE_T,
103 			int, KMF_ATTRIBUTE *);
104 
105 	KMF_RETURN	(*FindCertInCRL) (
106 			KMF_HANDLE_T,
107 			int, KMF_ATTRIBUTE *);
108 
109 	KMF_RETURN	(*GetErrorString) (
110 			KMF_HANDLE_T,
111 			char **);
112 
113 	KMF_RETURN	(*FindPrikeyByCert) (
114 			KMF_HANDLE_T,
115 			int,
116 			KMF_ATTRIBUTE *);
117 
118 	KMF_RETURN	(*DecryptData) (
119 			KMF_HANDLE_T,
120 			KMF_KEY_HANDLE *,
121 			KMF_OID *,
122 			KMF_DATA *,
123 			KMF_DATA *);
124 
125 	KMF_RETURN	(*ExportPK12)(
126 			KMF_HANDLE_T,
127 			int,
128 			KMF_ATTRIBUTE *);
129 
130 	KMF_RETURN	(*CreateSymKey) (
131 			KMF_HANDLE_T,
132 			int,
133 			KMF_ATTRIBUTE *);
134 
135 	KMF_RETURN	(*GetSymKeyValue) (
136 			KMF_HANDLE_T,
137 			KMF_KEY_HANDLE *,
138 			KMF_RAW_SYM_KEY *);
139 
140 	KMF_RETURN	(*SetTokenPin) (
141 			KMF_HANDLE_T,
142 			int, KMF_ATTRIBUTE *);
143 
144 	KMF_RETURN	(*StoreKey) (
145 			KMF_HANDLE_T,
146 			int,
147 			KMF_ATTRIBUTE *);
148 
149 	void		(*Finalize) ();
150 
151 } KMF_PLUGIN_FUNCLIST;
152 
153 typedef struct {
154 	KMF_ATTR_TYPE	type;
155 	boolean_t	null_value_ok; /* Is the pValue required */
156 	uint32_t	minlen;
157 	uint32_t	maxlen;
158 } KMF_ATTRIBUTE_TESTER;
159 
160 typedef struct {
161 	KMF_KEYSTORE_TYPE	type;
162 	char			*applications;
163 	char 			*path;
164 	void 			*dldesc;
165 	KMF_PLUGIN_FUNCLIST	*funclist;
166 } KMF_PLUGIN;
167 
168 typedef struct _KMF_PLUGIN_LIST {
169 	KMF_PLUGIN		*plugin;
170 	struct _KMF_PLUGIN_LIST *next;
171 } KMF_PLUGIN_LIST;
172 
173 typedef struct _kmf_handle {
174 	/*
175 	 * session handle opened by kmf_select_token() to talk
176 	 * to a specific slot in Crypto framework. It is used
177 	 * by pkcs11 plugin module.
178 	 */
179 	CK_SESSION_HANDLE	pk11handle;
180 	KMF_ERROR		lasterr;
181 	KMF_POLICY_RECORD	*policy;
182 	KMF_PLUGIN_LIST		*plugins;
183 	KMF_MAPPER_STATE	*mapstate;
184 } KMF_HANDLE;
185 
186 #define	CLEAR_ERROR(h, rv) { \
187 	if (h == NULL) { \
188 		rv = KMF_ERR_BAD_PARAMETER; \
189 	} else { \
190 		h->lasterr.errcode = 0; \
191 		h->lasterr.kstype = 0; \
192 		rv = KMF_OK; \
193 	} \
194 }
195 
196 #define	KMF_PLUGIN_INIT_SYMBOL	"KMF_Plugin_Initialize"
197 
198 #ifndef KMF_PLUGIN_PATH
199 #if defined(__sparcv9)
200 #define	KMF_PLUGIN_PATH "/lib/crypto/sparcv9/"
201 #elif defined(__sparc)
202 #define	KMF_PLUGIN_PATH "/lib/crypto/"
203 #elif defined(__i386)
204 #define	KMF_PLUGIN_PATH "/lib/crypto/"
205 #elif defined(__amd64)
206 #define	KMF_PLUGIN_PATH "/lib/crypto/amd64/"
207 #endif
208 #endif /* !KMF_PLUGIN_PATH */
209 
210 KMF_PLUGIN_FUNCLIST *KMF_Plugin_Initialize();
211 
212 extern KMF_RETURN
213 VerifyDataWithKey(KMF_HANDLE_T, KMF_DATA *, KMF_ALGORITHM_INDEX,
214     KMF_DATA *, KMF_DATA *);
215 
216 extern KMF_BOOL pkcs_algid_to_keytype(
217     KMF_ALGORITHM_INDEX, CK_KEY_TYPE *);
218 
219 extern KMF_RETURN PKCS_DigestData(KMF_HANDLE_T,
220     CK_SESSION_HANDLE, CK_MECHANISM_TYPE,
221     KMF_DATA *, KMF_DATA *, boolean_t);
222 
223 extern KMF_RETURN PKCS_VerifyData(
224     KMF_HANDLE *,
225     KMF_ALGORITHM_INDEX,
226     KMF_X509_SPKI *,
227     KMF_DATA *, KMF_DATA *);
228 
229 extern KMF_RETURN PKCS_EncryptData(
230     KMF_HANDLE *,
231     KMF_ALGORITHM_INDEX,
232     KMF_X509_SPKI *,
233     KMF_DATA *,
234     KMF_DATA *);
235 
236 extern KMF_PLUGIN *FindPlugin(KMF_HANDLE_T, KMF_KEYSTORE_TYPE);
237 
238 extern KMF_BOOL IsEqualOid(KMF_OID *, KMF_OID *);
239 
240 extern KMF_RETURN copy_algoid(KMF_X509_ALGORITHM_IDENTIFIER *destid,
241     KMF_X509_ALGORITHM_IDENTIFIER *srcid);
242 
243 extern KMF_OID *x509_algid_to_algoid(KMF_ALGORITHM_INDEX);
244 extern KMF_ALGORITHM_INDEX x509_algoid_to_algid(KMF_OID *);
245 
246 extern KMF_RETURN GetIDFromSPKI(KMF_X509_SPKI *, KMF_DATA *);
247 extern KMF_RETURN kmf_select_token(KMF_HANDLE_T, char *, int);
248 extern KMF_RETURN kmf_set_altname(KMF_X509_EXTENSIONS *,
249     KMF_OID *, int, KMF_GENERALNAMECHOICES, char *);
250 extern KMF_RETURN GetSequenceContents(char *, size_t, char **, size_t *);
251 extern KMF_X509_EXTENSION *FindExtn(KMF_X509_EXTENSIONS *, KMF_OID *);
252 extern KMF_RETURN add_an_extension(KMF_X509_EXTENSIONS *exts,
253     KMF_X509_EXTENSION *newextn);
254 extern KMF_RETURN set_integer(KMF_DATA *, void *, int);
255 extern void free_keyidlist(KMF_OID *, int);
256 extern KMF_RETURN copy_data(KMF_DATA *, KMF_DATA *);
257 extern void Cleanup_PK11_Session(KMF_HANDLE_T handle);
258 extern void free_dp_name(KMF_CRL_DIST_POINT *);
259 extern void free_dp(KMF_CRL_DIST_POINT *);
260 extern KMF_RETURN set_key_usage_extension(KMF_X509_EXTENSIONS *,
261     int, uint32_t);
262 extern KMF_RETURN init_pk11();
263 extern KMF_RETURN test_attributes(int, KMF_ATTRIBUTE_TESTER *,
264     int, KMF_ATTRIBUTE_TESTER *, int, KMF_ATTRIBUTE *);
265 
266 /* Indexes into the key parts array for RSA keys */
267 #define	KMF_RSA_MODULUS			(0)
268 #define	KMF_RSA_PUBLIC_EXPONENT		(1)
269 #define	KMF_RSA_PRIVATE_EXPONENT	(2)
270 #define	KMF_RSA_PRIME1			(3)
271 #define	KMF_RSA_PRIME2			(4)
272 #define	KMF_RSA_EXPONENT1		(5)
273 #define	KMF_RSA_EXPONENT2		(6)
274 #define	KMF_RSA_COEFFICIENT		(7)
275 
276 /* Key part counts for RSA keys */
277 #define	KMF_NUMBER_RSA_PUBLIC_KEY_PARTS		(2)
278 #define	KMF_NUMBER_RSA_PRIVATE_KEY_PARTS	(8)
279 
280 /* Key part counts for DSA keys */
281 #define	KMF_NUMBER_DSA_PUBLIC_KEY_PARTS		(4)
282 #define	KMF_NUMBER_DSA_PRIVATE_KEY_PARTS	(4)
283 
284 /* Indexes into the key parts array for DSA keys */
285 #define	KMF_DSA_PRIME		(0)
286 #define	KMF_DSA_SUB_PRIME	(1)
287 #define	KMF_DSA_BASE		(2)
288 #define	KMF_DSA_PUBLIC_VALUE	(3)
289 
290 #define	KMF_ECDSA_PARAMS	(0)
291 #define	KMF_ECDSA_POINT		(1)
292 
293 #ifndef max
294 #define	max(a, b) ((a) < (b) ? (b) : (a))
295 #endif
296 
297 /* Maximum key parts for all algorithms */
298 #define	KMF_MAX_PUBLIC_KEY_PARTS \
299 	(max(KMF_NUMBER_RSA_PUBLIC_KEY_PARTS, \
300 	KMF_NUMBER_DSA_PUBLIC_KEY_PARTS))
301 
302 #define	KMF_MAX_PRIVATE_KEY_PARTS \
303 	(max(KMF_NUMBER_RSA_PRIVATE_KEY_PARTS, \
304 	KMF_NUMBER_DSA_PRIVATE_KEY_PARTS))
305 
306 #define	KMF_MAX_KEY_PARTS \
307 	(max(KMF_MAX_PUBLIC_KEY_PARTS, KMF_MAX_PRIVATE_KEY_PARTS))
308 
309 typedef enum {
310 	KMF_ALGMODE_NONE	= 0,
311 	KMF_ALGMODE_CUSTOM,
312 	KMF_ALGMODE_PUBLIC_KEY,
313 	KMF_ALGMODE_PRIVATE_KEY,
314 	KMF_ALGMODE_PKCS1_EMSA_V15
315 } KMF_SIGNATURE_MODE;
316 
317 #define	KMF_CERT_PRINTABLE_LEN	1024
318 #define	SHA1_HASH_LENGTH 20
319 
320 #define	OCSPREQ_TEMPNAME	"/tmp/ocsp.reqXXXXXX"
321 #define	OCSPRESP_TEMPNAME	"/tmp/ocsp.respXXXXXX"
322 
323 #define	_PATH_KMF_CONF	"/etc/crypto/kmf.conf"
324 #define	CONF_MODULEPATH	"modulepath="
325 #define	CONF_OPTION	"option="
326 
327 typedef struct {
328 	char			*keystore;
329 	char			*modulepath;
330 	char 			*option;
331 	KMF_KEYSTORE_TYPE	kstype;
332 } conf_entry_t;
333 
334 typedef struct conf_entrylist {
335 	conf_entry_t		*entry;
336 	struct conf_entrylist 	*next;
337 } conf_entrylist_t;
338 
339 extern KMF_RETURN get_pk11_data(KMF_ALGORITHM_INDEX,
340 	CK_KEY_TYPE *, CK_MECHANISM_TYPE *, CK_MECHANISM_TYPE *, boolean_t);
341 extern KMF_RETURN kmf_create_pk11_session(CK_SESSION_HANDLE *,
342 	CK_MECHANISM_TYPE, CK_FLAGS);
343 extern KMF_RETURN get_entrylist(conf_entrylist_t **);
344 extern void free_entrylist(conf_entrylist_t *);
345 extern void free_entry(conf_entry_t *);
346 extern conf_entry_t *dup_entry(conf_entry_t *);
347 extern boolean_t is_valid_keystore_type(KMF_KEYSTORE_TYPE);
348 extern KMF_BOOL is_eku_present(KMF_X509EXT_EKU *, KMF_OID *);
349 extern KMF_RETURN parse_eku_data(const KMF_DATA *, KMF_X509EXT_EKU *);
350 extern KMF_RETURN copy_extension_data(KMF_X509_EXTENSION *,
351 	KMF_X509_EXTENSION *);
352 extern char *get_mapper_pathname(char *, char *);
353 
354 #ifdef __cplusplus
355 }
356 #endif
357 #endif /* _KMFAPIP_H */
358