xref: /titanic_44/usr/src/lib/libkmf/include/kmfapi.h (revision 7c2fbfb345896881c631598ee3852ce9ce33fb07)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  *
25  *
26  * Constant definitions and function prototypes for the KMF library.
27  * Commonly used data types are defined in "kmftypes.h".
28  */
29 
30 #ifndef _KMFAPI_H
31 #define	_KMFAPI_H
32 
33 #pragma ident	"%Z%%M%	%I%	%E% SMI"
34 
35 #include <kmftypes.h>
36 #include <security/cryptoki.h>
37 
38 #ifdef __cplusplus
39 extern "C" {
40 #endif
41 
42 /*
43  * Setup operations.
44  */
45 extern KMF_RETURN kmf_initialize(KMF_HANDLE_T *, char *, char *);
46 extern KMF_RETURN kmf_configure_keystore(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
47 extern KMF_RETURN kmf_finalize(KMF_HANDLE_T);
48 
49 /*
50  * Key operations.
51  */
52 extern KMF_RETURN kmf_create_keypair(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
53 
54 extern KMF_RETURN kmf_delete_key_from_keystore(KMF_HANDLE_T, int,
55 	KMF_ATTRIBUTE *);
56 
57 extern KMF_RETURN kmf_find_key(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
58 
59 extern KMF_RETURN kmf_find_prikey_by_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
60 
61 extern KMF_RETURN kmf_store_key(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
62 
63 extern KMF_RETURN kmf_create_sym_key(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
64 
65 extern KMF_RETURN kmf_get_sym_key_value(KMF_HANDLE_T, KMF_KEY_HANDLE *,
66 	KMF_RAW_SYM_KEY *);
67 
68 /*
69  * Certificate operations.
70  */
71 extern KMF_RETURN kmf_find_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
72 
73 extern KMF_RETURN kmf_encode_cert_record(KMF_X509_CERTIFICATE *, KMF_DATA *);
74 
75 extern KMF_RETURN kmf_import_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
76 
77 extern KMF_RETURN kmf_store_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
78 
79 extern KMF_RETURN kmf_delete_cert_from_keystore(KMF_HANDLE_T, int,
80 	KMF_ATTRIBUTE *);
81 
82 extern KMF_RETURN kmf_validate_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
83 
84 extern KMF_RETURN kmf_create_cert_file(const KMF_DATA *, KMF_ENCODE_FORMAT,
85 	char *);
86 
87 extern KMF_RETURN kmf_download_cert(KMF_HANDLE_T, char *, char *, int,
88 	unsigned int, char *, KMF_ENCODE_FORMAT *);
89 
90 extern KMF_RETURN kmf_is_cert_data(KMF_DATA *, KMF_ENCODE_FORMAT *);
91 extern KMF_RETURN kmf_is_cert_file(KMF_HANDLE_T, char *, KMF_ENCODE_FORMAT *);
92 
93 extern KMF_RETURN kmf_check_cert_date(KMF_HANDLE_T, const KMF_DATA *);
94 
95 /*
96  * Crypto operations with key or cert.
97  */
98 extern KMF_RETURN kmf_encrypt(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
99 extern KMF_RETURN kmf_decrypt(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
100 extern KMF_RETURN kmf_sign_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
101 extern KMF_RETURN kmf_sign_data(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
102 extern KMF_RETURN kmf_verify_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
103 extern KMF_RETURN kmf_verify_data(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
104 
105 /*
106  * CRL operations.
107  */
108 extern KMF_RETURN kmf_import_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
109 extern KMF_RETURN kmf_delete_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
110 extern KMF_RETURN kmf_list_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
111 extern KMF_RETURN kmf_find_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
112 extern KMF_RETURN kmf_find_cert_in_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
113 extern KMF_RETURN kmf_verify_crl_file(KMF_HANDLE_T, char *, KMF_DATA *);
114 extern KMF_RETURN kmf_check_crl_date(KMF_HANDLE_T, char *);
115 extern KMF_RETURN kmf_download_crl(KMF_HANDLE_T, char *, char *,
116 	int, unsigned int, char *, KMF_ENCODE_FORMAT *);
117 extern KMF_RETURN kmf_is_crl_file(KMF_HANDLE_T, char *, KMF_ENCODE_FORMAT *);
118 
119 /*
120  * CSR operations.
121  */
122 extern KMF_RETURN kmf_create_csr_file(KMF_DATA *, KMF_ENCODE_FORMAT, char *);
123 extern KMF_RETURN kmf_set_csr_pubkey(KMF_HANDLE_T,
124 	KMF_KEY_HANDLE *, KMF_CSR_DATA *);
125 extern KMF_RETURN kmf_set_csr_version(KMF_CSR_DATA *, uint32_t);
126 extern KMF_RETURN kmf_set_csr_subject(KMF_CSR_DATA *, KMF_X509_NAME *);
127 extern KMF_RETURN kmf_set_csr_extn(KMF_CSR_DATA *, KMF_X509_EXTENSION *);
128 extern KMF_RETURN kmf_set_csr_sig_alg(KMF_CSR_DATA *, KMF_ALGORITHM_INDEX);
129 extern KMF_RETURN kmf_set_csr_subject_altname(KMF_CSR_DATA *, char *,
130 	int, KMF_GENERALNAMECHOICES);
131 extern KMF_RETURN kmf_set_csr_ku(KMF_CSR_DATA *, int, uint16_t);
132 extern KMF_RETURN kmf_decode_csr(KMF_HANDLE_T, KMF_DATA *, KMF_CSR_DATA *);
133 extern KMF_RETURN kmf_verify_csr(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
134 extern KMF_RETURN kmf_sign_csr(KMF_HANDLE_T, const KMF_CSR_DATA *,
135 	KMF_KEY_HANDLE *, KMF_DATA *);
136 extern KMF_RETURN kmf_add_csr_eku(KMF_CSR_DATA *, KMF_OID *, int);
137 
138 /*
139  * GetCert operations.
140  */
141 extern KMF_RETURN kmf_get_cert_extn(const KMF_DATA *, KMF_OID *,
142 	KMF_X509_EXTENSION *);
143 
144 extern KMF_RETURN kmf_get_cert_extns(const KMF_DATA *, KMF_FLAG_CERT_EXTN,
145 	KMF_X509_EXTENSION **, int *);
146 
147 extern KMF_RETURN kmf_get_cert_ku(const KMF_DATA *, KMF_X509EXT_KEY_USAGE *);
148 
149 extern KMF_RETURN kmf_get_cert_eku(const KMF_DATA *, KMF_X509EXT_EKU *);
150 
151 extern KMF_RETURN kmf_get_cert_basic_constraint(const KMF_DATA *,
152 	KMF_BOOL *, KMF_X509EXT_BASICCONSTRAINTS *);
153 
154 extern KMF_RETURN kmf_get_cert_policies(const KMF_DATA *,
155 	KMF_BOOL *, KMF_X509EXT_CERT_POLICIES *);
156 
157 extern KMF_RETURN kmf_get_cert_auth_info_access(const KMF_DATA *,
158 	KMF_X509EXT_AUTHINFOACCESS *);
159 
160 extern KMF_RETURN kmf_get_cert_crl_dist_pts(const KMF_DATA *,
161 	KMF_X509EXT_CRLDISTPOINTS *);
162 
163 extern KMF_RETURN kmf_get_cert_version_str(KMF_HANDLE_T, const KMF_DATA *,
164 	char **);
165 
166 extern KMF_RETURN kmf_get_cert_subject_str(KMF_HANDLE_T, const KMF_DATA *,
167 	char **);
168 
169 extern KMF_RETURN kmf_get_cert_issuer_str(KMF_HANDLE_T,	const KMF_DATA *,
170 	char **);
171 
172 extern KMF_RETURN kmf_get_cert_serial_str(KMF_HANDLE_T, const KMF_DATA *,
173 	char **);
174 
175 extern KMF_RETURN kmf_get_cert_start_date_str(KMF_HANDLE_T, const KMF_DATA *,
176 	char **);
177 
178 extern KMF_RETURN kmf_get_cert_end_date_str(KMF_HANDLE_T, const KMF_DATA *,
179 	char **);
180 
181 extern KMF_RETURN kmf_get_cert_pubkey_alg_str(KMF_HANDLE_T, const KMF_DATA *,
182 	char **);
183 
184 extern KMF_RETURN kmf_get_cert_sig_alg_str(KMF_HANDLE_T, const KMF_DATA *,
185 	char **);
186 
187 extern KMF_RETURN kmf_get_cert_pubkey_str(KMF_HANDLE_T,	const KMF_DATA *,
188 	char **);
189 
190 extern KMF_RETURN kmf_get_cert_email_str(KMF_HANDLE_T, const KMF_DATA *,
191 	char **);
192 
193 extern KMF_RETURN kmf_get_cert_extn_str(KMF_HANDLE_T, const KMF_DATA *,
194 	KMF_PRINTABLE_ITEM, char **);
195 
196 extern KMF_RETURN kmf_get_cert_id_data(const KMF_DATA *, KMF_DATA *);
197 
198 extern KMF_RETURN kmf_get_cert_id_str(const KMF_DATA *, char **);
199 
200 extern KMF_RETURN kmf_get_cert_validity(const KMF_DATA *, time_t *, time_t *);
201 
202 
203 /*
204  * SetCert operations
205  */
206 extern KMF_RETURN kmf_set_cert_pubkey(KMF_HANDLE_T, KMF_KEY_HANDLE *,
207 	KMF_X509_CERTIFICATE *);
208 
209 extern KMF_RETURN kmf_set_cert_subject(KMF_X509_CERTIFICATE *,
210 	KMF_X509_NAME *);
211 
212 extern KMF_RETURN kmf_set_cert_ku(KMF_X509_CERTIFICATE *, int, uint16_t);
213 
214 extern KMF_RETURN kmf_set_cert_issuer(KMF_X509_CERTIFICATE *,
215 	KMF_X509_NAME *);
216 
217 extern KMF_RETURN kmf_set_cert_sig_alg(KMF_X509_CERTIFICATE *,
218 	KMF_ALGORITHM_INDEX);
219 
220 extern KMF_RETURN kmf_set_cert_validity(KMF_X509_CERTIFICATE *,
221 	time_t, uint32_t);
222 
223 extern KMF_RETURN kmf_set_cert_serial(KMF_X509_CERTIFICATE *,
224 	KMF_BIGINT *);
225 
226 extern KMF_RETURN kmf_set_cert_version(KMF_X509_CERTIFICATE *, uint32_t);
227 
228 extern KMF_RETURN kmf_set_cert_issuer_altname(KMF_X509_CERTIFICATE *,
229 	int, KMF_GENERALNAMECHOICES, char *);
230 
231 extern KMF_RETURN kmf_set_cert_subject_altname(KMF_X509_CERTIFICATE *,
232 	int, KMF_GENERALNAMECHOICES, char *);
233 
234 extern KMF_RETURN kmf_add_cert_eku(KMF_X509_CERTIFICATE *, KMF_OID *, int);
235 
236 extern KMF_RETURN kmf_set_cert_extn(KMF_X509_CERTIFICATE *,
237 	KMF_X509_EXTENSION *);
238 
239 extern KMF_RETURN kmf_set_cert_basic_constraint(KMF_X509_CERTIFICATE *,
240 	KMF_BOOL, KMF_X509EXT_BASICCONSTRAINTS *);
241 
242 
243 /*
244  *  PK12 operations
245  */
246 extern KMF_RETURN kmf_export_pk12(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
247 
248 extern KMF_RETURN kmf_build_pk12(KMF_HANDLE_T, int, KMF_X509_DER_CERT *,
249 	int, KMF_KEY_HANDLE *, KMF_CREDENTIAL *, char *);
250 
251 extern KMF_RETURN kmf_import_objects(KMF_HANDLE_T, char *, KMF_CREDENTIAL *,
252 	KMF_X509_DER_CERT **, int *, KMF_RAW_KEY_DATA **, int *);
253 
254 /*
255  * OCSP operations
256  */
257 extern KMF_RETURN kmf_get_ocsp_for_cert(KMF_HANDLE_T, KMF_DATA *, KMF_DATA *,
258 	KMF_DATA *);
259 
260 extern KMF_RETURN kmf_create_ocsp_request(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
261 
262 extern KMF_RETURN kmf_get_encoded_ocsp_response(KMF_HANDLE_T, char *,
263 	char *, int, char *, int, char *, unsigned int);
264 
265 extern KMF_RETURN kmf_get_ocsp_status_for_cert(KMF_HANDLE_T, int,
266 	KMF_ATTRIBUTE *);
267 
268 /*
269  * Policy Operations
270  */
271 extern KMF_RETURN kmf_set_policy(KMF_HANDLE_T, char *, char *);
272 
273 /*
274  * Error handling.
275  */
276 extern KMF_RETURN kmf_get_plugin_error_str(KMF_HANDLE_T, char **);
277 extern KMF_RETURN kmf_get_kmf_error_str(KMF_RETURN, char **);
278 
279 /*
280  * Miscellaneous
281  */
282 extern KMF_RETURN kmf_dn_parser(char *, KMF_X509_NAME *);
283 extern KMF_RETURN kmf_read_input_file(KMF_HANDLE_T, char *, KMF_DATA *);
284 extern KMF_RETURN kmf_der_to_pem(KMF_OBJECT_TYPE, unsigned char *,
285 	int, unsigned char **, int *);
286 extern KMF_RETURN kmf_pem_to_der(unsigned char *, int, unsigned char **, int *);
287 extern char *kmf_oid_to_string(KMF_OID *);
288 extern KMF_RETURN kmf_string_to_oid(char *, KMF_OID *);
289 extern int kmf_compare_rdns(KMF_X509_NAME *, KMF_X509_NAME *);
290 extern KMF_RETURN kmf_get_data_format(KMF_DATA *, KMF_ENCODE_FORMAT *);
291 extern KMF_RETURN kmf_get_file_format(char *, KMF_ENCODE_FORMAT *);
292 extern uint32_t kmf_string_to_ku(char *);
293 extern char *kmf_ku_to_string(uint32_t);
294 extern KMF_RETURN kmf_hexstr_to_bytes(unsigned char *, unsigned char **,
295 	size_t *);
296 
297 extern KMF_RETURN kmf_get_plugin_info(KMF_HANDLE_T, char *,
298 	KMF_KEYSTORE_TYPE *, char **);
299 
300 extern KMF_OID *kmf_ekuname_to_oid(char *);
301 extern char *kmf_oid_to_ekuname(KMF_OID *);
302 
303 #define	KMF_CompareRDNs kmf_compare_rdns
304 
305 /*
306  * Memory cleanup operations
307  */
308 extern void kmf_free_dn(KMF_X509_NAME *);
309 extern void kmf_free_kmf_cert(KMF_HANDLE_T, KMF_X509_DER_CERT *);
310 extern void kmf_free_data(KMF_DATA *);
311 extern void kmf_free_algoid(KMF_X509_ALGORITHM_IDENTIFIER *);
312 extern void kmf_free_extn(KMF_X509_EXTENSION *);
313 extern void kmf_free_tbs_csr(KMF_TBS_CSR *);
314 extern void kmf_free_signed_csr(KMF_CSR_DATA *);
315 extern void kmf_free_tbs_cert(KMF_X509_TBS_CERT *);
316 extern void kmf_free_signed_cert(KMF_X509_CERTIFICATE *);
317 extern void kmf_free_str(char *);
318 extern void kmf_free_eku(KMF_X509EXT_EKU *);
319 extern void kmf_free_spki(KMF_X509_SPKI *);
320 extern void kmf_free_kmf_key(KMF_HANDLE_T, KMF_KEY_HANDLE *);
321 extern void kmf_free_bigint(KMF_BIGINT *);
322 extern void kmf_free_raw_key(KMF_RAW_KEY_DATA *);
323 extern void kmf_free_raw_sym_key(KMF_RAW_SYM_KEY *);
324 extern void kmf_free_crl_dist_pts(KMF_X509EXT_CRLDISTPOINTS *);
325 
326 /* APIs for PKCS#11 token */
327 extern KMF_RETURN kmf_pk11_token_lookup(KMF_HANDLE_T, char *, CK_SLOT_ID *);
328 extern KMF_RETURN kmf_set_token_pin(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
329 extern CK_SESSION_HANDLE kmf_get_pk11_handle(KMF_HANDLE_T);
330 
331 /*
332  * Attribute management routines.
333  */
334 int kmf_find_attr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int);
335 void *kmf_get_attr_ptr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int);
336 KMF_RETURN kmf_get_attr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int, void *,
337 	uint32_t *);
338 KMF_RETURN kmf_get_string_attr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int, char **);
339 KMF_RETURN kmf_set_attr(KMF_ATTRIBUTE *, int, KMF_ATTR_TYPE, void *, uint32_t);
340 void kmf_set_attr_at_index(KMF_ATTRIBUTE *, int, KMF_ATTR_TYPE,
341 	void *, uint32_t);
342 
343 /*
344  * Legacy support only - do not use these APIs - they can be removed at any
345  * time.
346  */
347 extern KMF_RETURN KMF_ConfigureKeystore(KMF_HANDLE_T, KMF_CONFIG_PARAMS *);
348 extern KMF_RETURN KMF_CreateCSRFile(KMF_DATA *, KMF_ENCODE_FORMAT, char *);
349 extern KMF_RETURN KMF_CreateKeypair(KMF_HANDLE_T,
350 	KMF_CREATEKEYPAIR_PARAMS *, KMF_KEY_HANDLE *, KMF_KEY_HANDLE *);
351 extern KMF_RETURN KMF_DNParser(char *, KMF_X509_NAME *);
352 extern KMF_RETURN KMF_Finalize(KMF_HANDLE_T);
353 extern KMF_RETURN KMF_FindCert(KMF_HANDLE_T, KMF_FINDCERT_PARAMS *,
354 	KMF_X509_DER_CERT *, uint32_t *);
355 extern KMF_RETURN KMF_FindKey(KMF_HANDLE_T, KMF_FINDKEY_PARAMS *,
356 	KMF_KEY_HANDLE *, uint32_t *);
357 extern void KMF_FreeData(KMF_DATA *);
358 extern void KMF_FreeKMFCert(KMF_HANDLE_T, KMF_X509_DER_CERT *);
359 extern void KMF_FreeKMFKey(KMF_HANDLE_T, KMF_KEY_HANDLE *);
360 extern void KMF_FreeSignedCSR(KMF_CSR_DATA *);
361 extern KMF_RETURN KMF_GetCertIDString(const KMF_DATA *, char **);
362 extern KMF_RETURN KMF_GetCertIssuerNameString(KMF_HANDLE_T,
363 	const KMF_DATA *, char **);
364 extern KMF_RETURN KMF_GetCertSubjectNameString(KMF_HANDLE_T,
365 	const KMF_DATA *, char **);
366 extern KMF_RETURN KMF_GetKMFErrorString(KMF_RETURN, char **);
367 extern KMF_RETURN KMF_Initialize(KMF_HANDLE_T *, char *, char *);
368 extern KMF_RETURN KMF_ReadInputFile(KMF_HANDLE_T, char *, KMF_DATA *);
369 extern KMF_RETURN KMF_SetCSRPubKey(KMF_HANDLE_T, KMF_KEY_HANDLE *,
370 	KMF_CSR_DATA *);
371 extern KMF_RETURN KMF_SetCSRSignatureAlgorithm(KMF_CSR_DATA *,
372 	KMF_ALGORITHM_INDEX);
373 extern KMF_RETURN KMF_SetCSRSubjectName(KMF_CSR_DATA *, KMF_X509_NAME *);
374 extern KMF_RETURN KMF_SetCSRVersion(KMF_CSR_DATA *, uint32_t);
375 extern KMF_RETURN KMF_SignCSR(KMF_HANDLE_T, const KMF_CSR_DATA *,
376 	KMF_KEY_HANDLE *, KMF_DATA *);
377 extern KMF_RETURN KMF_SignDataWithKey(KMF_HANDLE_T, KMF_KEY_HANDLE *,
378 	KMF_OID *, KMF_DATA *, KMF_DATA *);
379 extern KMF_RETURN KMF_VerifyCertWithCert(KMF_HANDLE_T, const KMF_DATA *,
380 	const KMF_DATA *);
381 extern KMF_RETURN KMF_VerifyDataWithCert(KMF_HANDLE_T,
382 	KMF_KEYSTORE_TYPE, KMF_ALGORITHM_INDEX, KMF_DATA *, KMF_DATA *,
383 	const KMF_DATA *);
384 
385 #ifdef __cplusplus
386 }
387 #endif
388 #endif /* _KMFAPI_H */
389