xref: /titanic_50/usr/src/lib/libkmf/include/kmfapi.h (revision 269473047d747f7815af570197e4ef7322d3632c)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  *
25  *
26  * Constant definitions and function prototypes for the KMF library.
27  * Commonly used data types are defined in "kmftypes.h".
28  */
29 
30 #ifndef _KMFAPI_H
31 #define	_KMFAPI_H
32 
33 #include <kmftypes.h>
34 #include <security/cryptoki.h>
35 
36 #ifdef __cplusplus
37 extern "C" {
38 #endif
39 
40 /*
41  * Setup operations.
42  */
43 extern KMF_RETURN kmf_initialize(KMF_HANDLE_T *, char *, char *);
44 extern KMF_RETURN kmf_configure_keystore(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
45 extern KMF_RETURN kmf_finalize(KMF_HANDLE_T);
46 
47 /*
48  * Key operations.
49  */
50 extern KMF_RETURN kmf_create_keypair(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
51 
52 extern KMF_RETURN kmf_delete_key_from_keystore(KMF_HANDLE_T, int,
53 	KMF_ATTRIBUTE *);
54 
55 extern KMF_RETURN kmf_find_key(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
56 
57 extern KMF_RETURN kmf_find_prikey_by_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
58 
59 extern KMF_RETURN kmf_store_key(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
60 
61 extern KMF_RETURN kmf_create_sym_key(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
62 
63 extern KMF_RETURN kmf_get_sym_key_value(KMF_HANDLE_T, KMF_KEY_HANDLE *,
64 	KMF_RAW_SYM_KEY *);
65 
66 /*
67  * Certificate operations.
68  */
69 extern KMF_RETURN kmf_find_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
70 
71 extern KMF_RETURN kmf_encode_cert_record(KMF_X509_CERTIFICATE *, KMF_DATA *);
72 
73 extern KMF_RETURN kmf_import_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
74 
75 extern KMF_RETURN kmf_store_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
76 
77 extern KMF_RETURN kmf_delete_cert_from_keystore(KMF_HANDLE_T, int,
78 	KMF_ATTRIBUTE *);
79 
80 extern KMF_RETURN kmf_validate_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
81 
82 extern KMF_RETURN kmf_create_cert_file(const KMF_DATA *, KMF_ENCODE_FORMAT,
83 	char *);
84 
85 extern KMF_RETURN kmf_download_cert(KMF_HANDLE_T, char *, char *, int,
86 	unsigned int, char *, KMF_ENCODE_FORMAT *);
87 
88 extern KMF_RETURN kmf_is_cert_data(KMF_DATA *, KMF_ENCODE_FORMAT *);
89 extern KMF_RETURN kmf_is_cert_file(KMF_HANDLE_T, char *, KMF_ENCODE_FORMAT *);
90 
91 extern KMF_RETURN kmf_check_cert_date(KMF_HANDLE_T, const KMF_DATA *);
92 
93 /*
94  * Crypto operations with key or cert.
95  */
96 extern KMF_RETURN kmf_encrypt(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
97 extern KMF_RETURN kmf_decrypt(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
98 extern KMF_RETURN kmf_sign_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
99 extern KMF_RETURN kmf_sign_data(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
100 extern KMF_RETURN kmf_verify_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
101 extern KMF_RETURN kmf_verify_data(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
102 
103 /*
104  * CRL operations.
105  */
106 extern KMF_RETURN kmf_import_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
107 extern KMF_RETURN kmf_delete_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
108 extern KMF_RETURN kmf_list_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
109 extern KMF_RETURN kmf_find_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
110 extern KMF_RETURN kmf_find_cert_in_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
111 extern KMF_RETURN kmf_verify_crl_file(KMF_HANDLE_T, char *, KMF_DATA *);
112 extern KMF_RETURN kmf_check_crl_date(KMF_HANDLE_T, char *);
113 extern KMF_RETURN kmf_download_crl(KMF_HANDLE_T, char *, char *,
114 	int, unsigned int, char *, KMF_ENCODE_FORMAT *);
115 extern KMF_RETURN kmf_is_crl_file(KMF_HANDLE_T, char *, KMF_ENCODE_FORMAT *);
116 
117 /*
118  * CSR operations.
119  */
120 extern KMF_RETURN kmf_create_csr_file(KMF_DATA *, KMF_ENCODE_FORMAT, char *);
121 extern KMF_RETURN kmf_set_csr_pubkey(KMF_HANDLE_T,
122 	KMF_KEY_HANDLE *, KMF_CSR_DATA *);
123 extern KMF_RETURN kmf_set_csr_version(KMF_CSR_DATA *, uint32_t);
124 extern KMF_RETURN kmf_set_csr_subject(KMF_CSR_DATA *, KMF_X509_NAME *);
125 extern KMF_RETURN kmf_set_csr_extn(KMF_CSR_DATA *, KMF_X509_EXTENSION *);
126 extern KMF_RETURN kmf_set_csr_sig_alg(KMF_CSR_DATA *, KMF_ALGORITHM_INDEX);
127 extern KMF_RETURN kmf_set_csr_subject_altname(KMF_CSR_DATA *, char *,
128 	int, KMF_GENERALNAMECHOICES);
129 extern KMF_RETURN kmf_set_csr_ku(KMF_CSR_DATA *, int, uint16_t);
130 extern KMF_RETURN kmf_decode_csr(KMF_HANDLE_T, KMF_DATA *, KMF_CSR_DATA *);
131 extern KMF_RETURN kmf_verify_csr(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
132 extern KMF_RETURN kmf_sign_csr(KMF_HANDLE_T, const KMF_CSR_DATA *,
133 	KMF_KEY_HANDLE *, KMF_DATA *);
134 extern KMF_RETURN kmf_add_csr_eku(KMF_CSR_DATA *, KMF_OID *, int);
135 
136 /*
137  * GetCert operations.
138  */
139 extern KMF_RETURN kmf_get_cert_extn(const KMF_DATA *, KMF_OID *,
140 	KMF_X509_EXTENSION *);
141 
142 extern KMF_RETURN kmf_get_cert_extns(const KMF_DATA *, KMF_FLAG_CERT_EXTN,
143 	KMF_X509_EXTENSION **, int *);
144 
145 extern KMF_RETURN kmf_get_cert_ku(const KMF_DATA *, KMF_X509EXT_KEY_USAGE *);
146 
147 extern KMF_RETURN kmf_get_cert_eku(const KMF_DATA *, KMF_X509EXT_EKU *);
148 
149 extern KMF_RETURN kmf_get_cert_basic_constraint(const KMF_DATA *,
150 	KMF_BOOL *, KMF_X509EXT_BASICCONSTRAINTS *);
151 
152 extern KMF_RETURN kmf_get_cert_policies(const KMF_DATA *,
153 	KMF_BOOL *, KMF_X509EXT_CERT_POLICIES *);
154 
155 extern KMF_RETURN kmf_get_cert_auth_info_access(const KMF_DATA *,
156 	KMF_X509EXT_AUTHINFOACCESS *);
157 
158 extern KMF_RETURN kmf_get_cert_crl_dist_pts(const KMF_DATA *,
159 	KMF_X509EXT_CRLDISTPOINTS *);
160 
161 extern KMF_RETURN kmf_get_cert_version_str(KMF_HANDLE_T, const KMF_DATA *,
162 	char **);
163 
164 extern KMF_RETURN kmf_get_cert_subject_str(KMF_HANDLE_T, const KMF_DATA *,
165 	char **);
166 
167 extern KMF_RETURN kmf_get_cert_issuer_str(KMF_HANDLE_T,	const KMF_DATA *,
168 	char **);
169 
170 extern KMF_RETURN kmf_get_cert_serial_str(KMF_HANDLE_T, const KMF_DATA *,
171 	char **);
172 
173 extern KMF_RETURN kmf_get_cert_start_date_str(KMF_HANDLE_T, const KMF_DATA *,
174 	char **);
175 
176 extern KMF_RETURN kmf_get_cert_end_date_str(KMF_HANDLE_T, const KMF_DATA *,
177 	char **);
178 
179 extern KMF_RETURN kmf_get_cert_pubkey_alg_str(KMF_HANDLE_T, const KMF_DATA *,
180 	char **);
181 
182 extern KMF_RETURN kmf_get_cert_sig_alg_str(KMF_HANDLE_T, const KMF_DATA *,
183 	char **);
184 
185 extern KMF_RETURN kmf_get_cert_pubkey_str(KMF_HANDLE_T,	const KMF_DATA *,
186 	char **);
187 
188 extern KMF_RETURN kmf_get_cert_email_str(KMF_HANDLE_T, const KMF_DATA *,
189 	char **);
190 
191 extern KMF_RETURN kmf_get_cert_extn_str(KMF_HANDLE_T, const KMF_DATA *,
192 	KMF_PRINTABLE_ITEM, char **);
193 
194 extern KMF_RETURN kmf_get_cert_id_data(const KMF_DATA *, KMF_DATA *);
195 
196 extern KMF_RETURN kmf_get_cert_id_str(const KMF_DATA *, char **);
197 
198 extern KMF_RETURN kmf_get_cert_validity(const KMF_DATA *, time_t *, time_t *);
199 
200 
201 /*
202  * SetCert operations
203  */
204 extern KMF_RETURN kmf_set_cert_pubkey(KMF_HANDLE_T, KMF_KEY_HANDLE *,
205 	KMF_X509_CERTIFICATE *);
206 
207 extern KMF_RETURN kmf_set_cert_subject(KMF_X509_CERTIFICATE *,
208 	KMF_X509_NAME *);
209 
210 extern KMF_RETURN kmf_set_cert_ku(KMF_X509_CERTIFICATE *, int, uint16_t);
211 
212 extern KMF_RETURN kmf_set_cert_issuer(KMF_X509_CERTIFICATE *,
213 	KMF_X509_NAME *);
214 
215 extern KMF_RETURN kmf_set_cert_sig_alg(KMF_X509_CERTIFICATE *,
216 	KMF_ALGORITHM_INDEX);
217 
218 extern KMF_RETURN kmf_set_cert_validity(KMF_X509_CERTIFICATE *,
219 	time_t, uint32_t);
220 
221 extern KMF_RETURN kmf_set_cert_serial(KMF_X509_CERTIFICATE *,
222 	KMF_BIGINT *);
223 
224 extern KMF_RETURN kmf_set_cert_version(KMF_X509_CERTIFICATE *, uint32_t);
225 
226 extern KMF_RETURN kmf_set_cert_issuer_altname(KMF_X509_CERTIFICATE *,
227 	int, KMF_GENERALNAMECHOICES, char *);
228 
229 extern KMF_RETURN kmf_set_cert_subject_altname(KMF_X509_CERTIFICATE *,
230 	int, KMF_GENERALNAMECHOICES, char *);
231 
232 extern KMF_RETURN kmf_add_cert_eku(KMF_X509_CERTIFICATE *, KMF_OID *, int);
233 
234 extern KMF_RETURN kmf_set_cert_extn(KMF_X509_CERTIFICATE *,
235 	KMF_X509_EXTENSION *);
236 
237 extern KMF_RETURN kmf_set_cert_basic_constraint(KMF_X509_CERTIFICATE *,
238 	KMF_BOOL, KMF_X509EXT_BASICCONSTRAINTS *);
239 
240 
241 /*
242  *  PK12 operations
243  */
244 extern KMF_RETURN kmf_export_pk12(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
245 
246 extern KMF_RETURN kmf_build_pk12(KMF_HANDLE_T, int, KMF_X509_DER_CERT *,
247 	int, KMF_KEY_HANDLE *, KMF_CREDENTIAL *, char *);
248 
249 extern KMF_RETURN kmf_import_objects(KMF_HANDLE_T, char *, KMF_CREDENTIAL *,
250 	KMF_X509_DER_CERT **, int *, KMF_RAW_KEY_DATA **, int *);
251 
252 /*
253  * OCSP operations
254  */
255 extern KMF_RETURN kmf_get_ocsp_for_cert(KMF_HANDLE_T, KMF_DATA *, KMF_DATA *,
256 	KMF_DATA *);
257 
258 extern KMF_RETURN kmf_create_ocsp_request(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
259 
260 extern KMF_RETURN kmf_get_encoded_ocsp_response(KMF_HANDLE_T, char *,
261 	char *, int, char *, int, char *, unsigned int);
262 
263 extern KMF_RETURN kmf_get_ocsp_status_for_cert(KMF_HANDLE_T, int,
264 	KMF_ATTRIBUTE *);
265 
266 /*
267  * Policy Operations
268  */
269 extern KMF_RETURN kmf_set_policy(KMF_HANDLE_T, char *, char *);
270 
271 /*
272  * Error handling.
273  */
274 extern KMF_RETURN kmf_get_plugin_error_str(KMF_HANDLE_T, char **);
275 extern KMF_RETURN kmf_get_kmf_error_str(KMF_RETURN, char **);
276 
277 /*
278  * Miscellaneous
279  */
280 extern KMF_RETURN kmf_dn_parser(char *, KMF_X509_NAME *);
281 extern KMF_RETURN kmf_read_input_file(KMF_HANDLE_T, char *, KMF_DATA *);
282 extern KMF_RETURN kmf_der_to_pem(KMF_OBJECT_TYPE, unsigned char *,
283 	int, unsigned char **, int *);
284 extern KMF_RETURN kmf_pem_to_der(unsigned char *, int, unsigned char **, int *);
285 extern char *kmf_oid_to_string(KMF_OID *);
286 extern KMF_RETURN kmf_string_to_oid(char *, KMF_OID *);
287 extern int kmf_compare_rdns(KMF_X509_NAME *, KMF_X509_NAME *);
288 extern KMF_RETURN kmf_get_data_format(KMF_DATA *, KMF_ENCODE_FORMAT *);
289 extern KMF_RETURN kmf_get_file_format(char *, KMF_ENCODE_FORMAT *);
290 extern uint32_t kmf_string_to_ku(char *);
291 extern char *kmf_ku_to_string(uint32_t);
292 extern KMF_RETURN kmf_hexstr_to_bytes(unsigned char *, unsigned char **,
293 	size_t *);
294 
295 extern KMF_RETURN kmf_get_plugin_info(KMF_HANDLE_T, char *,
296 	KMF_KEYSTORE_TYPE *, char **);
297 
298 extern KMF_OID *kmf_ekuname_to_oid(char *);
299 extern char *kmf_oid_to_ekuname(KMF_OID *);
300 
301 #define	KMF_CompareRDNs kmf_compare_rdns
302 
303 /*
304  * Memory cleanup operations
305  */
306 extern void kmf_free_dn(KMF_X509_NAME *);
307 extern void kmf_free_kmf_cert(KMF_HANDLE_T, KMF_X509_DER_CERT *);
308 extern void kmf_free_data(KMF_DATA *);
309 extern void kmf_free_algoid(KMF_X509_ALGORITHM_IDENTIFIER *);
310 extern void kmf_free_extn(KMF_X509_EXTENSION *);
311 extern void kmf_free_tbs_csr(KMF_TBS_CSR *);
312 extern void kmf_free_signed_csr(KMF_CSR_DATA *);
313 extern void kmf_free_tbs_cert(KMF_X509_TBS_CERT *);
314 extern void kmf_free_signed_cert(KMF_X509_CERTIFICATE *);
315 extern void kmf_free_str(char *);
316 extern void kmf_free_eku(KMF_X509EXT_EKU *);
317 extern void kmf_free_spki(KMF_X509_SPKI *);
318 extern void kmf_free_kmf_key(KMF_HANDLE_T, KMF_KEY_HANDLE *);
319 extern void kmf_free_bigint(KMF_BIGINT *);
320 extern void kmf_free_raw_key(KMF_RAW_KEY_DATA *);
321 extern void kmf_free_raw_sym_key(KMF_RAW_SYM_KEY *);
322 extern void kmf_free_crl_dist_pts(KMF_X509EXT_CRLDISTPOINTS *);
323 
324 /* APIs for PKCS#11 token */
325 extern KMF_RETURN kmf_pk11_token_lookup(KMF_HANDLE_T, char *, CK_SLOT_ID *);
326 extern KMF_RETURN kmf_pk11_init_token(KMF_HANDLE_T,
327 	char *, char *, CK_UTF8CHAR_PTR, CK_ULONG);
328 extern KMF_RETURN kmf_set_token_pin(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
329 extern CK_SESSION_HANDLE kmf_get_pk11_handle(KMF_HANDLE_T);
330 
331 /*
332  * Attribute management routines.
333  */
334 int kmf_find_attr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int);
335 void *kmf_get_attr_ptr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int);
336 KMF_RETURN kmf_get_attr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int, void *,
337 	uint32_t *);
338 KMF_RETURN kmf_get_string_attr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int, char **);
339 KMF_RETURN kmf_set_attr(KMF_ATTRIBUTE *, int, KMF_ATTR_TYPE, void *, uint32_t);
340 void kmf_set_attr_at_index(KMF_ATTRIBUTE *, int, KMF_ATTR_TYPE,
341 	void *, uint32_t);
342 
343 /*
344  * Legacy support only - do not use these APIs - they can be removed at any
345  * time.
346  */
347 extern KMF_RETURN KMF_ConfigureKeystore(KMF_HANDLE_T, KMF_CONFIG_PARAMS *);
348 extern KMF_RETURN KMF_CreateCSRFile(KMF_DATA *, KMF_ENCODE_FORMAT, char *);
349 extern KMF_RETURN KMF_CreateKeypair(KMF_HANDLE_T,
350 	KMF_CREATEKEYPAIR_PARAMS *, KMF_KEY_HANDLE *, KMF_KEY_HANDLE *);
351 extern KMF_RETURN KMF_DNParser(char *, KMF_X509_NAME *);
352 extern KMF_RETURN KMF_Finalize(KMF_HANDLE_T);
353 extern KMF_RETURN KMF_FindCert(KMF_HANDLE_T, KMF_FINDCERT_PARAMS *,
354 	KMF_X509_DER_CERT *, uint32_t *);
355 extern KMF_RETURN KMF_FindKey(KMF_HANDLE_T, KMF_FINDKEY_PARAMS *,
356 	KMF_KEY_HANDLE *, uint32_t *);
357 extern void KMF_FreeData(KMF_DATA *);
358 extern void KMF_FreeKMFCert(KMF_HANDLE_T, KMF_X509_DER_CERT *);
359 extern void KMF_FreeKMFKey(KMF_HANDLE_T, KMF_KEY_HANDLE *);
360 extern void KMF_FreeSignedCSR(KMF_CSR_DATA *);
361 extern KMF_RETURN KMF_GetCertIDString(const KMF_DATA *, char **);
362 extern KMF_RETURN KMF_GetCertIssuerNameString(KMF_HANDLE_T,
363 	const KMF_DATA *, char **);
364 extern KMF_RETURN KMF_GetCertSubjectNameString(KMF_HANDLE_T,
365 	const KMF_DATA *, char **);
366 extern KMF_RETURN KMF_GetKMFErrorString(KMF_RETURN, char **);
367 extern KMF_RETURN KMF_Initialize(KMF_HANDLE_T *, char *, char *);
368 extern KMF_RETURN KMF_ReadInputFile(KMF_HANDLE_T, char *, KMF_DATA *);
369 extern KMF_RETURN KMF_SetCSRPubKey(KMF_HANDLE_T, KMF_KEY_HANDLE *,
370 	KMF_CSR_DATA *);
371 extern KMF_RETURN KMF_SetCSRSignatureAlgorithm(KMF_CSR_DATA *,
372 	KMF_ALGORITHM_INDEX);
373 extern KMF_RETURN KMF_SetCSRSubjectName(KMF_CSR_DATA *, KMF_X509_NAME *);
374 extern KMF_RETURN KMF_SetCSRVersion(KMF_CSR_DATA *, uint32_t);
375 extern KMF_RETURN KMF_SignCSR(KMF_HANDLE_T, const KMF_CSR_DATA *,
376 	KMF_KEY_HANDLE *, KMF_DATA *);
377 extern KMF_RETURN KMF_SignDataWithKey(KMF_HANDLE_T, KMF_KEY_HANDLE *,
378 	KMF_OID *, KMF_DATA *, KMF_DATA *);
379 extern KMF_RETURN KMF_VerifyCertWithCert(KMF_HANDLE_T, const KMF_DATA *,
380 	const KMF_DATA *);
381 extern KMF_RETURN KMF_VerifyDataWithCert(KMF_HANDLE_T,
382 	KMF_KEYSTORE_TYPE, KMF_ALGORITHM_INDEX, KMF_DATA *, KMF_DATA *,
383 	const KMF_DATA *);
384 
385 #ifdef __cplusplus
386 }
387 #endif
388 #endif /* _KMFAPI_H */
389