xref: /titanic_50/usr/src/lib/libkmf/include/kmfapiP.h (revision 1f6eb0216cb17ca5fdff9563329f1dda47c8b801)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 #ifndef _KMFAPIP_H
26 #define	_KMFAPIP_H
27 
28 #pragma ident	"%Z%%M%	%I%	%E% SMI"
29 
30 #include <kmfapi.h>
31 #include <kmfpolicy.h>
32 
33 #ifdef __cplusplus
34 extern "C" {
35 #endif
36 
37 /* Plugin function table */
38 typedef struct {
39 	ushort_t	version;
40 	KMF_RETURN	(*ConfigureKeystore) (
41 			KMF_HANDLE_T,
42 			int,
43 			KMF_ATTRIBUTE *);
44 
45 	KMF_RETURN	(*FindCert) (
46 			KMF_HANDLE_T,
47 			int,
48 			KMF_ATTRIBUTE *);
49 
50 	void		(*FreeKMFCert) (
51 			KMF_HANDLE_T,
52 			KMF_X509_DER_CERT *);
53 
54 	KMF_RETURN	(*StoreCert) (
55 			KMF_HANDLE_T,
56 			int, KMF_ATTRIBUTE *);
57 
58 	KMF_RETURN	(*ImportCert) (
59 			KMF_HANDLE_T,
60 			int, KMF_ATTRIBUTE *);
61 
62 	KMF_RETURN	(*ImportCRL) (
63 			KMF_HANDLE_T,
64 			int, KMF_ATTRIBUTE *);
65 
66 	KMF_RETURN	(*DeleteCert) (
67 			KMF_HANDLE_T,
68 			int, KMF_ATTRIBUTE *);
69 
70 	KMF_RETURN	(*DeleteCRL) (
71 			KMF_HANDLE_T,
72 			int, KMF_ATTRIBUTE *);
73 
74 	KMF_RETURN	(*CreateKeypair) (
75 			KMF_HANDLE_T,
76 			int,
77 			KMF_ATTRIBUTE *);
78 
79 	KMF_RETURN	(*FindKey) (
80 			KMF_HANDLE_T,
81 			int,
82 			KMF_ATTRIBUTE *);
83 
84 	KMF_RETURN	(*EncodePubkeyData) (
85 			KMF_HANDLE_T,
86 			KMF_KEY_HANDLE *,
87 			KMF_DATA *);
88 
89 	KMF_RETURN	(*SignData) (
90 			KMF_HANDLE_T,
91 			KMF_KEY_HANDLE *,
92 			KMF_OID *,
93 			KMF_DATA *,
94 			KMF_DATA *);
95 
96 	KMF_RETURN	(*DeleteKey) (
97 			KMF_HANDLE_T,
98 			int,
99 			KMF_ATTRIBUTE *);
100 
101 	KMF_RETURN	(*ListCRL) (
102 			KMF_HANDLE_T,
103 			int, KMF_ATTRIBUTE *);
104 
105 	KMF_RETURN	(*FindCRL) (
106 			KMF_HANDLE_T,
107 			int, KMF_ATTRIBUTE *);
108 
109 	KMF_RETURN	(*FindCertInCRL) (
110 			KMF_HANDLE_T,
111 			int, KMF_ATTRIBUTE *);
112 
113 	KMF_RETURN	(*GetErrorString) (
114 			KMF_HANDLE_T,
115 			char **);
116 
117 	KMF_RETURN	(*FindPrikeyByCert) (
118 			KMF_HANDLE_T,
119 			int,
120 			KMF_ATTRIBUTE *);
121 
122 	KMF_RETURN	(*DecryptData) (
123 			KMF_HANDLE_T,
124 			KMF_KEY_HANDLE *,
125 			KMF_OID *,
126 			KMF_DATA *,
127 			KMF_DATA *);
128 
129 	KMF_RETURN	(*ExportPK12)(
130 			KMF_HANDLE_T,
131 			int,
132 			KMF_ATTRIBUTE *);
133 
134 	KMF_RETURN	(*CreateSymKey) (
135 			KMF_HANDLE_T,
136 			int,
137 			KMF_ATTRIBUTE *);
138 
139 	KMF_RETURN	(*GetSymKeyValue) (
140 			KMF_HANDLE_T,
141 			KMF_KEY_HANDLE *,
142 			KMF_RAW_SYM_KEY *);
143 
144 	KMF_RETURN	(*SetTokenPin) (
145 			KMF_HANDLE_T,
146 			int, KMF_ATTRIBUTE *);
147 
148 	KMF_RETURN	(*VerifyDataWithCert) (
149 			KMF_HANDLE_T,
150 			KMF_ALGORITHM_INDEX,
151 			KMF_DATA *,
152 			KMF_DATA *,
153 			KMF_DATA *);
154 
155 	KMF_RETURN	(*StoreKey) (
156 			KMF_HANDLE_T,
157 			int,
158 			KMF_ATTRIBUTE *);
159 
160 	void		(*Finalize) ();
161 
162 } KMF_PLUGIN_FUNCLIST;
163 
164 typedef struct {
165 	KMF_ATTR_TYPE	type;
166 	boolean_t	null_value_ok; /* Is the pValue required */
167 	uint32_t	minlen;
168 	uint32_t	maxlen;
169 } KMF_ATTRIBUTE_TESTER;
170 
171 typedef struct {
172 	KMF_KEYSTORE_TYPE	type;
173 	char			*applications;
174 	char 			*path;
175 	void 			*dldesc;
176 	KMF_PLUGIN_FUNCLIST	*funclist;
177 } KMF_PLUGIN;
178 
179 typedef struct _KMF_PLUGIN_LIST {
180 	KMF_PLUGIN		*plugin;
181 	struct _KMF_PLUGIN_LIST *next;
182 } KMF_PLUGIN_LIST;
183 
184 typedef struct _kmf_handle {
185 	/*
186 	 * session handle opened by kmf_select_token() to talk
187 	 * to a specific slot in Crypto framework. It is used
188 	 * by pkcs11 plugin module.
189 	 */
190 	CK_SESSION_HANDLE	pk11handle;
191 	KMF_ERROR		lasterr;
192 	KMF_POLICY_RECORD	*policy;
193 	KMF_PLUGIN_LIST		*plugins;
194 } KMF_HANDLE;
195 
196 #define	CLEAR_ERROR(h, rv) { \
197 	if (h == NULL) { \
198 		rv = KMF_ERR_BAD_PARAMETER; \
199 	} else { \
200 		h->lasterr.errcode = 0; \
201 		h->lasterr.kstype = 0; \
202 		rv = KMF_OK; \
203 	} \
204 }
205 
206 #define	KMF_PLUGIN_INIT_SYMBOL	"KMF_Plugin_Initialize"
207 
208 #ifndef KMF_PLUGIN_PATH
209 #if defined(__sparcv9)
210 #define	KMF_PLUGIN_PATH "/usr/lib/security/sparcv9/"
211 #elif defined(__sparc)
212 #define	KMF_PLUGIN_PATH "/usr/lib/security/"
213 #elif defined(__i386)
214 #define	KMF_PLUGIN_PATH "/usr/lib/security/"
215 #elif defined(__amd64)
216 #define	KMF_PLUGIN_PATH "/usr/lib/security/amd64/"
217 #endif
218 #endif /* !KMF_PLUGIN_PATH */
219 
220 KMF_PLUGIN_FUNCLIST *KMF_Plugin_Initialize();
221 
222 extern KMF_RETURN
223 VerifyDataWithKey(KMF_HANDLE_T, KMF_DATA *, KMF_ALGORITHM_INDEX,
224     KMF_DATA *, KMF_DATA *);
225 
226 extern KMF_BOOL pkcs_algid_to_keytype(
227     KMF_ALGORITHM_INDEX, CK_KEY_TYPE *);
228 
229 extern KMF_RETURN PKCS_VerifyData(
230     KMF_HANDLE *,
231     KMF_ALGORITHM_INDEX,
232     KMF_X509_SPKI *,
233     KMF_DATA *, KMF_DATA *);
234 
235 extern KMF_RETURN PKCS_EncryptData(
236     KMF_HANDLE *,
237     KMF_ALGORITHM_INDEX,
238     KMF_X509_SPKI *,
239     KMF_DATA *,
240     KMF_DATA *);
241 
242 extern KMF_PLUGIN *FindPlugin(KMF_HANDLE_T, KMF_KEYSTORE_TYPE);
243 
244 extern KMF_BOOL IsEqualOid(KMF_OID *, KMF_OID *);
245 
246 extern KMF_RETURN copy_algoid(KMF_X509_ALGORITHM_IDENTIFIER *destid,
247     KMF_X509_ALGORITHM_IDENTIFIER *srcid);
248 
249 extern KMF_OID *x509_algid_to_algoid(KMF_ALGORITHM_INDEX);
250 extern KMF_ALGORITHM_INDEX x509_algoid_to_algid(KMF_OID *);
251 
252 extern KMF_RETURN PKCS_AcquirePublicKeyHandle(CK_SESSION_HANDLE ckSession,
253     const KMF_X509_SPKI *, CK_KEY_TYPE, CK_OBJECT_HANDLE *,
254     KMF_BOOL *);
255 
256 extern KMF_RETURN GetIDFromSPKI(KMF_X509_SPKI *, KMF_DATA *);
257 extern KMF_RETURN kmf_select_token(KMF_HANDLE_T, char *, int);
258 extern KMF_RETURN kmf_set_altname(KMF_X509_EXTENSIONS *,
259     KMF_OID *, int, KMF_GENERALNAMECHOICES, char *);
260 extern KMF_RETURN GetSequenceContents(char *, size_t, char **, size_t *);
261 extern KMF_X509_EXTENSION *FindExtn(KMF_X509_EXTENSIONS *, KMF_OID *);
262 extern KMF_RETURN add_an_extension(KMF_X509_EXTENSIONS *exts,
263     KMF_X509_EXTENSION *newextn);
264 extern KMF_RETURN set_integer(KMF_DATA *, void *, int);
265 extern void free_keyidlist(KMF_OID *, int);
266 extern KMF_RETURN copy_data(KMF_DATA *, KMF_DATA *);
267 extern void Cleanup_PK11_Session(KMF_HANDLE_T handle);
268 extern void free_dp_name(KMF_CRL_DIST_POINT *);
269 extern void free_dp(KMF_CRL_DIST_POINT *);
270 extern KMF_RETURN set_key_usage_extension(KMF_X509_EXTENSIONS *,
271     int, uint32_t);
272 extern KMF_RETURN init_pk11();
273 extern KMF_RETURN test_attributes(int, KMF_ATTRIBUTE_TESTER *,
274     int, KMF_ATTRIBUTE_TESTER *, int, KMF_ATTRIBUTE *);
275 
276 /* Indexes into the key parts array for RSA keys */
277 #define	KMF_RSA_MODULUS			(0)
278 #define	KMF_RSA_PUBLIC_EXPONENT		(1)
279 #define	KMF_RSA_PRIVATE_EXPONENT	(2)
280 #define	KMF_RSA_PRIME1			(3)
281 #define	KMF_RSA_PRIME2			(4)
282 #define	KMF_RSA_EXPONENT1		(5)
283 #define	KMF_RSA_EXPONENT2		(6)
284 #define	KMF_RSA_COEFFICIENT		(7)
285 
286 /* Key part counts for RSA keys */
287 #define	KMF_NUMBER_RSA_PUBLIC_KEY_PARTS		(2)
288 #define	KMF_NUMBER_RSA_PRIVATE_KEY_PARTS	(8)
289 
290 /* Key part counts for DSA keys */
291 #define	KMF_NUMBER_DSA_PUBLIC_KEY_PARTS		(4)
292 #define	KMF_NUMBER_DSA_PRIVATE_KEY_PARTS	(4)
293 
294 /* Indexes into the key parts array for DSA keys */
295 #define	KMF_DSA_PRIME		(0)
296 #define	KMF_DSA_SUB_PRIME	(1)
297 #define	KMF_DSA_BASE		(2)
298 #define	KMF_DSA_PUBLIC_VALUE	(3)
299 
300 #ifndef max
301 #define	max(a, b) ((a) < (b) ? (b) : (a))
302 #endif
303 
304 /* Maximum key parts for all algorithms */
305 #define	KMF_MAX_PUBLIC_KEY_PARTS \
306 	(max(KMF_NUMBER_RSA_PUBLIC_KEY_PARTS, \
307 	KMF_NUMBER_DSA_PUBLIC_KEY_PARTS))
308 
309 #define	KMF_MAX_PRIVATE_KEY_PARTS \
310 	(max(KMF_NUMBER_RSA_PRIVATE_KEY_PARTS, \
311 	KMF_NUMBER_DSA_PRIVATE_KEY_PARTS))
312 
313 #define	KMF_MAX_KEY_PARTS \
314 	(max(KMF_MAX_PUBLIC_KEY_PARTS, KMF_MAX_PRIVATE_KEY_PARTS))
315 
316 typedef enum {
317 	KMF_ALGMODE_NONE	= 0,
318 	KMF_ALGMODE_CUSTOM,
319 	KMF_ALGMODE_PUBLIC_KEY,
320 	KMF_ALGMODE_PRIVATE_KEY,
321 	KMF_ALGMODE_PKCS1_EMSA_V15
322 } KMF_SIGNATURE_MODE;
323 
324 #define	KMF_CERT_PRINTABLE_LEN	1024
325 #define	SHA1_HASH_LENGTH 20
326 
327 #define	OCSPREQ_TEMPNAME	"/tmp/ocsp.reqXXXXXX"
328 #define	OCSPRESP_TEMPNAME	"/tmp/ocsp.respXXXXXX"
329 
330 #define	_PATH_KMF_CONF	"/etc/crypto/kmf.conf"
331 #define	CONF_MODULEPATH	"modulepath="
332 #define	CONF_OPTION	"option="
333 
334 typedef struct {
335 	char			*keystore;
336 	char			*modulepath;
337 	char 			*option;
338 	KMF_KEYSTORE_TYPE	kstype;
339 } conf_entry_t;
340 
341 typedef struct conf_entrylist {
342 	conf_entry_t		*entry;
343 	struct conf_entrylist 	*next;
344 } conf_entrylist_t;
345 
346 
347 extern KMF_RETURN get_entrylist(conf_entrylist_t **);
348 extern void free_entrylist(conf_entrylist_t *);
349 extern void free_entry(conf_entry_t *);
350 extern conf_entry_t *dup_entry(conf_entry_t *);
351 extern boolean_t is_valid_keystore_type(KMF_KEYSTORE_TYPE);
352 extern KMF_BOOL is_eku_present(KMF_X509EXT_EKU *, KMF_OID *);
353 extern KMF_RETURN parse_eku_data(const KMF_DATA *, KMF_X509EXT_EKU *);
354 extern KMF_RETURN
355 copy_extension_data(KMF_X509_EXTENSION *, KMF_X509_EXTENSION *);
356 
357 #ifdef __cplusplus
358 }
359 #endif
360 #endif /* _KMFAPIP_H */
361