xref: /titanic_51/usr/src/lib/libslp/clib/slp_ami.h (revision 1a7c1b724419d3cb5fa6eea75123c6b2060ba31b)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #ifndef	_SLP_AMI_H
28 #define	_SLP_AMI_H
29 
30 #pragma ident	"%Z%%M%	%I%	%E% SMI"
31 
32 #ifdef	__cplusplus
33 extern "C" {
34 #endif
35 
36 #include <sys/types.h>
37 
38 typedef struct ami_oid {
39     unsigned short  count;
40     unsigned long   *value;
41 } ami_oid;
42 
43 typedef struct Any {
44     unsigned long   length;
45     unsigned char   *value;
46 } Any;
47 
48 typedef struct ami_rdn_seq *ami_dname;
49 
50 typedef struct ami_name {
51     unsigned short choice;
52 #define	distinguishedName_chosen 1
53 	union {
54 		struct ami_rdn_seq *distinguishedName;
55 	} u;
56 } ami_name;
57 
58 typedef struct ami_rdn_seq {
59     struct ami_rdn_seq *next;
60     struct ami_rdname *value;
61 } *ami_rdn_seq;
62 
63 typedef struct ami_rdname {
64     struct ami_rdname *next;
65     struct ami_ava  *value;
66 } *ami_rdname;
67 
68 typedef Any ami_attr_value;
69 
70 typedef struct ami_ava {
71     struct ami_oid *objid;
72     ami_attr_value  *value;
73 } ami_ava;
74 
75 typedef struct ami_attr_list {
76     struct ami_attr_list *next;
77     struct ami_attr *value;
78 } *ami_attr_list;
79 
80 typedef struct ami_attr {
81     struct ami_oid *type;
82     struct ami_attr_value_set *values;
83 } ami_attr;
84 
85 typedef struct ami_attr_value_set {
86     struct ami_attr_value_set *next;
87     ami_attr_value  *value;
88 } *ami_attr_value_set;
89 
90 typedef struct CaseIgnoreString {
91     unsigned short choice;
92 #define	CaseIgnoreString_t61String_chosen 1
93 #define	CaseIgnoreString_printableString_chosen 2
94 	union {
95 		char *CaseIgnoreString_t61String;
96 		char *CaseIgnoreString_printableString;
97 	} u;
98 } CaseIgnoreString;
99 
100 typedef CaseIgnoreString ami_case_ignore_string;
101 
102 typedef char *ami_printable_string;
103 
104 typedef struct ami_cert_pair {
105     struct ami_cert *forward;  /* NULL for not present */
106     struct ami_cert *reverse;  /* NULL for not present */
107 } ami_cert_pair;
108 
109 typedef struct ami_cert_serialnum {
110     unsigned short  length;
111     unsigned char   *value;
112 } ami_cert_serialnum;
113 
114 typedef struct ami_cert_info {
115     unsigned char bit_mask;
116 #define	version_present 0x80
117 #define	extensions_present 0x40
118     int version; /* default assumed if omitted */
119 #define	version_v1 0
120 #define	version_v2 1
121 #define	version_v3 2
122     ami_cert_serialnum serial;
123     struct ami_algid *signature;
124     struct ami_name *issuer;
125     struct ami_validity *validity;
126     struct ami_name *subject;
127     struct ami_pubkey_info *pubKeyInfo;
128     struct ami_uid  *issuerUID;  /* NULL for not present */
129     struct ami_uid  *subjectUID;  /* NULL for not present */
130     struct ami_cert_extn_list *extensions;  /* optional */
131 } ami_cert_info;
132 
133 typedef struct ami_bitstring {
134     unsigned int    length;  /* number of significant bits */
135     unsigned char   *value;
136 } ami_bitstring;
137 
138 typedef struct ami_cert {
139     ami_cert_info   info;
140     struct ami_algid *algorithm;
141     ami_bitstring   signature;
142 } ami_cert;
143 
144 typedef struct ami_uid {
145     unsigned int    length;  /* number of significant bits */
146     unsigned char   *value;
147 } ami_uid;
148 
149 typedef struct ami_octetstring {
150     unsigned int    length;
151     unsigned char   *value;
152 } ami_octetstring;
153 
154 typedef int ami_cert_version;
155 #define	CertificateVersion_v1 0
156 #define	CertificateVersion_v2 1
157 #define	CertificateVersion_v3 2
158 
159 typedef char amiBoolean;
160 
161 typedef struct {
162     short year; /* YYYY format when used for GeneralizedTime */
163 			/* YY format when used for UTCTime */
164     short month;
165     short day;
166     short hour;
167     short minute;
168     short second;
169     short millisec;
170     short mindiff;  /* UTC +/- minute differential */
171     amiBoolean utc; /* TRUE means UTC time */
172 } GeneralizedTime;
173 
174 typedef GeneralizedTime UTCTime;
175 
176 typedef struct ami_validity {
177     UTCTime *notBefore;
178     UTCTime *notAfter;
179 } ami_validity;
180 
181 typedef struct ami_pubkey_info {
182     struct ami_algid *algorithm;
183     ami_bitstring   pubKey;
184 } ami_pubkey_info;
185 
186 typedef Any ami_alg_params;
187 
188 typedef struct ami_algid {
189     struct ami_oid *algorithm;
190     ami_alg_params *parameters;  /* NULL for not present */
191 } ami_algid;
192 
193 
194 typedef struct ami_cert_extn {
195     unsigned char bit_mask;
196 #define	critical_present 0x80
197     struct ami_oid *extend;
198     amiBoolean critical;
199     ami_octetstring extnValue;
200 } ami_cert_extn;
201 
202 typedef struct ami_cert_extn_list {
203     struct ami_cert_extn_list *next;
204     struct ami_cert_extn *value;
205 } *ami_cert_extn_list;
206 
207 typedef struct ami_cert_list_contents {
208     unsigned char bit_mask;
209 #define	nextUpdate_present 0x80
210 #define	CertListContents_revokedCertificates_present 0x40
211     ami_algid signature;
212     ami_name issuer;
213     UTCTime thisUpdate;
214     UTCTime nextUpdate;
215 	struct _seqof1 {
216 		struct _seqof1  *next;
217 		struct {
218 			ami_cert_serialnum userCertificate;
219 			UTCTime revocationDate;
220 		} value;
221 	} *CertListContents_revokedCertificates;
222 } ami_cert_list_contents;
223 
224 typedef struct ami_cert_list {
225     ami_cert_list_contents certListContents;
226     ami_algid algId;
227     ami_bitstring signature;
228 } ami_cert_list;
229 
230 typedef struct ami_rc2_cbc_param {
231     unsigned short choice;
232 #define	 iv_chosen 1
233 #define	sequence_chosen 2
234 	union {
235 		ami_octetstring iv;
236 		struct _seq1 {
237 			int version;
238 			ami_octetstring iv;
239 		} sequence;
240 	} u;
241 } ami_rc2_cbc_param;
242 
243 typedef int INT;
244 
245 typedef struct ami_keypkg_info {
246     unsigned char bit_mask;
247 #define	keypkgAttrs_present 0x80
248 #define	tKeys_present 0x40
249     char *version;
250     char *keypkgId;
251     struct ami_name *owner;
252     struct ami_pubkey_info *pubKeyInfo;
253     struct ami_encr_privkey_info *encrPrivKeyInfo;
254     struct ami_attr_list *keypkgAttrs;  /* optional */
255     int usage;
256     struct ami_tkey_list *tKeys;  /* optional */
257 } ami_keypkg_info;
258 
259 typedef struct ami_keypkg {
260     ami_keypkg_info info;
261     struct ami_algid *algorithm;
262     ami_bitstring   signature;
263 } ami_keypkg;
264 
265 typedef struct ami_tkey_list {
266     struct ami_tkey_list *next;
267     struct ami_tkey *value;
268 } *ami_tkey_list;
269 
270 typedef struct ami_tkey {
271     unsigned char bit_mask;
272 #define	TrustedKey_extensions_present 0x80
273     struct ami_name *owner;
274     struct ami_pubkey_info *pubKeyInfo;
275     struct ami_name *issuer;  /* NULL for not present */
276     struct ami_validity *validity;  /* NULL for not present */
277     struct ami_cert_serialnum *serial;  /* NULL for not present */
278     struct ami_cert_extn_list *TrustedKey_extensions;  /* optional */
279 } ami_tkey;
280 
281 typedef struct ami_serv_key_info {
282     Any keyAlgId;
283     int uid;
284     int flags;
285     Any privKey;
286     char *keypkgId;
287     char *hostIP;
288     Any keypkg;
289 } ami_serv_key_info;
290 
291 typedef struct _octet1 {
292     unsigned int    length;
293     unsigned char   *value;
294 } _octet1;
295 
296 typedef struct ami_digest_info {
297     struct ami_algid *digestAlgorithm;
298     _octet1 digest;
299 } ami_digest_info;
300 
301 typedef struct ami_crl_set {
302     struct ami_crl_set *next;
303     struct ami_crl  *value;
304 } *ami_crl_set;
305 
306 typedef struct ami_crl_entry {
307     int userCertificate;
308     UTCTime *revocationDate;
309 } ami_crl_entry;
310 
311 typedef struct ami_crl_info {
312     unsigned char bit_mask;
313 #define	CertificateRevocationListInfo_revokedCertificates_present 0x80
314     struct ami_algid *signature;
315     struct ami_name *issuer;
316     UTCTime *lastUpdate;
317     UTCTime  *nextUpdate;
318 	struct _seqof2 {
319 		struct _seqof2 *next;
320 		ami_crl_entry value;
321 	} *CertificateRevocationListInfo_revokedCertificates;
322 } ami_crl_info;
323 
324 typedef struct ami_crl {
325     ami_crl_info info;
326     struct ami_algid *algorithm;
327     ami_bitstring signature;
328 } ami_crl;
329 
330 typedef struct ami_pbe_param {
331 	struct {
332 		unsigned short  length;
333 		unsigned char   value[8];
334 	} salt;
335     int iterationCount;
336 } ami_pbe_param;
337 
338 typedef struct ami_extcert_info {
339     int version;
340     struct ami_cert *certificate;
341     struct ami_attr_list *attributes;
342 } ami_extcert_info;
343 
344 typedef struct ami_extcert {
345     struct ami_extcert_info *extendedCertificateInfo;
346     struct ami_algid *signatureAlgorithm;
347     ami_bitstring signature;
348 } ami_extcert;
349 
350 typedef struct ami_extcerts_and_certs {
351     struct ami_extcerts_and_certs *next;
352     struct ami_extcert_or_cert *value;
353 } *ami_extcerts_and_certs;
354 
355 typedef struct ami_extcert_or_cert {
356     unsigned short choice;
357 #define	cert_chosen 1
358 #define	 extendedCert_chosen 2
359 	union {
360 		struct ami_cert *cert;
361 		struct ami_extcert *extendedCert;
362 	} u;
363 } ami_extcert_or_cert;
364 
365 typedef Any Content;
366 
367 typedef struct ami_content_info {
368     struct ami_oid *contentType;
369     Content *content;  /* NULL for not present */
370 } ami_content_info;
371 
372 typedef struct ami_content_info_fm {
373     struct ami_oid *contentType;
374     Content *content;  /* NULL for not present */
375 } ami_content_info_fm;
376 
377 typedef struct ami_enveloped_data {
378     int version;
379     struct ami_rcpt_info_list *recipientInfos;
380     struct ami_encr_content_info *encryptedContentInfo;
381 } ami_enveloped_data;
382 
383 typedef struct ami_encr_data {
384     int version;
385     struct ami_encr_content_info *encryptedContentInfo;
386 } ami_encr_data;
387 
388 typedef struct ami_signed_data {
389     unsigned char bit_mask;
390 #define	SignedData_certs_present 0x80
391 #define	SignedData_crls_present 0x40
392     int version;
393     struct ami_digest_alg_list *digestAlgorithms;
394     struct ami_content_info *contentInfo;
395     struct ami_extcerts_and_certs *SignedData_certs;  /* optional */
396     struct ami_crl_set *SignedData_crls;  /* optional */
397     struct ami_signer_info_list *signerInfos;
398 } ami_signed_data;
399 
400 typedef struct ami_signed_data_fm {
401     unsigned char bit_mask;
402 #define	SignedDataFm_certs_present 0x80
403 #define	SignedDataFm_crls_present 0x40
404     int version;
405     struct ami_digest_alg_list *digestAlgorithms;
406     struct ami_content_info_fm *contentInfo;
407     struct ami_extcerts_and_certs *SignedDataFm_certs;  /* optional */
408     struct ami_crl_set *SignedDataFm_crls;  /* optional */
409     struct ami_signer_info_list *signerInfos;
410 } ami_signed_data_fm;
411 
412 typedef struct ami_rcpt_info_list {
413     struct ami_rcpt_info_list *next;
414     struct ami_rcpt_info *value;
415 } *ami_rcpt_info_list;
416 
417 typedef struct ami_encr_content_info {
418     struct ami_oid *contentType;
419     struct ami_algid *contentEncryptionAlgorithm;
420     struct ami_encr_content *encryptedContent;  /* NULL for not present */
421 } ami_encr_content_info;
422 
423 typedef struct ami_pkcs_data {
424     unsigned int length;
425     unsigned char *value;
426 } ami_pkcs_data;
427 
428 typedef struct ami_pkcs_data_fm {
429     unsigned int length;
430     unsigned char *value;
431 } ami_pkcs_data_fm;
432 
433 typedef struct ami_encr_content {
434     unsigned int length;
435     unsigned char *value;
436 } ami_encr_content;
437 
438 typedef struct ami_rcpt_info {
439     int version;
440     struct ami_issuer_and_serialnum *issuerAndSerialNumber;
441     struct ami_algid *keyEncryptionAlgorithm;
442     _octet1 encryptedKey;
443 } ami_rcpt_info;
444 
445 typedef struct ami_signer_info {
446     unsigned char bit_mask;
447 #define	authenticatedAttributes_present 0x80
448 #define	unauthenticatedAttributes_present 0x40
449     int version;
450     struct ami_issuer_and_serialnum *issuerAndSerialNumber;
451     struct ami_algid *digestAlgorithm;
452     struct ami_attr_list *authenticatedAttributes;  /* optional */
453     struct ami_algid *digestEncryptionAlgorithm;
454     _octet1 encryptedDigest;
455     struct ami_attr_list *unauthenticatedAttributes;  /* optional */
456 } ami_signer_info;
457 
458 typedef struct ami_signer_info_list {
459     struct ami_signer_info_list *next;
460     struct ami_signer_info *value;
461 } *ami_signer_info_list;
462 
463 typedef struct ami_issuer_and_serialnum {
464     struct ami_name *issuer;
465     ami_cert_serialnum serial;
466 } ami_issuer_and_serialnum;
467 
468 typedef struct ami_digest_alg_list {
469     struct ami_digest_alg_list *next;
470     struct ami_algid *value;
471 } *ami_digest_alg_list;
472 
473 typedef struct ami_privkey_info {
474     unsigned char   bit_mask;
475 #define	attributes_present 0x80
476     int version;
477     struct ami_algid *privateKeyAlgorithm;
478     _octet1 privateKey;
479     struct ami_attr_list *attributes;  /* optional */
480 } ami_privkey_info;
481 
482 typedef struct ami_encr_privkey_info {
483     struct ami_algid *encryptionAlgorithm;
484     ami_octetstring encryptedData;
485 } ami_encr_privkey_info;
486 
487 typedef struct ami_certreq_info {
488     int version;
489     struct ami_name *subject;
490     struct ami_pubkey_info *pubKeyInfo;
491     struct ami_attr_list *attributes;
492 } ami_certreq_info;
493 
494 typedef struct ami_certreq {
495     ami_certreq_info info;
496     struct ami_algid *algorithm;
497     ami_bitstring   signature;
498 } ami_certreq;
499 
500 typedef struct ami_challenge_pwd {
501     unsigned short  choice;
502 #define	ChallengePassword_printableString_chosen 1
503 #define	ChallengePassword_t61String_chosen 2
504 	union {
505 		char *ChallengePassword_printableString;
506 		char *ChallengePassword_t61String;
507 	} u;
508 } ami_challenge_pwd;
509 
510 typedef char *ami_email_addr;
511 
512 typedef struct ami_pubkey_and_challenge {
513 	struct ami_pubkey_info *spki;
514 	char *challenge;
515 } ami_pubkey_and_challenge;
516 
517 typedef struct ami_signed_pubkey_and_challenge {
518     ami_pubkey_and_challenge pubKeyAndChallenge;
519     struct ami_algid *sigAlg;
520     ami_bitstring   signature;
521 } ami_signed_pubkey_and_challenge;
522 
523 extern ami_oid *AMI_MD2_OID;
524 extern ami_oid *AMI_MD4_OID;
525 extern ami_oid *AMI_MD5_OID;
526 extern ami_oid *AMI_SHA_1_OID;
527 extern ami_oid *AMI_RSA_ENCR_OID;
528 extern ami_oid *AMI_MD2WithRSAEncryption_OID;
529 extern ami_oid *AMI_MD5WithRSAEncryption_OID;
530 extern ami_oid *AMI_DSA_OID;
531 extern ami_oid *AMI_SHA1WithDSASignature_OID;
532 extern ami_oid *AMI_DES_ECB_OID;
533 extern ami_oid *AMI_DES_CBC_OID;
534 extern ami_oid *AMI_DES3_CBC_OID;
535 extern ami_oid *AMI_DES_MAC_OID;
536 extern ami_oid *AMI_RC2_CBC_OID;
537 extern ami_oid *AMI_RC4_OID;
538 
539 /*
540  * Misc. AlgIDs
541  */
542 extern struct ami_algid *AMI_RSA_ENCR_AID;
543 extern struct ami_algid *AMI_MD2WithRSAEncryption_AID;
544 extern struct ami_algid *AMI_MD5WithRSAEncryption_AID;
545 extern struct ami_algid *AMI_DSA_AID;
546 extern struct ami_algid *AMI_SHA1WithDSASignature_AID;
547 extern struct ami_algid *AMI_DH_AID;
548 extern struct ami_algid *AMI_MD2_AID;
549 extern struct ami_algid *AMI_MD4_AID;
550 extern struct ami_algid *AMI_MD5_AID;
551 extern struct ami_algid *AMI_SHA1_AID;
552 extern struct ami_algid *AMI_RC4_AID;
553 
554 /* Algorithm types */
555 typedef enum {
556 	AMI_OTHER_ALG = -1,
557 	AMI_SYM_ENC_ALG,
558 	AMI_ASYM_ENC_ALG,
559 	AMI_HASH_ALG,
560 	AMI_SIG_ALG,
561 	AMI_KEYED_INTEGRITY_ALG
562 } ami_alg_type;
563 
564 /* Parameter types */
565 typedef enum {
566 	AMI_PARM_OTHER = -1,
567 	AMI_PARM_ABSENT,
568 	AMI_PARM_INTEGER,
569 	AMI_PARM_OCTETSTRING,
570 	AMI_PARM_NULL,
571 	AMI_PARM_RC2_CBC,
572 	AMI_PARM_PBE
573 } ami_parm_type;
574 
575 /* Algorithm table */
576 #define	AMI_NO_EXPORT_KEYSIZE_LIMIT	0
577 typedef struct ami_alg_list {
578 	ami_oid	*oid;
579 	char		*name;
580 	ami_alg_type	algType;
581 	ami_parm_type	parmType;
582 	size_t		keysize_limit;
583 } ami_alg_list;
584 
585 /*
586  * AMI function return values
587  */
588 
589 #define	AMI_OK				0
590 #define	AMI_EBUFSIZE			1
591 #define	AMI_ENOMEM			2	/* ENOMEM MUST be 2 */
592 #define	AMI_BAD_FILE			3
593 #define	AMI_FILE_NOT_FOUND		4
594 #define	AMI_FILE_IO_ERR			5
595 #define	AMI_BAD_PASSWD			6
596 #define	AMI_UNKNOWN_USER		7
597 #define	AMI_ALGORITHM_UNKNOWN		8
598 #define	AMI_ASN1_ENCODE_ERR		9
599 #define	AMI_ASN1_DECODE_ERR		10
600 #define	AMI_BAD_KEY			11
601 #define	AMI_KEYGEN_ERR			12
602 #define	AMI_ENCRYPT_ERR			13
603 #define	AMI_DECRYPT_ERR			14
604 #define	AMI_SIGN_ERR			15
605 #define	AMI_VERIFY_ERR			16
606 #define	AMI_DIGEST_ERR			17
607 #define	AMI_OUTPUT_FORMAT_ERR		18
608 #define	AMI_SYSTEM_ERR			19	/* General Errors */
609 #define	AMI_ATTRIBUTE_UNKNOWN		20
610 #define	AMI_AMILOGIN_ERR		21
611 #define	AMI_AMILOGOUT_ERR		22
612 #define	AMI_NO_SUCH_ENTRY		23
613 #define	AMI_ENTRY_ALREADY_EXISTS	24
614 #define	AMI_AMISERV_DECRYPT_ERR		25
615 #define	AMI_AMISERV_SIGN_ERR		26
616 #define	AMI_USER_DID_NOT_AMILOGIN	27
617 #define	AMI_AMISERV_CONNECT		28
618 #define	AMI_KEYPKG_NOT_FOUND		29
619 #define	AMI_TIME_INVALID		30
620 #define	AMI_UNTRUSTED_PUBLIC_KEY	31
621 #define	AMI_EPARM			32	/* EPARM MUST be 32 */
622 #define	AMI_BINARY_TO_RFC1421_ERR	33
623 #define	AMI_RFC1421_TO_BINARY_ERR	34
624 #define	AMI_RANDOM_NUM_ERR		35
625 #define	AMI_XFN_ERR			36
626 #define	AMI_CERT_CHAIN_ERR		37
627 #define	AMI_RDN_MISSING_EQUAL		38
628 #define	AMI_AVA_TYPE_MISSING		39
629 #define	AMI_AVA_VALUE_MISSING		40
630 #define	AMI_CERT_NOT_FOUND		41
631 #define	AMI_DN_NOT_FOUND		42
632 #define	AMI_CRITICAL_EXTNS_ERR		43
633 #define	AMI_ASN1_INIT_ERROR		44
634 #define	AMI_WRAP_ERROR			45
635 #define	AMI_UNWRAP_ERROR		46
636 #define	AMI_UNSUPPORTED_KEY_TYPE	47
637 #define	AMI_DH_PART1_ERR		48
638 #define	AMI_DH_PART2_ERR		49
639 #define	AMI_DOUBLE_ENCRYPT		50
640 #define	AMI_AMISERV_KEYPKG_UPDATE	51
641 #define	AMI_AMISERV_STAT_ERR		52
642 #define	AMI_GLOBAL_ERR			53
643 #define	AMI_TRUSTED_KEY_EXPIRED		54
644 #define	AMI_OPEN_ERR		55
645 #define	AMI_TOTAL_ERRNUM		56
646 #define	AMI_CERT_ERR		57
647 #define	AMI_KEYPKG_ERR		58
648 
649 /* flags for ami_encrypt, ami_decrypt, ami_sign, ami_verify, ami_digest */
650 #define	AMI_ADD_DATA	1
651 #define	AMI_END_DATA	2
652 #define	AMI_DIGESTED_DATA 3 /* for ami_verify for digested data */
653 
654 /* AMI Handle and status */
655 typedef struct ami_handle ami_handle_t;
656 
657 /* AMI return variable */
658 typedef int AMI_STATUS;
659 
660 /*
661  * Parameter
662  */
663 
664 typedef struct ami_rsa_keygen_param_t {
665 	uint_t modulusBits;
666 	uchar_t *publicExponent; /* const */
667 	size_t publicExponentLen;
668 } ami_rsa_keygen_param;
669 
670 typedef struct ami_des_keygen_param_t {
671 	uchar_t *saltVal; /* const */
672 	size_t saltLen;
673 	char *passwd; /* const */
674 	int iterationCount;
675 } ami_des_keygen_param;
676 
677 /*
678  * PROTOTYPES should be set to one if and only if the compiler supports
679  * function argument prototyping.
680  * The following makes PROTOTYPES default to 1 if it has not already been
681  * defined as 0 with C compiler flags.
682  */
683 #ifndef	PROTOTYPES
684 #define	PROTOTYPES	1
685 #endif
686 
687 /*
688  * PROTO_LIST is defined depending on how PROTOTYPES is defined above.
689  * If using PROTOTYPES, then PROTO_LIST returns the list, otherwise it
690  * returns an empty list.
691  */
692 
693 #if PROTOTYPES
694 #define	PROTO_LIST(list) list
695 #else
696 #define	PROTO_LIST(list) ()
697 #endif
698 
699 /*
700  * AMI prototypes
701  */
702 
703 /* Init and Terminate a AMI session */
704 AMI_STATUS ami_init PROTO_LIST((
705 	ami_handle_t **,
706 	const char *,
707 	const char *,
708 	const uint_t,
709 	const uint_t,
710 	const char *));
711 
712 AMI_STATUS ami_end PROTO_LIST((
713 	ami_handle_t *));
714 
715 char *ami_strerror PROTO_LIST((
716 	ami_handle_t *,
717 	const AMI_STATUS));	/* errno */
718 
719 /* Key generation */
720 AMI_STATUS ami_gen_des_key PROTO_LIST((
721 	const ami_handle_t *,	/* IN:	ami handle */
722 	uchar_t **,		/* OUT: DES session key */
723 	ami_alg_params **));	/* OUT: IV */
724 
725 AMI_STATUS ami_gen_des3_key PROTO_LIST((
726 	const ami_handle_t *,	/* IN:	ami handle */
727 	uchar_t **,		/* OUT: triple DES session key */
728 	ami_alg_params **));	/* OUT: IV */
729 
730 AMI_STATUS ami_gen_rc2_key PROTO_LIST((
731 	const ami_handle_t *,	/* IN:  AMI handle */
732 	const size_t,		/* IN:  key length */
733 	const uint_t,		/* IN:  effective key size in bits */
734 	uchar_t **,		/* OUT: RC2 session key */
735 	ami_alg_params **));	/* OUT: RC2 parameter */
736 
737 AMI_STATUS ami_gen_rc4_key PROTO_LIST((
738 	const ami_handle_t *,	/* IN:	ami handle */
739 	const size_t,		/* IN:  key length in bytes */
740 	uchar_t **));		/* OUT: RC4 key */
741 
742 AMI_STATUS ami_gen_rsa_keypair PROTO_LIST((
743 	const ami_handle_t *,		/* IN:	ami handle */
744 	const ami_rsa_keygen_param *,	/* IN:  keypair generation parameters */
745 	const uchar_t *,
746 	const size_t,
747 	uchar_t **,			/* OUT: public key */
748 	size_t *,			/* OUT: public key length */
749 	uchar_t **,			/* OUT: private key */
750 	size_t *));			/* OUT: private key length */
751 
752 /* crypto */
753 AMI_STATUS ami_digest PROTO_LIST((
754 	ami_handle_t *,			/* IN:	ami handle */
755 	const uchar_t *,		/* IN:  input data  */
756 	const size_t,			/* IN:  length of data in bytes */
757 	const int,			/* IN:  more input data flag */
758 	const ami_algid *,		/* IN:  digest algorithm */
759 	uchar_t **,			/* OUT: digest */
760 	size_t *));			/* OUT: length of digest */
761 AMI_STATUS ami_sign PROTO_LIST((
762 	ami_handle_t *,			/* IN:	ami handle */
763 	const uchar_t *,		/* IN:  data to be signed */
764 	const size_t,			/* IN:  data length */
765 	const int,			/* IN:  more input data flag */
766 	const ami_algid *,		/* IN:  signature key algorithm */
767 	const uchar_t *,		/* IN:  signature key */
768 	const size_t,			/* IN:  signature key length */
769 	const ami_algid *,		/* IN:  signature algorithm */
770 	uchar_t **, 			/* OUT: signature */
771 	size_t *));			/* OUT: signature length */
772 AMI_STATUS ami_verify PROTO_LIST((
773 	ami_handle_t *,			/* IN: ami handle */
774 	const uchar_t *, 		/* IN: data to be verified */
775 	const size_t,			/* IN: data length */
776 	const int,			/* IN: more input data flag */
777 	const ami_algid *,		/* IN: verification key algorithm */
778 	const uchar_t *,		/* IN: verification key */
779 	const size_t,			/* IN: verification key length */
780 	const ami_algid *,		/* IN: verification algorithm */
781 	const uchar_t *, 		/* IN: signature */
782 	const size_t));			/* IN: signature length */
783 AMI_STATUS ami_encrypt PROTO_LIST((
784 	ami_handle_t *,			/* IN:	ami handle */
785 	const uchar_t *,		/* IN:  input data */
786 	const size_t,			/* IN:  input data length */
787 	const int,			/* IN:	more input data flag */
788 	const ami_algid *,		/* IN:  encryption key algorithm */
789 	const uchar_t *,		/* IN:  encryption key */
790 	const size_t,			/* IN:  encryption key length */
791 	const ami_algid *,		/* IN:  encryption algorithm */
792 	uchar_t **,			/* OUT: ciphertext */
793 	size_t *));			/* OUT: ciphertext length */
794 AMI_STATUS ami_decrypt PROTO_LIST((
795 	ami_handle_t *,			/* IN:	ami handle */
796 	const uchar_t *,		/* IN:  ciphertext */
797 	const size_t,			/* IN:  ciphertext length */
798 	const int,			/* IN:  more input data flag */
799 	const ami_algid *,		/* IN:  decryption key algorithm */
800 	const uchar_t *,		/* IN:  decryption key */
801 	const size_t,			/* IN:  decryption key length */
802 	const ami_algid *,		/* IN:  decryption algorithm */
803 	uchar_t **,			/* OUT: cleartext */
804 	size_t *));			/* OUT: cleartext length */
805 AMI_STATUS ami_wrap_key PROTO_LIST((
806 	const ami_handle_t *,		/* IN:  ami handle */
807 	const uchar_t *,		/* IN:	key to be wrapped  */
808 	const size_t,			/* IN:	length of key to be wrapped */
809 	const ami_algid *,		/* IN:	wrapping key algorithm */
810 	const uchar_t *,		/* IN:	wrapping key */
811 	const size_t,			/* IN:	wrapping key length */
812 	const ami_algid *,		/* IN:	wrapping algorithm */
813 	uchar_t **,			/* OUT: wrapped key */
814 	size_t *));			/* IN/OUT: wrapped key length */
815 AMI_STATUS ami_unwrap_key PROTO_LIST((
816 	const ami_handle_t *,		/* IN:  ami handle */
817 	const uchar_t *,		/* IN:  wrapped key */
818 	const size_t,			/* IN:  wrapped key length */
819 	const ami_algid *,		/* IN:  unwrapping key algorithm */
820 	const uchar_t *,		/* IN:  unwrapping key */
821 	const size_t,			/* IN:  unwrapping key length */
822 	const ami_algid *,		/* IN:  unwrapping algorithm */
823 	uchar_t **,			/* OUT: unwrapped key */
824 	size_t *));			/* OUT: unwrapped key length */
825 
826 /* certificate verification */
827 AMI_STATUS ami_verify_cert PROTO_LIST((
828 	const ami_handle_t *,		/* IN: ami handle */
829 	const ami_cert *, 		/* IN: certificate to be verified */
830 	const ami_pubkey_info *,	/* IN: public verification key */
831 	const int));			/* IN: flags (unused) */
832 AMI_STATUS ami_verify_cert_chain PROTO_LIST((
833 	const ami_handle_t *,		/* IN: ami handle */
834 	const ami_cert *, 	/* IN: certificate chain to be verified */
835 	const int,			/* IN: length of cert chain */
836 	const struct ami_tkey_list *,	/* IN: trusted key list */
837 	const int,			/* IN: flags (unused) */
838 	ami_cert **));		/* OUT: first expired certificate */
839 AMI_STATUS ami_verify_cert_est_chain PROTO_LIST((
840 	const ami_handle_t *,		/* IN: ami handle */
841 	const ami_cert *, 		/* IN: certificate to be verified */
842 	const struct ami_tkey_list *,	/* IN: trusted key list */
843 	const char **,			/* IN: CA Name list */
844 	const int,			/* IN: flags (unused) */
845 	ami_cert **,			/* OUT: first expired certificate */
846 	ami_cert **,			/* OUT: certificate chain */
847 	int *));			/* OUT: length of cert chain */
848 
849 /* certificate chain establishment */
850 AMI_STATUS ami_get_cert_chain PROTO_LIST((
851 	const ami_handle_t *,	/* IN: ami handle */
852 	const ami_cert *,	/* IN: user certificate */
853 	const char **,		/* IN: CA name list */
854 	int flags,		/* IN: flags (unused) */
855 	ami_cert **,		/* OUT: certificate chain */
856 	int *));		/* OUT: length of cert chain */
857 
858 /* I/O */
859 AMI_STATUS ami_set_keypkg PROTO_LIST((
860 	const ami_handle_t *,	/* IN: ami handle */
861 	const char *,		/* IN: keypkg filename or repository index */
862 	const ami_keypkg *));	/* IN: keypkg to be stored */
863 AMI_STATUS ami_get_keypkg PROTO_LIST((
864 	const ami_handle_t *,	/* IN:	ami handle */
865 	const char *,		/* IN:  keypkg_filename or repository index */
866 	ami_keypkg **));		/* OUT: keypkg */
867 AMI_STATUS ami_set_cert PROTO_LIST((
868 	const ami_handle_t *,	/* IN: ami handle */
869 	const char *,		/* IN: cert filename or repository index */
870 	const ami_cert *));	/* IN: certificate */
871 AMI_STATUS ami_get_cert PROTO_LIST((
872 	const ami_handle_t *,	/* IN:	ami handle */
873 	const char *,		/* IN:  certificate filename, rep index, DN */
874 	ami_cert **,		/* OUT: set of certificates */
875 	int *));		/* OUT: certificate set length */
876 
877 /* generate random bytes */
878 AMI_STATUS ami_random PROTO_LIST((
879 	const ushort_t,		/* IN:  requested number of random bytes */
880 	uchar_t **));		/* OUT: random byte buffer */
881 
882 
883 /* Free */
884 void ami_free_keypkg PROTO_LIST((ami_keypkg **));
885 void ami_free_cert PROTO_LIST((ami_cert **));
886 void ami_free_cert_list PROTO_LIST((ami_cert **, int));
887 void ami_free_dn PROTO_LIST((ami_name **));
888 
889 /* DN */
890 AMI_STATUS ami_str2dn PROTO_LIST((
891 	const ami_handle_t *, char *, ami_name **));
892 AMI_STATUS ami_dn2str PROTO_LIST((
893 	const ami_handle_t *, ami_name *, char **));
894 
895 /* Supported algorithms */
896 AMI_STATUS ami_get_alglist PROTO_LIST((ami_alg_list **));
897 
898 #ifdef	__cplusplus
899 }
900 #endif
901 
902 #endif	/* _SLP_AMI_H */
903