xref: /titanic_52/usr/src/lib/libkmf/include/kmfapiP.h (revision 80feccabd0bc0fca1df2b60bfa50449d9a6e3e09)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 #ifndef _KMFAPIP_H
26 #define	_KMFAPIP_H
27 
28 #pragma ident	"%Z%%M%	%I%	%E% SMI"
29 
30 #include <kmfapi.h>
31 #include <kmfpolicy.h>
32 
33 #ifdef __cplusplus
34 extern "C" {
35 #endif
36 
37 /* Plugin function table */
38 typedef struct {
39 	ushort_t	version;
40 	KMF_RETURN	(*ConfigureKeystore) (
41 			KMF_HANDLE_T,
42 			int,
43 			KMF_ATTRIBUTE *);
44 
45 	KMF_RETURN	(*FindCert) (
46 			KMF_HANDLE_T,
47 			int,
48 			KMF_ATTRIBUTE *);
49 
50 	void		(*FreeKMFCert) (
51 			KMF_HANDLE_T,
52 			KMF_X509_DER_CERT *);
53 
54 	KMF_RETURN	(*StoreCert) (
55 			KMF_HANDLE_T,
56 			int, KMF_ATTRIBUTE *);
57 
58 	KMF_RETURN	(*ImportCert) (
59 			KMF_HANDLE_T,
60 			int, KMF_ATTRIBUTE *);
61 
62 	KMF_RETURN	(*ImportCRL) (
63 			KMF_HANDLE_T,
64 			int, KMF_ATTRIBUTE *);
65 
66 	KMF_RETURN	(*DeleteCert) (
67 			KMF_HANDLE_T,
68 			int, KMF_ATTRIBUTE *);
69 
70 	KMF_RETURN	(*DeleteCRL) (
71 			KMF_HANDLE_T,
72 			int, KMF_ATTRIBUTE *);
73 
74 	KMF_RETURN	(*CreateKeypair) (
75 			KMF_HANDLE_T,
76 			int,
77 			KMF_ATTRIBUTE *);
78 
79 	KMF_RETURN	(*FindKey) (
80 			KMF_HANDLE_T,
81 			int,
82 			KMF_ATTRIBUTE *);
83 
84 	KMF_RETURN	(*EncodePubkeyData) (
85 			KMF_HANDLE_T,
86 			KMF_KEY_HANDLE *,
87 			KMF_DATA *);
88 
89 	KMF_RETURN	(*SignData) (
90 			KMF_HANDLE_T,
91 			KMF_KEY_HANDLE *,
92 			KMF_OID *,
93 			KMF_DATA *,
94 			KMF_DATA *);
95 
96 	KMF_RETURN	(*DeleteKey) (
97 			KMF_HANDLE_T,
98 			int,
99 			KMF_ATTRIBUTE *);
100 
101 	KMF_RETURN	(*ListCRL) (
102 			KMF_HANDLE_T,
103 			int, KMF_ATTRIBUTE *);
104 
105 	KMF_RETURN	(*FindCRL) (
106 			KMF_HANDLE_T,
107 			int, KMF_ATTRIBUTE *);
108 
109 	KMF_RETURN	(*FindCertInCRL) (
110 			KMF_HANDLE_T,
111 			int, KMF_ATTRIBUTE *);
112 
113 	KMF_RETURN	(*GetErrorString) (
114 			KMF_HANDLE_T,
115 			char **);
116 
117 	KMF_RETURN	(*FindPrikeyByCert) (
118 			KMF_HANDLE_T,
119 			int,
120 			KMF_ATTRIBUTE *);
121 
122 	KMF_RETURN	(*DecryptData) (
123 			KMF_HANDLE_T,
124 			KMF_KEY_HANDLE *,
125 			KMF_OID *,
126 			KMF_DATA *,
127 			KMF_DATA *);
128 
129 	KMF_RETURN	(*ExportPK12)(
130 			KMF_HANDLE_T,
131 			int,
132 			KMF_ATTRIBUTE *);
133 
134 	KMF_RETURN	(*CreateSymKey) (
135 			KMF_HANDLE_T,
136 			int,
137 			KMF_ATTRIBUTE *);
138 
139 	KMF_RETURN	(*GetSymKeyValue) (
140 			KMF_HANDLE_T,
141 			KMF_KEY_HANDLE *,
142 			KMF_RAW_SYM_KEY *);
143 
144 	KMF_RETURN	(*SetTokenPin) (
145 			KMF_HANDLE_T,
146 			int, KMF_ATTRIBUTE *);
147 
148 	KMF_RETURN	(*VerifyDataWithCert) (
149 			KMF_HANDLE_T,
150 			KMF_ALGORITHM_INDEX,
151 			KMF_DATA *,
152 			KMF_DATA *,
153 			KMF_DATA *);
154 
155 	KMF_RETURN	(*StoreKey) (
156 			KMF_HANDLE_T,
157 			int,
158 			KMF_ATTRIBUTE *);
159 
160 	void		(*Finalize) ();
161 
162 } KMF_PLUGIN_FUNCLIST;
163 
164 typedef struct {
165 	KMF_ATTR_TYPE	type;
166 	boolean_t	null_value_ok; /* Is the pValue required */
167 	uint32_t	minlen;
168 	uint32_t	maxlen;
169 } KMF_ATTRIBUTE_TESTER;
170 
171 typedef struct {
172 	KMF_KEYSTORE_TYPE	type;
173 	char			*applications;
174 	char 			*path;
175 	void 			*dldesc;
176 	KMF_PLUGIN_FUNCLIST	*funclist;
177 } KMF_PLUGIN;
178 
179 typedef struct _KMF_PLUGIN_LIST {
180 	KMF_PLUGIN		*plugin;
181 	struct _KMF_PLUGIN_LIST *next;
182 } KMF_PLUGIN_LIST;
183 
184 typedef struct _kmf_handle {
185 	/*
186 	 * session handle opened by kmf_select_token() to talk
187 	 * to a specific slot in Crypto framework. It is used
188 	 * by pkcs11 plugin module.
189 	 */
190 	CK_SESSION_HANDLE	pk11handle;
191 	KMF_ERROR		lasterr;
192 	KMF_POLICY_RECORD	*policy;
193 	KMF_PLUGIN_LIST		*plugins;
194 } KMF_HANDLE;
195 
196 #define	CLEAR_ERROR(h, rv) { \
197 	if (h == NULL) { \
198 		rv = KMF_ERR_BAD_PARAMETER; \
199 	} else { \
200 		h->lasterr.errcode = 0; \
201 		h->lasterr.kstype = 0; \
202 		rv = KMF_OK; \
203 	} \
204 }
205 
206 #define	KMF_PLUGIN_INIT_SYMBOL	"KMF_Plugin_Initialize"
207 
208 #ifndef KMF_PLUGIN_PATH
209 #if defined(__sparcv9)
210 #define	KMF_PLUGIN_PATH "/usr/lib/security/sparcv9/"
211 #elif defined(__sparc)
212 #define	KMF_PLUGIN_PATH "/usr/lib/security/"
213 #elif defined(__i386)
214 #define	KMF_PLUGIN_PATH "/usr/lib/security/"
215 #elif defined(__amd64)
216 #define	KMF_PLUGIN_PATH "/usr/lib/security/amd64/"
217 #endif
218 #endif /* !KMF_PLUGIN_PATH */
219 
220 KMF_PLUGIN_FUNCLIST *KMF_Plugin_Initialize();
221 
222 KMF_RETURN
223 VerifyDataWithKey(KMF_HANDLE_T, KMF_DATA *, KMF_ALGORITHM_INDEX, KMF_DATA *,
224 	KMF_DATA *);
225 
226 KMF_BOOL pkcs_algid_to_keytype(
227 	KMF_ALGORITHM_INDEX, CK_KEY_TYPE *);
228 
229 KMF_RETURN PKCS_VerifyData(
230 	KMF_HANDLE *,
231 	KMF_ALGORITHM_INDEX,
232 	KMF_X509_SPKI *,
233 	KMF_DATA *, KMF_DATA *);
234 
235 KMF_RETURN PKCS_EncryptData(
236 	KMF_HANDLE *,
237 	KMF_ALGORITHM_INDEX,
238 	KMF_X509_SPKI *,
239 	KMF_DATA *,
240 	KMF_DATA *);
241 
242 KMF_PLUGIN *FindPlugin(KMF_HANDLE_T, KMF_KEYSTORE_TYPE);
243 
244 KMF_BOOL IsEqualOid(KMF_OID *, KMF_OID *);
245 
246 KMF_RETURN copy_algoid(KMF_X509_ALGORITHM_IDENTIFIER *destid,
247 	KMF_X509_ALGORITHM_IDENTIFIER *srcid);
248 
249 KMF_OID *x509_algid_to_algoid(KMF_ALGORITHM_INDEX);
250 KMF_ALGORITHM_INDEX x509_algoid_to_algid(KMF_OID *);
251 
252 KMF_RETURN PKCS_AcquirePublicKeyHandle(CK_SESSION_HANDLE ckSession,
253 	const KMF_X509_SPKI *, CK_KEY_TYPE, CK_OBJECT_HANDLE *,
254 	KMF_BOOL *);
255 
256 KMF_RETURN GetIDFromSPKI(KMF_X509_SPKI *, KMF_DATA *);
257 
258 KMF_RETURN kmf_set_altname(KMF_X509_EXTENSIONS *,
259 	KMF_OID *, int, KMF_GENERALNAMECHOICES, char *);
260 KMF_RETURN GetSequenceContents(char *, size_t, char **, size_t *);
261 KMF_X509_EXTENSION *FindExtn(KMF_X509_EXTENSIONS *, KMF_OID *);
262 KMF_RETURN add_an_extension(KMF_X509_EXTENSIONS *exts,
263 	KMF_X509_EXTENSION *newextn);
264 KMF_RETURN set_integer(KMF_DATA *, void *, int);
265 void free_keyidlist(KMF_OID *, int);
266 KMF_RETURN copy_data(KMF_DATA *, KMF_DATA *);
267 void Cleanup_PK11_Session(KMF_HANDLE_T handle);
268 void free_dp_name(KMF_CRL_DIST_POINT *);
269 void free_dp(KMF_CRL_DIST_POINT *);
270 KMF_RETURN set_key_usage_extension(KMF_X509_EXTENSIONS *,
271 	int, uint32_t);
272 KMF_RETURN init_pk11();
273 KMF_RETURN kmf_select_token(KMF_HANDLE_T, char *, int);
274 
275 KMF_RETURN test_attributes(int, KMF_ATTRIBUTE_TESTER *,
276 	int, KMF_ATTRIBUTE_TESTER *, int, KMF_ATTRIBUTE *);
277 
278 
279 /* Indexes into the key parts array for RSA keys */
280 #define	KMF_RSA_MODULUS			(0)
281 #define	KMF_RSA_PUBLIC_EXPONENT		(1)
282 #define	KMF_RSA_PRIVATE_EXPONENT	(2)
283 #define	KMF_RSA_PRIME1			(3)
284 #define	KMF_RSA_PRIME2			(4)
285 #define	KMF_RSA_EXPONENT1		(5)
286 #define	KMF_RSA_EXPONENT2		(6)
287 #define	KMF_RSA_COEFFICIENT		(7)
288 
289 /* Key part counts for RSA keys */
290 #define	KMF_NUMBER_RSA_PUBLIC_KEY_PARTS		(2)
291 #define	KMF_NUMBER_RSA_PRIVATE_KEY_PARTS	(8)
292 
293 /* Key part counts for DSA keys */
294 #define	KMF_NUMBER_DSA_PUBLIC_KEY_PARTS		(4)
295 #define	KMF_NUMBER_DSA_PRIVATE_KEY_PARTS	(4)
296 
297 /* Indexes into the key parts array for DSA keys */
298 #define	KMF_DSA_PRIME		(0)
299 #define	KMF_DSA_SUB_PRIME	(1)
300 #define	KMF_DSA_BASE		(2)
301 #define	KMF_DSA_PUBLIC_VALUE	(3)
302 
303 #ifndef max
304 #define	max(a, b) ((a) < (b) ? (b) : (a))
305 #endif
306 
307 /* Maximum key parts for all algorithms */
308 #define	KMF_MAX_PUBLIC_KEY_PARTS \
309 	(max(KMF_NUMBER_RSA_PUBLIC_KEY_PARTS, \
310 	KMF_NUMBER_DSA_PUBLIC_KEY_PARTS))
311 
312 #define	KMF_MAX_PRIVATE_KEY_PARTS \
313 	(max(KMF_NUMBER_RSA_PRIVATE_KEY_PARTS, \
314 	KMF_NUMBER_DSA_PRIVATE_KEY_PARTS))
315 
316 #define	KMF_MAX_KEY_PARTS \
317 	(max(KMF_MAX_PUBLIC_KEY_PARTS, KMF_MAX_PRIVATE_KEY_PARTS))
318 
319 typedef enum {
320 	KMF_ALGMODE_NONE	= 0,
321 	KMF_ALGMODE_CUSTOM,
322 	KMF_ALGMODE_PUBLIC_KEY,
323 	KMF_ALGMODE_PRIVATE_KEY,
324 	KMF_ALGMODE_PKCS1_EMSA_V15
325 } KMF_SIGNATURE_MODE;
326 
327 #define	KMF_CERT_PRINTABLE_LEN	1024
328 #define	SHA1_HASH_LENGTH 20
329 
330 #define	OCSPREQ_TEMPNAME	"/tmp/ocsp.reqXXXXXX"
331 #define	OCSPRESP_TEMPNAME	"/tmp/ocsp.respXXXXXX"
332 
333 #define	_PATH_KMF_CONF	"/etc/crypto/kmf.conf"
334 #define	CONF_MODULEPATH	"modulepath="
335 #define	CONF_OPTION	"option="
336 
337 typedef struct {
338 	char			*keystore;
339 	char			*modulepath;
340 	char 			*option;
341 	KMF_KEYSTORE_TYPE	kstype;
342 } conf_entry_t;
343 
344 typedef struct conf_entrylist {
345 	conf_entry_t		*entry;
346 	struct conf_entrylist 	*next;
347 } conf_entrylist_t;
348 
349 
350 extern KMF_RETURN get_entrylist(conf_entrylist_t **);
351 extern void free_entrylist(conf_entrylist_t *);
352 extern void free_entry(conf_entry_t *);
353 extern conf_entry_t *dup_entry(conf_entry_t *);
354 boolean_t is_valid_keystore_type(KMF_KEYSTORE_TYPE);
355 
356 #ifdef __cplusplus
357 }
358 #endif
359 #endif /* _KMFAPIP_H */
360