xref: /titanic_52/usr/src/lib/pkcs11/include/cryptoki.h (revision 7014882c6a3672fd0e5d60200af8643ae53c5928)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2008 Sun Microsystems, Inc.   All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #ifndef	_CRYPTOKI_H
27 #define	_CRYPTOKI_H
28 
29 #pragma ident	"%Z%%M%	%I%	%E% SMI"
30 
31 #ifdef	__cplusplus
32 extern "C" {
33 #endif
34 
35 #ifndef	CK_PTR
36 #define	CK_PTR *
37 #endif
38 
39 #ifndef CK_DEFINE_FUNCTION
40 #define	CK_DEFINE_FUNCTION(returnType, name) returnType name
41 #endif
42 
43 #ifndef CK_DECLARE_FUNCTION
44 #define	CK_DECLARE_FUNCTION(returnType, name) returnType name
45 #endif
46 
47 #ifndef CK_DECLARE_FUNCTION_POINTER
48 #define	CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType (* name)
49 #endif
50 
51 #ifndef CK_CALLBACK_FUNCTION
52 #define	CK_CALLBACK_FUNCTION(returnType, name) returnType (* name)
53 #endif
54 
55 #ifndef NULL_PTR
56 #include <unistd.h>	/* For NULL */
57 #define	NULL_PTR NULL
58 #endif
59 
60 /*
61  * pkcs11t.h defines TRUE and FALSE in a way that upsets lint
62  */
63 #ifndef	CK_DISABLE_TRUE_FALSE
64 #define	CK_DISABLE_TRUE_FALSE
65 #ifndef	TRUE
66 #define	TRUE	1
67 #endif /* TRUE */
68 #ifndef	FALSE
69 #define	FALSE	0
70 #endif /* FALSE */
71 #endif /* CK_DISABLE_TRUE_FALSE */
72 
73 #undef CK_PKCS11_FUNCTION_INFO
74 
75 #include <security/pkcs11.h>
76 
77 /* Default salt len to generate PKCS#5 key */
78 #define	CK_PKCS5_PBKD2_SALT_SIZE	(16UL)
79 
80 /* Default number of iterations to generate PKCS#5 key */
81 #define	CK_PKCS5_PBKD2_ITERATIONS	(1000UL)
82 
83 /* Solaris specific functions */
84 
85 #include <stdlib.h>
86 
87 /*
88  * pkcs11_GetCriteriaSession will initialize the framework and do all
89  * the necessary work of calling C_GetSlotList(), C_GetMechanismInfo()
90  * C_OpenSession() to create a session that meets all the criteria in
91  * the given function pointer.
92  */
93 CK_RV pkcs11_GetCriteriaSession(
94     boolean_t (*criteria)(CK_SLOT_ID slot_id, void *args, CK_RV *rv),
95     void *args, CK_SESSION_HANDLE_PTR hSession);
96 
97 /*
98  * SUNW_C_GetMechSession will initialize the framework and do all
99  * the necessary PKCS#11 calls to create a session capable of
100  * providing operations on the requested mechanism
101  */
102 CK_RV SUNW_C_GetMechSession(CK_MECHANISM_TYPE mech,
103     CK_SESSION_HANDLE_PTR hSession);
104 
105 /*
106  * SUNW_C_KeyToObject will create a secret key object for the given
107  * mechanism from the rawkey data.
108  */
109 CK_RV SUNW_C_KeyToObject(CK_SESSION_HANDLE hSession,
110     CK_MECHANISM_TYPE mech, const void *rawkey, size_t rawkey_len,
111     CK_OBJECT_HANDLE_PTR obj);
112 
113 /*
114  * pkcs11_PasswdToPBKD2Object will create a secret key from the given string
115  * (e.g. passphrase) using PKCS#5 Password-Based Key Derivation Function 2
116  * (PBKD2).
117  */
118 CK_RV
119 pkcs11_PasswdToPBKD2Object(CK_SESSION_HANDLE hSession, char *passphrase,
120     size_t passphrase_len, void *salt, size_t salt_len, CK_ULONG iterations,
121     CK_KEY_TYPE key_type, CK_ULONG key_len, CK_FLAGS key_flags,
122     CK_OBJECT_HANDLE_PTR obj);
123 
124 /*
125  * pkcs11_ObjectToKey gets the rawkey data from a secret key object.
126  * The caller is responsible to free the allocated rawkey data.
127  */
128 CK_RV
129 pkcs11_ObjectToKey(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE obj,
130     void **rawkey, size_t *rawkey_len, boolean_t destroy_obj);
131 
132 /*
133  * pkcs11_PasswdToKey will create PKCS#5 PBKD2 rawkey data from the
134  * given passphrase.  The caller is responsible to free the allocated
135  * rawkey data.
136  */
137 CK_RV
138 pkcs11_PasswdToKey(CK_SESSION_HANDLE hSession, char *passphrase,
139     size_t passphrase_len, void *salt, size_t salt_len, CK_KEY_TYPE key_type,
140     CK_ULONG key_len, void **rawkey, size_t *rawkey_len);
141 
142 #ifdef	__cplusplus
143 }
144 #endif
145 
146 #endif	/* _CRYPTOKI_H */
147