cryptoutil.h revision 05d57413471eaaa425913a06edc2ab33ad9b05bc
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*/
/*
* Copyright 2010 Nexenta Systems, Inc. All rights reserved.
* Copyright 2014, OmniTI Computer Consulting, Inc. All rights reserved.
*/
#ifndef _CRYPTOUTIL_H
#define _CRYPTOUTIL_H
#ifdef __cplusplus
extern "C" {
#endif
#include <syslog.h>
#include <security/cryptoki.h>
#define LOG_STDERR -1
#define SUCCESS 0
#define FAILURE 1
#define _PATH_PKCS11_CONF "/etc/crypto/pkcs11.conf"
#define _PATH_KCF_CONF "/etc/crypto/kcf.conf"
#define _PATH_KCFD_LOCK "/var/run/kcfd.lock"
/* $ISA substitution for parsing pkcs11.conf data */
#define PKCS11_ISA "/$ISA/"
#if defined(_LP64)
#define PKCS11_ISA_DIR "/64/"
#else /* !_LP64 */
#define PKCS11_ISA_DIR "/"
#endif
/* keywords and delimiters for parsing configuration files */
#define SEP_COLON ":"
#define SEP_SEMICOLON ";"
#define SEP_EQUAL "="
#define SEP_COMMA ","
#define METASLOT_KEYWORD "metaslot"
#define FIPS_KEYWORD "fips-140"
#define EF_DISABLED "disabledlist="
#define EF_ENABLED "enabledlist="
#define EF_NORANDOM "NO_RANDOM"
#define METASLOT_TOKEN "metaslot_token="
#define METASLOT_SLOT "metaslot_slot="
#define METASLOT_STATUS "metaslot_status="
#define EF_FIPS_STATUS "fips_status="
#define METASLOT_AUTO_KEY_MIGRATE "metaslot_auto_key_migrate="
#define ENABLED_KEYWORD "enabled"
#define DISABLED_KEYWORD "disabled"
#define SLOT_DESCRIPTION_SIZE 64
#define TOKEN_LABEL_SIZE 32
#define TOKEN_MANUFACTURER_SIZE 32
#define TOKEN_SERIAL_SIZE 16
#define CRYPTO_FIPS_MODE_DISABLED 0
#define CRYPTO_FIPS_MODE_ENABLED 1
/*
* Define the following softtoken values that are used by softtoken
* library, cryptoadm and pktool command.
*/
#define SOFT_SLOT_DESCRIPTION \
"Sun Crypto Softtoken " \
" "
#define SOFT_TOKEN_LABEL "Sun Software PKCS#11 softtoken "
#define SOFT_TOKEN_SERIAL " "
#define SOFT_MANUFACTURER_ID "Sun Microsystems, Inc. "
#define SOFT_DEFAULT_PIN "changeme"
typedef char libname_t[MAXPATHLEN];
typedef char midstr_t[MECH_ID_HEX_LEN];
typedef struct umechlist {
} umechlist_t;
typedef struct uentry {
int count;
} uentry_t;
typedef struct uentrylist {
struct uentrylist *next;
} uentrylist_t;
/* Return codes for pkcs11_parse_uri() */
#define PK11_URI_OK 0
#define PK11_URI_INVALID 1
#define PK11_MALLOC_ERROR 2
#define PK11_URI_VALUE_OVERFLOW 3
#define PK11_NOT_PKCS11_URI 4
/*
* There is no limit for the attribute length in the spec. 256 bytes should be
* enough for the object name.
*/
#define PK11_MAX_OBJECT_LEN 256
/*
* CKA_ID is of type "byte array" which can be of arbitrary length. 256 bytes
* should be sufficient though.
*/
#define PK11_MAX_ID_LEN 256
/* Structure for the PKCS#11 URI. */
typedef struct pkcs11_uri_t {
/* CKA_LABEL attribute to the C_FindObjectsInit function. */
/*
* CKA_CLASS attribute to the C_FindObjectsInit function. The
* "objecttype" URI attribute can have a value one of "private",
* "public", "cert", "secretkey", and "data". The "objecttype" field can
* have a value of CKO_PUBLIC_KEY, CKO_PRIVATE_KEY, CKO_CERTIFICATE,
* CKO_SECRET_KEY, and CKO_DATA. This attribute cannot be empty in the
* URI.
*/
/* CKO_DATA is 0 so we need this flag. Not part of the URI itself. */
/*
* Token, manufufacturer, serial and model are of fixed size length in
* the specification. We allocate memory on the fly to distinguish
* between an attribute not present and an empty value. We check for
* overflows. We always terminate the string with '\0' even when that is
* not used in the PKCS#11's CK_TOKEN_INFO structure (fields are padded
* with spaces).
*/
/* Token label from CK_TOKEN_INFO. */
/* ManufacturerID from CK_TOKEN_INFO. */
/* SerialNumber from CK_TOKEN_INFO. */
/* Model from CK_TOKEN_INFO. */
/* This is a byte array, we need a length parameter as well. */
int id_len;
/*
* Location of the file with a token PIN. Application can overload this,
* the pkcs11_parse_uri() function does not interpret this field in any
* way.
*/
char *pinfile;
} pkcs11_uri_t;
extern void cryptodebug(const char *fmt, ...);
extern void cryptodebug_init(const char *prefix);
extern void cryptoerror_off();
extern void cryptoerror_on();
extern int get_pkcs11conf_info(uentrylist_t **);
extern umechlist_t *create_umech(char *);
extern void free_umechlist(umechlist_t *);
extern void free_uentrylist(uentrylist_t *);
extern void free_uentry(uentry_t *);
extern uentry_t *getent_uef(char *);
CK_KEY_TYPE *ktype);
extern int
char **objectstore_slot_info, char **objectstore_token_info);
extern char *pkcs11_default_token(void);
#ifdef __cplusplus
}
#endif
#endif /* _CRYPTOUTIL_H */