kmfapiP.h revision 02744e811b15322c5f109827a116c33bfe3438b5
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#ifndef _KMFAPIP_H
#define _KMFAPIP_H
#pragma ident "%Z%%M% %I% %E% SMI"
#include <kmfapi.h>
#include <kmfpolicy.h>
#ifdef __cplusplus
extern "C" {
#endif
/* Plugin function table */
typedef struct {
ushort_t version;
KMF_RETURN (*ConfigureKeystore) (
KMF_HANDLE_T,
KMF_CONFIG_PARAMS *);
KMF_RETURN (*FindCert) (
KMF_HANDLE_T,
KMF_FINDCERT_PARAMS *,
KMF_X509_DER_CERT *,
uint32_t *);
void (*FreeKMFCert) (
KMF_HANDLE_T,
KMF_X509_DER_CERT *);
KMF_RETURN (*StoreCert) (
KMF_HANDLE_T,
KMF_STORECERT_PARAMS *,
KMF_DATA *);
KMF_RETURN (*ImportCert) (
KMF_HANDLE_T,
KMF_IMPORTCERT_PARAMS *);
KMF_RETURN (*ImportCRL) (
KMF_HANDLE_T,
KMF_IMPORTCRL_PARAMS *);
KMF_RETURN (*DeleteCert) (
KMF_HANDLE_T,
KMF_DELETECERT_PARAMS *);
KMF_RETURN (*DeleteCRL) (
KMF_HANDLE_T,
KMF_DELETECRL_PARAMS *);
KMF_RETURN (*CreateKeypair) (
KMF_HANDLE_T,
KMF_CREATEKEYPAIR_PARAMS *,
KMF_KEY_HANDLE *,
KMF_KEY_HANDLE *);
KMF_RETURN (*FindKey) (
KMF_HANDLE_T,
KMF_FINDKEY_PARAMS *,
KMF_KEY_HANDLE *,
uint32_t *);
KMF_RETURN (*EncodePubkeyData) (
KMF_HANDLE_T,
KMF_KEY_HANDLE *,
KMF_DATA *);
KMF_RETURN (*SignData) (
KMF_HANDLE_T,
KMF_KEY_HANDLE *,
KMF_OID *,
KMF_DATA *,
KMF_DATA *);
KMF_RETURN (*DeleteKey) (
KMF_HANDLE_T,
KMF_DELETEKEY_PARAMS *,
KMF_KEY_HANDLE *,
boolean_t);
KMF_RETURN (*ListCRL) (
KMF_HANDLE_T,
KMF_LISTCRL_PARAMS *,
char **);
KMF_RETURN (*FindCRL) (
KMF_HANDLE_T,
KMF_FINDCRL_PARAMS *,
char **,
int *);
KMF_RETURN (*FindCertInCRL) (
KMF_HANDLE_T,
KMF_FINDCERTINCRL_PARAMS *);
KMF_RETURN (*GetErrorString) (
KMF_HANDLE_T,
char **);
KMF_RETURN (*GetPrikeyByCert) (
KMF_HANDLE_T,
KMF_CRYPTOWITHCERT_PARAMS *,
KMF_DATA *,
KMF_KEY_HANDLE *,
KMF_KEY_ALG);
KMF_RETURN (*DecryptData) (
KMF_HANDLE_T,
KMF_KEY_HANDLE *,
KMF_OID *,
KMF_DATA *,
KMF_DATA *);
KMF_RETURN (*ExportP12)(
KMF_HANDLE_T,
KMF_EXPORTP12_PARAMS *,
int, KMF_X509_DER_CERT *,
int, KMF_KEY_HANDLE *,
char *);
KMF_RETURN (*StorePrivateKey)(
KMF_HANDLE_T,
KMF_STOREKEY_PARAMS *,
KMF_RAW_KEY_DATA *);
KMF_RETURN (*CreateSymKey) (
KMF_HANDLE_T,
KMF_CREATESYMKEY_PARAMS *,
KMF_KEY_HANDLE *);
KMF_RETURN (*GetSymKeyValue) (
KMF_HANDLE_T,
KMF_KEY_HANDLE *,
KMF_RAW_SYM_KEY *);
KMF_RETURN (*SetTokenPin) (
KMF_HANDLE_T,
KMF_SETPIN_PARAMS *,
KMF_CREDENTIAL *);
KMF_RETURN (*VerifyDataWithCert) (
KMF_HANDLE_T,
KMF_ALGORITHM_INDEX,
KMF_DATA *,
KMF_DATA *,
KMF_DATA *);
void (*Finalize) ();
} KMF_PLUGIN_FUNCLIST;
typedef struct {
KMF_KEYSTORE_TYPE type;
char *applications;
char *path;
void *dldesc;
KMF_PLUGIN_FUNCLIST *funclist;
} KMF_PLUGIN;
typedef struct _KMF_PLUGIN_LIST {
KMF_PLUGIN *plugin;
struct _KMF_PLUGIN_LIST *next;
} KMF_PLUGIN_LIST;
typedef struct _kmf_handle {
/*
* session handle opened by KMF_SelectToken() to talk
* to a specific slot in Crypto framework. It is used
* by pkcs11 plugin module.
*/
CK_SESSION_HANDLE pk11handle;
KMF_ERROR lasterr;
KMF_POLICY_RECORD *policy;
KMF_PLUGIN_LIST *plugins;
} KMF_HANDLE;
#define CLEAR_ERROR(h, rv) { \
if (h == NULL) { \
rv = KMF_ERR_BAD_PARAMETER; \
} else { \
h->lasterr.errcode = 0; \
h->lasterr.kstype = 0; \
rv = KMF_OK; \
} \
}
#define KMF_PLUGIN_INIT_SYMBOL "KMF_Plugin_Initialize"
#ifndef KMF_PLUGIN_PATH
#if defined(__sparcv9)
#define KMF_PLUGIN_PATH "/usr/lib/security/sparcv9/"
#elif defined(__sparc)
#define KMF_PLUGIN_PATH "/usr/lib/security/"
#elif defined(__i386)
#define KMF_PLUGIN_PATH "/usr/lib/security/"
#elif defined(__amd64)
#define KMF_PLUGIN_PATH "/usr/lib/security/amd64/"
#endif
#endif /* !KMF_PLUGIN_PATH */
KMF_PLUGIN_FUNCLIST *KMF_Plugin_Initialize();
KMF_RETURN
VerifyDataWithKey(KMF_HANDLE_T, KMF_DATA *, KMF_ALGORITHM_INDEX, KMF_DATA *,
KMF_DATA *);
KMF_RETURN
SignCsr(KMF_HANDLE_T, const KMF_DATA *, KMF_KEY_HANDLE *,
KMF_X509_ALGORITHM_IDENTIFIER *, KMF_DATA *);
KMF_BOOL PKCS_ConvertAlgorithmId2PKCSKeyType(
KMF_ALGORITHM_INDEX, CK_KEY_TYPE *);
KMF_RETURN PKCS_VerifyData(
KMF_HANDLE *,
KMF_ALGORITHM_INDEX,
KMF_X509_SPKI *,
KMF_DATA *, KMF_DATA *);
KMF_RETURN PKCS_EncryptData(
KMF_HANDLE *,
KMF_ALGORITHM_INDEX,
KMF_X509_SPKI *,
KMF_DATA *,
KMF_DATA *);
KMF_PLUGIN *FindPlugin(KMF_HANDLE_T, KMF_KEYSTORE_TYPE);
KMF_BOOL IsEqualOid(KMF_OID *, KMF_OID *);
KMF_OID *X509_AlgIdToAlgorithmOid(KMF_ALGORITHM_INDEX);
KMF_ALGORITHM_INDEX X509_AlgorithmOidToAlgId(KMF_OID *);
KMF_RETURN PKCS_AcquirePublicKeyHandle(CK_SESSION_HANDLE ckSession,
const KMF_X509_SPKI *, CK_KEY_TYPE, CK_OBJECT_HANDLE *,
KMF_BOOL *);
KMF_RETURN GetIDFromSPKI(KMF_X509_SPKI *, KMF_DATA *);
CK_RV DigestData(CK_SESSION_HANDLE, KMF_DATA *, KMF_DATA *);
KMF_RETURN KMF_SetAltName(KMF_X509_EXTENSIONS *,
KMF_OID *, int, KMF_GENERALNAMECHOICES, char *);
KMF_RETURN GetSequenceContents(char *, size_t, char **, size_t *);
KMF_X509_EXTENSION *FindExtn(KMF_X509_EXTENSIONS *, KMF_OID *);
KMF_RETURN add_an_extension(KMF_X509_EXTENSIONS *exts,
KMF_X509_EXTENSION *newextn);
KMF_RETURN set_integer(KMF_DATA *, void *, int);
void free_keyidlist(KMF_OID *, int);
KMF_RETURN copy_data(KMF_DATA *, KMF_DATA *);
void Cleanup_PK11_Session(KMF_HANDLE_T handle);
void free_dp_name(KMF_CRL_DIST_POINT *);
void free_dp(KMF_CRL_DIST_POINT *);
KMF_RETURN set_key_usage_extension(KMF_X509_EXTENSIONS *,
int, uint32_t);
int is_pk11_ready();
KMF_RETURN KMF_SelectToken(KMF_HANDLE_T, char *, int);
/* Indexes into the key parts array for RSA keys */
#define KMF_RSA_MODULUS (0)
#define KMF_RSA_PUBLIC_EXPONENT (1)
#define KMF_RSA_PRIVATE_EXPONENT (2)
#define KMF_RSA_PRIME1 (3)
#define KMF_RSA_PRIME2 (4)
#define KMF_RSA_EXPONENT1 (5)
#define KMF_RSA_EXPONENT2 (6)
#define KMF_RSA_COEFFICIENT (7)
/* Key part counts for RSA keys */
#define KMF_NUMBER_RSA_PUBLIC_KEY_PARTS (2)
#define KMF_NUMBER_RSA_PRIVATE_KEY_PARTS (8)
/* Key part counts for DSA keys */
#define KMF_NUMBER_DSA_PUBLIC_KEY_PARTS (4)
#define KMF_NUMBER_DSA_PRIVATE_KEY_PARTS (4)
/* Indexes into the key parts array for DSA keys */
#define KMF_DSA_PRIME (0)
#define KMF_DSA_SUB_PRIME (1)
#define KMF_DSA_BASE (2)
#define KMF_DSA_PUBLIC_VALUE (3)
#ifndef max
#define max(a, b) ((a) < (b) ? (b) : (a))
#endif
/* Maximum key parts for all algorithms */
#define KMF_MAX_PUBLIC_KEY_PARTS \
(max(KMF_NUMBER_RSA_PUBLIC_KEY_PARTS, \
KMF_NUMBER_DSA_PUBLIC_KEY_PARTS))
#define KMF_MAX_PRIVATE_KEY_PARTS \
(max(KMF_NUMBER_RSA_PRIVATE_KEY_PARTS, \
KMF_NUMBER_DSA_PRIVATE_KEY_PARTS))
#define KMF_MAX_KEY_PARTS \
(max(KMF_MAX_PUBLIC_KEY_PARTS, KMF_MAX_PRIVATE_KEY_PARTS))
typedef enum {
KMF_ALGMODE_NONE = 0,
KMF_ALGMODE_CUSTOM,
KMF_ALGMODE_PUBLIC_KEY,
KMF_ALGMODE_PRIVATE_KEY,
KMF_ALGMODE_PKCS1_EMSA_V15
} KMF_SIGNATURE_MODE;
#define KMF_CERT_PRINTABLE_LEN 1024
#define SHA1_HASH_LENGTH 20
#define OCSPREQ_TEMPNAME "/tmp/ocsp.reqXXXXXX"
#define OCSPRESP_TEMPNAME "/tmp/ocsp.respXXXXXX"
#ifdef __cplusplus
}
#endif
#endif /* _KMFAPIP_H */