libkmf/include/kmfapiP.h

	kmfapiP.h revision d00756ccb34596a328f8a15d1965da5412d366d0
/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */
#ifndef _KMFAPIP_H
#define _KMFAPIP_H

#pragma ident   "%Z%%M% %I% %E% SMI"

#include <kmfapi.h>
#include <kmfpolicy.h>

#ifdef __cplusplus
extern "C" {
#endif

/* Plugin function table */
typedef struct {
    ushort_t    version;
    KMF_RETURN  (*ConfigureKeystore) (
            KMF_HANDLE_T,
            int,
            KMF_ATTRIBUTE *);

    KMF_RETURN  (*FindCert) (
            KMF_HANDLE_T,
            int,
            KMF_ATTRIBUTE *);

    void        (*FreeKMFCert) (
            KMF_HANDLE_T,
            KMF_X509_DER_CERT *);

    KMF_RETURN  (*StoreCert) (
            KMF_HANDLE_T,
            int, KMF_ATTRIBUTE *);

    KMF_RETURN  (*ImportCert) (
            KMF_HANDLE_T,
            int, KMF_ATTRIBUTE *);

    KMF_RETURN  (*ImportCRL) (
            KMF_HANDLE_T,
            int, KMF_ATTRIBUTE *);

    KMF_RETURN  (*DeleteCert) (
            KMF_HANDLE_T,
            int, KMF_ATTRIBUTE *);

    KMF_RETURN  (*DeleteCRL) (
            KMF_HANDLE_T,
            int, KMF_ATTRIBUTE *);

    KMF_RETURN  (*CreateKeypair) (
            KMF_HANDLE_T,
            int,
            KMF_ATTRIBUTE *);

    KMF_RETURN  (*FindKey) (
            KMF_HANDLE_T,
            int,
            KMF_ATTRIBUTE *);

    KMF_RETURN  (*EncodePubkeyData) (
            KMF_HANDLE_T,
            KMF_KEY_HANDLE *,
            KMF_DATA *);

    KMF_RETURN  (*SignData) (
            KMF_HANDLE_T,
            KMF_KEY_HANDLE *,
            KMF_OID *,
            KMF_DATA *,
            KMF_DATA *);

    KMF_RETURN  (*DeleteKey) (
            KMF_HANDLE_T,
            int,
            KMF_ATTRIBUTE *);

    KMF_RETURN  (*ListCRL) (
            KMF_HANDLE_T,
            int, KMF_ATTRIBUTE *);

    KMF_RETURN  (*FindCRL) (
            KMF_HANDLE_T,
            int, KMF_ATTRIBUTE *);

    KMF_RETURN  (*FindCertInCRL) (
            KMF_HANDLE_T,
            int, KMF_ATTRIBUTE *);

    KMF_RETURN  (*GetErrorString) (
            KMF_HANDLE_T,
            char **);

    KMF_RETURN  (*FindPrikeyByCert) (
            KMF_HANDLE_T,
            int,
            KMF_ATTRIBUTE *);

    KMF_RETURN  (*DecryptData) (
            KMF_HANDLE_T,
            KMF_KEY_HANDLE *,
            KMF_OID *,
            KMF_DATA *,
            KMF_DATA *);

    KMF_RETURN  (*ExportPK12)(
            KMF_HANDLE_T,
            int,
            KMF_ATTRIBUTE *);

    KMF_RETURN  (*CreateSymKey) (
            KMF_HANDLE_T,
            int,
            KMF_ATTRIBUTE *);

    KMF_RETURN  (*GetSymKeyValue) (
            KMF_HANDLE_T,
            KMF_KEY_HANDLE *,
            KMF_RAW_SYM_KEY *);

    KMF_RETURN  (*SetTokenPin) (
            KMF_HANDLE_T,
            int, KMF_ATTRIBUTE *);

    KMF_RETURN  (*VerifyDataWithCert) (
            KMF_HANDLE_T,
            KMF_ALGORITHM_INDEX,
            KMF_DATA *,
            KMF_DATA *,
            KMF_DATA *);

    KMF_RETURN  (*StoreKey) (
            KMF_HANDLE_T,
            int,
            KMF_ATTRIBUTE *);

    void        (*Finalize) ();

} KMF_PLUGIN_FUNCLIST;

typedef struct {
    KMF_ATTR_TYPE   type;
    boolean_t   null_value_ok; /* Is the pValue required */
    uint32_t    minlen;
    uint32_t    maxlen;
} KMF_ATTRIBUTE_TESTER;

typedef struct {
    KMF_KEYSTORE_TYPE   type;
    char            *applications;
    char            *path;
    void            *dldesc;
    KMF_PLUGIN_FUNCLIST *funclist;
} KMF_PLUGIN;

typedef struct _KMF_PLUGIN_LIST {
    KMF_PLUGIN      *plugin;
    struct _KMF_PLUGIN_LIST *next;
} KMF_PLUGIN_LIST;

typedef struct _kmf_handle {
    /*
     * session handle opened by kmf_select_token() to talk
     * to a specific slot in Crypto framework. It is used
     * by pkcs11 plugin module.
     */
    CK_SESSION_HANDLE   pk11handle;
    KMF_ERROR       lasterr;
    KMF_POLICY_RECORD   *policy;
    KMF_PLUGIN_LIST     *plugins;
} KMF_HANDLE;

#define CLEAR_ERROR(h, rv) { \
    if (h == NULL) { \
        rv = KMF_ERR_BAD_PARAMETER; \
    } else { \
        h->lasterr.errcode = 0; \
        h->lasterr.kstype = 0; \
        rv = KMF_OK; \
    } \
}

#define KMF_PLUGIN_INIT_SYMBOL  "KMF_Plugin_Initialize"

#ifndef KMF_PLUGIN_PATH
#if defined(__sparcv9)
#define KMF_PLUGIN_PATH "/usr/lib/security/sparcv9/"
#elif defined(__sparc)
#define KMF_PLUGIN_PATH "/usr/lib/security/"
#elif defined(__i386)
#define KMF_PLUGIN_PATH "/usr/lib/security/"
#elif defined(__amd64)
#define KMF_PLUGIN_PATH "/usr/lib/security/amd64/"
#endif
#endif /* !KMF_PLUGIN_PATH */

KMF_PLUGIN_FUNCLIST *KMF_Plugin_Initialize();

extern KMF_RETURN
VerifyDataWithKey(KMF_HANDLE_T, KMF_DATA *, KMF_ALGORITHM_INDEX,
    KMF_DATA *, KMF_DATA *);

extern KMF_BOOL pkcs_algid_to_keytype(
    KMF_ALGORITHM_INDEX, CK_KEY_TYPE *);

extern KMF_RETURN PKCS_VerifyData(
    KMF_HANDLE *,
    KMF_ALGORITHM_INDEX,
    KMF_X509_SPKI *,
    KMF_DATA *, KMF_DATA *);

extern KMF_RETURN PKCS_EncryptData(
    KMF_HANDLE *,
    KMF_ALGORITHM_INDEX,
    KMF_X509_SPKI *,
    KMF_DATA *,
    KMF_DATA *);

extern KMF_PLUGIN *FindPlugin(KMF_HANDLE_T, KMF_KEYSTORE_TYPE);

extern KMF_BOOL IsEqualOid(KMF_OID *, KMF_OID *);

extern KMF_RETURN copy_algoid(KMF_X509_ALGORITHM_IDENTIFIER *destid,
    KMF_X509_ALGORITHM_IDENTIFIER *srcid);

extern KMF_OID *x509_algid_to_algoid(KMF_ALGORITHM_INDEX);
extern KMF_ALGORITHM_INDEX x509_algoid_to_algid(KMF_OID *);

extern KMF_RETURN PKCS_AcquirePublicKeyHandle(CK_SESSION_HANDLE ckSession,
    const KMF_X509_SPKI *, CK_KEY_TYPE, CK_OBJECT_HANDLE *,
    KMF_BOOL *);

extern KMF_RETURN GetIDFromSPKI(KMF_X509_SPKI *, KMF_DATA *);
extern KMF_RETURN kmf_select_token(KMF_HANDLE_T, char *, int);
extern KMF_RETURN kmf_set_altname(KMF_X509_EXTENSIONS *,
    KMF_OID *, int, KMF_GENERALNAMECHOICES, char *);
extern KMF_RETURN GetSequenceContents(char *, size_t, char **, size_t *);
extern KMF_X509_EXTENSION *FindExtn(KMF_X509_EXTENSIONS *, KMF_OID *);
extern KMF_RETURN add_an_extension(KMF_X509_EXTENSIONS *exts,
    KMF_X509_EXTENSION *newextn);
extern KMF_RETURN set_integer(KMF_DATA *, void *, int);
extern void free_keyidlist(KMF_OID *, int);
extern KMF_RETURN copy_data(KMF_DATA *, KMF_DATA *);
extern void Cleanup_PK11_Session(KMF_HANDLE_T handle);
extern void free_dp_name(KMF_CRL_DIST_POINT *);
extern void free_dp(KMF_CRL_DIST_POINT *);
extern KMF_RETURN set_key_usage_extension(KMF_X509_EXTENSIONS *,
    int, uint32_t);
extern KMF_RETURN init_pk11();
extern KMF_RETURN test_attributes(int, KMF_ATTRIBUTE_TESTER *,
    int, KMF_ATTRIBUTE_TESTER *, int, KMF_ATTRIBUTE *);

/* Indexes into the key parts array for RSA keys */
#define KMF_RSA_MODULUS         (0)
#define KMF_RSA_PUBLIC_EXPONENT     (1)
#define KMF_RSA_PRIVATE_EXPONENT    (2)
#define KMF_RSA_PRIME1          (3)
#define KMF_RSA_PRIME2          (4)
#define KMF_RSA_EXPONENT1       (5)
#define KMF_RSA_EXPONENT2       (6)
#define KMF_RSA_COEFFICIENT     (7)

/* Key part counts for RSA keys */
#define KMF_NUMBER_RSA_PUBLIC_KEY_PARTS     (2)
#define KMF_NUMBER_RSA_PRIVATE_KEY_PARTS    (8)

/* Key part counts for DSA keys */
#define KMF_NUMBER_DSA_PUBLIC_KEY_PARTS     (4)
#define KMF_NUMBER_DSA_PRIVATE_KEY_PARTS    (4)

/* Indexes into the key parts array for DSA keys */
#define KMF_DSA_PRIME       (0)
#define KMF_DSA_SUB_PRIME   (1)
#define KMF_DSA_BASE        (2)
#define KMF_DSA_PUBLIC_VALUE    (3)

#ifndef max
#define max(a, b) ((a) < (b) ? (b) : (a))
#endif

/* Maximum key parts for all algorithms */
#define KMF_MAX_PUBLIC_KEY_PARTS \
    (max(KMF_NUMBER_RSA_PUBLIC_KEY_PARTS, \
    KMF_NUMBER_DSA_PUBLIC_KEY_PARTS))

#define KMF_MAX_PRIVATE_KEY_PARTS \
    (max(KMF_NUMBER_RSA_PRIVATE_KEY_PARTS, \
    KMF_NUMBER_DSA_PRIVATE_KEY_PARTS))

#define KMF_MAX_KEY_PARTS \
    (max(KMF_MAX_PUBLIC_KEY_PARTS, KMF_MAX_PRIVATE_KEY_PARTS))

typedef enum {
    KMF_ALGMODE_NONE    = 0,
    KMF_ALGMODE_CUSTOM,
    KMF_ALGMODE_PUBLIC_KEY,
    KMF_ALGMODE_PRIVATE_KEY,
    KMF_ALGMODE_PKCS1_EMSA_V15
} KMF_SIGNATURE_MODE;

#define KMF_CERT_PRINTABLE_LEN  1024
#define SHA1_HASH_LENGTH 20

#define OCSPREQ_TEMPNAME    "/tmp/ocsp.reqXXXXXX"
#define OCSPRESP_TEMPNAME   "/tmp/ocsp.respXXXXXX"

#define _PATH_KMF_CONF  "/etc/crypto/kmf.conf"
#define CONF_MODULEPATH "modulepath="
#define CONF_OPTION "option="

typedef struct {
    char            *keystore;
    char            *modulepath;
    char            *option;
    KMF_KEYSTORE_TYPE   kstype;
} conf_entry_t;

typedef struct conf_entrylist {
    conf_entry_t        *entry;
    struct conf_entrylist   *next;
} conf_entrylist_t;


extern KMF_RETURN get_entrylist(conf_entrylist_t **);
extern void free_entrylist(conf_entrylist_t *);
extern void free_entry(conf_entry_t *);
extern conf_entry_t *dup_entry(conf_entry_t *);
extern boolean_t is_valid_keystore_type(KMF_KEYSTORE_TYPE);
extern KMF_BOOL is_eku_present(KMF_X509EXT_EKU *, KMF_OID *);
extern KMF_RETURN parse_eku_data(const KMF_DATA *, KMF_X509EXT_EKU *);

#ifdef __cplusplus
}
#endif
#endif /* _KMFAPIP_H */