xref: /illumos-gate/usr/src/lib/libkmf/include/kmfapiP.h (revision 581cede61ac9c14d8d4ea452562a567189eead78) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 #ifndef _KMFAPIP_H
26 #define	_KMFAPIP_H
27 
28 #include <kmfapi.h>
29 #include <kmfpolicy.h>
30 
31 #ifdef __cplusplus
32 extern "C" {
33 #endif
34 
35 /* Plugin function table */
36 typedef struct {
37 	ushort_t	version;
38 	KMF_RETURN	(*ConfigureKeystore) (
39 			KMF_HANDLE_T,
40 			int,
41 			KMF_ATTRIBUTE *);
42 
43 	KMF_RETURN	(*FindCert) (
44 			KMF_HANDLE_T,
45 			int,
46 			KMF_ATTRIBUTE *);
47 
48 	void		(*FreeKMFCert) (
49 			KMF_HANDLE_T,
50 			KMF_X509_DER_CERT *);
51 
52 	KMF_RETURN	(*StoreCert) (
53 			KMF_HANDLE_T,
54 			int, KMF_ATTRIBUTE *);
55 
56 	KMF_RETURN	(*ImportCert) (
57 			KMF_HANDLE_T,
58 			int, KMF_ATTRIBUTE *);
59 
60 	KMF_RETURN	(*ImportCRL) (
61 			KMF_HANDLE_T,
62 			int, KMF_ATTRIBUTE *);
63 
64 	KMF_RETURN	(*DeleteCert) (
65 			KMF_HANDLE_T,
66 			int, KMF_ATTRIBUTE *);
67 
68 	KMF_RETURN	(*DeleteCRL) (
69 			KMF_HANDLE_T,
70 			int, KMF_ATTRIBUTE *);
71 
72 	KMF_RETURN	(*CreateKeypair) (
73 			KMF_HANDLE_T,
74 			int,
75 			KMF_ATTRIBUTE *);
76 
77 	KMF_RETURN	(*FindKey) (
78 			KMF_HANDLE_T,
79 			int,
80 			KMF_ATTRIBUTE *);
81 
82 	KMF_RETURN	(*EncodePubkeyData) (
83 			KMF_HANDLE_T,
84 			KMF_KEY_HANDLE *,
85 			KMF_DATA *);
86 
87 	KMF_RETURN	(*SignData) (
88 			KMF_HANDLE_T,
89 			KMF_KEY_HANDLE *,
90 			KMF_OID *,
91 			KMF_DATA *,
92 			KMF_DATA *);
93 
94 	KMF_RETURN	(*DeleteKey) (
95 			KMF_HANDLE_T,
96 			int,
97 			KMF_ATTRIBUTE *);
98 
99 	KMF_RETURN	(*ListCRL) (
100 			KMF_HANDLE_T,
101 			int, KMF_ATTRIBUTE *);
102 
103 	KMF_RETURN	(*FindCRL) (
104 			KMF_HANDLE_T,
105 			int, KMF_ATTRIBUTE *);
106 
107 	KMF_RETURN	(*FindCertInCRL) (
108 			KMF_HANDLE_T,
109 			int, KMF_ATTRIBUTE *);
110 
111 	KMF_RETURN	(*GetErrorString) (
112 			KMF_HANDLE_T,
113 			char **);
114 
115 	KMF_RETURN	(*FindPrikeyByCert) (
116 			KMF_HANDLE_T,
117 			int,
118 			KMF_ATTRIBUTE *);
119 
120 	KMF_RETURN	(*DecryptData) (
121 			KMF_HANDLE_T,
122 			KMF_KEY_HANDLE *,
123 			KMF_OID *,
124 			KMF_DATA *,
125 			KMF_DATA *);
126 
127 	KMF_RETURN	(*ExportPK12)(
128 			KMF_HANDLE_T,
129 			int,
130 			KMF_ATTRIBUTE *);
131 
132 	KMF_RETURN	(*CreateSymKey) (
133 			KMF_HANDLE_T,
134 			int,
135 			KMF_ATTRIBUTE *);
136 
137 	KMF_RETURN	(*GetSymKeyValue) (
138 			KMF_HANDLE_T,
139 			KMF_KEY_HANDLE *,
140 			KMF_RAW_SYM_KEY *);
141 
142 	KMF_RETURN	(*SetTokenPin) (
143 			KMF_HANDLE_T,
144 			int, KMF_ATTRIBUTE *);
145 
146 	KMF_RETURN	(*VerifyDataWithCert) (
147 			KMF_HANDLE_T,
148 			KMF_ALGORITHM_INDEX,
149 			KMF_DATA *,
150 			KMF_DATA *,
151 			KMF_DATA *);
152 
153 	KMF_RETURN	(*StoreKey) (
154 			KMF_HANDLE_T,
155 			int,
156 			KMF_ATTRIBUTE *);
157 
158 	void		(*Finalize) ();
159 
160 } KMF_PLUGIN_FUNCLIST;
161 
162 typedef struct {
163 	KMF_ATTR_TYPE	type;
164 	boolean_t	null_value_ok; /* Is the pValue required */
165 	uint32_t	minlen;
166 	uint32_t	maxlen;
167 } KMF_ATTRIBUTE_TESTER;
168 
169 typedef struct {
170 	KMF_KEYSTORE_TYPE	type;
171 	char			*applications;
172 	char 			*path;
173 	void 			*dldesc;
174 	KMF_PLUGIN_FUNCLIST	*funclist;
175 } KMF_PLUGIN;
176 
177 typedef struct _KMF_PLUGIN_LIST {
178 	KMF_PLUGIN		*plugin;
179 	struct _KMF_PLUGIN_LIST *next;
180 } KMF_PLUGIN_LIST;
181 
182 typedef struct _kmf_handle {
183 	/*
184 	 * session handle opened by kmf_select_token() to talk
185 	 * to a specific slot in Crypto framework. It is used
186 	 * by pkcs11 plugin module.
187 	 */
188 	CK_SESSION_HANDLE	pk11handle;
189 	KMF_ERROR		lasterr;
190 	KMF_POLICY_RECORD	*policy;
191 	KMF_PLUGIN_LIST		*plugins;
192 } KMF_HANDLE;
193 
194 #define	CLEAR_ERROR(h, rv) { \
195 	if (h == NULL) { \
196 		rv = KMF_ERR_BAD_PARAMETER; \
197 	} else { \
198 		h->lasterr.errcode = 0; \
199 		h->lasterr.kstype = 0; \
200 		rv = KMF_OK; \
201 	} \
202 }
203 
204 #define	KMF_PLUGIN_INIT_SYMBOL	"KMF_Plugin_Initialize"
205 
206 #ifndef KMF_PLUGIN_PATH
207 #if defined(__sparcv9)
208 #define	KMF_PLUGIN_PATH "/lib/crypto/sparcv9/"
209 #elif defined(__sparc)
210 #define	KMF_PLUGIN_PATH "/lib/crypto/"
211 #elif defined(__i386)
212 #define	KMF_PLUGIN_PATH "/lib/crypto/"
213 #elif defined(__amd64)
214 #define	KMF_PLUGIN_PATH "/lib/crypto/amd64/"
215 #endif
216 #endif /* !KMF_PLUGIN_PATH */
217 
218 KMF_PLUGIN_FUNCLIST *KMF_Plugin_Initialize();
219 
220 extern KMF_RETURN
221 VerifyDataWithKey(KMF_HANDLE_T, KMF_DATA *, KMF_ALGORITHM_INDEX,
222     KMF_DATA *, KMF_DATA *);
223 
224 extern KMF_BOOL pkcs_algid_to_keytype(
225     KMF_ALGORITHM_INDEX, CK_KEY_TYPE *);
226 
227 extern KMF_RETURN PKCS_VerifyData(
228     KMF_HANDLE *,
229     KMF_ALGORITHM_INDEX,
230     KMF_X509_SPKI *,
231     KMF_DATA *, KMF_DATA *);
232 
233 extern KMF_RETURN PKCS_EncryptData(
234     KMF_HANDLE *,
235     KMF_ALGORITHM_INDEX,
236     KMF_X509_SPKI *,
237     KMF_DATA *,
238     KMF_DATA *);
239 
240 extern KMF_PLUGIN *FindPlugin(KMF_HANDLE_T, KMF_KEYSTORE_TYPE);
241 
242 extern KMF_BOOL IsEqualOid(KMF_OID *, KMF_OID *);
243 
244 extern KMF_RETURN copy_algoid(KMF_X509_ALGORITHM_IDENTIFIER *destid,
245     KMF_X509_ALGORITHM_IDENTIFIER *srcid);
246 
247 extern KMF_OID *x509_algid_to_algoid(KMF_ALGORITHM_INDEX);
248 extern KMF_ALGORITHM_INDEX x509_algoid_to_algid(KMF_OID *);
249 
250 extern KMF_RETURN PKCS_AcquirePublicKeyHandle(CK_SESSION_HANDLE ckSession,
251     const KMF_X509_SPKI *, CK_KEY_TYPE, CK_OBJECT_HANDLE *,
252     KMF_BOOL *);
253 
254 extern KMF_RETURN GetIDFromSPKI(KMF_X509_SPKI *, KMF_DATA *);
255 extern KMF_RETURN kmf_select_token(KMF_HANDLE_T, char *, int);
256 extern KMF_RETURN kmf_set_altname(KMF_X509_EXTENSIONS *,
257     KMF_OID *, int, KMF_GENERALNAMECHOICES, char *);
258 extern KMF_RETURN GetSequenceContents(char *, size_t, char **, size_t *);
259 extern KMF_X509_EXTENSION *FindExtn(KMF_X509_EXTENSIONS *, KMF_OID *);
260 extern KMF_RETURN add_an_extension(KMF_X509_EXTENSIONS *exts,
261     KMF_X509_EXTENSION *newextn);
262 extern KMF_RETURN set_integer(KMF_DATA *, void *, int);
263 extern void free_keyidlist(KMF_OID *, int);
264 extern KMF_RETURN copy_data(KMF_DATA *, KMF_DATA *);
265 extern void Cleanup_PK11_Session(KMF_HANDLE_T handle);
266 extern void free_dp_name(KMF_CRL_DIST_POINT *);
267 extern void free_dp(KMF_CRL_DIST_POINT *);
268 extern KMF_RETURN set_key_usage_extension(KMF_X509_EXTENSIONS *,
269     int, uint32_t);
270 extern KMF_RETURN init_pk11();
271 extern KMF_RETURN test_attributes(int, KMF_ATTRIBUTE_TESTER *,
272     int, KMF_ATTRIBUTE_TESTER *, int, KMF_ATTRIBUTE *);
273 
274 /* Indexes into the key parts array for RSA keys */
275 #define	KMF_RSA_MODULUS			(0)
276 #define	KMF_RSA_PUBLIC_EXPONENT		(1)
277 #define	KMF_RSA_PRIVATE_EXPONENT	(2)
278 #define	KMF_RSA_PRIME1			(3)
279 #define	KMF_RSA_PRIME2			(4)
280 #define	KMF_RSA_EXPONENT1		(5)
281 #define	KMF_RSA_EXPONENT2		(6)
282 #define	KMF_RSA_COEFFICIENT		(7)
283 
284 /* Key part counts for RSA keys */
285 #define	KMF_NUMBER_RSA_PUBLIC_KEY_PARTS		(2)
286 #define	KMF_NUMBER_RSA_PRIVATE_KEY_PARTS	(8)
287 
288 /* Key part counts for DSA keys */
289 #define	KMF_NUMBER_DSA_PUBLIC_KEY_PARTS		(4)
290 #define	KMF_NUMBER_DSA_PRIVATE_KEY_PARTS	(4)
291 
292 /* Indexes into the key parts array for DSA keys */
293 #define	KMF_DSA_PRIME		(0)
294 #define	KMF_DSA_SUB_PRIME	(1)
295 #define	KMF_DSA_BASE		(2)
296 #define	KMF_DSA_PUBLIC_VALUE	(3)
297 
298 #ifndef max
299 #define	max(a, b) ((a) < (b) ? (b) : (a))
300 #endif
301 
302 /* Maximum key parts for all algorithms */
303 #define	KMF_MAX_PUBLIC_KEY_PARTS \
304 	(max(KMF_NUMBER_RSA_PUBLIC_KEY_PARTS, \
305 	KMF_NUMBER_DSA_PUBLIC_KEY_PARTS))
306 
307 #define	KMF_MAX_PRIVATE_KEY_PARTS \
308 	(max(KMF_NUMBER_RSA_PRIVATE_KEY_PARTS, \
309 	KMF_NUMBER_DSA_PRIVATE_KEY_PARTS))
310 
311 #define	KMF_MAX_KEY_PARTS \
312 	(max(KMF_MAX_PUBLIC_KEY_PARTS, KMF_MAX_PRIVATE_KEY_PARTS))
313 
314 typedef enum {
315 	KMF_ALGMODE_NONE	= 0,
316 	KMF_ALGMODE_CUSTOM,
317 	KMF_ALGMODE_PUBLIC_KEY,
318 	KMF_ALGMODE_PRIVATE_KEY,
319 	KMF_ALGMODE_PKCS1_EMSA_V15
320 } KMF_SIGNATURE_MODE;
321 
322 #define	KMF_CERT_PRINTABLE_LEN	1024
323 #define	SHA1_HASH_LENGTH 20
324 
325 #define	OCSPREQ_TEMPNAME	"/tmp/ocsp.reqXXXXXX"
326 #define	OCSPRESP_TEMPNAME	"/tmp/ocsp.respXXXXXX"
327 
328 #define	_PATH_KMF_CONF	"/etc/crypto/kmf.conf"
329 #define	CONF_MODULEPATH	"modulepath="
330 #define	CONF_OPTION	"option="
331 
332 typedef struct {
333 	char			*keystore;
334 	char			*modulepath;
335 	char 			*option;
336 	KMF_KEYSTORE_TYPE	kstype;
337 } conf_entry_t;
338 
339 typedef struct conf_entrylist {
340 	conf_entry_t		*entry;
341 	struct conf_entrylist 	*next;
342 } conf_entrylist_t;
343 
344 
345 extern KMF_RETURN get_entrylist(conf_entrylist_t **);
346 extern void free_entrylist(conf_entrylist_t *);
347 extern void free_entry(conf_entry_t *);
348 extern conf_entry_t *dup_entry(conf_entry_t *);
349 extern boolean_t is_valid_keystore_type(KMF_KEYSTORE_TYPE);
350 extern KMF_BOOL is_eku_present(KMF_X509EXT_EKU *, KMF_OID *);
351 extern KMF_RETURN parse_eku_data(const KMF_DATA *, KMF_X509EXT_EKU *);
352 extern KMF_RETURN
353 copy_extension_data(KMF_X509_EXTENSION *, KMF_X509_EXTENSION *);
354 
355 #ifdef __cplusplus
356 }
357 #endif
358 #endif /* _KMFAPIP_H */
359