1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
|
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
* Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright 2018, Joyent, Inc.
*
* Constant definitions and function prototypes for the KMF library.
* Commonly used data types are defined in "kmftypes.h".
*/
#ifndef _KMFAPI_H
#define _KMFAPI_H
#include <kmftypes.h>
#include <security/cryptoki.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
* Setup operations.
*/
extern KMF_RETURN kmf_initialize(KMF_HANDLE_T *, char *, char *);
extern KMF_RETURN kmf_configure_keystore(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
extern KMF_RETURN kmf_finalize(KMF_HANDLE_T);
/*
* Key operations.
*/
extern KMF_RETURN kmf_create_keypair(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
extern KMF_RETURN kmf_delete_key_from_keystore(KMF_HANDLE_T, int,
KMF_ATTRIBUTE *);
extern KMF_RETURN kmf_find_key(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
extern KMF_RETURN kmf_find_prikey_by_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
extern KMF_RETURN kmf_store_key(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
extern KMF_RETURN kmf_create_sym_key(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
extern KMF_RETURN kmf_get_sym_key_value(KMF_HANDLE_T, KMF_KEY_HANDLE *,
KMF_RAW_SYM_KEY *);
/*
* Certificate operations.
*/
extern KMF_RETURN kmf_find_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
extern KMF_RETURN kmf_encode_cert_record(KMF_X509_CERTIFICATE *, KMF_DATA *);
extern KMF_RETURN kmf_import_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
extern KMF_RETURN kmf_store_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
extern KMF_RETURN kmf_delete_cert_from_keystore(KMF_HANDLE_T, int,
KMF_ATTRIBUTE *);
extern KMF_RETURN kmf_validate_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
extern KMF_RETURN kmf_create_cert_file(const KMF_DATA *, KMF_ENCODE_FORMAT,
char *);
extern KMF_RETURN kmf_download_cert(KMF_HANDLE_T, char *, char *, int,
unsigned int, char *, KMF_ENCODE_FORMAT *);
extern KMF_RETURN kmf_is_cert_data(KMF_DATA *, KMF_ENCODE_FORMAT *);
extern KMF_RETURN kmf_is_cert_file(KMF_HANDLE_T, char *, KMF_ENCODE_FORMAT *);
extern KMF_RETURN kmf_check_cert_date(KMF_HANDLE_T, const KMF_DATA *);
/*
* Crypto operations with key or cert.
*/
extern KMF_RETURN kmf_encrypt(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
extern KMF_RETURN kmf_decrypt(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
extern KMF_RETURN kmf_sign_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
extern KMF_RETURN kmf_sign_data(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
extern KMF_RETURN kmf_verify_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
extern KMF_RETURN kmf_verify_data(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
/*
* CRL operations.
*/
extern KMF_RETURN kmf_import_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
extern KMF_RETURN kmf_delete_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
extern KMF_RETURN kmf_list_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
extern KMF_RETURN kmf_find_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
extern KMF_RETURN kmf_find_cert_in_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
extern KMF_RETURN kmf_verify_crl_file(KMF_HANDLE_T, char *, KMF_DATA *);
extern KMF_RETURN kmf_check_crl_date(KMF_HANDLE_T, char *);
extern KMF_RETURN kmf_download_crl(KMF_HANDLE_T, char *, char *,
int, unsigned int, char *, KMF_ENCODE_FORMAT *);
extern KMF_RETURN kmf_is_crl_file(KMF_HANDLE_T, char *, KMF_ENCODE_FORMAT *);
/*
* CSR operations.
*/
extern KMF_RETURN kmf_create_csr_file(KMF_DATA *, KMF_ENCODE_FORMAT, char *);
extern KMF_RETURN kmf_set_csr_pubkey(KMF_HANDLE_T,
KMF_KEY_HANDLE *, KMF_CSR_DATA *);
extern KMF_RETURN kmf_set_csr_version(KMF_CSR_DATA *, uint32_t);
extern KMF_RETURN kmf_set_csr_subject(KMF_CSR_DATA *, KMF_X509_NAME *);
extern KMF_RETURN kmf_set_csr_extn(KMF_CSR_DATA *, KMF_X509_EXTENSION *);
extern KMF_RETURN kmf_set_csr_sig_alg(KMF_CSR_DATA *, KMF_ALGORITHM_INDEX);
extern KMF_RETURN kmf_set_csr_subject_altname(KMF_CSR_DATA *, char *,
int, KMF_GENERALNAMECHOICES);
extern KMF_RETURN kmf_set_csr_ku(KMF_CSR_DATA *, int, uint16_t);
extern KMF_RETURN kmf_decode_csr(KMF_HANDLE_T, KMF_DATA *, KMF_CSR_DATA *);
extern KMF_RETURN kmf_verify_csr(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
extern KMF_RETURN kmf_sign_csr(KMF_HANDLE_T, const KMF_CSR_DATA *,
KMF_KEY_HANDLE *, KMF_DATA *);
extern KMF_RETURN kmf_add_csr_eku(KMF_CSR_DATA *, KMF_OID *, int);
/*
* GetCert operations.
*/
extern KMF_RETURN kmf_get_cert_extn(const KMF_DATA *, KMF_OID *,
KMF_X509_EXTENSION *);
extern KMF_RETURN kmf_get_cert_extns(const KMF_DATA *, KMF_FLAG_CERT_EXTN,
KMF_X509_EXTENSION **, int *);
extern KMF_RETURN kmf_get_cert_ku(const KMF_DATA *, KMF_X509EXT_KEY_USAGE *);
extern KMF_RETURN kmf_get_cert_eku(const KMF_DATA *, KMF_X509EXT_EKU *);
extern KMF_RETURN kmf_get_cert_basic_constraint(const KMF_DATA *,
KMF_BOOL *, KMF_X509EXT_BASICCONSTRAINTS *);
extern KMF_RETURN kmf_get_cert_policies(const KMF_DATA *,
KMF_BOOL *, KMF_X509EXT_CERT_POLICIES *);
extern KMF_RETURN kmf_get_cert_auth_info_access(const KMF_DATA *,
KMF_X509EXT_AUTHINFOACCESS *);
extern KMF_RETURN kmf_get_cert_crl_dist_pts(const KMF_DATA *,
KMF_X509EXT_CRLDISTPOINTS *);
extern KMF_RETURN kmf_get_cert_version_str(KMF_HANDLE_T, const KMF_DATA *,
char **);
extern KMF_RETURN kmf_get_cert_subject_str(KMF_HANDLE_T, const KMF_DATA *,
char **);
extern KMF_RETURN kmf_get_cert_issuer_str(KMF_HANDLE_T, const KMF_DATA *,
char **);
extern KMF_RETURN kmf_get_cert_serial_str(KMF_HANDLE_T, const KMF_DATA *,
char **);
extern KMF_RETURN kmf_get_cert_start_date_str(KMF_HANDLE_T, const KMF_DATA *,
char **);
extern KMF_RETURN kmf_get_cert_end_date_str(KMF_HANDLE_T, const KMF_DATA *,
char **);
extern KMF_RETURN kmf_get_cert_pubkey_alg_str(KMF_HANDLE_T, const KMF_DATA *,
char **);
extern KMF_RETURN kmf_get_cert_sig_alg_str(KMF_HANDLE_T, const KMF_DATA *,
char **);
extern KMF_RETURN kmf_get_cert_pubkey_str(KMF_HANDLE_T, const KMF_DATA *,
char **);
extern KMF_RETURN kmf_get_cert_email_str(KMF_HANDLE_T, const KMF_DATA *,
char **);
extern KMF_RETURN kmf_get_cert_extn_str(KMF_HANDLE_T, const KMF_DATA *,
KMF_PRINTABLE_ITEM, char **);
extern KMF_RETURN kmf_get_cert_id_data(const KMF_DATA *, KMF_DATA *);
extern KMF_RETURN kmf_get_cert_id_str(const KMF_DATA *, char **);
extern KMF_RETURN kmf_get_cert_validity(const KMF_DATA *, time_t *, time_t *);
/*
* SetCert operations
*/
extern KMF_RETURN kmf_set_cert_pubkey(KMF_HANDLE_T, KMF_KEY_HANDLE *,
KMF_X509_CERTIFICATE *);
extern KMF_RETURN kmf_set_cert_subject(KMF_X509_CERTIFICATE *,
KMF_X509_NAME *);
extern KMF_RETURN kmf_set_cert_ku(KMF_X509_CERTIFICATE *, int, uint16_t);
extern KMF_RETURN kmf_set_cert_issuer(KMF_X509_CERTIFICATE *,
KMF_X509_NAME *);
extern KMF_RETURN kmf_set_cert_sig_alg(KMF_X509_CERTIFICATE *,
KMF_ALGORITHM_INDEX);
extern KMF_RETURN kmf_set_cert_validity(KMF_X509_CERTIFICATE *,
time_t, uint32_t);
extern KMF_RETURN kmf_set_cert_serial(KMF_X509_CERTIFICATE *,
KMF_BIGINT *);
extern KMF_RETURN kmf_set_cert_version(KMF_X509_CERTIFICATE *, uint32_t);
extern KMF_RETURN kmf_set_cert_issuer_altname(KMF_X509_CERTIFICATE *,
int, KMF_GENERALNAMECHOICES, char *);
extern KMF_RETURN kmf_set_cert_subject_altname(KMF_X509_CERTIFICATE *,
int, KMF_GENERALNAMECHOICES, char *);
extern KMF_RETURN kmf_add_cert_eku(KMF_X509_CERTIFICATE *, KMF_OID *, int);
extern KMF_RETURN kmf_set_cert_extn(KMF_X509_CERTIFICATE *,
KMF_X509_EXTENSION *);
extern KMF_RETURN kmf_set_cert_basic_constraint(KMF_X509_CERTIFICATE *,
KMF_BOOL, KMF_X509EXT_BASICCONSTRAINTS *);
/*
* PK12 operations
*/
extern KMF_RETURN kmf_export_pk12(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
extern KMF_RETURN kmf_build_pk12(KMF_HANDLE_T, int, KMF_X509_DER_CERT *,
int, KMF_KEY_HANDLE *, KMF_CREDENTIAL *, char *);
extern KMF_RETURN kmf_import_objects(KMF_HANDLE_T, char *, KMF_CREDENTIAL *,
KMF_X509_DER_CERT **, int *, KMF_RAW_KEY_DATA **, int *);
/*
* OCSP operations
*/
extern KMF_RETURN kmf_get_ocsp_for_cert(KMF_HANDLE_T, KMF_DATA *, KMF_DATA *,
KMF_DATA *);
extern KMF_RETURN kmf_create_ocsp_request(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
extern KMF_RETURN kmf_get_encoded_ocsp_response(KMF_HANDLE_T, char *,
char *, int, char *, int, char *, unsigned int);
extern KMF_RETURN kmf_get_ocsp_status_for_cert(KMF_HANDLE_T, int,
KMF_ATTRIBUTE *);
/*
* Policy Operations
*/
extern KMF_RETURN kmf_set_policy(KMF_HANDLE_T, char *, char *);
/*
* Error handling.
*/
extern KMF_RETURN kmf_get_plugin_error_str(KMF_HANDLE_T, char **);
extern KMF_RETURN kmf_get_kmf_error_str(KMF_RETURN, char **);
/*
* Miscellaneous
*/
extern KMF_RETURN kmf_dn_parser(char *, KMF_X509_NAME *);
extern KMF_RETURN kmf_dn_to_string(KMF_X509_NAME *, char **);
extern KMF_RETURN kmf_read_input_file(KMF_HANDLE_T, char *, KMF_DATA *);
extern KMF_RETURN kmf_der_to_pem(KMF_OBJECT_TYPE, unsigned char *,
int, unsigned char **, int *);
extern KMF_RETURN kmf_pem_to_der(unsigned char *, int, unsigned char **, int *);
extern char *kmf_oid_to_string(KMF_OID *);
extern KMF_RETURN kmf_string_to_oid(char *, KMF_OID *);
extern int kmf_compare_rdns(KMF_X509_NAME *, KMF_X509_NAME *);
extern KMF_RETURN kmf_get_data_format(KMF_DATA *, KMF_ENCODE_FORMAT *);
extern KMF_RETURN kmf_get_file_format(char *, KMF_ENCODE_FORMAT *);
extern uint32_t kmf_string_to_ku(char *);
extern char *kmf_ku_to_string(uint32_t);
extern KMF_RETURN kmf_hexstr_to_bytes(unsigned char *, unsigned char **,
size_t *);
extern KMF_RETURN kmf_get_plugin_info(KMF_HANDLE_T, char *,
KMF_KEYSTORE_TYPE *, char **);
extern KMF_OID *kmf_ekuname_to_oid(char *);
extern char *kmf_oid_to_ekuname(KMF_OID *);
#define KMF_CompareRDNs kmf_compare_rdns
/*
* Memory cleanup operations
*/
extern void kmf_free_dn(KMF_X509_NAME *);
extern void kmf_free_kmf_cert(KMF_HANDLE_T, KMF_X509_DER_CERT *);
extern void kmf_free_data(KMF_DATA *);
extern void kmf_free_algoid(KMF_X509_ALGORITHM_IDENTIFIER *);
extern void kmf_free_extn(KMF_X509_EXTENSION *);
extern void kmf_free_tbs_csr(KMF_TBS_CSR *);
extern void kmf_free_signed_csr(KMF_CSR_DATA *);
extern void kmf_free_tbs_cert(KMF_X509_TBS_CERT *);
extern void kmf_free_signed_cert(KMF_X509_CERTIFICATE *);
extern void kmf_free_str(char *);
extern void kmf_free_eku(KMF_X509EXT_EKU *);
extern void kmf_free_spki(KMF_X509_SPKI *);
extern void kmf_free_kmf_key(KMF_HANDLE_T, KMF_KEY_HANDLE *);
extern void kmf_free_bigint(KMF_BIGINT *);
extern void kmf_free_raw_key(KMF_RAW_KEY_DATA *);
extern void kmf_free_raw_sym_key(KMF_RAW_SYM_KEY *);
extern void kmf_free_crl_dist_pts(KMF_X509EXT_CRLDISTPOINTS *);
/* APIs for PKCS#11 token */
extern KMF_RETURN kmf_pk11_token_lookup(KMF_HANDLE_T, char *, CK_SLOT_ID *);
extern KMF_RETURN kmf_pk11_init_token(KMF_HANDLE_T,
char *, char *, CK_UTF8CHAR_PTR, CK_ULONG);
extern KMF_RETURN kmf_set_token_pin(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
extern CK_SESSION_HANDLE kmf_get_pk11_handle(KMF_HANDLE_T);
/*
* Attribute management routines.
*/
int kmf_find_attr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int);
void *kmf_get_attr_ptr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int);
KMF_RETURN kmf_get_attr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int, void *,
uint32_t *);
KMF_RETURN kmf_get_string_attr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int, char **);
KMF_RETURN kmf_set_attr(KMF_ATTRIBUTE *, int, KMF_ATTR_TYPE, void *, uint32_t);
void kmf_set_attr_at_index(KMF_ATTRIBUTE *, int, KMF_ATTR_TYPE,
void *, uint32_t);
/*
* Certificate to name mapping functions.
*/
KMF_RETURN kmf_cert_to_name_mapping_initialize(KMF_HANDLE_T, int,
KMF_ATTRIBUTE *);
KMF_RETURN kmf_cert_to_name_mapping_finalize(KMF_HANDLE_T);
KMF_RETURN kmf_map_cert_to_name(KMF_HANDLE_T, KMF_DATA *, KMF_DATA *);
KMF_RETURN kmf_match_cert_to_name(KMF_HANDLE_T, KMF_DATA *, KMF_DATA *,
KMF_DATA *);
KMF_RETURN kmf_get_mapper_error_str(KMF_HANDLE_T, char **);
/*
* Helper functions for handling the mapper internal state. They are part of the
* public interface, too.
*/
void kmf_set_mapper_lasterror(KMF_HANDLE_T, uint32_t);
uint32_t kmf_get_mapper_lasterror(KMF_HANDLE_T);
void kmf_set_mapper_options(KMF_HANDLE_T, void *);
void *kmf_get_mapper_options(KMF_HANDLE_T);
#ifdef __cplusplus
}
#endif
#endif /* _KMFAPI_H */
|
