summaryrefslogtreecommitdiff
path: root/usr/src/lib/libkmf/include/kmfapiP.h
diff options
context:
space:
mode:
Diffstat (limited to 'usr/src/lib/libkmf/include/kmfapiP.h')
-rw-r--r--usr/src/lib/libkmf/include/kmfapiP.h348
1 files changed, 348 insertions, 0 deletions
diff --git a/usr/src/lib/libkmf/include/kmfapiP.h b/usr/src/lib/libkmf/include/kmfapiP.h
new file mode 100644
index 0000000000..64b524b6a7
--- /dev/null
+++ b/usr/src/lib/libkmf/include/kmfapiP.h
@@ -0,0 +1,348 @@
+/*
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
+ *
+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ * or http://www.opensolaris.org/os/licensing.
+ * See the License for the specific language governing permissions
+ * and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL HEADER in each
+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ * If applicable, add the following below this CDDL HEADER, with the
+ * fields enclosed by brackets "[]" replaced with your own identifying
+ * information: Portions Copyright [yyyy] [name of copyright owner]
+ *
+ * CDDL HEADER END
+ */
+/*
+ * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
+ * Use is subject to license terms.
+ */
+#ifndef _KMFAPIP_H
+#define _KMFAPIP_H
+
+#pragma ident "%Z%%M% %I% %E% SMI"
+
+#include <kmfapi.h>
+#include <kmfpolicy.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Plugin function table */
+typedef struct {
+ ushort_t version;
+ KMF_RETURN (*ConfigureKeystore) (
+ KMF_HANDLE_T,
+ KMF_CONFIG_PARAMS *);
+
+ KMF_RETURN (*FindCert) (
+ KMF_HANDLE_T,
+ KMF_FINDCERT_PARAMS *,
+ KMF_X509_DER_CERT *,
+ uint32_t *);
+
+ void (*FreeKMFCert) (
+ KMF_HANDLE_T,
+ KMF_X509_DER_CERT *);
+
+ KMF_RETURN (*StoreCert) (
+ KMF_HANDLE_T,
+ KMF_STORECERT_PARAMS *,
+ KMF_DATA *);
+
+ KMF_RETURN (*ImportCert) (
+ KMF_HANDLE_T,
+ KMF_IMPORTCERT_PARAMS *);
+
+ KMF_RETURN (*ImportCRL) (
+ KMF_HANDLE_T,
+ KMF_IMPORTCRL_PARAMS *);
+
+ KMF_RETURN (*DeleteCert) (
+ KMF_HANDLE_T,
+ KMF_DELETECERT_PARAMS *);
+
+ KMF_RETURN (*DeleteCRL) (
+ KMF_HANDLE_T,
+ KMF_DELETECRL_PARAMS *);
+
+ KMF_RETURN (*CreateKeypair) (
+ KMF_HANDLE_T,
+ KMF_CREATEKEYPAIR_PARAMS *,
+ KMF_KEY_HANDLE *,
+ KMF_KEY_HANDLE *);
+
+ KMF_RETURN (*FindKey) (
+ KMF_HANDLE_T,
+ KMF_FINDKEY_PARAMS *,
+ KMF_KEY_HANDLE *,
+ uint32_t *);
+
+ KMF_RETURN (*EncodePubkeyData) (
+ KMF_HANDLE_T,
+ KMF_KEY_HANDLE *,
+ KMF_DATA *);
+
+ KMF_RETURN (*SignData) (
+ KMF_HANDLE_T,
+ KMF_KEY_HANDLE *,
+ KMF_OID *,
+ KMF_DATA *,
+ KMF_DATA *);
+
+ KMF_RETURN (*DeleteKey) (
+ KMF_HANDLE_T,
+ KMF_DELETEKEY_PARAMS *,
+ KMF_KEY_HANDLE *,
+ boolean_t);
+
+ KMF_RETURN (*ListCRL) (
+ KMF_HANDLE_T,
+ KMF_LISTCRL_PARAMS *,
+ char **);
+
+ KMF_RETURN (*FindCRL) (
+ KMF_HANDLE_T,
+ KMF_FINDCRL_PARAMS *,
+ char **,
+ int *);
+
+ KMF_RETURN (*FindCertInCRL) (
+ KMF_HANDLE_T,
+ KMF_FINDCERTINCRL_PARAMS *);
+
+ KMF_RETURN (*GetErrorString) (
+ KMF_HANDLE_T,
+ char **);
+
+ KMF_RETURN (*GetPrikeyByCert) (
+ KMF_HANDLE_T,
+ KMF_CRYPTOWITHCERT_PARAMS *,
+ KMF_DATA *,
+ KMF_KEY_HANDLE *,
+ KMF_KEY_ALG);
+
+ KMF_RETURN (*DecryptData) (
+ KMF_HANDLE_T,
+ KMF_KEY_HANDLE *,
+ KMF_OID *,
+ KMF_DATA *,
+ KMF_DATA *);
+
+ KMF_RETURN (*ExportP12)(
+ KMF_HANDLE_T,
+ KMF_EXPORTP12_PARAMS *,
+ int, KMF_X509_DER_CERT *,
+ int, KMF_KEY_HANDLE *,
+ char *);
+
+ KMF_RETURN (*StorePrivateKey)(
+ KMF_HANDLE_T,
+ KMF_STOREKEY_PARAMS *,
+ KMF_RAW_KEY_DATA *);
+
+ KMF_RETURN (*CreateSymKey) (
+ KMF_HANDLE_T,
+ KMF_CREATESYMKEY_PARAMS *,
+ KMF_KEY_HANDLE *);
+
+ KMF_RETURN (*GetSymKeyValue) (
+ KMF_HANDLE_T,
+ KMF_KEY_HANDLE *,
+ KMF_RAW_SYM_KEY *);
+
+ KMF_RETURN (*SetTokenPin) (
+ KMF_HANDLE_T,
+ KMF_SETPIN_PARAMS *,
+ KMF_CREDENTIAL *);
+
+ void (*Finalize) ();
+
+} KMF_PLUGIN_FUNCLIST;
+
+typedef struct {
+ KMF_KEYSTORE_TYPE type;
+ char *applications;
+ char *path;
+ void *dldesc;
+ KMF_PLUGIN_FUNCLIST *funclist;
+} KMF_PLUGIN;
+
+typedef struct _KMF_PLUGIN_LIST {
+ KMF_PLUGIN *plugin;
+ struct _KMF_PLUGIN_LIST *next;
+} KMF_PLUGIN_LIST;
+
+typedef struct _kmf_handle {
+ /*
+ * session handle opened by KMF_SelectToken() to talk
+ * to a specific slot in Crypto framework. It is used
+ * by pkcs11 plugin module.
+ */
+ CK_SESSION_HANDLE pk11handle;
+ KMF_ERROR lasterr;
+ KMF_POLICY_RECORD *policy;
+ KMF_PLUGIN_LIST *plugins;
+} KMF_HANDLE;
+
+#define CLEAR_ERROR(h, rv) { \
+ if (h == NULL) { \
+ rv = KMF_ERR_BAD_PARAMETER; \
+ } else { \
+ h->lasterr.errcode = 0; \
+ h->lasterr.kstype = 0; \
+ rv = KMF_OK; \
+ } \
+}
+
+#define KMF_PLUGIN_INIT_SYMBOL "KMF_Plugin_Initialize"
+
+#ifndef KMF_PLUGIN_PATH
+#if defined(__sparcv9)
+#define KMF_PLUGIN_PATH "/usr/lib/security/sparcv9/"
+#elif defined(__sparc)
+#define KMF_PLUGIN_PATH "/usr/lib/security/"
+#elif defined(__i386)
+#define KMF_PLUGIN_PATH "/usr/lib/security/"
+#elif defined(__amd64)
+#define KMF_PLUGIN_PATH "/usr/lib/security/amd64/"
+#endif
+#endif /* !KMF_PLUGIN_PATH */
+
+KMF_PLUGIN_FUNCLIST *KMF_Plugin_Initialize();
+
+KMF_RETURN
+SignCert(KMF_HANDLE_T, const KMF_DATA *, KMF_KEY_HANDLE *, KMF_DATA *);
+
+KMF_RETURN
+VerifyCertWithKey(KMF_HANDLE_T, KMF_DATA *, const KMF_DATA *);
+
+KMF_RETURN
+VerifyCertWithCert(KMF_HANDLE_T, const KMF_DATA *, const KMF_DATA *);
+
+KMF_RETURN
+VerifyDataWithCert(KMF_HANDLE_T, KMF_DATA *, KMF_DATA *, const KMF_DATA *);
+
+KMF_RETURN
+VerifyDataWithKey(KMF_HANDLE_T, KMF_DATA *, KMF_ALGORITHM_INDEX, KMF_DATA *,
+ KMF_DATA *);
+
+KMF_RETURN
+EncryptWithCert(KMF_HANDLE_T, KMF_DATA *, KMF_DATA *, KMF_DATA *);
+
+KMF_RETURN
+DecryptWithCert(KMF_HANDLE_T, KMF_DATA *, KMF_KEY_HANDLE *, KMF_DATA *,
+ KMF_DATA *);
+
+KMF_RETURN
+SignCsr(KMF_HANDLE_T, const KMF_DATA *, KMF_KEY_HANDLE *,
+ KMF_X509_ALGORITHM_IDENTIFIER *, KMF_DATA *);
+
+KMF_BOOL PKCS_ConvertAlgorithmId2PKCSKeyType(
+ KMF_ALGORITHM_INDEX, CK_KEY_TYPE *);
+
+KMF_RETURN PKCS_VerifyData(
+ KMF_HANDLE *,
+ KMF_ALGORITHM_INDEX,
+ KMF_X509_SPKI *,
+ KMF_DATA *, KMF_DATA *);
+
+KMF_RETURN PKCS_EncryptData(
+ KMF_HANDLE *,
+ KMF_ALGORITHM_INDEX,
+ KMF_X509_SPKI *,
+ KMF_DATA *,
+ KMF_DATA *);
+
+KMF_PLUGIN *FindPlugin(KMF_HANDLE_T, KMF_KEYSTORE_TYPE);
+
+KMF_BOOL IsEqualOid(KMF_OID *, KMF_OID *);
+
+KMF_OID *X509_AlgIdToAlgorithmOid(KMF_ALGORITHM_INDEX);
+
+KMF_ALGORITHM_INDEX X509_AlgorithmOidToAlgId(KMF_OID *);
+KMF_RETURN GetIDFromSPKI(KMF_X509_SPKI *, KMF_DATA *);
+CK_RV DigestData(CK_SESSION_HANDLE, KMF_DATA *, KMF_DATA *);
+
+KMF_RETURN KMF_SetAltName(KMF_X509_EXTENSIONS *,
+ KMF_OID *, int, KMF_GENERALNAMECHOICES, char *);
+KMF_RETURN GetSequenceContents(char *, size_t, char **, size_t *);
+KMF_X509_EXTENSION *FindExtn(KMF_X509_EXTENSIONS *, KMF_OID *);
+KMF_RETURN add_an_extension(KMF_X509_EXTENSIONS *exts,
+ KMF_X509_EXTENSION *newextn);
+KMF_RETURN set_integer(KMF_DATA *, void *, int);
+void free_keyidlist(KMF_OID *, int);
+KMF_RETURN copy_data(KMF_DATA *, KMF_DATA *);
+void Cleanup_PK11_Session(KMF_HANDLE_T handle);
+void free_dp_name(KMF_CRL_DIST_POINT *);
+void free_dp(KMF_CRL_DIST_POINT *);
+KMF_RETURN set_key_usage_extension(KMF_X509_EXTENSIONS *,
+ int, uint32_t);
+int is_pk11_ready();
+KMF_RETURN KMF_SelectToken(KMF_HANDLE_T, char *, int);
+
+
+/* Indexes into the key parts array for RSA keys */
+#define KMF_RSA_MODULUS (0)
+#define KMF_RSA_PUBLIC_EXPONENT (1)
+#define KMF_RSA_PRIVATE_EXPONENT (2)
+#define KMF_RSA_PRIME1 (3)
+#define KMF_RSA_PRIME2 (4)
+#define KMF_RSA_EXPONENT1 (5)
+#define KMF_RSA_EXPONENT2 (6)
+#define KMF_RSA_COEFFICIENT (7)
+
+/* Key part counts for RSA keys */
+#define KMF_NUMBER_RSA_PUBLIC_KEY_PARTS (2)
+#define KMF_NUMBER_RSA_PRIVATE_KEY_PARTS (8)
+
+/* Key part counts for DSA keys */
+#define KMF_NUMBER_DSA_PUBLIC_KEY_PARTS (4)
+#define KMF_NUMBER_DSA_PRIVATE_KEY_PARTS (4)
+
+/* Indexes into the key parts array for DSA keys */
+#define KMF_DSA_PRIME (0)
+#define KMF_DSA_SUB_PRIME (1)
+#define KMF_DSA_BASE (2)
+#define KMF_DSA_PUBLIC_VALUE (3)
+
+#ifndef max
+#define max(a, b) ((a) < (b) ? (b) : (a))
+#endif
+
+/* Maximum key parts for all algorithms */
+#define KMF_MAX_PUBLIC_KEY_PARTS \
+ (max(KMF_NUMBER_RSA_PUBLIC_KEY_PARTS, \
+ KMF_NUMBER_DSA_PUBLIC_KEY_PARTS))
+
+#define KMF_MAX_PRIVATE_KEY_PARTS \
+ (max(KMF_NUMBER_RSA_PRIVATE_KEY_PARTS, \
+ KMF_NUMBER_DSA_PRIVATE_KEY_PARTS))
+
+#define KMF_MAX_KEY_PARTS \
+ (max(KMF_MAX_PUBLIC_KEY_PARTS, KMF_MAX_PRIVATE_KEY_PARTS))
+
+typedef enum {
+ KMF_ALGMODE_NONE = 0,
+ KMF_ALGMODE_CUSTOM,
+ KMF_ALGMODE_PUBLIC_KEY,
+ KMF_ALGMODE_PRIVATE_KEY,
+ KMF_ALGMODE_PKCS1_EMSA_V15
+} KMF_SIGNATURE_MODE;
+
+#define KMF_CERT_PRINTABLE_LEN 1024
+#define SHA1_HASH_LENGTH 20
+
+#define OCSPREQ_TEMPNAME "/tmp/ocsp.reqXXXXXX"
+#define OCSPRESP_TEMPNAME "/tmp/ocsp.respXXXXXX"
+
+#ifdef __cplusplus
+}
+#endif
+#endif /* _KMFAPIP_H */
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-28 00:44:21 +0000