summaryrefslogtreecommitdiff
path: root/usr/src/lib/libkmf/include
diff options
context:
space:
mode:
Diffstat (limited to 'usr/src/lib/libkmf/include')
-rw-r--r--usr/src/lib/libkmf/include/algorithm.h2
-rw-r--r--usr/src/lib/libkmf/include/kmfapi.h383
-rw-r--r--usr/src/lib/libkmf/include/kmfapiP.h106
-rw-r--r--usr/src/lib/libkmf/include/kmfpolicy.h21
-rw-r--r--usr/src/lib/libkmf/include/kmftypes.h543
-rw-r--r--usr/src/lib/libkmf/include/rdn_parser.h2
6 files changed, 512 insertions, 545 deletions
diff --git a/usr/src/lib/libkmf/include/algorithm.h b/usr/src/lib/libkmf/include/algorithm.h
index c52ee81028..00e2eabddf 100644
--- a/usr/src/lib/libkmf/include/algorithm.h
+++ b/usr/src/lib/libkmf/include/algorithm.h
@@ -37,7 +37,7 @@ typedef struct pkcs_algorithm_map
} PKCS_ALGORITHM_MAP;
extern KMF_SIGNATURE_MODE PKCS_GetDefaultSignatureMode(KMF_ALGORITHM_INDEX);
-extern PKCS_ALGORITHM_MAP* PKCS_GetAlgorithmMap(KMF_ALGCLASS, uint32_t,
+extern PKCS_ALGORITHM_MAP* pkcs_get_alg_map(KMF_ALGCLASS, uint32_t,
uint32_t);
#ifdef __cplusplus
diff --git a/usr/src/lib/libkmf/include/kmfapi.h b/usr/src/lib/libkmf/include/kmfapi.h
index fd29b0733c..4826248ddb 100644
--- a/usr/src/lib/libkmf/include/kmfapi.h
+++ b/usr/src/lib/libkmf/include/kmfapi.h
@@ -42,309 +42,334 @@ extern "C" {
/*
* Setup operations.
*/
-extern KMF_RETURN KMF_Initialize(KMF_HANDLE_T *, char *, char *);
-extern KMF_RETURN KMF_ConfigureKeystore(KMF_HANDLE_T, KMF_CONFIG_PARAMS *);
-extern KMF_RETURN KMF_Finalize(KMF_HANDLE_T);
+extern KMF_RETURN kmf_initialize(KMF_HANDLE_T *, char *, char *);
+extern KMF_RETURN kmf_configure_keystore(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
+extern KMF_RETURN kmf_finalize(KMF_HANDLE_T);
/*
* Key operations.
*/
-extern KMF_RETURN KMF_SignDataWithKey(KMF_HANDLE_T,
- KMF_KEY_HANDLE *, KMF_OID *,
- KMF_DATA *, KMF_DATA *);
-
-extern KMF_RETURN KMF_VerifyDataWithKey(KMF_HANDLE_T,
- KMF_KEY_HANDLE *, KMF_ALGORITHM_INDEX, KMF_DATA *, KMF_DATA *);
-
-extern KMF_RETURN KMF_CreateKeypair(KMF_HANDLE_T,
- KMF_CREATEKEYPAIR_PARAMS *, KMF_KEY_HANDLE *, KMF_KEY_HANDLE *);
+extern KMF_RETURN kmf_create_keypair(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
-extern KMF_RETURN KMF_DeleteKeyFromKeystore(KMF_HANDLE_T,
- KMF_DELETEKEY_PARAMS *, KMF_KEY_HANDLE *);
+extern KMF_RETURN kmf_delete_key_from_keystore(KMF_HANDLE_T, int,
+ KMF_ATTRIBUTE *);
-extern KMF_RETURN KMF_SignCertRecord(KMF_HANDLE_T, KMF_KEY_HANDLE *,
- KMF_X509_CERTIFICATE *, KMF_DATA *);
+extern KMF_RETURN kmf_find_key(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
-extern KMF_RETURN KMF_FindKey(KMF_HANDLE_T, KMF_FINDKEY_PARAMS *,
- KMF_KEY_HANDLE *, uint32_t *);
+extern KMF_RETURN kmf_find_prikey_by_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
-extern KMF_RETURN KMF_StorePrivateKey(KMF_HANDLE_T, KMF_STOREKEY_PARAMS *,
- KMF_RAW_KEY_DATA *);
+extern KMF_RETURN kmf_store_key(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
-extern KMF_RETURN KMF_CreateSymKey(KMF_HANDLE_T, KMF_CREATESYMKEY_PARAMS *,
- KMF_KEY_HANDLE *);
+extern KMF_RETURN kmf_create_sym_key(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
-extern KMF_RETURN KMF_GetSymKeyValue(KMF_HANDLE_T, KMF_KEY_HANDLE *,
+extern KMF_RETURN kmf_get_sym_key_value(KMF_HANDLE_T, KMF_KEY_HANDLE *,
KMF_RAW_SYM_KEY *);
/*
* Certificate operations.
*/
-extern KMF_RETURN KMF_FindCert(KMF_HANDLE_T, KMF_FINDCERT_PARAMS *,
- KMF_X509_DER_CERT *, uint32_t *);
+extern KMF_RETURN kmf_find_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
-extern KMF_RETURN KMF_EncodeCertRecord(KMF_X509_CERTIFICATE *,
- KMF_DATA *);
-extern KMF_RETURN KMF_DecodeCertData(KMF_DATA *, KMF_X509_CERTIFICATE **);
+extern KMF_RETURN kmf_encode_cert_record(KMF_X509_CERTIFICATE *, KMF_DATA *);
-extern KMF_RETURN KMF_SignCertWithKey(KMF_HANDLE_T, const KMF_DATA *,
- KMF_KEY_HANDLE *, KMF_DATA *);
-extern KMF_RETURN KMF_SignCertWithCert(KMF_HANDLE_T,
- KMF_CRYPTOWITHCERT_PARAMS *,
- const KMF_DATA *, KMF_DATA *, KMF_DATA *);
+extern KMF_RETURN kmf_import_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
-extern KMF_RETURN KMF_SignDataWithCert(KMF_HANDLE_T,
- KMF_CRYPTOWITHCERT_PARAMS *, KMF_DATA *, KMF_DATA *, KMF_DATA *);
+extern KMF_RETURN kmf_store_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
-extern KMF_RETURN KMF_VerifyCertWithKey(KMF_HANDLE_T, KMF_KEY_HANDLE *,
- const KMF_DATA *);
-extern KMF_RETURN KMF_VerifyCertWithCert(KMF_HANDLE_T, const KMF_DATA *,
- const KMF_DATA *);
-extern KMF_RETURN KMF_VerifyDataWithCert(KMF_HANDLE_T,
- KMF_KEYSTORE_TYPE, KMF_ALGORITHM_INDEX, KMF_DATA *, KMF_DATA *,
- const KMF_DATA *);
-
-extern KMF_RETURN KMF_EncryptWithCert(KMF_HANDLE_T, KMF_DATA *,
- KMF_DATA *, KMF_DATA *);
+extern KMF_RETURN kmf_delete_cert_from_keystore(KMF_HANDLE_T, int,
+ KMF_ATTRIBUTE *);
-extern KMF_RETURN KMF_DecryptWithCert(KMF_HANDLE_T,
- KMF_CRYPTOWITHCERT_PARAMS *, KMF_DATA *, KMF_DATA *, KMF_DATA *);
+extern KMF_RETURN kmf_validate_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
-extern KMF_RETURN KMF_StoreCert(KMF_HANDLE_T,
- KMF_STORECERT_PARAMS *, KMF_DATA *);
-extern KMF_RETURN KMF_ImportCert(KMF_HANDLE_T, KMF_IMPORTCERT_PARAMS *);
-extern KMF_RETURN KMF_DeleteCertFromKeystore(KMF_HANDLE_T,
- KMF_DELETECERT_PARAMS *);
+extern KMF_RETURN kmf_create_cert_file(const KMF_DATA *, KMF_ENCODE_FORMAT,
+ char *);
-extern KMF_RETURN KMF_ValidateCert(KMF_HANDLE_T,
- KMF_VALIDATECERT_PARAMS *, int *);
+extern KMF_RETURN kmf_download_cert(KMF_HANDLE_T, char *, char *, int,
+ unsigned int, char *, KMF_ENCODE_FORMAT *);
-extern KMF_RETURN KMF_CreateCertFile(KMF_DATA *, KMF_ENCODE_FORMAT, char *);
+extern KMF_RETURN kmf_is_cert_file(KMF_HANDLE_T, char *, KMF_ENCODE_FORMAT *);
-extern KMF_RETURN KMF_DownloadCert(KMF_HANDLE_T, char *, char *, int,
- unsigned int, char *, KMF_ENCODE_FORMAT *);
-extern KMF_RETURN KMF_IsCertFile(KMF_HANDLE_T, char *, KMF_ENCODE_FORMAT *);
+extern KMF_RETURN kmf_check_cert_date(KMF_HANDLE_T, const KMF_DATA *);
-extern KMF_RETURN KMF_CheckCertDate(KMF_HANDLE_T, KMF_DATA *);
+/*
+ * Crypto operations with key or cert.
+ */
+extern KMF_RETURN kmf_encrypt(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
+extern KMF_RETURN kmf_decrypt(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
+extern KMF_RETURN kmf_sign_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
+extern KMF_RETURN kmf_sign_data(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
+extern KMF_RETURN kmf_verify_cert(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
+extern KMF_RETURN kmf_verify_data(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
/*
* CRL operations.
*/
-extern KMF_RETURN KMF_ImportCRL(KMF_HANDLE_T, KMF_IMPORTCRL_PARAMS *);
-extern KMF_RETURN KMF_DeleteCRL(KMF_HANDLE_T, KMF_DELETECRL_PARAMS *);
-extern KMF_RETURN KMF_ListCRL(KMF_HANDLE_T, KMF_LISTCRL_PARAMS *, char **);
-extern KMF_RETURN KMF_FindCRL(KMF_HANDLE_T, KMF_FINDCRL_PARAMS *,
- char **, int *);
-
-extern KMF_RETURN KMF_FindCertInCRL(KMF_HANDLE_T,
- KMF_FINDCERTINCRL_PARAMS *);
-extern KMF_RETURN KMF_VerifyCRLFile(KMF_HANDLE_T,
- KMF_VERIFYCRL_PARAMS *);
-
-extern KMF_RETURN KMF_CheckCRLDate(KMF_HANDLE_T,
- KMF_CHECKCRLDATE_PARAMS *);
-extern KMF_RETURN KMF_DownloadCRL(KMF_HANDLE_T, char *, char *,
+extern KMF_RETURN kmf_import_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
+extern KMF_RETURN kmf_delete_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
+extern KMF_RETURN kmf_list_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
+extern KMF_RETURN kmf_find_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
+extern KMF_RETURN kmf_find_cert_in_crl(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
+extern KMF_RETURN kmf_verify_crl_file(KMF_HANDLE_T, char *, KMF_DATA *);
+extern KMF_RETURN kmf_check_crl_date(KMF_HANDLE_T, char *);
+extern KMF_RETURN kmf_download_crl(KMF_HANDLE_T, char *, char *,
int, unsigned int, char *, KMF_ENCODE_FORMAT *);
-extern KMF_RETURN KMF_IsCRLFile(KMF_HANDLE_T, char *, KMF_ENCODE_FORMAT *);
+extern KMF_RETURN kmf_is_crl_file(KMF_HANDLE_T, char *, KMF_ENCODE_FORMAT *);
/*
* CSR operations.
*/
-extern KMF_RETURN KMF_SetCSRPubKey(KMF_HANDLE_T,
+extern KMF_RETURN kmf_create_csr_file(KMF_DATA *, KMF_ENCODE_FORMAT, char *);
+extern KMF_RETURN kmf_set_csr_pubkey(KMF_HANDLE_T,
KMF_KEY_HANDLE *, KMF_CSR_DATA *);
-extern KMF_RETURN KMF_SetCSRVersion(KMF_CSR_DATA *, uint32_t);
-extern KMF_RETURN KMF_SetCSRSubjectName(KMF_CSR_DATA *, KMF_X509_NAME *);
-extern KMF_RETURN KMF_CreateCSRFile(KMF_DATA *, KMF_ENCODE_FORMAT, char *);
-extern KMF_RETURN KMF_SetCSRExtension(KMF_CSR_DATA *, KMF_X509_EXTENSION *);
-extern KMF_RETURN KMF_SetCSRSignatureAlgorithm(KMF_CSR_DATA *,
- KMF_ALGORITHM_INDEX);
-extern KMF_RETURN KMF_SetCSRSubjectAltName(KMF_CSR_DATA *, char *,
+extern KMF_RETURN kmf_set_csr_version(KMF_CSR_DATA *, uint32_t);
+extern KMF_RETURN kmf_set_csr_subject(KMF_CSR_DATA *, KMF_X509_NAME *);
+extern KMF_RETURN kmf_set_csr_extn(KMF_CSR_DATA *, KMF_X509_EXTENSION *);
+extern KMF_RETURN kmf_set_csr_sig_alg(KMF_CSR_DATA *, KMF_ALGORITHM_INDEX);
+extern KMF_RETURN kmf_set_csr_subject_altname(KMF_CSR_DATA *, char *,
int, KMF_GENERALNAMECHOICES);
-extern KMF_RETURN KMF_SetCSRKeyUsage(KMF_CSR_DATA *, int, uint16_t);
-extern KMF_RETURN KMF_SignCSR(KMF_HANDLE_T, const KMF_CSR_DATA *,
+extern KMF_RETURN kmf_set_csr_ku(KMF_CSR_DATA *, int, uint16_t);
+extern KMF_RETURN kmf_sign_csr(KMF_HANDLE_T, const KMF_CSR_DATA *,
KMF_KEY_HANDLE *, KMF_DATA *);
/*
* GetCert operations.
*/
-extern KMF_RETURN KMF_GetCertExtensionData(const KMF_DATA *, KMF_OID *,
+extern KMF_RETURN kmf_get_cert_extn(const KMF_DATA *, KMF_OID *,
KMF_X509_EXTENSION *);
-extern KMF_RETURN KMF_GetCertCriticalExtensions(const KMF_DATA *,
+extern KMF_RETURN kmf_get_cert_extns(const KMF_DATA *, KMF_FLAG_CERT_EXTN,
KMF_X509_EXTENSION **, int *);
-extern KMF_RETURN KMF_GetCertNonCriticalExtensions(const KMF_DATA *,
- KMF_X509_EXTENSION **, int *);
-
-extern KMF_RETURN KMF_GetCertKeyUsageExt(const KMF_DATA *,
- KMF_X509EXT_KEY_USAGE *);
+extern KMF_RETURN kmf_get_cert_ku(const KMF_DATA *, KMF_X509EXT_KEY_USAGE *);
-extern KMF_RETURN KMF_GetCertEKU(const KMF_DATA *, KMF_X509EXT_EKU *);
+extern KMF_RETURN kmf_get_cert_eku(const KMF_DATA *, KMF_X509EXT_EKU *);
-extern KMF_RETURN KMF_GetCertBasicConstraintExt(const KMF_DATA *,
+extern KMF_RETURN kmf_get_cert_basic_constraint(const KMF_DATA *,
KMF_BOOL *, KMF_X509EXT_BASICCONSTRAINTS *);
-extern KMF_RETURN KMF_GetCertPoliciesExt(const KMF_DATA *,
+extern KMF_RETURN kmf_get_cert_policies(const KMF_DATA *,
KMF_BOOL *, KMF_X509EXT_CERT_POLICIES *);
-extern KMF_RETURN KMF_GetCertAuthInfoAccessExt(const KMF_DATA *,
+extern KMF_RETURN kmf_get_cert_auth_info_access(const KMF_DATA *,
KMF_X509EXT_AUTHINFOACCESS *);
-extern KMF_RETURN KMF_GetCertCRLDistributionPointsExt(const KMF_DATA *,
+extern KMF_RETURN kmf_get_cert_crl_dist_pts(const KMF_DATA *,
KMF_X509EXT_CRLDISTPOINTS *);
-extern KMF_RETURN KMF_GetCertVersionString(KMF_HANDLE_T,
- const KMF_DATA *, char **);
+extern KMF_RETURN kmf_get_cert_version_str(KMF_HANDLE_T, const KMF_DATA *,
+ char **);
-extern KMF_RETURN KMF_GetCertSubjectNameString(KMF_HANDLE_T, const KMF_DATA *,
+extern KMF_RETURN kmf_get_cert_subject_str(KMF_HANDLE_T, const KMF_DATA *,
char **);
-extern KMF_RETURN KMF_GetCertIssuerNameString(KMF_HANDLE_T,
- const KMF_DATA *, char **);
+extern KMF_RETURN kmf_get_cert_issuer_str(KMF_HANDLE_T, const KMF_DATA *,
+ char **);
-extern KMF_RETURN KMF_GetCertSerialNumberString(KMF_HANDLE_T, const KMF_DATA *,
+extern KMF_RETURN kmf_get_cert_serial_str(KMF_HANDLE_T, const KMF_DATA *,
char **);
-extern KMF_RETURN KMF_GetCertStartDateString(KMF_HANDLE_T,
- const KMF_DATA *, char **);
+extern KMF_RETURN kmf_get_cert_start_date_str(KMF_HANDLE_T, const KMF_DATA *,
+ char **);
-extern KMF_RETURN KMF_GetCertEndDateString(KMF_HANDLE_T,
- const KMF_DATA *, char **);
+extern KMF_RETURN kmf_get_cert_end_date_str(KMF_HANDLE_T, const KMF_DATA *,
+ char **);
-extern KMF_RETURN KMF_GetCertPubKeyAlgString(KMF_HANDLE_T,
- const KMF_DATA *, char **);
+extern KMF_RETURN kmf_get_cert_pubkey_alg_str(KMF_HANDLE_T, const KMF_DATA *,
+ char **);
-extern KMF_RETURN KMF_GetCertSignatureAlgString(KMF_HANDLE_T,
- const KMF_DATA *, char **);
+extern KMF_RETURN kmf_get_cert_sig_alg_str(KMF_HANDLE_T, const KMF_DATA *,
+ char **);
-extern KMF_RETURN KMF_GetCertPubKeyDataString(KMF_HANDLE_T,
- const KMF_DATA *, char **);
+extern KMF_RETURN kmf_get_cert_pubkey_str(KMF_HANDLE_T, const KMF_DATA *,
+ char **);
-extern KMF_RETURN KMF_GetCertEmailString(KMF_HANDLE_T,
- const KMF_DATA *, char **);
+extern KMF_RETURN kmf_get_cert_email_str(KMF_HANDLE_T, const KMF_DATA *,
+ char **);
-extern KMF_RETURN KMF_GetCertExtensionString(KMF_HANDLE_T, const KMF_DATA *,
+extern KMF_RETURN kmf_get_cert_extn_str(KMF_HANDLE_T, const KMF_DATA *,
KMF_PRINTABLE_ITEM, char **);
-extern KMF_RETURN KMF_GetCertIDData(const KMF_DATA *, KMF_DATA *);
-extern KMF_RETURN KMF_GetCertIDString(const KMF_DATA *, char **);
-extern KMF_RETURN KMF_GetCertValidity(const KMF_DATA *, time_t *, time_t *);
+extern KMF_RETURN kmf_get_cert_id_data(const KMF_DATA *, KMF_DATA *);
+
+extern KMF_RETURN kmf_get_cert_id_str(const KMF_DATA *, char **);
+
+extern KMF_RETURN kmf_get_cert_validity(const KMF_DATA *, time_t *, time_t *);
+
/*
* SetCert operations
*/
-extern KMF_RETURN KMF_SetCertPubKey(KMF_HANDLE_T, KMF_KEY_HANDLE *,
+extern KMF_RETURN kmf_set_cert_pubkey(KMF_HANDLE_T, KMF_KEY_HANDLE *,
KMF_X509_CERTIFICATE *);
-extern KMF_RETURN KMF_SetCertSubjectName(KMF_X509_CERTIFICATE *,
+extern KMF_RETURN kmf_set_cert_subject(KMF_X509_CERTIFICATE *,
KMF_X509_NAME *);
-extern KMF_RETURN KMF_SetCertKeyUsage(KMF_X509_CERTIFICATE *, int, uint16_t);
+extern KMF_RETURN kmf_set_cert_ku(KMF_X509_CERTIFICATE *, int, uint16_t);
-extern KMF_RETURN KMF_SetCertIssuerName(KMF_X509_CERTIFICATE *,
+extern KMF_RETURN kmf_set_cert_issuer(KMF_X509_CERTIFICATE *,
KMF_X509_NAME *);
-extern KMF_RETURN KMF_SetCertSignatureAlgorithm(KMF_X509_CERTIFICATE *,
+extern KMF_RETURN kmf_set_cert_sig_alg(KMF_X509_CERTIFICATE *,
KMF_ALGORITHM_INDEX);
-extern KMF_RETURN KMF_SetCertValidityTimes(KMF_X509_CERTIFICATE *,
+extern KMF_RETURN kmf_set_cert_validity(KMF_X509_CERTIFICATE *,
time_t, uint32_t);
-extern KMF_RETURN KMF_SetCertSerialNumber(KMF_X509_CERTIFICATE *,
+extern KMF_RETURN kmf_set_cert_serial(KMF_X509_CERTIFICATE *,
KMF_BIGINT *);
-extern KMF_RETURN KMF_SetCertVersion(KMF_X509_CERTIFICATE *, uint32_t);
+extern KMF_RETURN kmf_set_cert_version(KMF_X509_CERTIFICATE *, uint32_t);
-extern KMF_RETURN KMF_SetCertIssuerAltName(KMF_X509_CERTIFICATE *,
+extern KMF_RETURN kmf_set_cert_issuer_altname(KMF_X509_CERTIFICATE *,
int, KMF_GENERALNAMECHOICES, char *);
-extern KMF_RETURN KMF_SetCertSubjectAltName(KMF_X509_CERTIFICATE *,
+extern KMF_RETURN kmf_set_cert_subject_altname(KMF_X509_CERTIFICATE *,
int, KMF_GENERALNAMECHOICES, char *);
-extern KMF_RETURN KMF_AddCertEKU(KMF_X509_CERTIFICATE *, KMF_OID *, int);
+extern KMF_RETURN kmf_add_cert_eku(KMF_X509_CERTIFICATE *, KMF_OID *, int);
-extern KMF_RETURN KMF_SetCertExtension(KMF_X509_CERTIFICATE *,
+extern KMF_RETURN kmf_set_cert_extn(KMF_X509_CERTIFICATE *,
KMF_X509_EXTENSION *);
-extern KMF_RETURN KMF_SetCertBasicConstraintExt(KMF_X509_CERTIFICATE *,
+extern KMF_RETURN kmf_set_cert_basic_constraint(KMF_X509_CERTIFICATE *,
KMF_BOOL, KMF_X509EXT_BASICCONSTRAINTS *);
-extern KMF_RETURN KMF_ExportPK12(KMF_HANDLE_T, KMF_EXPORTP12_PARAMS *, char *);
-extern KMF_RETURN KMF_ImportPK12(KMF_HANDLE_T, char *, KMF_CREDENTIAL *,
- KMF_DATA **, int *, KMF_RAW_KEY_DATA **, int *);
-extern KMF_RETURN KMF_ImportKeypair(KMF_HANDLE_T, char *, KMF_CREDENTIAL *,
+
+/*
+ * PK12 operations
+ */
+extern KMF_RETURN kmf_export_pk12(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
+
+extern KMF_RETURN kmf_build_pk12(KMF_HANDLE_T, int, KMF_X509_DER_CERT *,
+ int, KMF_KEY_HANDLE *, KMF_CREDENTIAL *, char *);
+
+extern KMF_RETURN kmf_import_objects(KMF_HANDLE_T, char *, KMF_CREDENTIAL *,
KMF_DATA **, int *, KMF_RAW_KEY_DATA **, int *);
/*
- * Get OCSP response operation.
+ * OCSP operations
*/
-extern KMF_RETURN KMF_GetOCSPForCert(KMF_HANDLE_T, KMF_DATA *, KMF_DATA *,
+extern KMF_RETURN kmf_get_ocsp_for_cert(KMF_HANDLE_T, KMF_DATA *, KMF_DATA *,
KMF_DATA *);
-extern KMF_RETURN KMF_CreateOCSPRequest(KMF_HANDLE_T, KMF_OCSPREQUEST_PARAMS *,
- char *);
+extern KMF_RETURN kmf_create_ocsp_request(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
-extern KMF_RETURN KMF_GetEncodedOCSPResponse(KMF_HANDLE_T, char *, char *, int,
- char *, int, char *, unsigned int);
+extern KMF_RETURN kmf_get_encoded_ocsp_response(KMF_HANDLE_T, char *,
+ char *, int, char *, int, char *, unsigned int);
-extern KMF_RETURN KMF_GetOCSPStatusForCert(KMF_HANDLE_T,
- KMF_OCSPRESPONSE_PARAMS_INPUT *,
- KMF_OCSPRESPONSE_PARAMS_OUTPUT *);
+extern KMF_RETURN kmf_get_ocsp_status_for_cert(KMF_HANDLE_T, int,
+ KMF_ATTRIBUTE *);
/*
* Policy Operations
*/
-extern KMF_RETURN KMF_SetPolicy(KMF_HANDLE_T, char *, char *);
+extern KMF_RETURN kmf_set_policy(KMF_HANDLE_T, char *, char *);
/*
* Error handling.
*/
-extern KMF_RETURN KMF_GetPluginErrorString(KMF_HANDLE_T, char **);
-extern KMF_RETURN KMF_GetKMFErrorString(KMF_RETURN, char **);
+extern KMF_RETURN kmf_get_plugin_error_str(KMF_HANDLE_T, char **);
+extern KMF_RETURN kmf_get_kmf_error_str(KMF_RETURN, char **);
/*
* Miscellaneous
*/
-extern KMF_RETURN KMF_DNParser(char *, KMF_X509_NAME *);
-extern KMF_RETURN KMF_DN2Der(KMF_X509_NAME *, KMF_DATA *);
-extern KMF_RETURN KMF_ReadInputFile(KMF_HANDLE_T, char *, KMF_DATA *);
-extern KMF_RETURN KMF_Der2Pem(KMF_OBJECT_TYPE, unsigned char *,
+extern KMF_RETURN kmf_dn_parser(char *, KMF_X509_NAME *);
+extern KMF_RETURN kmf_read_input_file(KMF_HANDLE_T, char *, KMF_DATA *);
+extern KMF_RETURN kmf_der_to_pem(KMF_OBJECT_TYPE, unsigned char *,
int, unsigned char **, int *);
-extern KMF_RETURN KMF_Pem2Der(unsigned char *, int, unsigned char **, int *);
-extern char *KMF_OID2String(KMF_OID *);
-extern KMF_RETURN KMF_String2OID(char *, KMF_OID *);
-extern int KMF_CompareRDNs(KMF_X509_NAME *, KMF_X509_NAME *);
-extern KMF_RETURN KMF_GetFileFormat(char *, KMF_ENCODE_FORMAT *);
-extern uint16_t KMF_StringToKeyUsage(char *);
-extern KMF_RETURN KMF_SetTokenPin(KMF_HANDLE_T, KMF_SETPIN_PARAMS *,
- KMF_CREDENTIAL *);
-extern KMF_RETURN KMF_HexString2Bytes(unsigned char *, unsigned char **,
+extern KMF_RETURN kmf_pem_to_der(unsigned char *, int, unsigned char **, int *);
+extern char *kmf_oid_to_string(KMF_OID *);
+extern KMF_RETURN kmf_string_to_oid(char *, KMF_OID *);
+extern int kmf_compare_rdns(KMF_X509_NAME *, KMF_X509_NAME *);
+extern KMF_RETURN kmf_get_file_format(char *, KMF_ENCODE_FORMAT *);
+extern uint32_t kmf_string_to_ku(char *);
+extern char *kmf_ku_to_string(uint32_t);
+extern KMF_RETURN kmf_hexstr_to_bytes(unsigned char *, unsigned char **,
size_t *);
+#define KMF_CompareRDNs kmf_compare_rdns
+
/*
* Memory cleanup operations
*/
-extern void KMF_FreeDN(KMF_X509_NAME *);
-extern void KMF_FreeKMFCert(KMF_HANDLE_T, KMF_X509_DER_CERT *);
-extern void KMF_FreeData(KMF_DATA *);
-extern void KMF_FreeAlgOID(KMF_X509_ALGORITHM_IDENTIFIER *);
-extern void KMF_FreeExtension(KMF_X509_EXTENSION *);
-extern void KMF_FreeTBSCSR(KMF_TBS_CSR *);
-extern void KMF_FreeSignedCSR(KMF_CSR_DATA *);
-extern void KMF_FreeTBSCert(KMF_X509_TBS_CERT *);
-extern void KMF_FreeSignedCert(KMF_X509_CERTIFICATE *);
-extern void KMF_FreeString(char *);
-extern void KMF_FreeEKU(KMF_X509EXT_EKU *);
-extern void KMF_FreeSPKI(KMF_X509_SPKI *);
-extern void KMF_FreeKMFKey(KMF_HANDLE_T, KMF_KEY_HANDLE *);
-extern void KMF_FreeBigint(KMF_BIGINT *);
-extern void KMF_FreeRawKey(KMF_RAW_KEY_DATA *);
-extern void KMF_FreeRawSymKey(KMF_RAW_SYM_KEY *);
-extern void KMF_FreeCRLDistributionPoints(KMF_X509EXT_CRLDISTPOINTS *);
+extern void kmf_free_dn(KMF_X509_NAME *);
+extern void kmf_free_kmf_cert(KMF_HANDLE_T, KMF_X509_DER_CERT *);
+extern void kmf_free_data(KMF_DATA *);
+extern void kmf_free_algoid(KMF_X509_ALGORITHM_IDENTIFIER *);
+extern void kmf_free_extn(KMF_X509_EXTENSION *);
+extern void kmf_free_tbs_csr(KMF_TBS_CSR *);
+extern void kmf_free_signed_csr(KMF_CSR_DATA *);
+extern void kmf_free_tbs_cert(KMF_X509_TBS_CERT *);
+extern void kmf_free_signed_cert(KMF_X509_CERTIFICATE *);
+extern void kmf_free_str(char *);
+extern void kmf_free_eku(KMF_X509EXT_EKU *);
+extern void kmf_free_spki(KMF_X509_SPKI *);
+extern void kmf_free_kmf_key(KMF_HANDLE_T, KMF_KEY_HANDLE *);
+extern void kmf_free_bigint(KMF_BIGINT *);
+extern void kmf_free_raw_key(KMF_RAW_KEY_DATA *);
+extern void kmf_free_raw_sym_key(KMF_RAW_SYM_KEY *);
+extern void kmf_free_crl_dist_pts(KMF_X509EXT_CRLDISTPOINTS *);
/* APIs for PKCS#11 token */
-extern KMF_RETURN KMF_PK11TokenLookup(KMF_HANDLE_T, char *, CK_SLOT_ID *);
-extern CK_SESSION_HANDLE KMF_GetPK11Handle(KMF_HANDLE_T);
+extern KMF_RETURN kmf_pk11_token_lookup(KMF_HANDLE_T, char *, CK_SLOT_ID *);
+extern KMF_RETURN kmf_set_token_pin(KMF_HANDLE_T, int, KMF_ATTRIBUTE *);
+extern CK_SESSION_HANDLE kmf_get_pk11_handle(KMF_HANDLE_T);
+
+/*
+ * Attribute management routines.
+ */
+int kmf_find_attr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int);
+void *kmf_get_attr_ptr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int);
+KMF_RETURN kmf_get_attr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int, void *,
+ uint32_t *);
+KMF_RETURN kmf_get_string_attr(KMF_ATTR_TYPE, KMF_ATTRIBUTE *, int, char **);
+KMF_RETURN kmf_set_attr(KMF_ATTRIBUTE *, int, KMF_ATTR_TYPE, void *, uint32_t);
+void kmf_set_attr_at_index(KMF_ATTRIBUTE *, int, KMF_ATTR_TYPE,
+ void *, uint32_t);
+
+/*
+ * Legacy support only - do not use these APIs - they can be removed at any
+ * time.
+ */
+extern KMF_RETURN KMF_ConfigureKeystore(KMF_HANDLE_T, KMF_CONFIG_PARAMS *);
+extern KMF_RETURN KMF_CreateCSRFile(KMF_DATA *, KMF_ENCODE_FORMAT, char *);
+extern KMF_RETURN KMF_CreateKeypair(KMF_HANDLE_T,
+ KMF_CREATEKEYPAIR_PARAMS *, KMF_KEY_HANDLE *, KMF_KEY_HANDLE *);
+extern KMF_RETURN KMF_DNParser(char *, KMF_X509_NAME *);
+extern KMF_RETURN KMF_Finalize(KMF_HANDLE_T);
+extern KMF_RETURN KMF_FindCert(KMF_HANDLE_T, KMF_FINDCERT_PARAMS *,
+ KMF_X509_DER_CERT *, uint32_t *);
+extern KMF_RETURN KMF_FindKey(KMF_HANDLE_T, KMF_FINDKEY_PARAMS *,
+ KMF_KEY_HANDLE *, uint32_t *);
+extern void KMF_FreeData(KMF_DATA *);
+extern void KMF_FreeKMFCert(KMF_HANDLE_T, KMF_X509_DER_CERT *);
+extern void KMF_FreeKMFKey(KMF_HANDLE_T, KMF_KEY_HANDLE *);
+extern void KMF_FreeSignedCSR(KMF_CSR_DATA *);
+extern KMF_RETURN KMF_GetCertIDString(const KMF_DATA *, char **);
+extern KMF_RETURN KMF_GetCertIssuerNameString(KMF_HANDLE_T,
+ const KMF_DATA *, char **);
+extern KMF_RETURN KMF_GetCertSubjectNameString(KMF_HANDLE_T,
+ const KMF_DATA *, char **);
+extern KMF_RETURN KMF_GetKMFErrorString(KMF_RETURN, char **);
+extern KMF_RETURN KMF_Initialize(KMF_HANDLE_T *, char *, char *);
+extern KMF_RETURN KMF_ReadInputFile(KMF_HANDLE_T, char *, KMF_DATA *);
+extern KMF_RETURN KMF_SetCSRPubKey(KMF_HANDLE_T, KMF_KEY_HANDLE *,
+ KMF_CSR_DATA *);
+extern KMF_RETURN KMF_SetCSRSignatureAlgorithm(KMF_CSR_DATA *,
+ KMF_ALGORITHM_INDEX);
+extern KMF_RETURN KMF_SetCSRSubjectName(KMF_CSR_DATA *, KMF_X509_NAME *);
+extern KMF_RETURN KMF_SetCSRVersion(KMF_CSR_DATA *, uint32_t);
+extern KMF_RETURN KMF_SignCSR(KMF_HANDLE_T, const KMF_CSR_DATA *,
+ KMF_KEY_HANDLE *, KMF_DATA *);
+extern KMF_RETURN KMF_SignDataWithKey(KMF_HANDLE_T, KMF_KEY_HANDLE *,
+ KMF_OID *, KMF_DATA *, KMF_DATA *);
+extern KMF_RETURN KMF_VerifyCertWithCert(KMF_HANDLE_T, const KMF_DATA *,
+ const KMF_DATA *);
+extern KMF_RETURN KMF_VerifyDataWithCert(KMF_HANDLE_T,
+ KMF_KEYSTORE_TYPE, KMF_ALGORITHM_INDEX, KMF_DATA *, KMF_DATA *,
+ const KMF_DATA *);
#ifdef __cplusplus
}
diff --git a/usr/src/lib/libkmf/include/kmfapiP.h b/usr/src/lib/libkmf/include/kmfapiP.h
index 715abfaf31..ac89acb565 100644
--- a/usr/src/lib/libkmf/include/kmfapiP.h
+++ b/usr/src/lib/libkmf/include/kmfapiP.h
@@ -39,13 +39,13 @@ typedef struct {
ushort_t version;
KMF_RETURN (*ConfigureKeystore) (
KMF_HANDLE_T,
- KMF_CONFIG_PARAMS *);
+ int,
+ KMF_ATTRIBUTE *);
KMF_RETURN (*FindCert) (
KMF_HANDLE_T,
- KMF_FINDCERT_PARAMS *,
- KMF_X509_DER_CERT *,
- uint32_t *);
+ int,
+ KMF_ATTRIBUTE *);
void (*FreeKMFCert) (
KMF_HANDLE_T,
@@ -53,36 +53,33 @@ typedef struct {
KMF_RETURN (*StoreCert) (
KMF_HANDLE_T,
- KMF_STORECERT_PARAMS *,
- KMF_DATA *);
+ int, KMF_ATTRIBUTE *);
KMF_RETURN (*ImportCert) (
KMF_HANDLE_T,
- KMF_IMPORTCERT_PARAMS *);
+ int, KMF_ATTRIBUTE *);
KMF_RETURN (*ImportCRL) (
KMF_HANDLE_T,
- KMF_IMPORTCRL_PARAMS *);
+ int, KMF_ATTRIBUTE *);
KMF_RETURN (*DeleteCert) (
KMF_HANDLE_T,
- KMF_DELETECERT_PARAMS *);
+ int, KMF_ATTRIBUTE *);
KMF_RETURN (*DeleteCRL) (
KMF_HANDLE_T,
- KMF_DELETECRL_PARAMS *);
+ int, KMF_ATTRIBUTE *);
KMF_RETURN (*CreateKeypair) (
KMF_HANDLE_T,
- KMF_CREATEKEYPAIR_PARAMS *,
- KMF_KEY_HANDLE *,
- KMF_KEY_HANDLE *);
+ int,
+ KMF_ATTRIBUTE *);
KMF_RETURN (*FindKey) (
KMF_HANDLE_T,
- KMF_FINDKEY_PARAMS *,
- KMF_KEY_HANDLE *,
- uint32_t *);
+ int,
+ KMF_ATTRIBUTE *);
KMF_RETURN (*EncodePubkeyData) (
KMF_HANDLE_T,
@@ -98,35 +95,29 @@ typedef struct {
KMF_RETURN (*DeleteKey) (
KMF_HANDLE_T,
- KMF_DELETEKEY_PARAMS *,
- KMF_KEY_HANDLE *,
- boolean_t);
+ int,
+ KMF_ATTRIBUTE *);
KMF_RETURN (*ListCRL) (
KMF_HANDLE_T,
- KMF_LISTCRL_PARAMS *,
- char **);
+ int, KMF_ATTRIBUTE *);
KMF_RETURN (*FindCRL) (
KMF_HANDLE_T,
- KMF_FINDCRL_PARAMS *,
- char **,
- int *);
+ int, KMF_ATTRIBUTE *);
KMF_RETURN (*FindCertInCRL) (
KMF_HANDLE_T,
- KMF_FINDCERTINCRL_PARAMS *);
+ int, KMF_ATTRIBUTE *);
KMF_RETURN (*GetErrorString) (
KMF_HANDLE_T,
char **);
- KMF_RETURN (*GetPrikeyByCert) (
+ KMF_RETURN (*FindPrikeyByCert) (
KMF_HANDLE_T,
- KMF_CRYPTOWITHCERT_PARAMS *,
- KMF_DATA *,
- KMF_KEY_HANDLE *,
- KMF_KEY_ALG);
+ int,
+ KMF_ATTRIBUTE *);
KMF_RETURN (*DecryptData) (
KMF_HANDLE_T,
@@ -135,22 +126,15 @@ typedef struct {
KMF_DATA *,
KMF_DATA *);
- KMF_RETURN (*ExportP12)(
- KMF_HANDLE_T,
- KMF_EXPORTP12_PARAMS *,
- int, KMF_X509_DER_CERT *,
- int, KMF_KEY_HANDLE *,
- char *);
-
- KMF_RETURN (*StorePrivateKey)(
+ KMF_RETURN (*ExportPK12)(
KMF_HANDLE_T,
- KMF_STOREKEY_PARAMS *,
- KMF_RAW_KEY_DATA *);
+ int,
+ KMF_ATTRIBUTE *);
KMF_RETURN (*CreateSymKey) (
KMF_HANDLE_T,
- KMF_CREATESYMKEY_PARAMS *,
- KMF_KEY_HANDLE *);
+ int,
+ KMF_ATTRIBUTE *);
KMF_RETURN (*GetSymKeyValue) (
KMF_HANDLE_T,
@@ -159,8 +143,7 @@ typedef struct {
KMF_RETURN (*SetTokenPin) (
KMF_HANDLE_T,
- KMF_SETPIN_PARAMS *,
- KMF_CREDENTIAL *);
+ int, KMF_ATTRIBUTE *);
KMF_RETURN (*VerifyDataWithCert) (
KMF_HANDLE_T,
@@ -169,11 +152,23 @@ typedef struct {
KMF_DATA *,
KMF_DATA *);
+ KMF_RETURN (*StoreKey) (
+ KMF_HANDLE_T,
+ int,
+ KMF_ATTRIBUTE *);
+
void (*Finalize) ();
} KMF_PLUGIN_FUNCLIST;
typedef struct {
+ KMF_ATTR_TYPE type;
+ boolean_t null_value_ok; /* Is the pValue required */
+ uint32_t minlen;
+ uint32_t maxlen;
+} KMF_ATTRIBUTE_TESTER;
+
+typedef struct {
KMF_KEYSTORE_TYPE type;
char *applications;
char *path;
@@ -188,7 +183,7 @@ typedef struct _KMF_PLUGIN_LIST {
typedef struct _kmf_handle {
/*
- * session handle opened by KMF_SelectToken() to talk
+ * session handle opened by kmf_select_token() to talk
* to a specific slot in Crypto framework. It is used
* by pkcs11 plugin module.
*/
@@ -228,11 +223,7 @@ KMF_RETURN
VerifyDataWithKey(KMF_HANDLE_T, KMF_DATA *, KMF_ALGORITHM_INDEX, KMF_DATA *,
KMF_DATA *);
-KMF_RETURN
-SignCsr(KMF_HANDLE_T, const KMF_DATA *, KMF_KEY_HANDLE *,
- KMF_X509_ALGORITHM_IDENTIFIER *, KMF_DATA *);
-
-KMF_BOOL PKCS_ConvertAlgorithmId2PKCSKeyType(
+KMF_BOOL pkcs_algid_to_keytype(
KMF_ALGORITHM_INDEX, CK_KEY_TYPE *);
KMF_RETURN PKCS_VerifyData(
@@ -252,15 +243,19 @@ KMF_PLUGIN *FindPlugin(KMF_HANDLE_T, KMF_KEYSTORE_TYPE);
KMF_BOOL IsEqualOid(KMF_OID *, KMF_OID *);
-KMF_OID *X509_AlgIdToAlgorithmOid(KMF_ALGORITHM_INDEX);
-KMF_ALGORITHM_INDEX X509_AlgorithmOidToAlgId(KMF_OID *);
+KMF_RETURN copy_algoid(KMF_X509_ALGORITHM_IDENTIFIER *destid,
+ KMF_X509_ALGORITHM_IDENTIFIER *srcid);
+
+KMF_OID *x509_algid_to_algoid(KMF_ALGORITHM_INDEX);
+KMF_ALGORITHM_INDEX x509_algoid_to_algid(KMF_OID *);
+
KMF_RETURN PKCS_AcquirePublicKeyHandle(CK_SESSION_HANDLE ckSession,
const KMF_X509_SPKI *, CK_KEY_TYPE, CK_OBJECT_HANDLE *,
KMF_BOOL *);
KMF_RETURN GetIDFromSPKI(KMF_X509_SPKI *, KMF_DATA *);
-KMF_RETURN KMF_SetAltName(KMF_X509_EXTENSIONS *,
+KMF_RETURN kmf_set_altname(KMF_X509_EXTENSIONS *,
KMF_OID *, int, KMF_GENERALNAMECHOICES, char *);
KMF_RETURN GetSequenceContents(char *, size_t, char **, size_t *);
KMF_X509_EXTENSION *FindExtn(KMF_X509_EXTENSIONS *, KMF_OID *);
@@ -275,7 +270,10 @@ void free_dp(KMF_CRL_DIST_POINT *);
KMF_RETURN set_key_usage_extension(KMF_X509_EXTENSIONS *,
int, uint32_t);
KMF_RETURN init_pk11();
-KMF_RETURN KMF_SelectToken(KMF_HANDLE_T, char *, int);
+KMF_RETURN kmf_select_token(KMF_HANDLE_T, char *, int);
+
+KMF_RETURN test_attributes(int, KMF_ATTRIBUTE_TESTER *,
+ int, KMF_ATTRIBUTE_TESTER *, int, KMF_ATTRIBUTE *);
/* Indexes into the key parts array for RSA keys */
diff --git a/usr/src/lib/libkmf/include/kmfpolicy.h b/usr/src/lib/libkmf/include/kmfpolicy.h
index e00c55e620..e1cec2b56a 100644
--- a/usr/src/lib/libkmf/include/kmfpolicy.h
+++ b/usr/src/lib/libkmf/include/kmfpolicy.h
@@ -18,7 +18,7 @@
*
* CDDL HEADER END
*
- * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#ifndef _KMFPOLICY_H
@@ -175,21 +175,18 @@ typedef struct {
#define TMPFILE_TEMPLATE "policyXXXXXX"
-extern char *ku2str(uint32_t);
-extern uint32_t str2ku(char *);
extern int parsePolicyElement(xmlNodePtr, KMF_POLICY_RECORD *);
-extern char *KMF_OID2EKUString(KMF_OID *);
-extern KMF_OID *kmf_ekuname2oid(char *);
-extern KMF_OID *kmf_string2oid(char *);
+extern char *kmf_oid_to_eku_string(KMF_OID *);
+extern KMF_OID *kmf_ekuname_to_oid(char *);
-extern KMF_RETURN KMF_GetPolicy(char *, char *, KMF_POLICY_RECORD *);
-extern KMF_RETURN KMF_AddPolicyToDB(KMF_POLICY_RECORD *, char *, boolean_t);
-extern KMF_RETURN KMF_DeletePolicyFromDB(char *, char *);
-extern KMF_RETURN KMF_VerifyPolicy(KMF_POLICY_RECORD *);
+extern KMF_RETURN kmf_get_policy(char *, char *, KMF_POLICY_RECORD *);
+extern KMF_RETURN kmf_add_policy_to_db(KMF_POLICY_RECORD *, char *, boolean_t);
+extern KMF_RETURN kmf_delete_policy_from_db(char *, char *);
+extern KMF_RETURN kmf_verify_policy(KMF_POLICY_RECORD *);
-extern void KMF_FreePolicyRecord(KMF_POLICY_RECORD *);
-extern void KMF_FreeEKUPolicy(KMF_EKU_POLICY *);
+extern void kmf_free_policy_record(KMF_POLICY_RECORD *);
+extern void kmf_free_eku_policy(KMF_EKU_POLICY *);
#ifdef __cplusplus
}
diff --git a/usr/src/lib/libkmf/include/kmftypes.h b/usr/src/lib/libkmf/include/kmftypes.h
index c6bfa51f7b..e820b68b13 100644
--- a/usr/src/lib/libkmf/include/kmftypes.h
+++ b/usr/src/lib/libkmf/include/kmftypes.h
@@ -60,7 +60,7 @@ typedef struct kmf_x509_private {
char *label;
#define KMF_FLAG_CERT_VALID 1 /* contains valid certificate */
#define KMF_FLAG_CERT_SIGNED 2 /* this is a signed certificate */
-} KMF_X509_PRIVATE, KMF_X509_PRIVATE_PTR;
+} KMF_X509_PRIVATE;
/*
* KMF_X509_DER_CERT
@@ -92,6 +92,7 @@ typedef enum {
KMF_FORMAT_RAWKEY = 4, /* For FindKey operation */
KMF_FORMAT_PEM_KEYPAIR = 5
} KMF_ENCODE_FORMAT;
+
#define KMF_FORMAT_NATIVE KMF_FORMAT_UNDEF
typedef enum {
@@ -100,6 +101,14 @@ typedef enum {
KMF_EXPIRED_CERTS = 2
} KMF_CERT_VALIDITY;
+
+typedef enum {
+ KMF_ALL_EXTNS = 0,
+ KMF_CRITICAL_EXTNS = 1,
+ KMF_NONCRITICAL_EXTNS = 2
+} KMF_FLAG_CERT_EXTN;
+
+
typedef enum {
KMF_KU_SIGN_CERT = 0,
KMF_KU_SIGN_DATA = 1,
@@ -123,29 +132,6 @@ typedef enum {
KMF_ALGID_SHA1WithDSA
} KMF_ALGORITHM_INDEX;
-/* Keystore Configuration */
-typedef struct {
- char *configdir;
- char *certPrefix;
- char *keyPrefix;
- char *secModName;
-} KMF_NSS_CONFIG;
-
-typedef struct {
- char *label;
- boolean_t readonly;
-} KMF_PKCS11_CONFIG;
-
-typedef struct {
- KMF_KEYSTORE_TYPE kstype;
- union {
- KMF_NSS_CONFIG nss_conf;
- KMF_PKCS11_CONFIG pkcs11_conf;
- } ks_config_u;
-} KMF_CONFIG_PARAMS;
-
-#define nssconfig ks_config_u.nss_conf
-#define pkcs11config ks_config_u.pkcs11_conf
/*
* Generic credential structure used by other structures below
@@ -157,78 +143,6 @@ typedef struct {
uint32_t credlen;
} KMF_CREDENTIAL;
-typedef struct
-{
- char *trustflag;
- char *slotlabel; /* "internal" by default */
- int issuerId;
- int subjectId;
- char *crlfile; /* for ImportCRL */
- boolean_t crl_check; /* for ImportCRL */
-
- /*
- * The following 2 variables are for FindCertInCRL. The caller can
- * either specify certLabel or provide the entire certificate in
- * DER format as input.
- */
- char *certLabel; /* for FindCertInCRL */
- KMF_DATA *certificate; /* for FindCertInCRL */
-
- /*
- * crl_subjName and crl_issuerName are used as the CRL deletion
- * criteria. One should be non-NULL and the other one should be NULL.
- * If crl_subjName is not NULL, then delete CRL by the subject name.
- * Othewise, delete by the issuer name.
- */
- char *crl_subjName;
- char *crl_issuerName;
-} KMF_NSS_PARAMS;
-
-typedef struct {
- char *dirpath;
- char *certfile;
- char *crlfile;
- char *keyfile;
- char *outcrlfile;
- boolean_t crl_check; /* CRL import check; default is true */
- KMF_ENCODE_FORMAT format; /* output file format */
-} KMF_OPENSSL_PARAMS;
-
-typedef struct {
- boolean_t private; /* for finding CKA_PRIVATE objects */
- boolean_t sensitive;
- boolean_t not_extractable;
- boolean_t token; /* true == token object, false == session */
-} KMF_PKCS11_PARAMS;
-
-typedef struct {
- KMF_KEYSTORE_TYPE kstype;
- char *certLabel;
- char *issuer;
- char *subject;
- char *idstr;
- KMF_BIGINT *serial;
- KMF_CERT_VALIDITY find_cert_validity;
-
- union {
- KMF_NSS_PARAMS nss_opts;
- KMF_OPENSSL_PARAMS openssl_opts;
- KMF_PKCS11_PARAMS pkcs11_opts;
- } ks_opt_u;
-} KMF_FINDCERT_PARAMS, KMF_DELETECERT_PARAMS;
-
-typedef struct {
- KMF_KEYSTORE_TYPE kstype;
- KMF_DATA *certificate;
- KMF_DATA *ocsp_response;
-
- union {
- KMF_NSS_PARAMS nss_opts;
- KMF_OPENSSL_PARAMS openssl_opts;
- KMF_PKCS11_PARAMS pkcs11_opts;
- } ks_opt_u;
-} KMF_VALIDATECERT_PARAMS;
-
typedef enum {
KMF_KEYALG_NONE = 0,
KMF_RSA = 1,
@@ -247,59 +161,6 @@ typedef enum {
KMF_SYMMETRIC = 3 /* symmetric key */
}KMF_KEY_CLASS;
-typedef struct {
- KMF_KEYSTORE_TYPE kstype;
- KMF_CREDENTIAL cred;
- KMF_KEY_CLASS keyclass;
- KMF_KEY_ALG keytype;
- KMF_ENCODE_FORMAT format; /* for key */
- char *findLabel;
- char *idstr;
- union {
- KMF_NSS_PARAMS nss_opts;
- KMF_OPENSSL_PARAMS openssl_opts;
- KMF_PKCS11_PARAMS pkcs11_opts;
- } ks_opt_u;
-} KMF_FINDKEY_PARAMS;
-
-typedef struct {
- KMF_KEYSTORE_TYPE kstype; /* all */
- char *certLabel;
-
- union {
- KMF_NSS_PARAMS nss_opts;
- KMF_OPENSSL_PARAMS openssl_opts;
- } ks_opt_u;
-} KMF_STORECERT_PARAMS;
-
-typedef struct {
- KMF_KEYSTORE_TYPE kstype;
- KMF_CREDENTIAL cred;
- KMF_DATA *certificate;
- char *label;
- union {
- KMF_NSS_PARAMS nss_opts;
- KMF_OPENSSL_PARAMS openssl_opts;
- } ks_opt_u;
-} KMF_STOREKEY_PARAMS;
-
-typedef struct {
- KMF_KEYSTORE_TYPE kstype;
- KMF_CREDENTIAL cred;
- union {
- KMF_NSS_PARAMS nss_opts;
- } ks_opt_u;
-} KMF_DELETEKEY_PARAMS;
-
-typedef struct {
- KMF_KEYSTORE_TYPE kstype;
- char *certfile;
- char *certLabel;
-
- union {
- KMF_NSS_PARAMS nss_opts;
- } ks_opt_u;
-} KMF_IMPORTCERT_PARAMS;
typedef enum {
KMF_CERT = 0,
@@ -307,93 +168,6 @@ typedef enum {
KMF_CRL = 2
}KMF_OBJECT_TYPE;
-typedef struct {
- KMF_KEYSTORE_TYPE kstype;
- KMF_KEY_ALG keytype;
- uint32_t keylength;
- char *keylabel;
- KMF_CREDENTIAL cred;
- KMF_BIGINT rsa_exponent;
- union {
- KMF_NSS_PARAMS nss_opts;
- KMF_OPENSSL_PARAMS openssl_opts;
- }ks_opt_u;
-} KMF_CREATEKEYPAIR_PARAMS;
-
-typedef struct {
- KMF_KEYSTORE_TYPE kstype;
- union {
- KMF_NSS_PARAMS nss_opts;
- KMF_OPENSSL_PARAMS openssl_opts;
- } ks_opt_u;
-} KMF_IMPORTCRL_PARAMS;
-
-typedef struct {
- KMF_KEYSTORE_TYPE kstype;
- union {
- KMF_NSS_PARAMS nss_opts;
- KMF_OPENSSL_PARAMS openssl_opts;
- } ks_opt_u;
-} KMF_DELETECRL_PARAMS;
-
-typedef struct {
- KMF_KEYSTORE_TYPE kstype;
- union {
- KMF_NSS_PARAMS nss_opts;
- KMF_OPENSSL_PARAMS openssl_opts;
- } ks_opt_u;
-} KMF_LISTCRL_PARAMS;
-
-typedef struct {
- KMF_KEYSTORE_TYPE kstype;
- union {
- KMF_NSS_PARAMS nss_opts;
- } ks_opt_u;
-} KMF_FINDCRL_PARAMS;
-
-typedef struct {
- KMF_KEYSTORE_TYPE kstype;
-
- union {
- KMF_NSS_PARAMS nss_opts;
- KMF_OPENSSL_PARAMS openssl_opts;
- } ks_opt_u;
-} KMF_FINDCERTINCRL_PARAMS;
-
-typedef struct {
- char *crl_name;
- KMF_DATA *tacert;
-} KMF_VERIFYCRL_PARAMS;
-
-typedef struct {
- KMF_KEYSTORE_TYPE kstype;
- KMF_CREDENTIAL cred;
- KMF_ENCODE_FORMAT format; /* for key */
- char *certLabel;
- KMF_ALGORITHM_INDEX algid;
- union {
- KMF_NSS_PARAMS nss_opts;
- KMF_OPENSSL_PARAMS openssl_opts;
- }ks_opt_u;
-} KMF_CRYPTOWITHCERT_PARAMS;
-
-typedef struct {
- char *crl_name;
-} KMF_CHECKCRLDATE_PARAMS;
-
-typedef struct {
- CK_SLOT_ID slot;
-} pk11_setpin_opts;
-
-typedef struct {
- KMF_KEYSTORE_TYPE kstype;
- char *tokenname;
- KMF_CREDENTIAL cred; /* current token PIN */
- union {
- KMF_NSS_PARAMS nss_opts;
- pk11_setpin_opts pkcs11_opts;
- }ks_opt_u;
-} KMF_SETPIN_PARAMS;
typedef struct {
KMF_BIGINT mod;
@@ -411,6 +185,7 @@ typedef struct {
KMF_BIGINT subprime;
KMF_BIGINT base;
KMF_BIGINT value;
+ KMF_BIGINT pubvalue;
} KMF_RAW_DSA_KEY;
typedef struct {
@@ -418,7 +193,9 @@ typedef struct {
} KMF_RAW_SYM_KEY;
typedef struct {
- KMF_KEY_ALG keytype;
+ KMF_KEY_ALG keytype;
+ boolean_t sensitive;
+ boolean_t not_extractable;
union {
KMF_RAW_RSA_KEY rsa;
KMF_RAW_DSA_KEY dsa;
@@ -426,65 +203,6 @@ typedef struct {
}rawdata;
} KMF_RAW_KEY_DATA;
-typedef struct {
- KMF_KEYSTORE_TYPE kstype;
- char *certLabel;
- char *issuer;
- char *subject;
- char *idstr;
- KMF_BIGINT *serial;
- KMF_CREDENTIAL cred; /* cred for accessing the token */
- KMF_CREDENTIAL p12cred; /* cred used for securing the file */
-
- union {
- KMF_NSS_PARAMS nss_opts;
- KMF_OPENSSL_PARAMS openssl_opts;
- }ks_opt_u;
-} KMF_EXPORTP12_PARAMS;
-
-typedef struct {
- KMF_KEYSTORE_TYPE kstype;
- KMF_KEY_ALG keytype;
- uint32_t keylength;
- char *keylabel;
- KMF_CREDENTIAL cred;
- union {
- KMF_NSS_PARAMS nss_opts;
- KMF_OPENSSL_PARAMS openssl_opts;
- KMF_PKCS11_PARAMS pkcs11_opts;
- }ks_opt_u;
-} KMF_CREATESYMKEY_PARAMS;
-
-/* Data structures for OCSP support */
-typedef struct {
- KMF_DATA *issuer_cert;
- KMF_DATA *user_cert;
-} KMF_OCSPREQUEST_PARAMS;
-
-typedef struct {
- KMF_DATA *response;
- KMF_DATA *issuer_cert;
- KMF_DATA *user_cert;
- KMF_DATA *signer_cert; /* can be NULL */
- boolean_t ignore_response_sign; /* default is FALSE */
- uint32_t response_lifetime; /* in seconds */
-} KMF_OCSPRESPONSE_PARAMS_INPUT;
-
-typedef enum {
- OCSP_GOOD = 0,
- OCSP_REVOKED = 1,
- OCSP_UNKNOWN = 2
-} KMF_OCSP_CERT_STATUS;
-
-typedef struct {
- int response_status;
- int reason; /* if revoked */
- KMF_OCSP_CERT_STATUS cert_status;
-} KMF_OCSPRESPONSE_PARAMS_OUTPUT;
-
-#define nssparms ks_opt_u.nss_opts
-#define sslparms ks_opt_u.openssl_opts
-#define pkcs11parms ks_opt_u.pkcs11_opts
typedef struct {
KMF_KEYSTORE_TYPE kstype;
@@ -605,9 +323,17 @@ typedef enum {
KMF_KEYSTORE_ALREADY_INITIALIZED = 0x50,
KMF_ERR_SENSITIVE_KEY = 0x51,
KMF_ERR_UNEXTRACTABLE_KEY = 0x52,
- KMF_ERR_KEY_MISMATCH = 0x53
+ KMF_ERR_KEY_MISMATCH = 0x53,
+ KMF_ERR_ATTR_NOT_FOUND = 0x54
} KMF_RETURN;
+/* Data structures for OCSP support */
+typedef enum {
+ OCSP_GOOD = 0,
+ OCSP_REVOKED = 1,
+ OCSP_UNKNOWN = 2
+} KMF_OCSP_CERT_STATUS;
+
typedef enum {
OCSP_SUCCESS = 0,
OCSP_MALFORMED_REQUEST = 1,
@@ -984,6 +710,90 @@ typedef struct {
KMF_CRL_DIST_POINT *dplist;
} KMF_X509EXT_CRLDISTPOINTS;
+typedef enum {
+ KMF_DATA_ATTR,
+ KMF_OID_ATTR,
+ KMF_BIGINT_ATTR,
+ KMF_X509_DER_CERT_ATTR,
+ KMF_KEYSTORE_TYPE_ATTR,
+ KMF_ENCODE_FORMAT_ATTR,
+ KMF_CERT_VALIDITY_ATTR,
+ KMF_KU_PURPOSE_ATTR,
+ KMF_ALGORITHM_INDEX_ATTR,
+ KMF_TOKEN_LABEL_ATTR,
+ KMF_READONLY_ATTR,
+ KMF_DIRPATH_ATTR,
+ KMF_CERTPREFIX_ATTR,
+ KMF_KEYPREFIX_ATTR,
+ KMF_SECMODNAME_ATTR,
+ KMF_CREDENTIAL_ATTR,
+ KMF_TRUSTFLAG_ATTR,
+ KMF_CRL_FILENAME_ATTR,
+ KMF_CRL_CHECK_ATTR,
+ KMF_CRL_DATA_ATTR,
+ KMF_CRL_SUBJECT_ATTR,
+ KMF_CRL_ISSUER_ATTR,
+ KMF_CRL_NAMELIST_ATTR,
+ KMF_CRL_COUNT_ATTR,
+ KMF_CRL_OUTFILE_ATTR,
+ KMF_CERT_LABEL_ATTR,
+ KMF_SUBJECT_NAME_ATTR,
+ KMF_ISSUER_NAME_ATTR,
+ KMF_CERT_FILENAME_ATTR,
+ KMF_KEY_FILENAME_ATTR,
+ KMF_OUTPUT_FILENAME_ATTR,
+ KMF_IDSTR_ATTR,
+ KMF_CERT_DATA_ATTR,
+ KMF_OCSP_RESPONSE_DATA_ATTR,
+ KMF_OCSP_RESPONSE_STATUS_ATTR,
+ KMF_OCSP_RESPONSE_REASON_ATTR,
+ KMF_OCSP_RESPONSE_CERT_STATUS_ATTR,
+ KMF_OCSP_REQUEST_FILENAME_ATTR,
+ KMF_KEYALG_ATTR,
+ KMF_KEYCLASS_ATTR,
+ KMF_KEYLABEL_ATTR,
+ KMF_KEYLENGTH_ATTR,
+ KMF_RSAEXP_ATTR,
+ KMF_TACERT_DATA_ATTR,
+ KMF_SLOT_ID_ATTR,
+ KMF_PK12CRED_ATTR,
+ KMF_ISSUER_CERT_DATA_ATTR,
+ KMF_USER_CERT_DATA_ATTR,
+ KMF_SIGNER_CERT_DATA_ATTR,
+ KMF_IGNORE_RESPONSE_SIGN_ATTR,
+ KMF_RESPONSE_LIFETIME_ATTR,
+ KMF_KEY_HANDLE_ATTR,
+ KMF_PRIVKEY_HANDLE_ATTR,
+ KMF_PUBKEY_HANDLE_ATTR,
+ KMF_ERROR_ATTR,
+ KMF_X509_NAME_ATTR,
+ KMF_X509_SPKI_ATTR,
+ KMF_X509_CERTIFICATE_ATTR,
+ KMF_RAW_KEY_ATTR,
+ KMF_CSR_DATA_ATTR,
+ KMF_GENERALNAMECHOICES_ATTR,
+ KMF_STOREKEY_BOOL_ATTR,
+ KMF_SENSITIVE_BOOL_ATTR,
+ KMF_NON_EXTRACTABLE_BOOL_ATTR,
+ KMF_TOKEN_BOOL_ATTR,
+ KMF_PRIVATE_BOOL_ATTR,
+ KMF_NEWPIN_ATTR,
+ KMF_IN_SIGN_ATTR,
+ KMF_OUT_DATA_ATTR,
+ KMF_COUNT_ATTR,
+ KMF_DESTROY_BOOL_ATTR,
+ KMF_TBS_CERT_DATA_ATTR,
+ KMF_PLAINTEXT_DATA_ATTR,
+ KMF_CIPHERTEXT_DATA_ATTR,
+ KMF_VALIDATE_RESULT_ATTR,
+ KMF_KEY_DATA_ATTR
+} KMF_ATTR_TYPE;
+
+typedef struct {
+ KMF_ATTR_TYPE type;
+ void *pValue;
+ uint32_t valueLen;
+} KMF_ATTRIBUTE;
/*
* Definitions for common X.509v3 certificate attribute OIDs
@@ -1356,6 +1166,145 @@ KMFOID_X9CM_DSAWithSHA1;
#define KMF_EKU_OCSPSIGNING 0x20
+/*
+ * Legacy support only - do not use these data structures - they can be
+ * removed at any time.
+ */
+
+/* Keystore Configuration */
+typedef struct {
+ char *configdir;
+ char *certPrefix;
+ char *keyPrefix;
+ char *secModName;
+} KMF_NSS_CONFIG;
+
+typedef struct {
+ char *label;
+ boolean_t readonly;
+} KMF_PKCS11_CONFIG;
+
+typedef struct {
+ KMF_KEYSTORE_TYPE kstype;
+ union {
+ KMF_NSS_CONFIG nss_conf;
+ KMF_PKCS11_CONFIG pkcs11_conf;
+ } ks_config_u;
+} KMF_CONFIG_PARAMS;
+
+#define nssconfig ks_config_u.nss_conf
+#define pkcs11config ks_config_u.pkcs11_conf
+
+
+typedef struct
+{
+ char *trustflag;
+ char *slotlabel; /* "internal" by default */
+ int issuerId;
+ int subjectId;
+ char *crlfile; /* for ImportCRL */
+ boolean_t crl_check; /* for ImportCRL */
+
+ /*
+ * The following 2 variables are for FindCertInCRL. The caller can
+ * either specify certLabel or provide the entire certificate in
+ * DER format as input.
+ */
+ char *certLabel; /* for FindCertInCRL */
+ KMF_DATA *certificate; /* for FindCertInCRL */
+
+ /*
+ * crl_subjName and crl_issuerName are used as the CRL deletion
+ * criteria. One should be non-NULL and the other one should be NULL.
+ * If crl_subjName is not NULL, then delete CRL by the subject name.
+ * Othewise, delete by the issuer name.
+ */
+ char *crl_subjName;
+ char *crl_issuerName;
+} KMF_NSS_PARAMS;
+
+typedef struct {
+ char *dirpath;
+ char *certfile;
+ char *crlfile;
+ char *keyfile;
+ char *outcrlfile;
+ boolean_t crl_check; /* CRL import check; default is true */
+ KMF_ENCODE_FORMAT format; /* output file format */
+} KMF_OPENSSL_PARAMS;
+
+typedef struct {
+ boolean_t private; /* for finding CKA_PRIVATE objects */
+ boolean_t sensitive;
+ boolean_t not_extractable;
+ boolean_t token; /* true == token object, false == session */
+} KMF_PKCS11_PARAMS;
+
+typedef struct {
+ KMF_KEYSTORE_TYPE kstype;
+ char *certLabel;
+ char *issuer;
+ char *subject;
+ char *idstr;
+ KMF_BIGINT *serial;
+ KMF_CERT_VALIDITY find_cert_validity;
+
+ union {
+ KMF_NSS_PARAMS nss_opts;
+ KMF_OPENSSL_PARAMS openssl_opts;
+ KMF_PKCS11_PARAMS pkcs11_opts;
+ } ks_opt_u;
+} KMF_FINDCERT_PARAMS, KMF_DELETECERT_PARAMS;
+
+typedef struct {
+ KMF_KEYSTORE_TYPE kstype;
+ KMF_CREDENTIAL cred;
+ KMF_KEY_CLASS keyclass;
+ KMF_KEY_ALG keytype;
+ KMF_ENCODE_FORMAT format; /* for key */
+ char *findLabel;
+ char *idstr;
+ union {
+ KMF_NSS_PARAMS nss_opts;
+ KMF_OPENSSL_PARAMS openssl_opts;
+ KMF_PKCS11_PARAMS pkcs11_opts;
+ } ks_opt_u;
+} KMF_FINDKEY_PARAMS;
+
+typedef struct {
+ KMF_KEYSTORE_TYPE kstype;
+ KMF_KEY_ALG keytype;
+ uint32_t keylength;
+ char *keylabel;
+ KMF_CREDENTIAL cred;
+ KMF_BIGINT rsa_exponent;
+ union {
+ KMF_NSS_PARAMS nss_opts;
+ KMF_OPENSSL_PARAMS openssl_opts;
+ }ks_opt_u;
+} KMF_CREATEKEYPAIR_PARAMS;
+
+
+typedef struct {
+ KMF_KEYSTORE_TYPE kstype;
+ KMF_CREDENTIAL cred;
+ KMF_ENCODE_FORMAT format; /* for key */
+ char *certLabel;
+ KMF_ALGORITHM_INDEX algid;
+ union {
+ KMF_NSS_PARAMS nss_opts;
+ KMF_OPENSSL_PARAMS openssl_opts;
+ }ks_opt_u;
+} KMF_CRYPTOWITHCERT_PARAMS;
+
+typedef struct {
+ char *crl_name;
+} KMF_CHECKCRLDATE_PARAMS;
+
+#define nssparms ks_opt_u.nss_opts
+#define sslparms ks_opt_u.openssl_opts
+#define pkcs11parms ks_opt_u.pkcs11_opts
+
#ifdef __cplusplus
}
#endif
diff --git a/usr/src/lib/libkmf/include/rdn_parser.h b/usr/src/lib/libkmf/include/rdn_parser.h
index 80c7e61d93..22eecda324 100644
--- a/usr/src/lib/libkmf/include/rdn_parser.h
+++ b/usr/src/lib/libkmf/include/rdn_parser.h
@@ -98,8 +98,6 @@ struct NameToKind {
((c) == '?'))
-KMF_RETURN ParseDistinguishedName(char *, int, KMF_X509_NAME *);
-
#ifdef __cplusplus
}
#endif
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-13 14:46:59 +0000