1 files changed, 293 insertions, 0 deletions
diff --git a/usr/src/lib/libkmsagent/common/KMSAgentPKICommon.h b/usr/src/lib/libkmsagent/common/KMSAgentPKICommon.h
new file mode 100644
index 0000000000..b9ed831485
--- /dev/null
+++ b/usr/src/lib/libkmsagent/common/KMSAgentPKICommon.h
@@ -0,0 +1,293 @@
+/*
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
+ *
+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ * or http://www.opensolaris.org/os/licensing.
+ * See the License for the specific language governing permissions
+ * and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL HEADER in each
+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ * If applicable, add the following below this CDDL HEADER, with the
+ * fields enclosed by brackets "[]" replaced with your own identifying
+ * information: Portions Copyright [yyyy] [name of copyright owner]
+ *
+ * CDDL HEADER END
+ */
+
+/*
+ * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+ */
+
+/*-------------------------------------------------------------------------*/
+/**
+ * \file KMSAgentPKICommon.h
+ *
+ * X.509 Certificate and Private Key Support Interface
+ *
+ * This module provides simple interfaces to support SSL communication
+ * for the KMS Agent enrollment protocol.  Basic classes supporting 
+ * X.509 certificates, private key management are provided and hide
+ * specific implementations from users of these classes.
+ */
+/*-------------------------------------------------------------------------*/
+
+#ifndef K_KMSAgentPKICommon_h
+#define K_KMSAgentPKICommon_h
+
+#ifdef WIN32
+#pragma warning(disable: 4786)
+#endif
+
+#define MAX_CERT_SIZE                                       4096
+#define MAX_KEY_SIZE                                        4096
+
+#define DEFAULT_KEY_SIZE                                    2048
+
+#ifdef KMSUSERPKCS12
+enum EnumPKIFileFormat { FILE_FORMAT_DER, FILE_FORMAT_PEM, FILE_FORMAT_PKCS12 };
+#else
+enum EnumPKIFileFormat { FILE_FORMAT_DER, FILE_FORMAT_PEM };
+#endif
+
+/**
+ *   This class provides a simple interface for the management of
+ *   public keys.  Simple load and store operations are provided for
+ *   storage and retrieval from memory buffers.
+ */
+class CPublicKey
+{
+
+public:
+
+	CPublicKey();
+
+	/**
+     * This method saves public key into a buffer,
+     * it also returns the actual used buffer length.
+     * @param i_pcBuffer Buffer to receive public key
+     * @param i_iBufferLength length of the buffer provided
+     * @param o_pActualLength actual length of the public key stored into the buffer
+     * @param i_iFormat key format, @see EnumPKIFileFormat
+     */
+    bool Save(unsigned char * const i_pcBuffer, 
+            int                     i_iBufferLength, 
+            int * const             o_pActualLength,
+			int                     i_iFormat);
+   /**
+     *  This method loads the public key from a buffer
+     *  @param i_pcBuffer
+     *  @param i_iLength
+     *  @param i_iFormat   one of the enums from EnumPKIFileFormat,
+     *                     only FILE_FORMAT_PEM is supported.
+     *  @return true for success, false otherwise
+     */
+    bool Load (unsigned char * const i_pcBuffer,
+               int i_iLength,
+               int i_iFormat);
+    
+   /**
+     *   use this object's public key to encrypt plaintext buffer
+     */
+    bool Encrypt (int i_iLength,
+                  const unsigned char * const i_pcPlainText,
+                  unsigned char * const o_pcCypherText,
+                  int * const o_pActualLength);
+    
+    ~CPublicKey();
+
+private:
+   void *m_pPublicKeyImpl;
+};
+
+/**
+ *   This class provides a simple interface for the management of
+ *   private keys.  Simple load and store operations are provided for
+ *   storage and retrieval from memory buffers.
+ *
+ */
+class CPrivateKey
+{
+
+  public:
+
+   CPrivateKey();
+    
+   /**
+    *   Saves the private key to a memory buffer specified by
+    *   i_pcBuffer. Currently just the PEM format is supported.
+    *   Specification of a passphrase allows encryption of the private
+    *   key subject to the choice of the implementation.
+    *
+    *   @param[in]   i_pcBuffer
+    *   @param[in]   i_iBufferLength
+    *   @param[out]  o_pActualLength
+    *   @param[in]   i_pPassphrase optional, if non-null the private key is
+    *   wrapped using this passphrase
+    *   @param[in]   i_iFormat   one of the enums from EnumPKIFileFormat,
+    *                      only FILE_FORMAT_PEM is supported.
+    *   @return true for success, false otherwise
+    */
+   bool Save( unsigned char * const      i_pcBuffer, 
+              int                        i_iBufferLength,
+              int * const                o_pActualLength,
+              const char * const         i_pPassphrase, 
+              int                        i_iFormat );
+
+   /**
+    *  This method loads the private key from a buffer
+    *  @param i_pcBuffer
+    *  @param i_iLength
+    *  @param i_pPassphrase optional, if non-null the private key is
+    *   unwrapped using this passphrase
+    *  @param i_iFormat   one of the enums from EnumPKIFileFormat,
+    *                     only FILE_FORMAT_PEM is supported.
+    *  @return true for success, false otherwise
+    */
+   bool Load(unsigned char * const i_pcBuffer,
+             int                   i_iLength,
+             const char * const    i_pPassphrase,
+             int                   i_iFormat);
+
+   ~CPrivateKey();
+
+#ifdef KMSUSERPKCS12
+	void *GetNative();
+	void SetNative(void *);
+#endif
+  private:
+   void *m_pPKeyImpl;
+
+};
+
+/**
+ *   This class provides a simple interface for managing X.509
+ *   certificates providing only simple load and save operations for
+ *   storage and retrieval.
+ *
+ */
+class CCertificate
+{
+
+public:
+	CCertificate();
+
+	~CCertificate();
+    
+    /**
+     *   save the certificate to the specified file name. Currently,
+     *   only FILE_FORMAT_PEM is supported.
+     */
+	bool Save(  const char * const  i_pcFileName, 
+                int                 i_iFormat);
+
+    /**
+     *  save the certificate to the specified buffer. Currently, only
+     *  FILE_FORMAT_PEM is supported.
+     */      
+	bool Save( unsigned char * const i_pcBuffer,
+               int                   i_iBufferLength,
+               int * const           o_pActualLength,
+               int                   i_iFormat);
+
+    /**
+     *   load a certificate from the specified filename. Currently,
+     *   only FILE_FORMAT_PEM is supported.
+     */      
+    bool Load( const char * const i_pcFileName, 
+               int                i_iFormat );
+
+    /**
+     *   load a certificate from the specified buffer. Currently, only
+     *   FILE_FORMAT_PEM is supported.
+     */          
+    bool Load( unsigned char * const i_pcBuffer,
+               int                   i_iLength,
+               int                   i_iFormat );
+
+    /**
+     *   prints the certificate to stdout
+     */          
+    bool Dump();
+        
+#ifdef KMSUSERPKCS12
+	bool LoadPKCS12CertAndKey(char *filename,
+		int i_iFormat,
+		CPrivateKey *i_pPrivateKey,
+		char *i_pPassphrase);
+
+	bool SavePKCS12(
+	    unsigned char *i_pcBuffer,
+	    int i_iBufferLength,
+	    int *o_pActualLength,
+	    CPrivateKey* i_pPrivateKey,
+	    char* i_sPassphrase );
+#endif
+
+private:
+    /**
+     *  an opague pointer to implementation specific resources to be
+     *  freed by the Destructor.
+     */
+    void    *m_pCertImpl;
+#ifdef KMSUSERPKCS12
+    /**
+     * saves certificate to PKCS#12 memory BIO
+     * @param i_pPrivateKey
+     * @param i_sPassphrase
+     * @return pointer to the Memory BIO
+     */
+    void* SaveCertToPKCS12MemoryBIO(
+            CPrivateKey* i_pPrivateKey,
+            char *i_sPassphrase);
+#endif
+
+};
+
+
+/**
+ *  This class provides a method for storing an X.509 certificate and
+ *  private key to a file.  The private key is appended to the
+ *  certificate and optionally encrypted with the specified passphrase
+ *  for encoding and storage in PEM format.
+ */
+class CPKI
+{
+  public:
+   CPKI();
+   ~CPKI();
+
+  public:
+
+      /**
+       *   exports a certificate and associated private key to the
+       *   specified file.
+       *   @param i_pCertificate a pointer to an instance of a certificate
+       *   @param i_pPrivateKey  a pointer to an instance of a private key 
+       *   @param i_pcFileName  the name of the file to store the cert and private key
+       *   @param i_sPassphrase optional but when provided supplies a
+       *   pass phrase to use for encrypting the private key.  The cipher
+       *   used for encryption is determined by the underlying implementation 
+       *   which for the reference implementation uses triple DES by default.
+       *   @param i_eFileFormat the encoding format to use for the certificate and private key
+       */
+      bool ExportCertAndKeyToFile(
+            CCertificate* const         i_pCertificate,  
+            CPrivateKey*  const         i_pPrivateKey,
+            const char* const           i_pcFileName,
+            const char* const           i_sPassphrase,
+            EnumPKIFileFormat           i_eFileFormat );
+
+  private:
+
+   int m_iKeyLength;
+
+   CCertificate *m_pCACertificate;
+   CPrivateKey *m_pCAPrivateKey;
+ };
+
+#endif  //K_KMSAgentPKICommon_h