1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
|
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
* Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
*/
#ifndef _KMFAPIP_H
#define _KMFAPIP_H
#include <kmfapi.h>
#include <kmfpolicy.h>
#ifdef __cplusplus
extern "C" {
#endif
/* Plugin function table */
typedef struct {
ushort_t version;
KMF_RETURN (*ConfigureKeystore) (
KMF_HANDLE_T,
int,
KMF_ATTRIBUTE *);
KMF_RETURN (*FindCert) (
KMF_HANDLE_T,
int,
KMF_ATTRIBUTE *);
void (*FreeKMFCert) (
KMF_HANDLE_T,
KMF_X509_DER_CERT *);
KMF_RETURN (*StoreCert) (
KMF_HANDLE_T,
int, KMF_ATTRIBUTE *);
KMF_RETURN (*ImportCert) (
KMF_HANDLE_T,
int, KMF_ATTRIBUTE *);
KMF_RETURN (*ImportCRL) (
KMF_HANDLE_T,
int, KMF_ATTRIBUTE *);
KMF_RETURN (*DeleteCert) (
KMF_HANDLE_T,
int, KMF_ATTRIBUTE *);
KMF_RETURN (*DeleteCRL) (
KMF_HANDLE_T,
int, KMF_ATTRIBUTE *);
KMF_RETURN (*CreateKeypair) (
KMF_HANDLE_T,
int,
KMF_ATTRIBUTE *);
KMF_RETURN (*FindKey) (
KMF_HANDLE_T,
int,
KMF_ATTRIBUTE *);
KMF_RETURN (*EncodePubkeyData) (
KMF_HANDLE_T,
KMF_KEY_HANDLE *,
KMF_DATA *);
KMF_RETURN (*SignData) (
KMF_HANDLE_T,
KMF_KEY_HANDLE *,
KMF_OID *,
KMF_DATA *,
KMF_DATA *);
KMF_RETURN (*DeleteKey) (
KMF_HANDLE_T,
int,
KMF_ATTRIBUTE *);
KMF_RETURN (*ListCRL) (
KMF_HANDLE_T,
int, KMF_ATTRIBUTE *);
KMF_RETURN (*FindCRL) (
KMF_HANDLE_T,
int, KMF_ATTRIBUTE *);
KMF_RETURN (*FindCertInCRL) (
KMF_HANDLE_T,
int, KMF_ATTRIBUTE *);
KMF_RETURN (*GetErrorString) (
KMF_HANDLE_T,
char **);
KMF_RETURN (*FindPrikeyByCert) (
KMF_HANDLE_T,
int,
KMF_ATTRIBUTE *);
KMF_RETURN (*DecryptData) (
KMF_HANDLE_T,
KMF_KEY_HANDLE *,
KMF_OID *,
KMF_DATA *,
KMF_DATA *);
KMF_RETURN (*ExportPK12)(
KMF_HANDLE_T,
int,
KMF_ATTRIBUTE *);
KMF_RETURN (*CreateSymKey) (
KMF_HANDLE_T,
int,
KMF_ATTRIBUTE *);
KMF_RETURN (*GetSymKeyValue) (
KMF_HANDLE_T,
KMF_KEY_HANDLE *,
KMF_RAW_SYM_KEY *);
KMF_RETURN (*SetTokenPin) (
KMF_HANDLE_T,
int, KMF_ATTRIBUTE *);
KMF_RETURN (*StoreKey) (
KMF_HANDLE_T,
int,
KMF_ATTRIBUTE *);
void (*Finalize) ();
} KMF_PLUGIN_FUNCLIST;
typedef struct {
KMF_ATTR_TYPE type;
boolean_t null_value_ok; /* Is the pValue required */
uint32_t minlen;
uint32_t maxlen;
} KMF_ATTRIBUTE_TESTER;
typedef struct {
KMF_KEYSTORE_TYPE type;
char *applications;
char *path;
void *dldesc;
KMF_PLUGIN_FUNCLIST *funclist;
} KMF_PLUGIN;
typedef struct _KMF_PLUGIN_LIST {
KMF_PLUGIN *plugin;
struct _KMF_PLUGIN_LIST *next;
} KMF_PLUGIN_LIST;
typedef struct _kmf_handle {
/*
* session handle opened by kmf_select_token() to talk
* to a specific slot in Crypto framework. It is used
* by pkcs11 plugin module.
*/
CK_SESSION_HANDLE pk11handle;
KMF_ERROR lasterr;
KMF_POLICY_RECORD *policy;
KMF_PLUGIN_LIST *plugins;
KMF_MAPPER_STATE *mapstate;
} KMF_HANDLE;
#define CLEAR_ERROR(h, rv) { \
if (h == NULL) { \
rv = KMF_ERR_BAD_PARAMETER; \
} else { \
h->lasterr.errcode = 0; \
h->lasterr.kstype = 0; \
rv = KMF_OK; \
} \
}
#define KMF_PLUGIN_INIT_SYMBOL "KMF_Plugin_Initialize"
#ifndef KMF_PLUGIN_PATH
#if defined(__sparcv9)
#define KMF_PLUGIN_PATH "/lib/crypto/sparcv9/"
#elif defined(__sparc)
#define KMF_PLUGIN_PATH "/lib/crypto/"
#elif defined(__i386)
#define KMF_PLUGIN_PATH "/lib/crypto/"
#elif defined(__amd64)
#define KMF_PLUGIN_PATH "/lib/crypto/amd64/"
#endif
#endif /* !KMF_PLUGIN_PATH */
KMF_PLUGIN_FUNCLIST *KMF_Plugin_Initialize();
extern KMF_RETURN
VerifyDataWithKey(KMF_HANDLE_T, KMF_DATA *, KMF_ALGORITHM_INDEX,
KMF_DATA *, KMF_DATA *);
extern KMF_BOOL pkcs_algid_to_keytype(
KMF_ALGORITHM_INDEX, CK_KEY_TYPE *);
extern KMF_RETURN PKCS_DigestData(KMF_HANDLE_T,
CK_SESSION_HANDLE, CK_MECHANISM_TYPE,
KMF_DATA *, KMF_DATA *, boolean_t);
extern KMF_RETURN PKCS_VerifyData(
KMF_HANDLE *,
KMF_ALGORITHM_INDEX,
KMF_X509_SPKI *,
KMF_DATA *, KMF_DATA *);
extern KMF_RETURN PKCS_EncryptData(
KMF_HANDLE *,
KMF_ALGORITHM_INDEX,
KMF_X509_SPKI *,
KMF_DATA *,
KMF_DATA *);
extern KMF_PLUGIN *FindPlugin(KMF_HANDLE_T, KMF_KEYSTORE_TYPE);
extern KMF_BOOL IsEqualOid(KMF_OID *, KMF_OID *);
extern KMF_RETURN copy_algoid(KMF_X509_ALGORITHM_IDENTIFIER *destid,
KMF_X509_ALGORITHM_IDENTIFIER *srcid);
extern KMF_OID *x509_algid_to_algoid(KMF_ALGORITHM_INDEX);
extern KMF_ALGORITHM_INDEX x509_algoid_to_algid(KMF_OID *);
extern KMF_RETURN GetIDFromSPKI(KMF_X509_SPKI *, KMF_DATA *);
extern KMF_RETURN kmf_select_token(KMF_HANDLE_T, char *, int);
extern KMF_RETURN kmf_set_altname(KMF_X509_EXTENSIONS *,
KMF_OID *, int, KMF_GENERALNAMECHOICES, char *);
extern KMF_RETURN GetSequenceContents(char *, size_t, char **, size_t *);
extern KMF_X509_EXTENSION *FindExtn(KMF_X509_EXTENSIONS *, KMF_OID *);
extern KMF_RETURN add_an_extension(KMF_X509_EXTENSIONS *exts,
KMF_X509_EXTENSION *newextn);
extern KMF_RETURN set_integer(KMF_DATA *, void *, int);
extern void free_keyidlist(KMF_OID *, int);
extern KMF_RETURN copy_data(KMF_DATA *, KMF_DATA *);
extern void Cleanup_PK11_Session(KMF_HANDLE_T handle);
extern void free_dp_name(KMF_CRL_DIST_POINT *);
extern void free_dp(KMF_CRL_DIST_POINT *);
extern KMF_RETURN set_key_usage_extension(KMF_X509_EXTENSIONS *,
int, uint32_t);
extern KMF_RETURN init_pk11();
extern KMF_RETURN test_attributes(int, KMF_ATTRIBUTE_TESTER *,
int, KMF_ATTRIBUTE_TESTER *, int, KMF_ATTRIBUTE *);
/* Indexes into the key parts array for RSA keys */
#define KMF_RSA_MODULUS (0)
#define KMF_RSA_PUBLIC_EXPONENT (1)
#define KMF_RSA_PRIVATE_EXPONENT (2)
#define KMF_RSA_PRIME1 (3)
#define KMF_RSA_PRIME2 (4)
#define KMF_RSA_EXPONENT1 (5)
#define KMF_RSA_EXPONENT2 (6)
#define KMF_RSA_COEFFICIENT (7)
/* Key part counts for RSA keys */
#define KMF_NUMBER_RSA_PUBLIC_KEY_PARTS (2)
#define KMF_NUMBER_RSA_PRIVATE_KEY_PARTS (8)
/* Key part counts for DSA keys */
#define KMF_NUMBER_DSA_PUBLIC_KEY_PARTS (4)
#define KMF_NUMBER_DSA_PRIVATE_KEY_PARTS (4)
/* Indexes into the key parts array for DSA keys */
#define KMF_DSA_PRIME (0)
#define KMF_DSA_SUB_PRIME (1)
#define KMF_DSA_BASE (2)
#define KMF_DSA_PUBLIC_VALUE (3)
#define KMF_ECDSA_PARAMS (0)
#define KMF_ECDSA_POINT (1)
#ifndef max
#define max(a, b) ((a) < (b) ? (b) : (a))
#endif
/* Maximum key parts for all algorithms */
#define KMF_MAX_PUBLIC_KEY_PARTS \
(max(KMF_NUMBER_RSA_PUBLIC_KEY_PARTS, \
KMF_NUMBER_DSA_PUBLIC_KEY_PARTS))
#define KMF_MAX_PRIVATE_KEY_PARTS \
(max(KMF_NUMBER_RSA_PRIVATE_KEY_PARTS, \
KMF_NUMBER_DSA_PRIVATE_KEY_PARTS))
#define KMF_MAX_KEY_PARTS \
(max(KMF_MAX_PUBLIC_KEY_PARTS, KMF_MAX_PRIVATE_KEY_PARTS))
typedef enum {
KMF_ALGMODE_NONE = 0,
KMF_ALGMODE_CUSTOM,
KMF_ALGMODE_PUBLIC_KEY,
KMF_ALGMODE_PRIVATE_KEY,
KMF_ALGMODE_PKCS1_EMSA_V15
} KMF_SIGNATURE_MODE;
#define KMF_CERT_PRINTABLE_LEN 1024
#define SHA1_HASH_LENGTH 20
#define OCSPREQ_TEMPNAME "/tmp/ocsp.reqXXXXXX"
#define OCSPRESP_TEMPNAME "/tmp/ocsp.respXXXXXX"
#define _PATH_KMF_CONF "/etc/crypto/kmf.conf"
#define CONF_MODULEPATH "modulepath="
#define CONF_OPTION "option="
typedef struct {
char *keystore;
char *modulepath;
char *option;
KMF_KEYSTORE_TYPE kstype;
} conf_entry_t;
typedef struct conf_entrylist {
conf_entry_t *entry;
struct conf_entrylist *next;
} conf_entrylist_t;
extern KMF_RETURN get_pk11_data(KMF_ALGORITHM_INDEX,
CK_KEY_TYPE *, CK_MECHANISM_TYPE *, CK_MECHANISM_TYPE *, boolean_t);
extern KMF_RETURN kmf_create_pk11_session(CK_SESSION_HANDLE *,
CK_MECHANISM_TYPE, CK_FLAGS);
extern KMF_RETURN get_entrylist(conf_entrylist_t **);
extern void free_entrylist(conf_entrylist_t *);
extern void free_entry(conf_entry_t *);
extern conf_entry_t *dup_entry(conf_entry_t *);
extern boolean_t is_valid_keystore_type(KMF_KEYSTORE_TYPE);
extern KMF_BOOL is_eku_present(KMF_X509EXT_EKU *, KMF_OID *);
extern KMF_RETURN parse_eku_data(const KMF_DATA *, KMF_X509EXT_EKU *);
extern KMF_RETURN copy_extension_data(KMF_X509_EXTENSION *,
KMF_X509_EXTENSION *);
extern char *get_mapper_pathname(char *, char *);
#ifdef __cplusplus
}
#endif
#endif /* _KMFAPIP_H */
|
