| Current File : //usr/include/kmfapi.h |
/*
* Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved.
*
* Constant definitions and function prototypes for the KMF library.
* Commonly used data types are defined in "kmftypes.h".
*/
#ifndef _KMFAPI_H
#define _KMFAPI_H
#include <kmftypes.h>
#include <security/cryptoki.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
* Setup operations.
*/
extern KMF_RETURN kmf_initialize(KMF_HANDLE_T *outhandle, char *policyfile,
char *policyname);
extern KMF_RETURN kmf_configure_keystore(KMF_HANDLE_T handle,
int num_args, KMF_ATTRIBUTE *attrlist);
extern KMF_RETURN kmf_finalize(KMF_HANDLE_T handle);
extern KMF_RETURN kmf_new_session(KMF_HANDLE_T inhandle,
KMF_HANDLE_T *outhandle);
/*
* Key operations.
*/
extern KMF_RETURN kmf_create_keypair(KMF_HANDLE_T handle, int num_args,
KMF_ATTRIBUTE *attrlist);
extern KMF_RETURN kmf_delete_key_from_keystore(KMF_HANDLE_T handle,
int num_args, KMF_ATTRIBUTE *attrlist);
extern KMF_RETURN kmf_find_key(KMF_HANDLE_T handle, int num_args,
KMF_ATTRIBUTE *attrlist);
extern KMF_RETURN kmf_find_prikey_by_cert(KMF_HANDLE_T handle, int numattr,
KMF_ATTRIBUTE *attrlist);
extern KMF_RETURN kmf_store_key(KMF_HANDLE_T handle, int numattr,
KMF_ATTRIBUTE *attrlist);
extern KMF_RETURN kmf_create_sym_key(KMF_HANDLE_T handle, int num_args,
KMF_ATTRIBUTE *attrlist);
extern KMF_RETURN kmf_get_sym_key_value(KMF_HANDLE_T handle,
KMF_KEY_HANDLE *symkey, KMF_RAW_SYM_KEY *rkey);
/*
* Certificate operations.
*/
extern KMF_RETURN kmf_find_cert(KMF_HANDLE_T handle, int numattr,
KMF_ATTRIBUTE *attrlist);
extern KMF_RETURN kmf_encode_cert_record(KMF_X509_CERTIFICATE *CertData,
KMF_DATA *encodedCert);
extern KMF_RETURN kmf_import_cert(KMF_HANDLE_T handle, int numattr,
KMF_ATTRIBUTE *attrlist);
extern KMF_RETURN kmf_store_cert(KMF_HANDLE_T handle, int numattr,
KMF_ATTRIBUTE *attrlist);
extern KMF_RETURN kmf_delete_cert_from_keystore(KMF_HANDLE_T handle,
int numattr, KMF_ATTRIBUTE *attrlist);
extern KMF_RETURN kmf_validate_cert(KMF_HANDLE_T handle, int numattr,
KMF_ATTRIBUTE *attrlist);
extern KMF_RETURN kmf_get_cert_chain(KMF_HANDLE_T handle, int numattr,
KMF_ATTRIBUTE *attrlist);
extern void kmf_free_cert_chain(KMF_CERT_CHAIN *chain);
extern KMF_RETURN kmf_create_cert_file(const KMF_DATA *certdata,
KMF_ENCODE_FORMAT format, char *certfile);
extern KMF_RETURN kmf_download_cert(KMF_HANDLE_T handle, char *uri,
char *proxy, int proxy_port, unsigned int maxsecs, char *certfile,
KMF_ENCODE_FORMAT *pformat);
extern KMF_RETURN kmf_is_cert_data(KMF_DATA *data, KMF_ENCODE_FORMAT *fmt);
extern KMF_RETURN kmf_is_cert_file(KMF_HANDLE_T handle, char *filename,
KMF_ENCODE_FORMAT *pformat);
extern KMF_RETURN kmf_check_cert_date(KMF_HANDLE_T handle,
const KMF_DATA *cert);
/*
* Crypto operations with key or cert.
*/
extern KMF_RETURN kmf_encrypt(KMF_HANDLE_T handle, int numattr,
KMF_ATTRIBUTE *attrlist);
extern KMF_RETURN kmf_decrypt(KMF_HANDLE_T handle, int numattr,
KMF_ATTRIBUTE *attrlist);
extern KMF_RETURN kmf_sign_cert(KMF_HANDLE_T handle, int numattr,
KMF_ATTRIBUTE *attrlist);
extern KMF_RETURN kmf_sign_data(KMF_HANDLE_T handle, int numattr,
KMF_ATTRIBUTE *attrlist);
extern KMF_RETURN kmf_verify_cert(KMF_HANDLE_T handle, int numattr,
KMF_ATTRIBUTE *attrlist);
extern KMF_RETURN kmf_verify_data(KMF_HANDLE_T handle, int numattr,
KMF_ATTRIBUTE *attrlist);
/*
* CRL operations.
*/
extern KMF_RETURN kmf_import_crl(KMF_HANDLE_T handle, int numattr,
KMF_ATTRIBUTE *attrlist);
extern KMF_RETURN kmf_delete_crl(KMF_HANDLE_T handle, int numattr,
KMF_ATTRIBUTE *attrlist);
extern KMF_RETURN kmf_list_crl(KMF_HANDLE_T handle, int numattr,
KMF_ATTRIBUTE *attrlist);
extern KMF_RETURN kmf_find_crl(KMF_HANDLE_T handle, int numattr,
KMF_ATTRIBUTE *attrlist);
extern KMF_RETURN kmf_find_cert_in_crl(KMF_HANDLE_T handle, int numattr,
KMF_ATTRIBUTE *attrlist);
extern KMF_RETURN kmf_verify_crl_file(KMF_HANDLE_T handle, char *crlfile,
KMF_DATA *tacert);
extern KMF_RETURN kmf_check_crl_date(KMF_HANDLE_T handle, char *crlname);
extern KMF_RETURN kmf_download_crl(KMF_HANDLE_T handle, char *uri, char *proxy,
int proxy_port, unsigned int maxsecs, char *crlfile,
KMF_ENCODE_FORMAT *pformat);
extern KMF_RETURN kmf_is_crl_file(KMF_HANDLE_T handle, char *filename,
KMF_ENCODE_FORMAT *pformat);
/*
* CSR operations.
*/
extern KMF_RETURN kmf_create_csr_file(KMF_DATA *csrdata,
KMF_ENCODE_FORMAT pformat, char *csrfile);
extern KMF_RETURN kmf_set_csr_pubkey(KMF_HANDLE_T handle,
KMF_KEY_HANDLE *KMFKey, KMF_CSR_DATA *Csr);
extern KMF_RETURN kmf_set_csr_version(KMF_CSR_DATA *CsrData, uint32_t version);
extern KMF_RETURN kmf_set_csr_subject(KMF_CSR_DATA *CsrData,
KMF_X509_NAME *subject_name_ptr);
extern KMF_RETURN kmf_set_csr_extn(KMF_CSR_DATA *CsrData,
KMF_X509_EXTENSION *extn);
extern KMF_RETURN kmf_set_csr_sig_alg(KMF_CSR_DATA *CsrData,
KMF_ALGORITHM_INDEX sigAlg);
extern KMF_RETURN kmf_set_csr_subject_altname(KMF_CSR_DATA *CsrData,
char *altname, int critical, KMF_GENERALNAMECHOICES alttype);
extern KMF_RETURN kmf_set_csr_ku(KMF_CSR_DATA *CSRData, int critical,
uint16_t kubits);
extern KMF_RETURN kmf_decode_csr(KMF_HANDLE_T handle, KMF_DATA *rawcsr,
KMF_CSR_DATA *csrdata);
extern KMF_RETURN kmf_verify_csr(KMF_HANDLE_T handle, int numattr,
KMF_ATTRIBUTE *attrlist);
extern KMF_RETURN kmf_sign_csr(KMF_HANDLE_T handle,
const KMF_CSR_DATA *tbsCsr, KMF_KEY_HANDLE *Signkey, KMF_DATA *SignedCsr);
extern KMF_RETURN kmf_add_csr_eku(KMF_CSR_DATA *CSRData, KMF_OID *ekuOID,
int critical);
extern KMF_RETURN kmf_set_rfc2986attr(KMF_HANDLE_T handle,
boolean_t rfc2986attr);
/*
* GetCert operations.
*/
extern KMF_RETURN kmf_get_cert_extn(const KMF_DATA *certdata, KMF_OID *extoid,
KMF_X509_EXTENSION *extdata);
extern KMF_RETURN kmf_get_cert_extns(const KMF_DATA *certdata,
KMF_FLAG_CERT_EXTN flag, KMF_X509_EXTENSION **extlist, int *nextns);
extern KMF_RETURN kmf_get_cert_ku(const KMF_DATA *certdata,
KMF_X509EXT_KEY_USAGE *keyusage);
extern KMF_RETURN kmf_get_cert_eku(const KMF_DATA *certdata,
KMF_X509EXT_EKU *ekuptr);
extern KMF_RETURN kmf_get_cert_basic_constraint(const KMF_DATA *certdata,
KMF_BOOL *critical, KMF_X509EXT_BASICCONSTRAINTS *constraint);
extern KMF_RETURN kmf_get_cert_policies(const KMF_DATA *certdata,
KMF_BOOL *critical, KMF_X509EXT_CERT_POLICIES *extptr);
extern KMF_RETURN kmf_get_cert_auth_info_access(const KMF_DATA *certdata,
KMF_X509EXT_AUTHINFOACCESS *aia);
extern KMF_RETURN kmf_get_cert_crl_dist_pts(const KMF_DATA *certdata,
KMF_X509EXT_CRLDISTPOINTS *crl_dps);
extern KMF_RETURN kmf_get_cert_version_str(KMF_HANDLE_T handle,
const KMF_DATA *SignedCert, char **result);
extern KMF_RETURN kmf_get_cert_subject_str(KMF_HANDLE_T handle,
const KMF_DATA *SignedCert, char **result);
extern KMF_RETURN kmf_get_cert_issuer_str(KMF_HANDLE_T handle,
const KMF_DATA *SignedCert, char **result);
extern KMF_RETURN kmf_get_cert_serial_str(KMF_HANDLE_T handle,
const KMF_DATA *SignedCert, char **result);
extern KMF_RETURN kmf_get_cert_start_date_str(KMF_HANDLE_T handle,
const KMF_DATA *SignedCert, char **result);
extern KMF_RETURN kmf_get_cert_end_date_str(KMF_HANDLE_T handle,
const KMF_DATA *SignedCert, char **result);
extern KMF_RETURN kmf_get_cert_pubkey_alg_str(KMF_HANDLE_T handle,
const KMF_DATA *SignedCert, char **result);
extern KMF_RETURN kmf_get_cert_sig_alg_str(KMF_HANDLE_T handle,
const KMF_DATA *SignedCert, char **result);
extern KMF_RETURN kmf_get_cert_pubkey_str(KMF_HANDLE_T handle,
const KMF_DATA *SignedCert, char **result);
extern KMF_RETURN kmf_get_cert_email_str(KMF_HANDLE_T handle,
const KMF_DATA *SignedCert, char **result);
extern KMF_RETURN kmf_get_cert_extn_str(KMF_HANDLE_T handle,
const KMF_DATA *cert, KMF_PRINTABLE_ITEM extension, char **result);
extern KMF_RETURN kmf_get_cert_id_data(const KMF_DATA *SignedCert,
KMF_DATA *ID);
extern KMF_RETURN kmf_get_cert_id_str(const KMF_DATA *SignedCert,
char **idstr);
extern KMF_RETURN kmf_get_cert_pubkey_id_data(const KMF_DATA *SignedCert,
KMF_DATA *id);
extern KMF_RETURN kmf_get_cert_pubkey_id_str(const KMF_DATA *SignedCert,
char **idstr);
extern KMF_RETURN kmf_get_cert_validity(const KMF_DATA *cert,
time_t *not_before, time_t *not_after);
/*
* SetCert operations
*/
extern KMF_RETURN kmf_set_cert_pubkey(KMF_HANDLE_T handle,
KMF_KEY_HANDLE *KMFKey, KMF_X509_CERTIFICATE *Cert);
extern KMF_RETURN kmf_set_cert_subject(KMF_X509_CERTIFICATE *CertData,
KMF_X509_NAME *subject_name_ptr);
extern KMF_RETURN kmf_set_cert_ku(KMF_X509_CERTIFICATE *CertData, int critical,
uint16_t kubits);
extern KMF_RETURN kmf_set_cert_issuer(KMF_X509_CERTIFICATE *CertData,
KMF_X509_NAME *issuer_name_ptr);
extern KMF_RETURN kmf_set_cert_sig_alg(KMF_X509_CERTIFICATE *CertData,
KMF_ALGORITHM_INDEX sigAlg);
extern KMF_RETURN kmf_set_cert_validity(KMF_X509_CERTIFICATE *CertData,
time_t notBefore, uint32_t delta);
extern KMF_RETURN kmf_set_cert_serial(KMF_X509_CERTIFICATE *CertData,
KMF_BIGINT *serno);
extern KMF_RETURN kmf_set_cert_version(KMF_X509_CERTIFICATE *CertData,
uint32_t version);
extern KMF_RETURN kmf_set_cert_issuer_altname(KMF_X509_CERTIFICATE *CertData,
int critical, KMF_GENERALNAMECHOICES nametype, char *namedata);
extern KMF_RETURN kmf_set_cert_subject_altname(KMF_X509_CERTIFICATE *CertData,
int critical, KMF_GENERALNAMECHOICES nametype, char *namedata);
extern KMF_RETURN kmf_add_cert_eku(KMF_X509_CERTIFICATE *CertData,
KMF_OID *ekuOID, int critical);
extern KMF_RETURN kmf_set_cert_extn(KMF_X509_CERTIFICATE *CertData,
KMF_X509_EXTENSION *extn);
extern KMF_RETURN kmf_set_cert_basic_constraint(KMF_X509_CERTIFICATE *CertData,
KMF_BOOL critical, KMF_X509EXT_BASICCONSTRAINTS *constraint);
extern KMF_RETURN kmf_set_cert_spk_id(KMF_X509_CERTIFICATE *CertData,
KMF_BOOL critical, KMF_DATA *value);
/*
* PK12 operations
*/
extern KMF_RETURN kmf_export_pk12(KMF_HANDLE_T handle, int numattr,
KMF_ATTRIBUTE *attrlist);
extern KMF_RETURN kmf_build_pk12(KMF_HANDLE_T handle, int numcerts,
KMF_X509_DER_CERT *certlist, int numkeys, KMF_KEY_HANDLE *keylist,
KMF_CREDENTIAL *p12cred, char *filename);
extern KMF_RETURN kmf_import_objects(KMF_HANDLE_T handle, char *filename,
KMF_CREDENTIAL *cred, KMF_X509_DER_CERT **certs, int *ncerts,
KMF_RAW_KEY_DATA **rawkeys, int *nkeys);
/*
* OCSP (Online Certificate Status Protocol) operations
*/
extern KMF_RETURN kmf_get_ocsp_for_cert(KMF_HANDLE_T handle,
KMF_DATA *user_cert, KMF_DATA *ta_cert, KMF_DATA *response);
extern KMF_RETURN kmf_create_ocsp_request(KMF_HANDLE_T handle, int num_args,
KMF_ATTRIBUTE *attrlist);
extern KMF_RETURN kmf_get_encoded_ocsp_response(KMF_HANDLE_T handle,
char *reqfile, char *hostname, int port, char *proxy, int proxy_port,
char *respfile, unsigned int maxsecs);
extern KMF_RETURN kmf_get_ocsp_status_for_cert(KMF_HANDLE_T handle,
int num_args, KMF_ATTRIBUTE *attrlist);
/*
* Policy Operations
*/
extern KMF_RETURN kmf_set_policy(KMF_HANDLE_T handle, char *policyfile,
char *policyname);
/*
* Error handling.
*/
extern KMF_RETURN kmf_get_plugin_error_str(KMF_HANDLE_T handle, char **msgstr);
extern KMF_RETURN kmf_get_kmf_error_str(KMF_RETURN, char **errmsg);
/*
* Miscellaneous
*/
extern KMF_RETURN kmf_dn_parser(char *string, KMF_X509_NAME *name);
extern KMF_RETURN kmf_read_input_file(KMF_HANDLE_T handle, char *filename,
KMF_DATA *pdata);
extern KMF_RETURN kmf_der_to_pem(KMF_OBJECT_TYPE type, unsigned char *data,
int len, unsigned char **out, int *outlen);
extern KMF_RETURN kmf_pem_to_der(unsigned char *in, int inlen,
unsigned char **out, int *outlen);
extern char *kmf_oid_to_string(KMF_OID *oid);
extern KMF_RETURN kmf_string_to_oid(char *oidstring, KMF_OID *oid);
extern int kmf_compare_rdns(KMF_X509_NAME *name1, KMF_X509_NAME *name2);
extern KMF_RETURN kmf_get_data_format(KMF_DATA *data, KMF_ENCODE_FORMAT *fmt);
extern KMF_RETURN kmf_get_file_format(char *filename, KMF_ENCODE_FORMAT *fmt);
extern uint32_t kmf_string_to_ku(char *kustring);
extern char *kmf_ku_to_string(uint32_t bitfield);
extern KMF_RETURN kmf_hexstr_to_bytes(unsigned char *hexstr,
unsigned char **bytes, size_t *outlen);
extern KMF_RETURN kmf_get_plugin_info(KMF_HANDLE_T handle, char *keystore_name,
KMF_KEYSTORE_TYPE *kstype, char **option);
extern KMF_OID *kmf_ekuname_to_oid(char *ekuname);
extern char *kmf_oid_to_ekuname(KMF_OID *oid);
#define KMF_CompareRDNs kmf_compare_rdns
/*
* Memory cleanup operations
*/
extern void kmf_free_dn(KMF_X509_NAME *name);
extern void kmf_free_kmf_cert(KMF_HANDLE_T handle,
KMF_X509_DER_CERT *kmf_cert);
extern void kmf_free_data(KMF_DATA *datablock);
extern void kmf_free_algoid(KMF_X509_ALGORITHM_IDENTIFIER *algoid);
extern void kmf_free_extn(KMF_X509_EXTENSION *exptr);
extern void kmf_free_tbs_csr(KMF_TBS_CSR *tbscsr);
extern void kmf_free_signed_csr(KMF_CSR_DATA *csr);
extern void kmf_free_tbs_cert(KMF_X509_TBS_CERT *tbscert);
extern void kmf_free_signed_cert(KMF_X509_CERTIFICATE *certptr);
extern void kmf_free_str(char *pstr);
extern void kmf_free_eku(KMF_X509EXT_EKU *eptr);
extern void kmf_free_spki(KMF_X509_SPKI *spki);
extern void kmf_free_kmf_key(KMF_HANDLE_T handle, KMF_KEY_HANDLE *key);
extern void kmf_free_bigint(KMF_BIGINT *bigint);
extern void kmf_free_raw_key(KMF_RAW_KEY_DATA *key);
extern void kmf_free_raw_sym_key(KMF_RAW_SYM_KEY *key);
extern void kmf_free_crl_dist_pts(KMF_X509EXT_CRLDISTPOINTS *crl_dps);
/* APIs for PKCS#11 token */
extern KMF_RETURN kmf_pk11_token_lookup(KMF_HANDLE_T handle, char *label,
CK_SLOT_ID *slot_id);
extern KMF_RETURN kmf_pk11_init_token(KMF_HANDLE_T handle,
char *currlabel, char *newlabel, CK_UTF8CHAR_PTR sopin, CK_ULONG sopinlen);
extern KMF_RETURN kmf_set_token_pin(KMF_HANDLE_T handle, int num_attr,
KMF_ATTRIBUTE *attrlist);
extern CK_SESSION_HANDLE kmf_get_pk11_handle(KMF_HANDLE_T handle);
/*
* Attribute management routines.
*/
int kmf_find_attr(KMF_ATTR_TYPE type, KMF_ATTRIBUTE *attlist, int numattrs);
void *kmf_get_attr_ptr(KMF_ATTR_TYPE type, KMF_ATTRIBUTE *attlist,
int numattrs);
KMF_RETURN kmf_get_attr(KMF_ATTR_TYPE type, KMF_ATTRIBUTE *attlist,
int numattrs, void *outValue, uint32_t *outlen);
KMF_RETURN kmf_get_string_attr(KMF_ATTR_TYPE type, KMF_ATTRIBUTE *attlist,
int numattrs, char **outstr);
KMF_RETURN kmf_set_attr(KMF_ATTRIBUTE *attlist, int, KMF_ATTR_TYPE type,
void *pValue, uint32_t len);
void kmf_set_attr_at_index(KMF_ATTRIBUTE *attlist, int index,
KMF_ATTR_TYPE type, void *pValue, uint32_t len);
/*
* Certificate to name mapping functions.
*/
KMF_RETURN kmf_cert_to_name_mapping_initialize(KMF_HANDLE_T handle,
int numattr, KMF_ATTRIBUTE *attrlist);
KMF_RETURN kmf_cert_to_name_mapping_finalize(KMF_HANDLE_T handle);
KMF_RETURN kmf_map_cert_to_name(KMF_HANDLE_T handle, KMF_DATA *cert,
KMF_DATA *name);
KMF_RETURN kmf_match_cert_to_name(KMF_HANDLE_T handle, KMF_DATA *cert,
KMF_DATA *name_to_match, KMF_DATA *mapped_name);
KMF_RETURN kmf_get_mapper_error_str(KMF_HANDLE_T handle, char **errstr);
/*
* Helper functions for handling the mapper internal state. They are part of the
* public interface, too.
*/
void kmf_set_mapper_lasterror(KMF_HANDLE_T handle, uint32_t err);
uint32_t kmf_get_mapper_lasterror(KMF_HANDLE_T handle);
void kmf_set_mapper_options(KMF_HANDLE_T handle, void *opts);
void *kmf_get_mapper_options(KMF_HANDLE_T handle);
#ifdef __cplusplus
}
#endif
#endif /* _KMFAPI_H */