1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 #ifndef _CRYPTOUTIL_H
27 #define _CRYPTOUTIL_H
28
29 #pragma ident "@(#)cryptoutil.h 1.11 08/02/20 SMI"
30
31 #ifdef __cplusplus
32 extern "C" {
33 #endif
34
35 #include <sys/types.h>
36 #include <syslog.h>
37 #include <security/cryptoki.h>
38 #include <sys/param.h>
39
40 #define LOG_STDERR -1
41 #define SUCCESS 0
42 #define FAILURE 1
43 #define MECH_ID_HEX_LEN 11 /* length of mechanism id in hex form */
44
45 #define _PATH_PKCS11_CONF "/etc/crypto/pkcs11.conf"
46 #define _PATH_KCFD_LOCK "/var/run/kcfd.lock"
47
48 /* $ISA substitution for parsing pkcs11.conf data */
49 #define PKCS11_ISA "/$ISA/"
50 #if defined(_LP64)
51 #define PKCS11_ISA_DIR "/64/"
52 #else /* !_LP64 */
53 #define PKCS11_ISA_DIR "/"
54 #endif
55
56 /* keywords and delimiters for parsing configuration files */
57 #define SEP_COLON ":"
58 #define SEP_SEMICOLON ";"
59 #define SEP_EQUAL "="
60 #define SEP_COMMA ","
61 #define METASLOT_KEYWORD "metaslot"
62 #define EF_DISABLED "disabledlist="
63 #define EF_ENABLED "enabledlist="
64 #define EF_NORANDOM "NO_RANDOM"
65 #define METASLOT_TOKEN "metaslot_token="
66 #define METASLOT_SLOT "metaslot_slot="
67 #define METASLOT_STATUS "metaslot_status="
68 #define METASLOT_AUTO_KEY_MIGRATE "metaslot_auto_key_migrate="
69 #define METASLOT_ENABLED "enabled"
70 #define METASLOT_DISABLED "disabled"
71 #define SLOT_DESCRIPTION_SIZE 64
72 #define TOKEN_LABEL_SIZE 32
73 #define TOKEN_MANUFACTURER_SIZE 32
74 #define TOKEN_SERIAL_SIZE 16
75
76 /*
77 * Define the following softtoken values that are used by softtoken
78 * library, cryptoadm and pktool command.
79 */
80 #define SOFT_SLOT_DESCRIPTION \
81 "Sun Crypto Softtoken " \
82 " "
83 #define SOFT_TOKEN_LABEL "Sun Software PKCS#11 softtoken "
84 #define SOFT_TOKEN_SERIAL " "
85 #define SOFT_MANUFACTURER_ID "Sun Microsystems, Inc. "
86 #define SOFT_DEFAULT_PIN "changeme"
87
88 typedef char libname_t[MAXPATHLEN];
89 typedef char midstr_t[MECH_ID_HEX_LEN];
90
91 typedef struct umechlist {
92 midstr_t name; /* mechanism name in hex form */
93 struct umechlist *next;
94 } umechlist_t;
95
96 typedef struct uentry {
97 libname_t name;
98 boolean_t flag_norandom; /* TRUE if random is disabled */
99 boolean_t flag_enabledlist; /* TRUE if an enabledlist */
100 umechlist_t *policylist; /* disabledlist or enabledlist */
101 boolean_t flag_metaslot_enabled; /* TRUE if metaslot's enabled */
102 boolean_t flag_metaslot_auto_key_migrate;
103 CK_UTF8CHAR metaslot_ks_slot[SLOT_DESCRIPTION_SIZE + 1];
104 CK_UTF8CHAR metaslot_ks_token[TOKEN_LABEL_SIZE + 1];
105 int count;
106 } uentry_t;
107
108 typedef struct uentrylist {
109 uentry_t *puent;
110 struct uentrylist *next;
111 } uentrylist_t;
112
113 extern void cryptodebug(const char *fmt, ...);
114 extern void cryptoerror(int priority, const char *fmt, ...);
115 extern void cryptodebug_init(const char *prefix);
116
117 extern char *pkcs11_mech2str(CK_MECHANISM_TYPE mech);
118 extern CK_RV pkcs11_str2mech(char *mech_str, CK_MECHANISM_TYPE_PTR mech);
119
120 extern int get_pkcs11conf_info(uentrylist_t **);
121 extern umechlist_t *create_umech(char *);
122 extern void free_umechlist(umechlist_t *);
123 extern void free_uentrylist(uentrylist_t *);
124 extern void free_uentry(uentry_t *);
125 extern uentry_t *getent_uef(char *);
126
127 extern void tohexstr(uchar_t *bytes, size_t blen, char *hexstr, size_t hexlen);
128 extern CK_RV pkcs11_mech2keytype(CK_MECHANISM_TYPE mech_type,
129 CK_KEY_TYPE *ktype);
130 extern CK_RV pkcs11_mech2keygen(CK_MECHANISM_TYPE mech_type,
131 CK_MECHANISM_TYPE *gen_mech);
132 extern char *pkcs11_strerror(CK_RV rv);
133
134 extern int
135 get_metaslot_info(boolean_t *status_enabled, boolean_t *migrate_enabled,
136 char **objectstore_slot_info, char **objectstore_token_info);
137
138 extern char *get_fullpath(char *dir, char *filepath);
139 extern int str2lifetime(char *ltimestr, uint32_t *ltime);
140
141 extern char *pkcs11_default_token(void);
142 extern int pkcs11_get_pass(char *token_name, char **pdata, size_t *psize,
143 size_t min_psize, boolean_t with_confirmation);
144
145 extern int pkcs11_random_data(void *dbuf, size_t dlen);
146 extern int pkcs11_nzero_random_data(void *dbuf, size_t dlen);
147 extern int pkcs11_read_data(char *filename, void **dbuf, size_t *dlen);
148
149 #ifdef __cplusplus
150 }
151 #endif
152
153 #endif /* _CRYPTOUTIL_H */