]>
Commit | Line | Data |
---|---|---|
1d97c843 | 1 | /*- |
2eaabb71 RL |
2 | * ModExp / RSA (with/without KM) plugin API |
3 | * | |
4 | * The application will load a dynamic library which | |
5 | * exports entrypoint(s) defined in this file. | |
6 | * | |
7 | * This set of entrypoints provides only a multithreaded, | |
8 | * synchronous-within-each-thread, facility. | |
9 | * | |
10 | * | |
11 | * This file is Copyright 1998-2000 nCipher Corporation Limited. | |
12 | * | |
13 | * Redistribution and use in source and binary forms, with opr without | |
14 | * modification, are permitted provided that the following conditions | |
15 | * are met: | |
16 | * | |
17 | * 1. Redistributions of source code must retain the copyright notice, | |
18 | * this list of conditions, and the following disclaimer. | |
19 | * | |
20 | * 2. Redistributions in binary form must reproduce the above | |
21 | * copyright notice, this list of conditions, and the following | |
22 | * disclaimer, in the documentation and/or other materials provided | |
23 | * with the distribution | |
24 | * | |
25 | * IN NO EVENT SHALL NCIPHER CORPORATION LIMITED (`NCIPHER') AND/OR | |
26 | * ANY OTHER AUTHORS OR DISTRIBUTORS OF THIS FILE BE LIABLE for any | |
27 | * damages arising directly or indirectly from this file, its use or | |
28 | * this licence. Without prejudice to the generality of the | |
29 | * foregoing: all liability shall be excluded for direct, indirect, | |
30 | * special, incidental, consequential or other damages or any loss of | |
31 | * profits, business, revenue goodwill or anticipated savings; | |
32 | * liability shall be excluded even if nCipher or anyone else has been | |
33 | * advised of the possibility of damage. In any event, if the | |
34 | * exclusion of liability is not effective, the liability of nCipher | |
35 | * or any author or distributor shall be limited to the lesser of the | |
36 | * price paid and 1,000 pounds sterling. This licence only fails to | |
37 | * exclude or limit liability for death or personal injury arising out | |
38 | * of negligence, and only to the extent that such an exclusion or | |
39 | * limitation is not effective. | |
40 | * | |
41 | * NCIPHER AND THE AUTHORS AND DISTRIBUTORS SPECIFICALLY DISCLAIM ALL | |
42 | * AND ANY WARRANTIES (WHETHER EXPRESS OR IMPLIED), including, but not | |
43 | * limited to, any implied warranties of merchantability, fitness for | |
44 | * a particular purpose, satisfactory quality, and/or non-infringement | |
45 | * of any third party rights. | |
46 | * | |
47 | * US Government use: This software and documentation is Commercial | |
48 | * Computer Software and Computer Software Documentation, as defined in | |
49 | * sub-paragraphs (a)(1) and (a)(5) of DFAR 252.227-7014, "Rights in | |
50 | * Noncommercial Computer Software and Noncommercial Computer Software | |
51 | * Documentation." Use, duplication or disclosure by the Government is | |
52 | * subject to the terms and conditions specified here. | |
53 | * | |
54 | * By using or distributing this file you will be accepting these | |
55 | * terms and conditions, including the limitation of liability and | |
56 | * lack of warranty. If you do not wish to accept these terms and | |
57 | * conditions, DO NOT USE THE FILE. | |
58 | * | |
59 | * | |
60 | * The actual dynamically loadable plugin, and the library files for | |
61 | * static linking, which are also provided in some distributions, are | |
62 | * not covered by the licence described above. You should have | |
63 | * received a separate licence with terms and conditions for these | |
64 | * library files; if you received the library files without a licence, | |
65 | * please contact nCipher. | |
66 | * | |
67 | * | |
68 | * $Id: hwcryptohook.h,v 1.1 2002/10/11 17:10:59 levitte Exp $ | |
69 | */ | |
70 | ||
71 | #ifndef HWCRYPTOHOOK_H | |
0f113f3e | 72 | # define HWCRYPTOHOOK_H |
2eaabb71 | 73 | |
0f113f3e MC |
74 | # include <sys/types.h> |
75 | # include <stdio.h> | |
2eaabb71 | 76 | |
0f113f3e MC |
77 | # ifndef HWCRYPTOHOOK_DECLARE_APPTYPES |
78 | # define HWCRYPTOHOOK_DECLARE_APPTYPES 1 | |
79 | # endif | |
2eaabb71 | 80 | |
0f113f3e MC |
81 | # define HWCRYPTOHOOK_ERROR_FAILED -1 |
82 | # define HWCRYPTOHOOK_ERROR_FALLBACK -2 | |
83 | # define HWCRYPTOHOOK_ERROR_MPISIZE -3 | |
2eaabb71 | 84 | |
0f113f3e | 85 | # if HWCRYPTOHOOK_DECLARE_APPTYPES |
2eaabb71 | 86 | |
1d97c843 TH |
87 | /*- |
88 | * These structs are defined by the application and opaque to the | |
2eaabb71 RL |
89 | * crypto plugin. The application may define these as it sees fit. |
90 | * Default declarations are provided here, but the application may | |
91 | * #define HWCRYPTOHOOK_DECLARE_APPTYPES 0 | |
92 | * to prevent these declarations, and instead provide its own | |
93 | * declarations of these types. (Pointers to them must still be | |
94 | * ordinary pointers to structs or unions, or the resulting combined | |
95 | * program will have a type inconsistency.) | |
96 | */ | |
97 | typedef struct HWCryptoHook_MutexValue HWCryptoHook_Mutex; | |
98 | typedef struct HWCryptoHook_CondVarValue HWCryptoHook_CondVar; | |
0f113f3e MC |
99 | typedef struct HWCryptoHook_PassphraseContextValue |
100 | HWCryptoHook_PassphraseContext; | |
2eaabb71 RL |
101 | typedef struct HWCryptoHook_CallerContextValue HWCryptoHook_CallerContext; |
102 | ||
0f113f3e | 103 | # endif /* HWCRYPTOHOOK_DECLARE_APPTYPES */ |
2eaabb71 | 104 | |
0f113f3e | 105 | /*- |
1d97c843 | 106 | * These next two structs are opaque to the application. The crypto |
2eaabb71 RL |
107 | * plugin will return pointers to them; the caller simply manipulates |
108 | * the pointers. | |
109 | */ | |
110 | typedef struct HWCryptoHook_Context *HWCryptoHook_ContextHandle; | |
111 | typedef struct HWCryptoHook_RSAKey *HWCryptoHook_RSAKeyHandle; | |
112 | ||
113 | typedef struct { | |
0f113f3e MC |
114 | char *buf; |
115 | size_t size; | |
2eaabb71 | 116 | } HWCryptoHook_ErrMsgBuf; |
1d97c843 TH |
117 | /*- |
118 | * Used for error reporting. When a HWCryptoHook function fails it | |
2eaabb71 RL |
119 | * will return a sentinel value (0 for pointer-valued functions, or a |
120 | * negative number, usually HWCRYPTOHOOK_ERROR_FAILED, for | |
121 | * integer-valued ones). It will, if an ErrMsgBuf is passed, also put | |
122 | * an error message there. | |
0f113f3e | 123 | * |
2eaabb71 RL |
124 | * size is the size of the buffer, and will not be modified. If you |
125 | * pass 0 for size you must pass 0 for buf, and nothing will be | |
126 | * recorded (just as if you passed 0 for the struct pointer). | |
127 | * Messages written to the buffer will always be null-terminated, even | |
128 | * when truncated to fit within size bytes. | |
129 | * | |
130 | * The contents of the buffer are not defined if there is no error. | |
131 | */ | |
132 | ||
133 | typedef struct HWCryptoHook_MPIStruct { | |
0f113f3e MC |
134 | unsigned char *buf; |
135 | size_t size; | |
2eaabb71 | 136 | } HWCryptoHook_MPI; |
1d97c843 TH |
137 | /*- |
138 | * When one of these is returned, a pointer is passed to the function. | |
2eaabb71 RL |
139 | * At call, size is the space available. Afterwards it is updated to |
140 | * be set to the actual length (which may be more than the space available, | |
141 | * if there was not enough room and the result was truncated). | |
142 | * buf (the pointer) is not updated. | |
143 | * | |
144 | * size is in bytes and may be zero at call or return, but must be a | |
145 | * multiple of the limb size. Zero limbs at the MS end are not | |
146 | * permitted. | |
147 | */ | |
148 | ||
0f113f3e MC |
149 | # define HWCryptoHook_InitFlags_FallbackModExp 0x0002UL |
150 | # define HWCryptoHook_InitFlags_FallbackRSAImmed 0x0004UL | |
151 | /*- | |
1d97c843 | 152 | * Enable requesting fallback to software in case of problems with the |
2eaabb71 RL |
153 | * hardware support. This indicates to the crypto provider that the |
154 | * application is prepared to fall back to software operation if the | |
155 | * ModExp* or RSAImmed* functions return HWCRYPTOHOOK_ERROR_FALLBACK. | |
156 | * Without this flag those calls will never return | |
157 | * HWCRYPTOHOOK_ERROR_FALLBACK. The flag will also cause the crypto | |
158 | * provider to avoid repeatedly attempting to contact dead hardware | |
159 | * within a short interval, if appropriate. | |
160 | */ | |
161 | ||
0f113f3e | 162 | # define HWCryptoHook_InitFlags_SimpleForkCheck 0x0010UL |
1d97c843 TH |
163 | /*- |
164 | * Without _SimpleForkCheck the library is allowed to assume that the | |
2eaabb71 RL |
165 | * application will not fork and call the library in the child(ren). |
166 | * | |
167 | * When it is specified, this is allowed. However, after a fork | |
168 | * neither parent nor child may unload any loaded keys or call | |
169 | * _Finish. Instead, they should call exit (or die with a signal) | |
170 | * without calling _Finish. After all the children have died the | |
171 | * parent may unload keys or call _Finish. | |
172 | * | |
173 | * This flag only has any effect on UN*X platforms. | |
174 | */ | |
175 | ||
176 | typedef struct { | |
0f113f3e MC |
177 | unsigned long flags; |
178 | void *logstream; /* usually a FILE*. See below. */ | |
179 | size_t limbsize; /* bignum format - size of radix type, must | |
180 | * be power of 2 */ | |
181 | int mslimbfirst; /* 0 or 1 */ | |
182 | int msbytefirst; /* 0 or 1; -1 = native */ | |
50e735f9 MC |
183 | /*- |
184 | * All the callback functions should return 0 on success, or a | |
185 | * nonzero integer (whose value will be visible in the error message | |
186 | * put in the buffer passed to the call). | |
187 | * | |
188 | * If a callback is not available pass a null function pointer. | |
189 | * | |
190 | * The callbacks may not call down again into the crypto plugin. | |
191 | */ | |
192 | /*- | |
193 | * For thread-safety. Set everything to 0 if you promise only to be | |
194 | * singlethreaded. maxsimultaneous is the number of calls to | |
195 | * ModExp[Crt]/RSAImmed{Priv,Pub}/RSA. If you don't know what to | |
196 | * put there then say 0 and the hook library will use a default. | |
197 | * | |
198 | * maxmutexes is a small limit on the number of simultaneous mutexes | |
199 | * which will be requested by the library. If there is no small | |
200 | * limit, set it to 0. If the crypto plugin cannot create the | |
201 | * advertised number of mutexes the calls to its functions may fail. | |
202 | * If a low number of mutexes is advertised the plugin will try to | |
203 | * do the best it can. Making larger numbers of mutexes available | |
204 | * may improve performance and parallelism by reducing contention | |
205 | * over critical sections. Unavailability of any mutexes, implying | |
206 | * single-threaded operation, should be indicated by the setting | |
207 | * mutex_init et al to 0. | |
208 | */ | |
0f113f3e MC |
209 | int maxmutexes; |
210 | int maxsimultaneous; | |
211 | size_t mutexsize; | |
212 | int (*mutex_init) (HWCryptoHook_Mutex *, | |
213 | HWCryptoHook_CallerContext * cactx); | |
214 | int (*mutex_acquire) (HWCryptoHook_Mutex *); | |
215 | void (*mutex_release) (HWCryptoHook_Mutex *); | |
216 | void (*mutex_destroy) (HWCryptoHook_Mutex *); | |
50e735f9 MC |
217 | /*- |
218 | * For greater efficiency, can use condition vars internally for | |
219 | * synchronisation. In this case maxsimultaneous is ignored, but | |
220 | * the other mutex stuff must be available. In singlethreaded | |
221 | * programs, set everything to 0. | |
222 | */ | |
0f113f3e MC |
223 | size_t condvarsize; |
224 | int (*condvar_init) (HWCryptoHook_CondVar *, | |
225 | HWCryptoHook_CallerContext * cactx); | |
226 | int (*condvar_wait) (HWCryptoHook_CondVar *, HWCryptoHook_Mutex *); | |
227 | void (*condvar_signal) (HWCryptoHook_CondVar *); | |
228 | void (*condvar_broadcast) (HWCryptoHook_CondVar *); | |
229 | void (*condvar_destroy) (HWCryptoHook_CondVar *); | |
50e735f9 MC |
230 | /*- |
231 | * The semantics of acquiring and releasing mutexes and broadcasting | |
232 | * and waiting on condition variables are expected to be those from | |
233 | * POSIX threads (pthreads). The mutexes may be (in pthread-speak) | |
234 | * fast mutexes, recursive mutexes, or nonrecursive ones. | |
235 | * | |
236 | * The _release/_signal/_broadcast and _destroy functions must | |
237 | * always succeed when given a valid argument; if they are given an | |
238 | * invalid argument then the program (crypto plugin + application) | |
239 | * has an internal error, and they should abort the program. | |
240 | */ | |
0f113f3e MC |
241 | int (*getpassphrase) (const char *prompt_info, |
242 | int *len_io, char *buf, | |
243 | HWCryptoHook_PassphraseContext * ppctx, | |
244 | HWCryptoHook_CallerContext * cactx); | |
50e735f9 MC |
245 | /*- |
246 | * Passphrases and the prompt_info, if they contain high-bit-set | |
247 | * characters, are UTF-8. The prompt_info may be a null pointer if | |
248 | * no prompt information is available (it should not be an empty | |
249 | * string). It will not contain text like `enter passphrase'; | |
250 | * instead it might say something like `Operator Card for John | |
251 | * Smith' or `SmartCard in nFast Module #1, Slot #1'. | |
252 | * | |
253 | * buf points to a buffer in which to return the passphrase; on | |
254 | * entry *len_io is the length of the buffer. It should be updated | |
255 | * by the callback. The returned passphrase should not be | |
256 | * null-terminated by the callback. | |
257 | */ | |
0f113f3e MC |
258 | int (*getphystoken) (const char *prompt_info, |
259 | const char *wrong_info, | |
260 | HWCryptoHook_PassphraseContext * ppctx, | |
261 | HWCryptoHook_CallerContext * cactx); | |
50e735f9 MC |
262 | /*- |
263 | * Requests that the human user physically insert a different | |
264 | * smartcard, DataKey, etc. The plugin should check whether the | |
265 | * currently inserted token(s) are appropriate, and if they are it | |
266 | * should not make this call. | |
267 | * | |
268 | * prompt_info is as before. wrong_info is a description of the | |
269 | * currently inserted token(s) so that the user is told what | |
270 | * something is. wrong_info, like prompt_info, may be null, but | |
271 | * should not be an empty string. Its contents should be | |
272 | * syntactically similar to that of prompt_info. | |
273 | */ | |
274 | /*- | |
275 | * Note that a single LoadKey operation might cause several calls to | |
276 | * getpassphrase and/or requestphystoken. If requestphystoken is | |
277 | * not provided (ie, a null pointer is passed) then the plugin may | |
278 | * not support loading keys for which authorisation by several cards | |
279 | * is required. If getpassphrase is not provided then cards with | |
280 | * passphrases may not be supported. | |
281 | * | |
282 | * getpassphrase and getphystoken do not need to check that the | |
283 | * passphrase has been entered correctly or the correct token | |
284 | * inserted; the crypto plugin will do that. If this is not the | |
285 | * case then the crypto plugin is responsible for calling these | |
286 | * routines again as appropriate until the correct token(s) and | |
287 | * passphrase(s) are supplied as required, or until any retry limits | |
288 | * implemented by the crypto plugin are reached. | |
289 | * | |
290 | * In either case, the application must allow the user to say `no' | |
291 | * or `cancel' to indicate that they do not know the passphrase or | |
292 | * have the appropriate token; this should cause the callback to | |
293 | * return nonzero indicating error. | |
294 | */ | |
0f113f3e | 295 | void (*logmessage) (void *logstream, const char *message); |
50e735f9 MC |
296 | /*- |
297 | * A log message will be generated at least every time something goes | |
298 | * wrong and an ErrMsgBuf is filled in (or would be if one was | |
299 | * provided). Other diagnostic information may be written there too, | |
300 | * including more detailed reasons for errors which are reported in an | |
301 | * ErrMsgBuf. | |
302 | * | |
303 | * When a log message is generated, this callback is called. It | |
304 | * should write a message to the relevant logging arrangements. | |
305 | * | |
306 | * The message string passed will be null-terminated and may be of arbitrary | |
307 | * length. It will not be prefixed by the time and date, nor by the | |
308 | * name of the library that is generating it - if this is required, | |
309 | * the logmessage callback must do it. The message will not have a | |
310 | * trailing newline (though it may contain internal newlines). | |
311 | * | |
312 | * If a null pointer is passed for logmessage a default function is | |
313 | * used. The default function treats logstream as a FILE* which has | |
314 | * been converted to a void*. If logstream is 0 it does nothing. | |
315 | * Otherwise it prepends the date and time and library name and | |
316 | * writes the message to logstream. Each line will be prefixed by a | |
317 | * descriptive string containing the date, time and identity of the | |
318 | * crypto plugin. Errors on the logstream are not reported | |
319 | * anywhere, and the default function doesn't flush the stream, so | |
320 | * the application must set the buffering how it wants it. | |
321 | * | |
322 | * The crypto plugin may also provide a facility to have copies of | |
323 | * log messages sent elsewhere, and or for adjusting the verbosity | |
324 | * of the log messages; any such facilities will be configured by | |
325 | * external means. | |
326 | */ | |
2eaabb71 RL |
327 | } HWCryptoHook_InitInfo; |
328 | ||
329 | typedef | |
0f113f3e MC |
330 | HWCryptoHook_ContextHandle HWCryptoHook_Init_t(const HWCryptoHook_InitInfo * |
331 | initinfo, size_t initinfosize, | |
332 | const HWCryptoHook_ErrMsgBuf * | |
333 | errors, | |
334 | HWCryptoHook_CallerContext * | |
335 | cactx); | |
2eaabb71 RL |
336 | extern HWCryptoHook_Init_t HWCryptoHook_Init; |
337 | ||
1d97c843 TH |
338 | /*- |
339 | * Caller should set initinfosize to the size of the HWCryptoHook struct, | |
2eaabb71 RL |
340 | * so it can be extended later. |
341 | * | |
342 | * On success, a message for display or logging by the server, | |
343 | * including the name and version number of the plugin, will be filled | |
344 | * in into *errors; on failure *errors is used for error handling, as | |
345 | * usual. | |
346 | */ | |
347 | ||
1d97c843 TH |
348 | /*- |
349 | * All these functions return 0 on success, HWCRYPTOHOOK_ERROR_FAILED | |
2eaabb71 RL |
350 | * on most failures. HWCRYPTOHOOK_ERROR_MPISIZE means at least one of |
351 | * the output MPI buffer(s) was too small; the sizes of all have been | |
352 | * set to the desired size (and for those where the buffer was large | |
353 | * enough, the value may have been copied in), and no error message | |
354 | * has been recorded. | |
355 | * | |
356 | * You may pass 0 for the errors struct. In any case, unless you set | |
357 | * _NoStderr at init time then messages may be reported to stderr. | |
358 | */ | |
359 | ||
1d97c843 TH |
360 | /*- |
361 | * The RSAImmed* functions (and key managed RSA) only work with | |
2eaabb71 RL |
362 | * modules which have an RSA patent licence - currently that means KM |
363 | * units; the ModExp* ones work with all modules, so you need a patent | |
364 | * licence in the software in the US. They are otherwise identical. | |
365 | */ | |
366 | ||
367 | typedef | |
368 | void HWCryptoHook_Finish_t(HWCryptoHook_ContextHandle hwctx); | |
369 | extern HWCryptoHook_Finish_t HWCryptoHook_Finish; | |
370 | /* You must not have any calls going or keys loaded when you call this. */ | |
371 | ||
372 | typedef | |
373 | int HWCryptoHook_RandomBytes_t(HWCryptoHook_ContextHandle hwctx, | |
374 | unsigned char *buf, size_t len, | |
0f113f3e | 375 | const HWCryptoHook_ErrMsgBuf * errors); |
2eaabb71 RL |
376 | extern HWCryptoHook_RandomBytes_t HWCryptoHook_RandomBytes; |
377 | ||
378 | typedef | |
379 | int HWCryptoHook_ModExp_t(HWCryptoHook_ContextHandle hwctx, | |
380 | HWCryptoHook_MPI a, | |
381 | HWCryptoHook_MPI p, | |
382 | HWCryptoHook_MPI n, | |
0f113f3e MC |
383 | HWCryptoHook_MPI * r, |
384 | const HWCryptoHook_ErrMsgBuf * errors); | |
2eaabb71 RL |
385 | extern HWCryptoHook_ModExp_t HWCryptoHook_ModExp; |
386 | ||
387 | typedef | |
388 | int HWCryptoHook_RSAImmedPub_t(HWCryptoHook_ContextHandle hwctx, | |
389 | HWCryptoHook_MPI m, | |
390 | HWCryptoHook_MPI e, | |
391 | HWCryptoHook_MPI n, | |
0f113f3e MC |
392 | HWCryptoHook_MPI * r, |
393 | const HWCryptoHook_ErrMsgBuf * errors); | |
2eaabb71 RL |
394 | extern HWCryptoHook_RSAImmedPub_t HWCryptoHook_RSAImmedPub; |
395 | ||
396 | typedef | |
397 | int HWCryptoHook_ModExpCRT_t(HWCryptoHook_ContextHandle hwctx, | |
398 | HWCryptoHook_MPI a, | |
399 | HWCryptoHook_MPI p, | |
400 | HWCryptoHook_MPI q, | |
401 | HWCryptoHook_MPI dmp1, | |
402 | HWCryptoHook_MPI dmq1, | |
403 | HWCryptoHook_MPI iqmp, | |
0f113f3e MC |
404 | HWCryptoHook_MPI * r, |
405 | const HWCryptoHook_ErrMsgBuf * errors); | |
2eaabb71 RL |
406 | extern HWCryptoHook_ModExpCRT_t HWCryptoHook_ModExpCRT; |
407 | ||
408 | typedef | |
409 | int HWCryptoHook_RSAImmedPriv_t(HWCryptoHook_ContextHandle hwctx, | |
410 | HWCryptoHook_MPI m, | |
411 | HWCryptoHook_MPI p, | |
412 | HWCryptoHook_MPI q, | |
413 | HWCryptoHook_MPI dmp1, | |
414 | HWCryptoHook_MPI dmq1, | |
415 | HWCryptoHook_MPI iqmp, | |
0f113f3e MC |
416 | HWCryptoHook_MPI * r, |
417 | const HWCryptoHook_ErrMsgBuf * errors); | |
2eaabb71 RL |
418 | extern HWCryptoHook_RSAImmedPriv_t HWCryptoHook_RSAImmedPriv; |
419 | ||
1d97c843 TH |
420 | /*- |
421 | * The RSAImmed* and ModExp* functions may return E_FAILED or | |
2eaabb71 RL |
422 | * E_FALLBACK for failure. |
423 | * | |
424 | * E_FAILED means the failure is permanent and definite and there | |
425 | * should be no attempt to fall back to software. (Eg, for some | |
426 | * applications, which support only the acceleration-only | |
427 | * functions, the `key material' may actually be an encoded key | |
428 | * identifier, and doing the operation in software would give wrong | |
429 | * answers.) | |
430 | * | |
431 | * E_FALLBACK means that doing the computation in software would seem | |
432 | * reasonable. If an application pays attention to this and is | |
433 | * able to fall back, it should also set the Fallback init flags. | |
434 | */ | |
435 | ||
436 | typedef | |
437 | int HWCryptoHook_RSALoadKey_t(HWCryptoHook_ContextHandle hwctx, | |
438 | const char *key_ident, | |
0f113f3e MC |
439 | HWCryptoHook_RSAKeyHandle * keyhandle_r, |
440 | const HWCryptoHook_ErrMsgBuf * errors, | |
441 | HWCryptoHook_PassphraseContext * ppctx); | |
2eaabb71 | 442 | extern HWCryptoHook_RSALoadKey_t HWCryptoHook_RSALoadKey; |
1d97c843 TH |
443 | /*- |
444 | * The key_ident is a null-terminated string configured by the | |
2eaabb71 RL |
445 | * user via the application's usual configuration mechanisms. |
446 | * It is provided to the user by the crypto provider's key management | |
447 | * system. The user must be able to enter at least any string of between | |
448 | * 1 and 1023 characters inclusive, consisting of printable 7-bit | |
449 | * ASCII characters. The provider should avoid using | |
450 | * any characters except alphanumerics and the punctuation | |
451 | * characters _ - + . / @ ~ (the user is expected to be able | |
452 | * to enter these without quoting). The string may be case-sensitive. | |
453 | * The application may allow the user to enter other NULL-terminated strings, | |
454 | * and the provider must cope (returning an error if the string is not | |
455 | * valid). | |
456 | * | |
457 | * If the key does not exist, no error is recorded and 0 is returned; | |
458 | * keyhandle_r will be set to 0 instead of to a key handle. | |
459 | */ | |
460 | ||
461 | typedef | |
462 | int HWCryptoHook_RSAGetPublicKey_t(HWCryptoHook_RSAKeyHandle k, | |
0f113f3e MC |
463 | HWCryptoHook_MPI * n, |
464 | HWCryptoHook_MPI * e, | |
465 | const HWCryptoHook_ErrMsgBuf * errors); | |
2eaabb71 | 466 | extern HWCryptoHook_RSAGetPublicKey_t HWCryptoHook_RSAGetPublicKey; |
1d97c843 TH |
467 | /*- |
468 | * The crypto plugin will not store certificates. | |
2eaabb71 RL |
469 | * |
470 | * Although this function for acquiring the public key value is | |
471 | * provided, it is not the purpose of this API to deal fully with the | |
472 | * handling of the public key. | |
473 | * | |
474 | * It is expected that the crypto supplier's key generation program | |
475 | * will provide general facilities for producing X.509 | |
476 | * self-certificates and certificate requests in PEM format. These | |
477 | * will be given to the user so that they can configure them in the | |
478 | * application, send them to CAs, or whatever. | |
479 | * | |
480 | * In case this kind of certificate handling is not appropriate, the | |
481 | * crypto supplier's key generation program should be able to be | |
482 | * configured not to generate such a self-certificate or certificate | |
483 | * request. Then the application will need to do all of this, and | |
484 | * will need to store and handle the public key and certificates | |
485 | * itself. | |
486 | */ | |
487 | ||
488 | typedef | |
489 | int HWCryptoHook_RSAUnloadKey_t(HWCryptoHook_RSAKeyHandle k, | |
0f113f3e | 490 | const HWCryptoHook_ErrMsgBuf * errors); |
2eaabb71 RL |
491 | extern HWCryptoHook_RSAUnloadKey_t HWCryptoHook_RSAUnloadKey; |
492 | /* Might fail due to locking problems, or other serious internal problems. */ | |
493 | ||
494 | typedef | |
495 | int HWCryptoHook_RSA_t(HWCryptoHook_MPI m, | |
496 | HWCryptoHook_RSAKeyHandle k, | |
0f113f3e MC |
497 | HWCryptoHook_MPI * r, |
498 | const HWCryptoHook_ErrMsgBuf * errors); | |
2eaabb71 RL |
499 | extern HWCryptoHook_RSA_t HWCryptoHook_RSA; |
500 | /* RSA private key operation (sign or decrypt) - raw, unpadded. */ | |
501 | ||
0f113f3e | 502 | #endif /* HWCRYPTOHOOK_H */ |