xref: /onnv-gate/usr/src/lib/libpkg/common/keystore.h (revision 9781:ccf49524d5dc)
1*9781SMoriah.Waterland@Sun.COM /*
2*9781SMoriah.Waterland@Sun.COM  * CDDL HEADER START
3*9781SMoriah.Waterland@Sun.COM  *
4*9781SMoriah.Waterland@Sun.COM  * The contents of this file are subject to the terms of the
5*9781SMoriah.Waterland@Sun.COM  * Common Development and Distribution License (the "License").
6*9781SMoriah.Waterland@Sun.COM  * You may not use this file except in compliance with the License.
7*9781SMoriah.Waterland@Sun.COM  *
8*9781SMoriah.Waterland@Sun.COM  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9*9781SMoriah.Waterland@Sun.COM  * or http://www.opensolaris.org/os/licensing.
10*9781SMoriah.Waterland@Sun.COM  * See the License for the specific language governing permissions
11*9781SMoriah.Waterland@Sun.COM  * and limitations under the License.
12*9781SMoriah.Waterland@Sun.COM  *
13*9781SMoriah.Waterland@Sun.COM  * When distributing Covered Code, include this CDDL HEADER in each
14*9781SMoriah.Waterland@Sun.COM  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15*9781SMoriah.Waterland@Sun.COM  * If applicable, add the following below this CDDL HEADER, with the
16*9781SMoriah.Waterland@Sun.COM  * fields enclosed by brackets "[]" replaced with your own identifying
17*9781SMoriah.Waterland@Sun.COM  * information: Portions Copyright [yyyy] [name of copyright owner]
18*9781SMoriah.Waterland@Sun.COM  *
19*9781SMoriah.Waterland@Sun.COM  * CDDL HEADER END
20*9781SMoriah.Waterland@Sun.COM  */
21*9781SMoriah.Waterland@Sun.COM 
22*9781SMoriah.Waterland@Sun.COM /*
23*9781SMoriah.Waterland@Sun.COM  * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
24*9781SMoriah.Waterland@Sun.COM  * Use is subject to license terms.
25*9781SMoriah.Waterland@Sun.COM  */
26*9781SMoriah.Waterland@Sun.COM 
27*9781SMoriah.Waterland@Sun.COM #ifndef _KEYSTORE_H
28*9781SMoriah.Waterland@Sun.COM #define	_KEYSTORE_H
29*9781SMoriah.Waterland@Sun.COM 
30*9781SMoriah.Waterland@Sun.COM 
31*9781SMoriah.Waterland@Sun.COM /*
32*9781SMoriah.Waterland@Sun.COM  * Module:	keystore.h
33*9781SMoriah.Waterland@Sun.COM  * Description:	This module contains the structure definitions for processing
34*9781SMoriah.Waterland@Sun.COM  *		package keystore files.
35*9781SMoriah.Waterland@Sun.COM  */
36*9781SMoriah.Waterland@Sun.COM 
37*9781SMoriah.Waterland@Sun.COM #ifdef __cplusplus
38*9781SMoriah.Waterland@Sun.COM extern "C" {
39*9781SMoriah.Waterland@Sun.COM #endif
40*9781SMoriah.Waterland@Sun.COM 
41*9781SMoriah.Waterland@Sun.COM #include <openssl/evp.h>
42*9781SMoriah.Waterland@Sun.COM #include <openssl/x509.h>
43*9781SMoriah.Waterland@Sun.COM #include "pkgerr.h"
44*9781SMoriah.Waterland@Sun.COM 
45*9781SMoriah.Waterland@Sun.COM /* keystore structures */
46*9781SMoriah.Waterland@Sun.COM 
47*9781SMoriah.Waterland@Sun.COM /* this opaque type represents a keystore */
48*9781SMoriah.Waterland@Sun.COM typedef void *keystore_handle_t;
49*9781SMoriah.Waterland@Sun.COM 
50*9781SMoriah.Waterland@Sun.COM /* flags passed to open_keystore */
51*9781SMoriah.Waterland@Sun.COM 
52*9781SMoriah.Waterland@Sun.COM /* opens keystore read-only.  Attempts to modify results in an error */
53*9781SMoriah.Waterland@Sun.COM #define	KEYSTORE_ACCESS_READONLY	0x00000001L
54*9781SMoriah.Waterland@Sun.COM 
55*9781SMoriah.Waterland@Sun.COM /* opens keystore read-write */
56*9781SMoriah.Waterland@Sun.COM #define	KEYSTORE_ACCESS_READWRITE	0x00000002L
57*9781SMoriah.Waterland@Sun.COM 
58*9781SMoriah.Waterland@Sun.COM /*
59*9781SMoriah.Waterland@Sun.COM  * tells open_keystore to fall back to app-generic paths in the case that
60*9781SMoriah.Waterland@Sun.COM  * the app-specific paths do not exist.
61*9781SMoriah.Waterland@Sun.COM  */
62*9781SMoriah.Waterland@Sun.COM #define	KEYSTORE_PATH_SOFT		0x00000010L
63*9781SMoriah.Waterland@Sun.COM 
64*9781SMoriah.Waterland@Sun.COM /*
65*9781SMoriah.Waterland@Sun.COM  * tells open_keystore to use the app-specific paths no matter what,
66*9781SMoriah.Waterland@Sun.COM  * failing if they cannot be used for any reason.
67*9781SMoriah.Waterland@Sun.COM  */
68*9781SMoriah.Waterland@Sun.COM #define	KEYSTORE_PATH_HARD		0x00000020L
69*9781SMoriah.Waterland@Sun.COM 
70*9781SMoriah.Waterland@Sun.COM /* masks off various types of flags */
71*9781SMoriah.Waterland@Sun.COM #define	KEYSTORE_ACCESS_MASK		0x0000000FL
72*9781SMoriah.Waterland@Sun.COM #define	KEYSTORE_PATH_MASK		0x000000F0L
73*9781SMoriah.Waterland@Sun.COM 
74*9781SMoriah.Waterland@Sun.COM /* default is read-only, soft */
75*9781SMoriah.Waterland@Sun.COM #define	KEYSTORE_DFLT_FLAGS \
76*9781SMoriah.Waterland@Sun.COM 		(KEYSTORE_ACCESS_READONLY|KEYSTORE_PATH_SOFT)
77*9781SMoriah.Waterland@Sun.COM 
78*9781SMoriah.Waterland@Sun.COM /*
79*9781SMoriah.Waterland@Sun.COM  * possible encoding formats used by the library, used
80*9781SMoriah.Waterland@Sun.COM  * by print_cert
81*9781SMoriah.Waterland@Sun.COM  */
82*9781SMoriah.Waterland@Sun.COM typedef enum {
83*9781SMoriah.Waterland@Sun.COM 	KEYSTORE_FORMAT_PEM,
84*9781SMoriah.Waterland@Sun.COM 	KEYSTORE_FORMAT_DER,
85*9781SMoriah.Waterland@Sun.COM 	KEYSTORE_FORMAT_TEXT
86*9781SMoriah.Waterland@Sun.COM } keystore_encoding_format_t;
87*9781SMoriah.Waterland@Sun.COM 
88*9781SMoriah.Waterland@Sun.COM /*
89*9781SMoriah.Waterland@Sun.COM  * structure passed back to password callback for determining how
90*9781SMoriah.Waterland@Sun.COM  * to prompt for passphrase, and where to record errors
91*9781SMoriah.Waterland@Sun.COM  */
92*9781SMoriah.Waterland@Sun.COM typedef struct {
93*9781SMoriah.Waterland@Sun.COM 	PKG_ERR	*err;
94*9781SMoriah.Waterland@Sun.COM } keystore_passphrase_data;
95*9781SMoriah.Waterland@Sun.COM 
96*9781SMoriah.Waterland@Sun.COM 
97*9781SMoriah.Waterland@Sun.COM /* max length of a passphrase.  One could use a short story! */
98*9781SMoriah.Waterland@Sun.COM #define	KEYSTORE_PASS_MAX	1024
99*9781SMoriah.Waterland@Sun.COM 
100*9781SMoriah.Waterland@Sun.COM /* callback for collecting passphrase when open_keystore() is called */
101*9781SMoriah.Waterland@Sun.COM typedef int keystore_passphrase_cb(char *, int, int, void *);
102*9781SMoriah.Waterland@Sun.COM 
103*9781SMoriah.Waterland@Sun.COM /* names of the individual files within the keystore path */
104*9781SMoriah.Waterland@Sun.COM #define	TRUSTSTORE		"truststore"
105*9781SMoriah.Waterland@Sun.COM #define	KEYSTORE		"keystore"
106*9781SMoriah.Waterland@Sun.COM #define	CERTSTORE		"certstore"
107*9781SMoriah.Waterland@Sun.COM 
108*9781SMoriah.Waterland@Sun.COM /* keystore.c */
109*9781SMoriah.Waterland@Sun.COM extern int		open_keystore(PKG_ERR *, char *, char *,
110*9781SMoriah.Waterland@Sun.COM     keystore_passphrase_cb, long flags, keystore_handle_t *);
111*9781SMoriah.Waterland@Sun.COM 
112*9781SMoriah.Waterland@Sun.COM extern int		print_certs(PKG_ERR *, keystore_handle_t, char *,
113*9781SMoriah.Waterland@Sun.COM     keystore_encoding_format_t, FILE *);
114*9781SMoriah.Waterland@Sun.COM 
115*9781SMoriah.Waterland@Sun.COM extern int		check_cert(PKG_ERR *, X509 *);
116*9781SMoriah.Waterland@Sun.COM 
117*9781SMoriah.Waterland@Sun.COM extern int		check_cert_and_key(PKG_ERR *, X509 *, EVP_PKEY *);
118*9781SMoriah.Waterland@Sun.COM 
119*9781SMoriah.Waterland@Sun.COM extern int		print_cert(PKG_ERR *, X509 *,
120*9781SMoriah.Waterland@Sun.COM     keystore_encoding_format_t, char *, boolean_t, FILE *);
121*9781SMoriah.Waterland@Sun.COM 
122*9781SMoriah.Waterland@Sun.COM extern int		close_keystore(PKG_ERR *, keystore_handle_t,
123*9781SMoriah.Waterland@Sun.COM     keystore_passphrase_cb);
124*9781SMoriah.Waterland@Sun.COM 
125*9781SMoriah.Waterland@Sun.COM extern int		merge_ca_cert(PKG_ERR *, X509 *, keystore_handle_t);
126*9781SMoriah.Waterland@Sun.COM extern int		merge_cert_and_key(PKG_ERR *, X509 *, EVP_PKEY *,
127*9781SMoriah.Waterland@Sun.COM     char *, keystore_handle_t);
128*9781SMoriah.Waterland@Sun.COM 
129*9781SMoriah.Waterland@Sun.COM extern int		delete_cert_and_keys(PKG_ERR *, keystore_handle_t,
130*9781SMoriah.Waterland@Sun.COM     char *);
131*9781SMoriah.Waterland@Sun.COM 
132*9781SMoriah.Waterland@Sun.COM extern int		find_key_cert_pair(PKG_ERR *, keystore_handle_t,
133*9781SMoriah.Waterland@Sun.COM     char *, EVP_PKEY **, X509 **);
134*9781SMoriah.Waterland@Sun.COM 
135*9781SMoriah.Waterland@Sun.COM extern int		find_ca_certs(PKG_ERR *, keystore_handle_t,
136*9781SMoriah.Waterland@Sun.COM     STACK_OF(X509) **);
137*9781SMoriah.Waterland@Sun.COM 
138*9781SMoriah.Waterland@Sun.COM extern int		find_cl_certs(PKG_ERR *, keystore_handle_t,
139*9781SMoriah.Waterland@Sun.COM     STACK_OF(X509) **);
140*9781SMoriah.Waterland@Sun.COM 
141*9781SMoriah.Waterland@Sun.COM #ifdef __cplusplus
142*9781SMoriah.Waterland@Sun.COM }
143*9781SMoriah.Waterland@Sun.COM #endif
144*9781SMoriah.Waterland@Sun.COM 
145*9781SMoriah.Waterland@Sun.COM #endif /* _KEYSTORE_H */
146