10Sstevel@tonic-gate /* 20Sstevel@tonic-gate * CDDL HEADER START 30Sstevel@tonic-gate * 40Sstevel@tonic-gate * The contents of this file are subject to the terms of the 53089Swyllys * Common Development and Distribution License (the "License"). 63089Swyllys * You may not use this file except in compliance with the License. 70Sstevel@tonic-gate * 80Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 90Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 100Sstevel@tonic-gate * See the License for the specific language governing permissions 110Sstevel@tonic-gate * and limitations under the License. 120Sstevel@tonic-gate * 130Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 140Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 150Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 160Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 170Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 180Sstevel@tonic-gate * 190Sstevel@tonic-gate * CDDL HEADER END 200Sstevel@tonic-gate */ 210Sstevel@tonic-gate /* 22*11973Swyllys.ingersoll@sun.com * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 230Sstevel@tonic-gate * Use is subject to license terms. 240Sstevel@tonic-gate */ 250Sstevel@tonic-gate 260Sstevel@tonic-gate #ifndef _PKTOOL_COMMON_H 270Sstevel@tonic-gate #define _PKTOOL_COMMON_H 280Sstevel@tonic-gate 290Sstevel@tonic-gate /* 300Sstevel@tonic-gate * This file contains data and functions shared between all the 310Sstevel@tonic-gate * modules that comprise this tool. 320Sstevel@tonic-gate */ 330Sstevel@tonic-gate 340Sstevel@tonic-gate #ifdef __cplusplus 350Sstevel@tonic-gate extern "C" { 360Sstevel@tonic-gate #endif 370Sstevel@tonic-gate 380Sstevel@tonic-gate #include <cryptoutil.h> 390Sstevel@tonic-gate 400Sstevel@tonic-gate /* I18N helpers. */ 410Sstevel@tonic-gate #include <libintl.h> 420Sstevel@tonic-gate #include <locale.h> 433089Swyllys #include <errno.h> 443089Swyllys #include <kmfapi.h> 450Sstevel@tonic-gate 4617Sdinak /* Defines used throughout */ 4717Sdinak 480Sstevel@tonic-gate /* Error codes */ 490Sstevel@tonic-gate #define PK_ERR_NONE 0 500Sstevel@tonic-gate #define PK_ERR_USAGE 1 510Sstevel@tonic-gate #define PK_ERR_QUIT 2 5217Sdinak #define PK_ERR_PK11 3 5317Sdinak #define PK_ERR_SYSTEM 4 5417Sdinak #define PK_ERR_OPENSSL 5 553089Swyllys #define PK_ERR_NSS 6 5617Sdinak 5717Sdinak /* Types of objects for searches. */ 5817Sdinak #define PK_PRIVATE_OBJ 0x0001 5917Sdinak #define PK_PUBLIC_OBJ 0x0002 6017Sdinak #define PK_CERT_OBJ 0x0010 6117Sdinak #define PK_PRIKEY_OBJ 0x0020 6217Sdinak #define PK_PUBKEY_OBJ 0x0040 633089Swyllys #define PK_SYMKEY_OBJ 0x0080 643089Swyllys #define PK_CRL_OBJ 0x0100 6517Sdinak 663089Swyllys #define PK_KEY_OBJ (PK_PRIKEY_OBJ | PK_PUBKEY_OBJ | PK_SYMKEY_OBJ) 673089Swyllys #define PK_ALL_OBJ (PK_PRIVATE_OBJ | PK_PUBLIC_OBJ |\ 683089Swyllys PK_CERT_OBJ| PK_CRL_OBJ | PK_KEY_OBJ) 693089Swyllys 703089Swyllys #define PK_DEFAULT_KEYTYPE "rsa" 71*11973Swyllys.ingersoll@sun.com #define PK_DEFAULT_KEYLENGTH 2048 723089Swyllys #define PK_DEFAULT_DIRECTORY "." 733089Swyllys #define PK_DEFAULT_SERIALNUM 1 743089Swyllys #define PK_DEFAULT_PK11TOKEN SOFT_TOKEN_LABEL 7517Sdinak 7617Sdinak /* Constants for attribute templates. */ 7717Sdinak extern CK_BBOOL pk_false; 7817Sdinak extern CK_BBOOL pk_true; 7917Sdinak 806051Swyllys typedef struct { 816051Swyllys int eku_count; 826051Swyllys int *critlist; 836051Swyllys KMF_OID *ekulist; 846051Swyllys } EKU_LIST; 8517Sdinak 8617Sdinak /* Common functions. */ 8717Sdinak extern void final_pk11(CK_SESSION_HANDLE sess); 8817Sdinak 8917Sdinak extern CK_RV login_token(CK_SLOT_ID slot_id, CK_UTF8CHAR_PTR pin, 9017Sdinak CK_ULONG pinlen, CK_SESSION_HANDLE_PTR sess); 910Sstevel@tonic-gate 9217Sdinak extern CK_RV quick_start(CK_SLOT_ID slot_id, CK_FLAGS sess_flags, 9317Sdinak CK_UTF8CHAR_PTR pin, CK_ULONG pinlen, 9417Sdinak CK_SESSION_HANDLE_PTR sess); 9517Sdinak 9617Sdinak extern CK_RV get_pin(char *prompt1, char *prompt2, CK_UTF8CHAR_PTR *pin, 9717Sdinak CK_ULONG *pinlen); 9817Sdinak extern boolean_t yesno(char *prompt, char *invalid, boolean_t dflt); 9917Sdinak 10017Sdinak extern CK_RV get_token_slots(CK_SLOT_ID_PTR *slot_list, 10117Sdinak CK_ULONG *slot_count); 10217Sdinak 1033089Swyllys extern int get_subname(char **); 1045221Swyllys extern int get_serial(char **); 1055221Swyllys extern int get_certlabel(char **); 1065221Swyllys extern int get_filename(char *, char **); 1070Sstevel@tonic-gate 108864Sdinak extern int getopt_av(int argc, char * const argv[], const char *optstring); 109864Sdinak extern char *optarg_av; 110864Sdinak extern int optind_av; 111864Sdinak 1123089Swyllys int OT2Int(char *); 1133089Swyllys int PK2Int(char *); 1143089Swyllys KMF_KEYSTORE_TYPE KS2Int(char *); 115*11973Swyllys.ingersoll@sun.com int Str2KeyType(char *, KMF_OID *, KMF_KEY_ALG *, KMF_ALGORITHM_INDEX *); 1163089Swyllys int Str2SymKeyType(char *, KMF_KEY_ALG *); 1173089Swyllys int Str2Lifetime(char *, uint32_t *); 1183089Swyllys KMF_RETURN select_token(void *, char *, int); 1193089Swyllys KMF_RETURN configure_nss(void *, char *, char *); 1203089Swyllys 1213089Swyllys KMF_ENCODE_FORMAT Str2Format(char *); 1223089Swyllys KMF_RETURN get_pk12_password(KMF_CREDENTIAL *); 1233089Swyllys KMF_RETURN hexstring2bytes(uchar_t *, uchar_t **, size_t *); 1243089Swyllys KMF_RETURN verify_altname(char *arg, KMF_GENERALNAMECHOICES *, int *); 1253089Swyllys KMF_RETURN verify_keyusage(char *arg, uint16_t *, int *); 1263089Swyllys KMF_RETURN verify_file(char *); 1276051Swyllys KMF_RETURN verify_ekunames(char *, EKU_LIST **); 1286354Swyllys KMF_RETURN token_auth_needed(KMF_HANDLE_T, char *, int *); 129*11973Swyllys.ingersoll@sun.com KMF_OID *ecc_name_to_oid(char *); 130*11973Swyllys.ingersoll@sun.com void show_ecc_curves(); 131*11973Swyllys.ingersoll@sun.com KMF_RETURN genkeypair_pkcs11(KMF_HANDLE_T, char *, char *, KMF_KEY_ALG, 132*11973Swyllys.ingersoll@sun.com int, KMF_CREDENTIAL *, KMF_OID *, 133*11973Swyllys.ingersoll@sun.com KMF_KEY_HANDLE *, KMF_KEY_HANDLE *); 134*11973Swyllys.ingersoll@sun.com 135*11973Swyllys.ingersoll@sun.com KMF_RETURN genkeypair_file(KMF_HANDLE_T, 136*11973Swyllys.ingersoll@sun.com KMF_KEY_ALG, int, KMF_ENCODE_FORMAT, 137*11973Swyllys.ingersoll@sun.com char *, KMF_KEY_HANDLE *, KMF_KEY_HANDLE *); 138*11973Swyllys.ingersoll@sun.com 139*11973Swyllys.ingersoll@sun.com KMF_RETURN genkeypair_nss(KMF_HANDLE_T, 140*11973Swyllys.ingersoll@sun.com char *, char *, char *, char *, 141*11973Swyllys.ingersoll@sun.com KMF_KEY_ALG, int, KMF_CREDENTIAL *, 142*11973Swyllys.ingersoll@sun.com KMF_OID *, KMF_KEY_HANDLE *, KMF_KEY_HANDLE *); 1436051Swyllys 1446051Swyllys void free_eku_list(EKU_LIST *); 1456051Swyllys 1466051Swyllys int yn_to_int(char *); 1476051Swyllys 1483089Swyllys int get_token_password(KMF_KEYSTORE_TYPE, char *, KMF_CREDENTIAL *); 1493089Swyllys void display_error(void *, KMF_RETURN, char *); 1506354Swyllys 1513089Swyllys #define DEFAULT_NSS_TOKEN "internal" 1524006Shylee #define DEFAULT_TOKEN_PROMPT "Enter PIN for %s: " 1533089Swyllys 1543089Swyllys #define EMPTYSTRING(s) (s == NULL || !strlen((char *)s)) 1556884Swyllys /* 1566884Swyllys * The "dir" option is only valid with the NSS keystore. This check 1576884Swyllys * forces PK_ERR_USAGE when it is used with non-NSS keystore. 1586884Swyllys */ 1596884Swyllys #define DIR_OPTION_CHECK(k, d) \ 1606884Swyllys if (k != KMF_KEYSTORE_NSS && d != NULL) { \ 1616884Swyllys cryptoerror(LOG_STDERR, gettext("The 'dir' option is " \ 1626884Swyllys "not supported with the indicated keystore\n")); \ 1636884Swyllys return (PK_ERR_USAGE); \ 1646884Swyllys } 1656884Swyllys 1663089Swyllys 1670Sstevel@tonic-gate #ifdef __cplusplus 1680Sstevel@tonic-gate } 1690Sstevel@tonic-gate #endif 1700Sstevel@tonic-gate 1710Sstevel@tonic-gate #endif /* _PKTOOL_COMMON_H */ 172