[331] | 1 | /*
|
---|
| 2 | * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
|
---|
| 3 | *
|
---|
| 4 | * Licensed under the OpenSSL license (the "License"). You may not use
|
---|
| 5 | * this file except in compliance with the License. You can obtain a copy
|
---|
| 6 | * in the file LICENSE in the source distribution or at
|
---|
| 7 | * https://www.openssl.org/source/license.html
|
---|
| 8 | */
|
---|
| 9 |
|
---|
| 10 | /*-
|
---|
| 11 | * ModExp / RSA (with/without KM) plugin API
|
---|
| 12 | *
|
---|
| 13 | * The application will load a dynamic library which
|
---|
| 14 | * exports entrypoint(s) defined in this file.
|
---|
| 15 | *
|
---|
| 16 | * This set of entrypoints provides only a multithreaded,
|
---|
| 17 | * synchronous-within-each-thread, facility.
|
---|
| 18 | *
|
---|
| 19 | *
|
---|
| 20 | * This file is Copyright 1998-2000 nCipher Corporation Limited.
|
---|
| 21 | *
|
---|
| 22 | * Redistribution and use in source and binary forms, with opr without
|
---|
| 23 | * modification, are permitted provided that the following conditions
|
---|
| 24 | * are met:
|
---|
| 25 | *
|
---|
| 26 | * 1. Redistributions of source code must retain the copyright notice,
|
---|
| 27 | * this list of conditions, and the following disclaimer.
|
---|
| 28 | *
|
---|
| 29 | * 2. Redistributions in binary form must reproduce the above
|
---|
| 30 | * copyright notice, this list of conditions, and the following
|
---|
| 31 | * disclaimer, in the documentation and/or other materials provided
|
---|
| 32 | * with the distribution
|
---|
| 33 | *
|
---|
| 34 | * IN NO EVENT SHALL NCIPHER CORPORATION LIMITED (`NCIPHER') AND/OR
|
---|
| 35 | * ANY OTHER AUTHORS OR DISTRIBUTORS OF THIS FILE BE LIABLE for any
|
---|
| 36 | * damages arising directly or indirectly from this file, its use or
|
---|
| 37 | * this licence. Without prejudice to the generality of the
|
---|
| 38 | * foregoing: all liability shall be excluded for direct, indirect,
|
---|
| 39 | * special, incidental, consequential or other damages or any loss of
|
---|
| 40 | * profits, business, revenue goodwill or anticipated savings;
|
---|
| 41 | * liability shall be excluded even if nCipher or anyone else has been
|
---|
| 42 | * advised of the possibility of damage. In any event, if the
|
---|
| 43 | * exclusion of liability is not effective, the liability of nCipher
|
---|
| 44 | * or any author or distributor shall be limited to the lesser of the
|
---|
| 45 | * price paid and 1,000 pounds sterling. This licence only fails to
|
---|
| 46 | * exclude or limit liability for death or personal injury arising out
|
---|
| 47 | * of negligence, and only to the extent that such an exclusion or
|
---|
| 48 | * limitation is not effective.
|
---|
| 49 | *
|
---|
| 50 | * NCIPHER AND THE AUTHORS AND DISTRIBUTORS SPECIFICALLY DISCLAIM ALL
|
---|
| 51 | * AND ANY WARRANTIES (WHETHER EXPRESS OR IMPLIED), including, but not
|
---|
| 52 | * limited to, any implied warranties of merchantability, fitness for
|
---|
| 53 | * a particular purpose, satisfactory quality, and/or non-infringement
|
---|
| 54 | * of any third party rights.
|
---|
| 55 | *
|
---|
| 56 | * US Government use: This software and documentation is Commercial
|
---|
| 57 | * Computer Software and Computer Software Documentation, as defined in
|
---|
| 58 | * sub-paragraphs (a)(1) and (a)(5) of DFAR 252.227-7014, "Rights in
|
---|
| 59 | * Noncommercial Computer Software and Noncommercial Computer Software
|
---|
| 60 | * Documentation." Use, duplication or disclosure by the Government is
|
---|
| 61 | * subject to the terms and conditions specified here.
|
---|
| 62 | *
|
---|
| 63 | * By using or distributing this file you will be accepting these
|
---|
| 64 | * terms and conditions, including the limitation of liability and
|
---|
| 65 | * lack of warranty. If you do not wish to accept these terms and
|
---|
| 66 | * conditions, DO NOT USE THE FILE.
|
---|
| 67 | *
|
---|
| 68 | *
|
---|
| 69 | * The actual dynamically loadable plugin, and the library files for
|
---|
| 70 | * static linking, which are also provided in some distributions, are
|
---|
| 71 | * not covered by the licence described above. You should have
|
---|
| 72 | * received a separate licence with terms and conditions for these
|
---|
| 73 | * library files; if you received the library files without a licence,
|
---|
| 74 | * please contact nCipher.
|
---|
| 75 | *
|
---|
| 76 | */
|
---|
| 77 |
|
---|
| 78 | #ifndef HWCRYPTOHOOK_H
|
---|
| 79 | # define HWCRYPTOHOOK_H
|
---|
| 80 |
|
---|
| 81 | # include <sys/types.h>
|
---|
| 82 | # include <stdio.h>
|
---|
| 83 |
|
---|
| 84 | # ifndef HWCRYPTOHOOK_DECLARE_APPTYPES
|
---|
| 85 | # define HWCRYPTOHOOK_DECLARE_APPTYPES 1
|
---|
| 86 | # endif
|
---|
| 87 |
|
---|
| 88 | # define HWCRYPTOHOOK_ERROR_FAILED -1
|
---|
| 89 | # define HWCRYPTOHOOK_ERROR_FALLBACK -2
|
---|
| 90 | # define HWCRYPTOHOOK_ERROR_MPISIZE -3
|
---|
| 91 |
|
---|
| 92 | # if HWCRYPTOHOOK_DECLARE_APPTYPES
|
---|
| 93 |
|
---|
| 94 | /*-
|
---|
| 95 | * These structs are defined by the application and opaque to the
|
---|
| 96 | * crypto plugin. The application may define these as it sees fit.
|
---|
| 97 | * Default declarations are provided here, but the application may
|
---|
| 98 | * #define HWCRYPTOHOOK_DECLARE_APPTYPES 0
|
---|
| 99 | * to prevent these declarations, and instead provide its own
|
---|
| 100 | * declarations of these types. (Pointers to them must still be
|
---|
| 101 | * ordinary pointers to structs or unions, or the resulting combined
|
---|
| 102 | * program will have a type inconsistency.)
|
---|
| 103 | */
|
---|
| 104 | typedef struct HWCryptoHook_MutexValue HWCryptoHook_Mutex;
|
---|
| 105 | typedef struct HWCryptoHook_CondVarValue HWCryptoHook_CondVar;
|
---|
| 106 | typedef struct HWCryptoHook_PassphraseContextValue
|
---|
| 107 | HWCryptoHook_PassphraseContext;
|
---|
| 108 | typedef struct HWCryptoHook_CallerContextValue HWCryptoHook_CallerContext;
|
---|
| 109 |
|
---|
| 110 | # endif /* HWCRYPTOHOOK_DECLARE_APPTYPES */
|
---|
| 111 |
|
---|
| 112 | /*-
|
---|
| 113 | * These next two structs are opaque to the application. The crypto
|
---|
| 114 | * plugin will return pointers to them; the caller simply manipulates
|
---|
| 115 | * the pointers.
|
---|
| 116 | */
|
---|
| 117 | typedef struct HWCryptoHook_Context *HWCryptoHook_ContextHandle;
|
---|
| 118 | typedef struct HWCryptoHook_RSAKey *HWCryptoHook_RSAKeyHandle;
|
---|
| 119 |
|
---|
| 120 | typedef struct {
|
---|
| 121 | char *buf;
|
---|
| 122 | size_t size;
|
---|
| 123 | } HWCryptoHook_ErrMsgBuf;
|
---|
| 124 | /*-
|
---|
| 125 | * Used for error reporting. When a HWCryptoHook function fails it
|
---|
| 126 | * will return a sentinel value (0 for pointer-valued functions, or a
|
---|
| 127 | * negative number, usually HWCRYPTOHOOK_ERROR_FAILED, for
|
---|
| 128 | * integer-valued ones). It will, if an ErrMsgBuf is passed, also put
|
---|
| 129 | * an error message there.
|
---|
| 130 | *
|
---|
| 131 | * size is the size of the buffer, and will not be modified. If you
|
---|
| 132 | * pass 0 for size you must pass 0 for buf, and nothing will be
|
---|
| 133 | * recorded (just as if you passed 0 for the struct pointer).
|
---|
| 134 | * Messages written to the buffer will always be null-terminated, even
|
---|
| 135 | * when truncated to fit within size bytes.
|
---|
| 136 | *
|
---|
| 137 | * The contents of the buffer are not defined if there is no error.
|
---|
| 138 | */
|
---|
| 139 |
|
---|
| 140 | typedef struct HWCryptoHook_MPIStruct {
|
---|
| 141 | unsigned char *buf;
|
---|
| 142 | size_t size;
|
---|
| 143 | } HWCryptoHook_MPI;
|
---|
| 144 | /*-
|
---|
| 145 | * When one of these is returned, a pointer is passed to the function.
|
---|
| 146 | * At call, size is the space available. Afterwards it is updated to
|
---|
| 147 | * be set to the actual length (which may be more than the space available,
|
---|
| 148 | * if there was not enough room and the result was truncated).
|
---|
| 149 | * buf (the pointer) is not updated.
|
---|
| 150 | *
|
---|
| 151 | * size is in bytes and may be zero at call or return, but must be a
|
---|
| 152 | * multiple of the limb size. Zero limbs at the MS end are not
|
---|
| 153 | * permitted.
|
---|
| 154 | */
|
---|
| 155 |
|
---|
| 156 | # define HWCryptoHook_InitFlags_FallbackModExp 0x0002UL
|
---|
| 157 | # define HWCryptoHook_InitFlags_FallbackRSAImmed 0x0004UL
|
---|
| 158 | /*-
|
---|
| 159 | * Enable requesting fallback to software in case of problems with the
|
---|
| 160 | * hardware support. This indicates to the crypto provider that the
|
---|
| 161 | * application is prepared to fall back to software operation if the
|
---|
| 162 | * ModExp* or RSAImmed* functions return HWCRYPTOHOOK_ERROR_FALLBACK.
|
---|
| 163 | * Without this flag those calls will never return
|
---|
| 164 | * HWCRYPTOHOOK_ERROR_FALLBACK. The flag will also cause the crypto
|
---|
| 165 | * provider to avoid repeatedly attempting to contact dead hardware
|
---|
| 166 | * within a short interval, if appropriate.
|
---|
| 167 | */
|
---|
| 168 |
|
---|
| 169 | # define HWCryptoHook_InitFlags_SimpleForkCheck 0x0010UL
|
---|
| 170 | /*-
|
---|
| 171 | * Without _SimpleForkCheck the library is allowed to assume that the
|
---|
| 172 | * application will not fork and call the library in the child(ren).
|
---|
| 173 | *
|
---|
| 174 | * When it is specified, this is allowed. However, after a fork
|
---|
| 175 | * neither parent nor child may unload any loaded keys or call
|
---|
| 176 | * _Finish. Instead, they should call exit (or die with a signal)
|
---|
| 177 | * without calling _Finish. After all the children have died the
|
---|
| 178 | * parent may unload keys or call _Finish.
|
---|
| 179 | *
|
---|
| 180 | * This flag only has any effect on UN*X platforms.
|
---|
| 181 | */
|
---|
| 182 |
|
---|
| 183 | typedef struct {
|
---|
| 184 | unsigned long flags;
|
---|
| 185 | void *logstream; /* usually a FILE*. See below. */
|
---|
| 186 | size_t limbsize; /* bignum format - size of radix type, must
|
---|
| 187 | * be power of 2 */
|
---|
| 188 | int mslimbfirst; /* 0 or 1 */
|
---|
| 189 | int msbytefirst; /* 0 or 1; -1 = native */
|
---|
| 190 | /*-
|
---|
| 191 | * All the callback functions should return 0 on success, or a
|
---|
| 192 | * nonzero integer (whose value will be visible in the error message
|
---|
| 193 | * put in the buffer passed to the call).
|
---|
| 194 | *
|
---|
| 195 | * If a callback is not available pass a null function pointer.
|
---|
| 196 | *
|
---|
| 197 | * The callbacks may not call down again into the crypto plugin.
|
---|
| 198 | */
|
---|
| 199 | /*-
|
---|
| 200 | * For thread-safety. Set everything to 0 if you promise only to be
|
---|
| 201 | * singlethreaded. maxsimultaneous is the number of calls to
|
---|
| 202 | * ModExp[Crt]/RSAImmed{Priv,Pub}/RSA. If you don't know what to
|
---|
| 203 | * put there then say 0 and the hook library will use a default.
|
---|
| 204 | *
|
---|
| 205 | * maxmutexes is a small limit on the number of simultaneous mutexes
|
---|
| 206 | * which will be requested by the library. If there is no small
|
---|
| 207 | * limit, set it to 0. If the crypto plugin cannot create the
|
---|
| 208 | * advertised number of mutexes the calls to its functions may fail.
|
---|
| 209 | * If a low number of mutexes is advertised the plugin will try to
|
---|
| 210 | * do the best it can. Making larger numbers of mutexes available
|
---|
| 211 | * may improve performance and parallelism by reducing contention
|
---|
| 212 | * over critical sections. Unavailability of any mutexes, implying
|
---|
| 213 | * single-threaded operation, should be indicated by the setting
|
---|
| 214 | * mutex_init et al to 0.
|
---|
| 215 | */
|
---|
| 216 | int maxmutexes;
|
---|
| 217 | int maxsimultaneous;
|
---|
| 218 | size_t mutexsize;
|
---|
| 219 | int (*mutex_init) (HWCryptoHook_Mutex *,
|
---|
| 220 | HWCryptoHook_CallerContext * cactx);
|
---|
| 221 | int (*mutex_acquire) (HWCryptoHook_Mutex *);
|
---|
| 222 | void (*mutex_release) (HWCryptoHook_Mutex *);
|
---|
| 223 | void (*mutex_destroy) (HWCryptoHook_Mutex *);
|
---|
| 224 | /*-
|
---|
| 225 | * For greater efficiency, can use condition vars internally for
|
---|
| 226 | * synchronisation. In this case maxsimultaneous is ignored, but
|
---|
| 227 | * the other mutex stuff must be available. In singlethreaded
|
---|
| 228 | * programs, set everything to 0.
|
---|
| 229 | */
|
---|
| 230 | size_t condvarsize;
|
---|
| 231 | int (*condvar_init) (HWCryptoHook_CondVar *,
|
---|
| 232 | HWCryptoHook_CallerContext * cactx);
|
---|
| 233 | int (*condvar_wait) (HWCryptoHook_CondVar *, HWCryptoHook_Mutex *);
|
---|
| 234 | void (*condvar_signal) (HWCryptoHook_CondVar *);
|
---|
| 235 | void (*condvar_broadcast) (HWCryptoHook_CondVar *);
|
---|
| 236 | void (*condvar_destroy) (HWCryptoHook_CondVar *);
|
---|
| 237 | /*-
|
---|
| 238 | * The semantics of acquiring and releasing mutexes and broadcasting
|
---|
| 239 | * and waiting on condition variables are expected to be those from
|
---|
| 240 | * POSIX threads (pthreads). The mutexes may be (in pthread-speak)
|
---|
| 241 | * fast mutexes, recursive mutexes, or nonrecursive ones.
|
---|
| 242 | *
|
---|
| 243 | * The _release/_signal/_broadcast and _destroy functions must
|
---|
| 244 | * always succeed when given a valid argument; if they are given an
|
---|
| 245 | * invalid argument then the program (crypto plugin + application)
|
---|
| 246 | * has an internal error, and they should abort the program.
|
---|
| 247 | */
|
---|
| 248 | int (*getpassphrase) (const char *prompt_info,
|
---|
| 249 | int *len_io, char *buf,
|
---|
| 250 | HWCryptoHook_PassphraseContext * ppctx,
|
---|
| 251 | HWCryptoHook_CallerContext * cactx);
|
---|
| 252 | /*-
|
---|
| 253 | * Passphrases and the prompt_info, if they contain high-bit-set
|
---|
| 254 | * characters, are UTF-8. The prompt_info may be a null pointer if
|
---|
| 255 | * no prompt information is available (it should not be an empty
|
---|
| 256 | * string). It will not contain text like `enter passphrase';
|
---|
| 257 | * instead it might say something like `Operator Card for John
|
---|
| 258 | * Smith' or `SmartCard in nFast Module #1, Slot #1'.
|
---|
| 259 | *
|
---|
| 260 | * buf points to a buffer in which to return the passphrase; on
|
---|
| 261 | * entry *len_io is the length of the buffer. It should be updated
|
---|
| 262 | * by the callback. The returned passphrase should not be
|
---|
| 263 | * null-terminated by the callback.
|
---|
| 264 | */
|
---|
| 265 | int (*getphystoken) (const char *prompt_info,
|
---|
| 266 | const char *wrong_info,
|
---|
| 267 | HWCryptoHook_PassphraseContext * ppctx,
|
---|
| 268 | HWCryptoHook_CallerContext * cactx);
|
---|
| 269 | /*-
|
---|
| 270 | * Requests that the human user physically insert a different
|
---|
| 271 | * smartcard, DataKey, etc. The plugin should check whether the
|
---|
| 272 | * currently inserted token(s) are appropriate, and if they are it
|
---|
| 273 | * should not make this call.
|
---|
| 274 | *
|
---|
| 275 | * prompt_info is as before. wrong_info is a description of the
|
---|
| 276 | * currently inserted token(s) so that the user is told what
|
---|
| 277 | * something is. wrong_info, like prompt_info, may be null, but
|
---|
| 278 | * should not be an empty string. Its contents should be
|
---|
| 279 | * syntactically similar to that of prompt_info.
|
---|
| 280 | */
|
---|
| 281 | /*-
|
---|
| 282 | * Note that a single LoadKey operation might cause several calls to
|
---|
| 283 | * getpassphrase and/or requestphystoken. If requestphystoken is
|
---|
| 284 | * not provided (ie, a null pointer is passed) then the plugin may
|
---|
| 285 | * not support loading keys for which authorisation by several cards
|
---|
| 286 | * is required. If getpassphrase is not provided then cards with
|
---|
| 287 | * passphrases may not be supported.
|
---|
| 288 | *
|
---|
| 289 | * getpassphrase and getphystoken do not need to check that the
|
---|
| 290 | * passphrase has been entered correctly or the correct token
|
---|
| 291 | * inserted; the crypto plugin will do that. If this is not the
|
---|
| 292 | * case then the crypto plugin is responsible for calling these
|
---|
| 293 | * routines again as appropriate until the correct token(s) and
|
---|
| 294 | * passphrase(s) are supplied as required, or until any retry limits
|
---|
| 295 | * implemented by the crypto plugin are reached.
|
---|
| 296 | *
|
---|
| 297 | * In either case, the application must allow the user to say `no'
|
---|
| 298 | * or `cancel' to indicate that they do not know the passphrase or
|
---|
| 299 | * have the appropriate token; this should cause the callback to
|
---|
| 300 | * return nonzero indicating error.
|
---|
| 301 | */
|
---|
| 302 | void (*logmessage) (void *logstream, const char *message);
|
---|
| 303 | /*-
|
---|
| 304 | * A log message will be generated at least every time something goes
|
---|
| 305 | * wrong and an ErrMsgBuf is filled in (or would be if one was
|
---|
| 306 | * provided). Other diagnostic information may be written there too,
|
---|
| 307 | * including more detailed reasons for errors which are reported in an
|
---|
| 308 | * ErrMsgBuf.
|
---|
| 309 | *
|
---|
| 310 | * When a log message is generated, this callback is called. It
|
---|
| 311 | * should write a message to the relevant logging arrangements.
|
---|
| 312 | *
|
---|
| 313 | * The message string passed will be null-terminated and may be of arbitrary
|
---|
| 314 | * length. It will not be prefixed by the time and date, nor by the
|
---|
| 315 | * name of the library that is generating it - if this is required,
|
---|
| 316 | * the logmessage callback must do it. The message will not have a
|
---|
| 317 | * trailing newline (though it may contain internal newlines).
|
---|
| 318 | *
|
---|
| 319 | * If a null pointer is passed for logmessage a default function is
|
---|
| 320 | * used. The default function treats logstream as a FILE* which has
|
---|
| 321 | * been converted to a void*. If logstream is 0 it does nothing.
|
---|
| 322 | * Otherwise it prepends the date and time and library name and
|
---|
| 323 | * writes the message to logstream. Each line will be prefixed by a
|
---|
| 324 | * descriptive string containing the date, time and identity of the
|
---|
| 325 | * crypto plugin. Errors on the logstream are not reported
|
---|
| 326 | * anywhere, and the default function doesn't flush the stream, so
|
---|
| 327 | * the application must set the buffering how it wants it.
|
---|
| 328 | *
|
---|
| 329 | * The crypto plugin may also provide a facility to have copies of
|
---|
| 330 | * log messages sent elsewhere, and or for adjusting the verbosity
|
---|
| 331 | * of the log messages; any such facilities will be configured by
|
---|
| 332 | * external means.
|
---|
| 333 | */
|
---|
| 334 | } HWCryptoHook_InitInfo;
|
---|
| 335 |
|
---|
| 336 | typedef
|
---|
| 337 | HWCryptoHook_ContextHandle HWCryptoHook_Init_t(const HWCryptoHook_InitInfo *
|
---|
| 338 | initinfo, size_t initinfosize,
|
---|
| 339 | const HWCryptoHook_ErrMsgBuf *
|
---|
| 340 | errors,
|
---|
| 341 | HWCryptoHook_CallerContext *
|
---|
| 342 | cactx);
|
---|
| 343 | extern HWCryptoHook_Init_t HWCryptoHook_Init;
|
---|
| 344 |
|
---|
| 345 | /*-
|
---|
| 346 | * Caller should set initinfosize to the size of the HWCryptoHook struct,
|
---|
| 347 | * so it can be extended later.
|
---|
| 348 | *
|
---|
| 349 | * On success, a message for display or logging by the server,
|
---|
| 350 | * including the name and version number of the plugin, will be filled
|
---|
| 351 | * in into *errors; on failure *errors is used for error handling, as
|
---|
| 352 | * usual.
|
---|
| 353 | */
|
---|
| 354 |
|
---|
| 355 | /*-
|
---|
| 356 | * All these functions return 0 on success, HWCRYPTOHOOK_ERROR_FAILED
|
---|
| 357 | * on most failures. HWCRYPTOHOOK_ERROR_MPISIZE means at least one of
|
---|
| 358 | * the output MPI buffer(s) was too small; the sizes of all have been
|
---|
| 359 | * set to the desired size (and for those where the buffer was large
|
---|
| 360 | * enough, the value may have been copied in), and no error message
|
---|
| 361 | * has been recorded.
|
---|
| 362 | *
|
---|
| 363 | * You may pass 0 for the errors struct. In any case, unless you set
|
---|
| 364 | * _NoStderr at init time then messages may be reported to stderr.
|
---|
| 365 | */
|
---|
| 366 |
|
---|
| 367 | /*-
|
---|
| 368 | * The RSAImmed* functions (and key managed RSA) only work with
|
---|
| 369 | * modules which have an RSA patent licence - currently that means KM
|
---|
| 370 | * units; the ModExp* ones work with all modules, so you need a patent
|
---|
| 371 | * licence in the software in the US. They are otherwise identical.
|
---|
| 372 | */
|
---|
| 373 |
|
---|
| 374 | typedef
|
---|
| 375 | void HWCryptoHook_Finish_t(HWCryptoHook_ContextHandle hwctx);
|
---|
| 376 | extern HWCryptoHook_Finish_t HWCryptoHook_Finish;
|
---|
| 377 | /* You must not have any calls going or keys loaded when you call this. */
|
---|
| 378 |
|
---|
| 379 | typedef
|
---|
| 380 | int HWCryptoHook_RandomBytes_t(HWCryptoHook_ContextHandle hwctx,
|
---|
| 381 | unsigned char *buf, size_t len,
|
---|
| 382 | const HWCryptoHook_ErrMsgBuf * errors);
|
---|
| 383 | extern HWCryptoHook_RandomBytes_t HWCryptoHook_RandomBytes;
|
---|
| 384 |
|
---|
| 385 | typedef
|
---|
| 386 | int HWCryptoHook_ModExp_t(HWCryptoHook_ContextHandle hwctx,
|
---|
| 387 | HWCryptoHook_MPI a,
|
---|
| 388 | HWCryptoHook_MPI p,
|
---|
| 389 | HWCryptoHook_MPI n,
|
---|
| 390 | HWCryptoHook_MPI * r,
|
---|
| 391 | const HWCryptoHook_ErrMsgBuf * errors);
|
---|
| 392 | extern HWCryptoHook_ModExp_t HWCryptoHook_ModExp;
|
---|
| 393 |
|
---|
| 394 | typedef
|
---|
| 395 | int HWCryptoHook_RSAImmedPub_t(HWCryptoHook_ContextHandle hwctx,
|
---|
| 396 | HWCryptoHook_MPI m,
|
---|
| 397 | HWCryptoHook_MPI e,
|
---|
| 398 | HWCryptoHook_MPI n,
|
---|
| 399 | HWCryptoHook_MPI * r,
|
---|
| 400 | const HWCryptoHook_ErrMsgBuf * errors);
|
---|
| 401 | extern HWCryptoHook_RSAImmedPub_t HWCryptoHook_RSAImmedPub;
|
---|
| 402 |
|
---|
| 403 | typedef
|
---|
| 404 | int HWCryptoHook_ModExpCRT_t(HWCryptoHook_ContextHandle hwctx,
|
---|
| 405 | HWCryptoHook_MPI a,
|
---|
| 406 | HWCryptoHook_MPI p,
|
---|
| 407 | HWCryptoHook_MPI q,
|
---|
| 408 | HWCryptoHook_MPI dmp1,
|
---|
| 409 | HWCryptoHook_MPI dmq1,
|
---|
| 410 | HWCryptoHook_MPI iqmp,
|
---|
| 411 | HWCryptoHook_MPI * r,
|
---|
| 412 | const HWCryptoHook_ErrMsgBuf * errors);
|
---|
| 413 | extern HWCryptoHook_ModExpCRT_t HWCryptoHook_ModExpCRT;
|
---|
| 414 |
|
---|
| 415 | typedef
|
---|
| 416 | int HWCryptoHook_RSAImmedPriv_t(HWCryptoHook_ContextHandle hwctx,
|
---|
| 417 | HWCryptoHook_MPI m,
|
---|
| 418 | HWCryptoHook_MPI p,
|
---|
| 419 | HWCryptoHook_MPI q,
|
---|
| 420 | HWCryptoHook_MPI dmp1,
|
---|
| 421 | HWCryptoHook_MPI dmq1,
|
---|
| 422 | HWCryptoHook_MPI iqmp,
|
---|
| 423 | HWCryptoHook_MPI * r,
|
---|
| 424 | const HWCryptoHook_ErrMsgBuf * errors);
|
---|
| 425 | extern HWCryptoHook_RSAImmedPriv_t HWCryptoHook_RSAImmedPriv;
|
---|
| 426 |
|
---|
| 427 | /*-
|
---|
| 428 | * The RSAImmed* and ModExp* functions may return E_FAILED or
|
---|
| 429 | * E_FALLBACK for failure.
|
---|
| 430 | *
|
---|
| 431 | * E_FAILED means the failure is permanent and definite and there
|
---|
| 432 | * should be no attempt to fall back to software. (Eg, for some
|
---|
| 433 | * applications, which support only the acceleration-only
|
---|
| 434 | * functions, the `key material' may actually be an encoded key
|
---|
| 435 | * identifier, and doing the operation in software would give wrong
|
---|
| 436 | * answers.)
|
---|
| 437 | *
|
---|
| 438 | * E_FALLBACK means that doing the computation in software would seem
|
---|
| 439 | * reasonable. If an application pays attention to this and is
|
---|
| 440 | * able to fall back, it should also set the Fallback init flags.
|
---|
| 441 | */
|
---|
| 442 |
|
---|
| 443 | typedef
|
---|
| 444 | int HWCryptoHook_RSALoadKey_t(HWCryptoHook_ContextHandle hwctx,
|
---|
| 445 | const char *key_ident,
|
---|
| 446 | HWCryptoHook_RSAKeyHandle * keyhandle_r,
|
---|
| 447 | const HWCryptoHook_ErrMsgBuf * errors,
|
---|
| 448 | HWCryptoHook_PassphraseContext * ppctx);
|
---|
| 449 | extern HWCryptoHook_RSALoadKey_t HWCryptoHook_RSALoadKey;
|
---|
| 450 | /*-
|
---|
| 451 | * The key_ident is a null-terminated string configured by the
|
---|
| 452 | * user via the application's usual configuration mechanisms.
|
---|
| 453 | * It is provided to the user by the crypto provider's key management
|
---|
| 454 | * system. The user must be able to enter at least any string of between
|
---|
| 455 | * 1 and 1023 characters inclusive, consisting of printable 7-bit
|
---|
| 456 | * ASCII characters. The provider should avoid using
|
---|
| 457 | * any characters except alphanumerics and the punctuation
|
---|
| 458 | * characters _ - + . / @ ~ (the user is expected to be able
|
---|
| 459 | * to enter these without quoting). The string may be case-sensitive.
|
---|
| 460 | * The application may allow the user to enter other NULL-terminated strings,
|
---|
| 461 | * and the provider must cope (returning an error if the string is not
|
---|
| 462 | * valid).
|
---|
| 463 | *
|
---|
| 464 | * If the key does not exist, no error is recorded and 0 is returned;
|
---|
| 465 | * keyhandle_r will be set to 0 instead of to a key handle.
|
---|
| 466 | */
|
---|
| 467 |
|
---|
| 468 | typedef
|
---|
| 469 | int HWCryptoHook_RSAGetPublicKey_t(HWCryptoHook_RSAKeyHandle k,
|
---|
| 470 | HWCryptoHook_MPI * n,
|
---|
| 471 | HWCryptoHook_MPI * e,
|
---|
| 472 | const HWCryptoHook_ErrMsgBuf * errors);
|
---|
| 473 | extern HWCryptoHook_RSAGetPublicKey_t HWCryptoHook_RSAGetPublicKey;
|
---|
| 474 | /*-
|
---|
| 475 | * The crypto plugin will not store certificates.
|
---|
| 476 | *
|
---|
| 477 | * Although this function for acquiring the public key value is
|
---|
| 478 | * provided, it is not the purpose of this API to deal fully with the
|
---|
| 479 | * handling of the public key.
|
---|
| 480 | *
|
---|
| 481 | * It is expected that the crypto supplier's key generation program
|
---|
| 482 | * will provide general facilities for producing X.509
|
---|
| 483 | * self-certificates and certificate requests in PEM format. These
|
---|
| 484 | * will be given to the user so that they can configure them in the
|
---|
| 485 | * application, send them to CAs, or whatever.
|
---|
| 486 | *
|
---|
| 487 | * In case this kind of certificate handling is not appropriate, the
|
---|
| 488 | * crypto supplier's key generation program should be able to be
|
---|
| 489 | * configured not to generate such a self-certificate or certificate
|
---|
| 490 | * request. Then the application will need to do all of this, and
|
---|
| 491 | * will need to store and handle the public key and certificates
|
---|
| 492 | * itself.
|
---|
| 493 | */
|
---|
| 494 |
|
---|
| 495 | typedef
|
---|
| 496 | int HWCryptoHook_RSAUnloadKey_t(HWCryptoHook_RSAKeyHandle k,
|
---|
| 497 | const HWCryptoHook_ErrMsgBuf * errors);
|
---|
| 498 | extern HWCryptoHook_RSAUnloadKey_t HWCryptoHook_RSAUnloadKey;
|
---|
| 499 | /* Might fail due to locking problems, or other serious internal problems. */
|
---|
| 500 |
|
---|
| 501 | typedef
|
---|
| 502 | int HWCryptoHook_RSA_t(HWCryptoHook_MPI m,
|
---|
| 503 | HWCryptoHook_RSAKeyHandle k,
|
---|
| 504 | HWCryptoHook_MPI * r,
|
---|
| 505 | const HWCryptoHook_ErrMsgBuf * errors);
|
---|
| 506 | extern HWCryptoHook_RSA_t HWCryptoHook_RSA;
|
---|
| 507 | /* RSA private key operation (sign or decrypt) - raw, unpadded. */
|
---|
| 508 |
|
---|
| 509 | #endif /* HWCRYPTOHOOK_H */
|
---|