/*----------------------------------------------------------------------- * File: CSM_KEYMGR.H * * Copyright (c) 1995-2000 Intel Corporation. All rights reserved. *----------------------------------------------------------------------- */ #ifndef __CSM_KEYMGR_H__ #define __CSM_KEYMGR_H__ #ifdef __cplusplus extern "C" { #endif /* Check to see that all required headers have been included beforehand */ #ifndef _CSSMTYPE_H #error cssmtype.h must be included before this file #endif /* * Toggle support of Access Control Lists by the key manager. * * NOTE: If this is enabled, so must be database support of ACLs. * * WARNING: This has not been tested. */ #define CSM_KM_ACL_SUPPORT #undef CSM_KM_ACL_SUPPORT /* * CSP Key Manager Data Types */ typedef CSSM_HANDLE CSM_KM_HANDLE; typedef CSSM_HANDLE CSM_KM_KEY_HANDLE; typedef struct _csm_km_format_context { CSSM_KEYBLOB_FORMAT Format; CSSM_ALGORITHMS SigAlg; /* This may be taken out. */ } CSM_KM_FORMAT_CONTEXT; /* * Key manager defined custom error codes. */ #define KMERR_NOT_INITIALIZED ( MAF_INTERNAL_ERROR_BASE + 1 ) #define KMERR_HANDLES_EXHAUSTED ( MAF_INTERNAL_ERROR_BASE + 2 ) #define KMERR_NOT_SUPPORTED ( MAF_INTERNAL_ERROR_BASE + 3 ) #define KMERR_FILE_NOT_OPEN ( MAF_INTERNAL_ERROR_BASE + 4 ) #define KMERR_INVALID_HANDLE_POINTER ( MAF_INTERNAL_ERROR_BASE + 5 ) #define KMERR_INVALID_HANDLE ( MAF_INTERNAL_ERROR_BASE + 6 ) #define KMERR_FILE_DOES_NOT_EXIST ( MAF_INTERNAL_ERROR_BASE + 7 ) #define KMERR_FILE_READ_FAILED ( MAF_INTERNAL_ERROR_BASE + 8 ) #define KMERR_FILE_OPEN_FAILED ( MAF_INTERNAL_ERROR_BASE + 9 ) #define KMERR_FILE_CLOSE_FAILED ( MAF_INTERNAL_ERROR_BASE + 10 ) #define KMERR_FILE_DELETE_FAILED ( MAF_INTERNAL_ERROR_BASE + 11 ) #define KMERR_FILE_WRITE_FAILED ( MAF_INTERNAL_ERROR_BASE + 12 ) #define KMERR_FILE_CREATE_FAILED ( MAF_INTERNAL_ERROR_BASE + 13 ) #define KMERR_FILE_FORMAT_ERROR ( MAF_INTERNAL_ERROR_BASE + 14 ) #define KMERR_INVALID_PARAMETERS ( MAF_INTERNAL_ERROR_BASE + 15 ) #define KMERR_CAN_NOT_INTERPRET_KEY_DATA ( MAF_INTERNAL_ERROR_BASE + 16 ) /* * CSP Key Manager Functions */ CSSM_RETURN CSSMAPI CSM_KMInit( void ); CSSM_RETURN CSSMAPI CSM_KMTerm( void ); CSSM_RETURN CSSMAPI CSM_KMCreateKeyFile( const char *pFilename, const CSSM_ACL_ENTRY_INPUT *pInitialAclEntry ); CSSM_RETURN CSSMAPI CSM_KMDestroyKeyFile( const char *pFilename, const CSSM_ACCESS_CREDENTIALS *pAccessCred ); CSSM_RETURN CSSMAPI CSM_KMOpenKeyFile( const char *pFilename, CSM_KM_HANDLE *phKeyFile ); CSSM_RETURN CSSMAPI CSM_KMCloseKeyFile( CSM_KM_HANDLE hKeyFile ); CSSM_RETURN CSSMAPI CSM_KMInsertKey( CSM_KM_HANDLE hKeyFile, const CSSM_KEY *pKey, const CSSM_KEY *pRefKey, const CSSM_DATA *pName, const CSSM_RESOURCE_CONTROL_CONTEXT *pCredAndAclEntry, CSM_KM_KEY_HANDLE *phKey ); CSSM_RETURN CSSMAPI CSM_KMDeleteKey( CSM_KM_HANDLE hKeyFile, CSM_KM_KEY_HANDLE hKey, const CSSM_ACCESS_CREDENTIALS *pAccessCred ); CSSM_RETURN CSSMAPI CSM_KMFindKeyByHash( CSM_KM_HANDLE hKeyFile, const CSSM_DATA *pKeyHash, const CSM_KM_FORMAT_CONTEXT *pFormatContext, const CSSM_ACCESS_CREDENTIALS *pAccessCred, CSSM_KEY *pResultKey, CSM_KM_KEY_HANDLE *phKey ); CSSM_RETURN CSSMAPI CSM_KMFindKeyByName( CSM_KM_HANDLE hKeyFile, const CSSM_DATA *pName, const CSM_KM_FORMAT_CONTEXT *pFormatContext, const CSSM_ACCESS_CREDENTIALS *pAccessCred, CSSM_KEY *pResultKey, CSM_KM_KEY_HANDLE *phKey ); CSSM_RETURN CSSMAPI CSM_KMFindKeyByRefKey( CSM_KM_HANDLE hKeyFile, const CSSM_KEY *pRefKey, const CSM_KM_FORMAT_CONTEXT *pFormatContext, const CSSM_ACCESS_CREDENTIALS *pAccessCred, CSSM_KEY *pResultKey, CSM_KM_KEY_HANDLE *phKey ); CSSM_RETURN CSSMAPI CSM_KMFindKeyByHandle( CSM_KM_HANDLE hKeyFile, CSM_KM_KEY_HANDLE hKey, const CSM_KM_FORMAT_CONTEXT *pFormatContext, const CSSM_ACCESS_CREDENTIALS *pAccessCred, CSSM_KEY *pResultKey ); CSSM_RETURN CSSMAPI CSM_KMGetKeyHeader( CSM_KM_HANDLE hKeyFile, CSM_KM_KEY_HANDLE hKey, CSSM_KEYHEADER *pKeyHeader ); CSSM_RETURN CSSMAPI CSM_KMGetKeyAcl( CSSM_CSP_HANDLE CSPHandle, CSM_KM_HANDLE hKeyFile, CSM_KM_KEY_HANDLE hKey, const CSSM_STRING *pSelectionTag, CSSM_ACL_ENTRY_INFO_PTR *pAclInfos, uint32 *pNumAclInfos ); CSSM_RETURN CSSMAPI CSM_KMReformatKey( CSSM_CSP_HANDLE CSPHandle, CSSM_KEY *pKey, const CSM_KM_FORMAT_CONTEXT *pFormatContext ); /* * Callout functions that must be defined by the module using the key * manager. These functions supply the crypto required to wrap and * unwrap keys. */ /* * Name: CSM_KMCallout_GetWrapParams * * Description: * Returns the information required by the key manager to derive * encryption keys and initialization vectors that have the proper * length. * * Parameters: * pKeyLengthBytes (output) - The length of the encryption key that * must be supplied to the EncryptData or DecryptData callout. * pIVLengthBytes (output) - The length of the initialization vector that * must be supplied to the EncryptData or DecryptData callout. * * Return: * CSSM_OK - The operation was successful. * CSSM_CSP_INTERNAL_ERROR - invalid pointers. */ CSSM_RETURN CSSMAPI CSM_KMCallout_GetWrapParams( uint32 *pKeyLengthBytes, uint32 *pIVLengthBytes, CSSM_ALGORITHMS *pAlgId, CSSM_ENCRYPT_MODE *pAlgMode ); /* * Name: CSM_KMCallout_GetRandomBytes * * Description: * Generates a string of random bytes. * * Parameters: * Length (input) - Number of random bytes to generate. * RandomBytes (output) - Buffer that receives the random data. It must * be supplied by the caller. * * Return: * CSSM_OK - The operation was successful. * CSSM_CSP_INTERNAL_ERROR - invalid pointers. */ CSSM_RETURN CSSMAPI CSM_KMCallout_GetRandomBytes( uint32 Length, uint8 *RandomBytes ); /* * Name: CSM_KMCallout_EncryptData * * Description: * Encrypts the data referenced by Input and places the output into the * buffer referenced by Output. The lengths of EncryptKey and IV must * match the values returned by the GetWrapParams callout. The output may * be longer than the input due to encryption padding. * * This function must allocate memory for the Output buffer using the * MAF_CreateOutputBuffer function with MAF_ALLOCATE_LOCAL for the module * handle parameter. * * Parameters: * EncryptKey (input) - Key material used to perform the encryption. The * length of the buffer must be the same as the value returned by the * GetWrapParams callout. * IV (input) - The initialization vector used to perform the encryption. * The length of the buffer must be the same as the value returned by * the GetWrapParames callout. * Input (input) - Buffer to encrypt. * Output (output) - Buffere that receives the encrypted data. * * Return: * CSSM_OK - The operation was successful. * CSSM_CSP_INVALID_POINTER - A required parameter was not supplied. * CSSM_CSP_INVALID_OUTPUT_SIZE - An output buffer was supplied that * was not large enough. */ CSSM_RETURN CSSMAPI CSM_KMCallout_EncryptData( uint8 *EncryptKey, uint8 *IV, const CSSM_DATA *Input, CSSM_DATA_PTR Output ); /* * Name: CSM_KMCallout_DecryptData * * Description: * Decrypts the data referenced by Input and places the output into the * buffer referenced by Output. The lengths of DecryptKey and IV must * match the values returned by the GetWrapParams callout. The output may * be shorted than the input due to encryption padding. * * This function must allocate memory for the Output buffer using the * MAF_CreateOutputBuffer function with MAF_ALLOCATE_LOCAL for the module * handle parameter. * * Parameters: * EncryptKey (input) - Key material used to perform the encryption. The * length of the buffer must be the same as the value returned by the * GetWrapParams callout. * IV (input) - The initialization vector used to perform the encryption. * The length of the buffer must be the same as the value returned by * the GetWrapParames callout. * Input (input) - Buffer to encrypt. * Output (output) - Buffere that receives the encrypted data. * * Return: * CSSM_OK - The operation was successful. * CSSM_CSP_INVALID_POINTER - A required parameter was not supplied. * CSSM_CSP_INVALID_OUTPUT_SIZE - An output buffer was supplied that * was not large enough. */ CSSM_RETURN CSSMAPI CSM_KMCallout_DecryptData( uint8 *DecryptKey, uint8 *IV, const CSSM_DATA *Input, CSSM_DATA_PTR Output ); #ifdef __cplusplus } #endif #endif /* ifndef __CSM_KEYMGR_H__ */