2
0

hwcryptohook.h 22 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502
  1. /*-
  2. * ModExp / RSA (with/without KM) plugin API
  3. *
  4. * The application will load a dynamic library which
  5. * exports entrypoint(s) defined in this file.
  6. *
  7. * This set of entrypoints provides only a multithreaded,
  8. * synchronous-within-each-thread, facility.
  9. *
  10. *
  11. * This file is Copyright 1998-2000 nCipher Corporation Limited.
  12. *
  13. * Redistribution and use in source and binary forms, with opr without
  14. * modification, are permitted provided that the following conditions
  15. * are met:
  16. *
  17. * 1. Redistributions of source code must retain the copyright notice,
  18. * this list of conditions, and the following disclaimer.
  19. *
  20. * 2. Redistributions in binary form must reproduce the above
  21. * copyright notice, this list of conditions, and the following
  22. * disclaimer, in the documentation and/or other materials provided
  23. * with the distribution
  24. *
  25. * IN NO EVENT SHALL NCIPHER CORPORATION LIMITED (`NCIPHER') AND/OR
  26. * ANY OTHER AUTHORS OR DISTRIBUTORS OF THIS FILE BE LIABLE for any
  27. * damages arising directly or indirectly from this file, its use or
  28. * this licence. Without prejudice to the generality of the
  29. * foregoing: all liability shall be excluded for direct, indirect,
  30. * special, incidental, consequential or other damages or any loss of
  31. * profits, business, revenue goodwill or anticipated savings;
  32. * liability shall be excluded even if nCipher or anyone else has been
  33. * advised of the possibility of damage. In any event, if the
  34. * exclusion of liability is not effective, the liability of nCipher
  35. * or any author or distributor shall be limited to the lesser of the
  36. * price paid and 1,000 pounds sterling. This licence only fails to
  37. * exclude or limit liability for death or personal injury arising out
  38. * of negligence, and only to the extent that such an exclusion or
  39. * limitation is not effective.
  40. *
  41. * NCIPHER AND THE AUTHORS AND DISTRIBUTORS SPECIFICALLY DISCLAIM ALL
  42. * AND ANY WARRANTIES (WHETHER EXPRESS OR IMPLIED), including, but not
  43. * limited to, any implied warranties of merchantability, fitness for
  44. * a particular purpose, satisfactory quality, and/or non-infringement
  45. * of any third party rights.
  46. *
  47. * US Government use: This software and documentation is Commercial
  48. * Computer Software and Computer Software Documentation, as defined in
  49. * sub-paragraphs (a)(1) and (a)(5) of DFAR 252.227-7014, "Rights in
  50. * Noncommercial Computer Software and Noncommercial Computer Software
  51. * Documentation." Use, duplication or disclosure by the Government is
  52. * subject to the terms and conditions specified here.
  53. *
  54. * By using or distributing this file you will be accepting these
  55. * terms and conditions, including the limitation of liability and
  56. * lack of warranty. If you do not wish to accept these terms and
  57. * conditions, DO NOT USE THE FILE.
  58. *
  59. *
  60. * The actual dynamically loadable plugin, and the library files for
  61. * static linking, which are also provided in some distributions, are
  62. * not covered by the licence described above. You should have
  63. * received a separate licence with terms and conditions for these
  64. * library files; if you received the library files without a licence,
  65. * please contact nCipher.
  66. *
  67. *
  68. * $Id: hwcryptohook.h,v 1.1 2002/10/11 17:10:59 levitte Exp $
  69. */
  70. #ifndef HWCRYPTOHOOK_H
  71. # define HWCRYPTOHOOK_H
  72. # include <sys/types.h>
  73. # include <stdio.h>
  74. # ifndef HWCRYPTOHOOK_DECLARE_APPTYPES
  75. # define HWCRYPTOHOOK_DECLARE_APPTYPES 1
  76. # endif
  77. # define HWCRYPTOHOOK_ERROR_FAILED -1
  78. # define HWCRYPTOHOOK_ERROR_FALLBACK -2
  79. # define HWCRYPTOHOOK_ERROR_MPISIZE -3
  80. # if HWCRYPTOHOOK_DECLARE_APPTYPES
  81. /*-
  82. * These structs are defined by the application and opaque to the
  83. * crypto plugin. The application may define these as it sees fit.
  84. * Default declarations are provided here, but the application may
  85. * #define HWCRYPTOHOOK_DECLARE_APPTYPES 0
  86. * to prevent these declarations, and instead provide its own
  87. * declarations of these types. (Pointers to them must still be
  88. * ordinary pointers to structs or unions, or the resulting combined
  89. * program will have a type inconsistency.)
  90. */
  91. typedef struct HWCryptoHook_MutexValue HWCryptoHook_Mutex;
  92. typedef struct HWCryptoHook_CondVarValue HWCryptoHook_CondVar;
  93. typedef struct HWCryptoHook_PassphraseContextValue
  94. HWCryptoHook_PassphraseContext;
  95. typedef struct HWCryptoHook_CallerContextValue HWCryptoHook_CallerContext;
  96. # endif /* HWCRYPTOHOOK_DECLARE_APPTYPES */
  97. /*-
  98. * These next two structs are opaque to the application. The crypto
  99. * plugin will return pointers to them; the caller simply manipulates
  100. * the pointers.
  101. */
  102. typedef struct HWCryptoHook_Context *HWCryptoHook_ContextHandle;
  103. typedef struct HWCryptoHook_RSAKey *HWCryptoHook_RSAKeyHandle;
  104. typedef struct {
  105. char *buf;
  106. size_t size;
  107. } HWCryptoHook_ErrMsgBuf;
  108. /*-
  109. * Used for error reporting. When a HWCryptoHook function fails it
  110. * will return a sentinel value (0 for pointer-valued functions, or a
  111. * negative number, usually HWCRYPTOHOOK_ERROR_FAILED, for
  112. * integer-valued ones). It will, if an ErrMsgBuf is passed, also put
  113. * an error message there.
  114. *
  115. * size is the size of the buffer, and will not be modified. If you
  116. * pass 0 for size you must pass 0 for buf, and nothing will be
  117. * recorded (just as if you passed 0 for the struct pointer).
  118. * Messages written to the buffer will always be null-terminated, even
  119. * when truncated to fit within size bytes.
  120. *
  121. * The contents of the buffer are not defined if there is no error.
  122. */
  123. typedef struct HWCryptoHook_MPIStruct {
  124. unsigned char *buf;
  125. size_t size;
  126. } HWCryptoHook_MPI;
  127. /*-
  128. * When one of these is returned, a pointer is passed to the function.
  129. * At call, size is the space available. Afterwards it is updated to
  130. * be set to the actual length (which may be more than the space available,
  131. * if there was not enough room and the result was truncated).
  132. * buf (the pointer) is not updated.
  133. *
  134. * size is in bytes and may be zero at call or return, but must be a
  135. * multiple of the limb size. Zero limbs at the MS end are not
  136. * permitted.
  137. */
  138. # define HWCryptoHook_InitFlags_FallbackModExp 0x0002UL
  139. # define HWCryptoHook_InitFlags_FallbackRSAImmed 0x0004UL
  140. /*-
  141. * Enable requesting fallback to software in case of problems with the
  142. * hardware support. This indicates to the crypto provider that the
  143. * application is prepared to fall back to software operation if the
  144. * ModExp* or RSAImmed* functions return HWCRYPTOHOOK_ERROR_FALLBACK.
  145. * Without this flag those calls will never return
  146. * HWCRYPTOHOOK_ERROR_FALLBACK. The flag will also cause the crypto
  147. * provider to avoid repeatedly attempting to contact dead hardware
  148. * within a short interval, if appropriate.
  149. */
  150. # define HWCryptoHook_InitFlags_SimpleForkCheck 0x0010UL
  151. /*-
  152. * Without _SimpleForkCheck the library is allowed to assume that the
  153. * application will not fork and call the library in the child(ren).
  154. *
  155. * When it is specified, this is allowed. However, after a fork
  156. * neither parent nor child may unload any loaded keys or call
  157. * _Finish. Instead, they should call exit (or die with a signal)
  158. * without calling _Finish. After all the children have died the
  159. * parent may unload keys or call _Finish.
  160. *
  161. * This flag only has any effect on UN*X platforms.
  162. */
  163. typedef struct {
  164. unsigned long flags;
  165. void *logstream; /* usually a FILE*. See below. */
  166. size_t limbsize; /* bignum format - size of radix type, must
  167. * be power of 2 */
  168. int mslimbfirst; /* 0 or 1 */
  169. int msbytefirst; /* 0 or 1; -1 = native */
  170. /*-
  171. * All the callback functions should return 0 on success, or a
  172. * nonzero integer (whose value will be visible in the error message
  173. * put in the buffer passed to the call).
  174. *
  175. * If a callback is not available pass a null function pointer.
  176. *
  177. * The callbacks may not call down again into the crypto plugin.
  178. */
  179. /*-
  180. * For thread-safety. Set everything to 0 if you promise only to be
  181. * singlethreaded. maxsimultaneous is the number of calls to
  182. * ModExp[Crt]/RSAImmed{Priv,Pub}/RSA. If you don't know what to
  183. * put there then say 0 and the hook library will use a default.
  184. *
  185. * maxmutexes is a small limit on the number of simultaneous mutexes
  186. * which will be requested by the library. If there is no small
  187. * limit, set it to 0. If the crypto plugin cannot create the
  188. * advertised number of mutexes the calls to its functions may fail.
  189. * If a low number of mutexes is advertised the plugin will try to
  190. * do the best it can. Making larger numbers of mutexes available
  191. * may improve performance and parallelism by reducing contention
  192. * over critical sections. Unavailability of any mutexes, implying
  193. * single-threaded operation, should be indicated by the setting
  194. * mutex_init et al to 0.
  195. */
  196. int maxmutexes;
  197. int maxsimultaneous;
  198. size_t mutexsize;
  199. int (*mutex_init) (HWCryptoHook_Mutex *,
  200. HWCryptoHook_CallerContext * cactx);
  201. int (*mutex_acquire) (HWCryptoHook_Mutex *);
  202. void (*mutex_release) (HWCryptoHook_Mutex *);
  203. void (*mutex_destroy) (HWCryptoHook_Mutex *);
  204. /*-
  205. * For greater efficiency, can use condition vars internally for
  206. * synchronisation. In this case maxsimultaneous is ignored, but
  207. * the other mutex stuff must be available. In singlethreaded
  208. * programs, set everything to 0.
  209. */
  210. size_t condvarsize;
  211. int (*condvar_init) (HWCryptoHook_CondVar *,
  212. HWCryptoHook_CallerContext * cactx);
  213. int (*condvar_wait) (HWCryptoHook_CondVar *, HWCryptoHook_Mutex *);
  214. void (*condvar_signal) (HWCryptoHook_CondVar *);
  215. void (*condvar_broadcast) (HWCryptoHook_CondVar *);
  216. void (*condvar_destroy) (HWCryptoHook_CondVar *);
  217. /*-
  218. * The semantics of acquiring and releasing mutexes and broadcasting
  219. * and waiting on condition variables are expected to be those from
  220. * POSIX threads (pthreads). The mutexes may be (in pthread-speak)
  221. * fast mutexes, recursive mutexes, or nonrecursive ones.
  222. *
  223. * The _release/_signal/_broadcast and _destroy functions must
  224. * always succeed when given a valid argument; if they are given an
  225. * invalid argument then the program (crypto plugin + application)
  226. * has an internal error, and they should abort the program.
  227. */
  228. int (*getpassphrase) (const char *prompt_info,
  229. int *len_io, char *buf,
  230. HWCryptoHook_PassphraseContext * ppctx,
  231. HWCryptoHook_CallerContext * cactx);
  232. /*-
  233. * Passphrases and the prompt_info, if they contain high-bit-set
  234. * characters, are UTF-8. The prompt_info may be a null pointer if
  235. * no prompt information is available (it should not be an empty
  236. * string). It will not contain text like `enter passphrase';
  237. * instead it might say something like `Operator Card for John
  238. * Smith' or `SmartCard in nFast Module #1, Slot #1'.
  239. *
  240. * buf points to a buffer in which to return the passphrase; on
  241. * entry *len_io is the length of the buffer. It should be updated
  242. * by the callback. The returned passphrase should not be
  243. * null-terminated by the callback.
  244. */
  245. int (*getphystoken) (const char *prompt_info,
  246. const char *wrong_info,
  247. HWCryptoHook_PassphraseContext * ppctx,
  248. HWCryptoHook_CallerContext * cactx);
  249. /*-
  250. * Requests that the human user physically insert a different
  251. * smartcard, DataKey, etc. The plugin should check whether the
  252. * currently inserted token(s) are appropriate, and if they are it
  253. * should not make this call.
  254. *
  255. * prompt_info is as before. wrong_info is a description of the
  256. * currently inserted token(s) so that the user is told what
  257. * something is. wrong_info, like prompt_info, may be null, but
  258. * should not be an empty string. Its contents should be
  259. * syntactically similar to that of prompt_info.
  260. */
  261. /*-
  262. * Note that a single LoadKey operation might cause several calls to
  263. * getpassphrase and/or requestphystoken. If requestphystoken is
  264. * not provided (ie, a null pointer is passed) then the plugin may
  265. * not support loading keys for which authorisation by several cards
  266. * is required. If getpassphrase is not provided then cards with
  267. * passphrases may not be supported.
  268. *
  269. * getpassphrase and getphystoken do not need to check that the
  270. * passphrase has been entered correctly or the correct token
  271. * inserted; the crypto plugin will do that. If this is not the
  272. * case then the crypto plugin is responsible for calling these
  273. * routines again as appropriate until the correct token(s) and
  274. * passphrase(s) are supplied as required, or until any retry limits
  275. * implemented by the crypto plugin are reached.
  276. *
  277. * In either case, the application must allow the user to say `no'
  278. * or `cancel' to indicate that they do not know the passphrase or
  279. * have the appropriate token; this should cause the callback to
  280. * return nonzero indicating error.
  281. */
  282. void (*logmessage) (void *logstream, const char *message);
  283. /*-
  284. * A log message will be generated at least every time something goes
  285. * wrong and an ErrMsgBuf is filled in (or would be if one was
  286. * provided). Other diagnostic information may be written there too,
  287. * including more detailed reasons for errors which are reported in an
  288. * ErrMsgBuf.
  289. *
  290. * When a log message is generated, this callback is called. It
  291. * should write a message to the relevant logging arrangements.
  292. *
  293. * The message string passed will be null-terminated and may be of arbitrary
  294. * length. It will not be prefixed by the time and date, nor by the
  295. * name of the library that is generating it - if this is required,
  296. * the logmessage callback must do it. The message will not have a
  297. * trailing newline (though it may contain internal newlines).
  298. *
  299. * If a null pointer is passed for logmessage a default function is
  300. * used. The default function treats logstream as a FILE* which has
  301. * been converted to a void*. If logstream is 0 it does nothing.
  302. * Otherwise it prepends the date and time and library name and
  303. * writes the message to logstream. Each line will be prefixed by a
  304. * descriptive string containing the date, time and identity of the
  305. * crypto plugin. Errors on the logstream are not reported
  306. * anywhere, and the default function doesn't flush the stream, so
  307. * the application must set the buffering how it wants it.
  308. *
  309. * The crypto plugin may also provide a facility to have copies of
  310. * log messages sent elsewhere, and or for adjusting the verbosity
  311. * of the log messages; any such facilities will be configured by
  312. * external means.
  313. */
  314. } HWCryptoHook_InitInfo;
  315. typedef
  316. HWCryptoHook_ContextHandle HWCryptoHook_Init_t(const HWCryptoHook_InitInfo *
  317. initinfo, size_t initinfosize,
  318. const HWCryptoHook_ErrMsgBuf *
  319. errors,
  320. HWCryptoHook_CallerContext *
  321. cactx);
  322. extern HWCryptoHook_Init_t HWCryptoHook_Init;
  323. /*-
  324. * Caller should set initinfosize to the size of the HWCryptoHook struct,
  325. * so it can be extended later.
  326. *
  327. * On success, a message for display or logging by the server,
  328. * including the name and version number of the plugin, will be filled
  329. * in into *errors; on failure *errors is used for error handling, as
  330. * usual.
  331. */
  332. /*-
  333. * All these functions return 0 on success, HWCRYPTOHOOK_ERROR_FAILED
  334. * on most failures. HWCRYPTOHOOK_ERROR_MPISIZE means at least one of
  335. * the output MPI buffer(s) was too small; the sizes of all have been
  336. * set to the desired size (and for those where the buffer was large
  337. * enough, the value may have been copied in), and no error message
  338. * has been recorded.
  339. *
  340. * You may pass 0 for the errors struct. In any case, unless you set
  341. * _NoStderr at init time then messages may be reported to stderr.
  342. */
  343. /*-
  344. * The RSAImmed* functions (and key managed RSA) only work with
  345. * modules which have an RSA patent licence - currently that means KM
  346. * units; the ModExp* ones work with all modules, so you need a patent
  347. * licence in the software in the US. They are otherwise identical.
  348. */
  349. typedef
  350. void HWCryptoHook_Finish_t(HWCryptoHook_ContextHandle hwctx);
  351. extern HWCryptoHook_Finish_t HWCryptoHook_Finish;
  352. /* You must not have any calls going or keys loaded when you call this. */
  353. typedef
  354. int HWCryptoHook_RandomBytes_t(HWCryptoHook_ContextHandle hwctx,
  355. unsigned char *buf, size_t len,
  356. const HWCryptoHook_ErrMsgBuf * errors);
  357. extern HWCryptoHook_RandomBytes_t HWCryptoHook_RandomBytes;
  358. typedef
  359. int HWCryptoHook_ModExp_t(HWCryptoHook_ContextHandle hwctx,
  360. HWCryptoHook_MPI a,
  361. HWCryptoHook_MPI p,
  362. HWCryptoHook_MPI n,
  363. HWCryptoHook_MPI * r,
  364. const HWCryptoHook_ErrMsgBuf * errors);
  365. extern HWCryptoHook_ModExp_t HWCryptoHook_ModExp;
  366. typedef
  367. int HWCryptoHook_RSAImmedPub_t(HWCryptoHook_ContextHandle hwctx,
  368. HWCryptoHook_MPI m,
  369. HWCryptoHook_MPI e,
  370. HWCryptoHook_MPI n,
  371. HWCryptoHook_MPI * r,
  372. const HWCryptoHook_ErrMsgBuf * errors);
  373. extern HWCryptoHook_RSAImmedPub_t HWCryptoHook_RSAImmedPub;
  374. typedef
  375. int HWCryptoHook_ModExpCRT_t(HWCryptoHook_ContextHandle hwctx,
  376. HWCryptoHook_MPI a,
  377. HWCryptoHook_MPI p,
  378. HWCryptoHook_MPI q,
  379. HWCryptoHook_MPI dmp1,
  380. HWCryptoHook_MPI dmq1,
  381. HWCryptoHook_MPI iqmp,
  382. HWCryptoHook_MPI * r,
  383. const HWCryptoHook_ErrMsgBuf * errors);
  384. extern HWCryptoHook_ModExpCRT_t HWCryptoHook_ModExpCRT;
  385. typedef
  386. int HWCryptoHook_RSAImmedPriv_t(HWCryptoHook_ContextHandle hwctx,
  387. HWCryptoHook_MPI m,
  388. HWCryptoHook_MPI p,
  389. HWCryptoHook_MPI q,
  390. HWCryptoHook_MPI dmp1,
  391. HWCryptoHook_MPI dmq1,
  392. HWCryptoHook_MPI iqmp,
  393. HWCryptoHook_MPI * r,
  394. const HWCryptoHook_ErrMsgBuf * errors);
  395. extern HWCryptoHook_RSAImmedPriv_t HWCryptoHook_RSAImmedPriv;
  396. /*-
  397. * The RSAImmed* and ModExp* functions may return E_FAILED or
  398. * E_FALLBACK for failure.
  399. *
  400. * E_FAILED means the failure is permanent and definite and there
  401. * should be no attempt to fall back to software. (Eg, for some
  402. * applications, which support only the acceleration-only
  403. * functions, the `key material' may actually be an encoded key
  404. * identifier, and doing the operation in software would give wrong
  405. * answers.)
  406. *
  407. * E_FALLBACK means that doing the computation in software would seem
  408. * reasonable. If an application pays attention to this and is
  409. * able to fall back, it should also set the Fallback init flags.
  410. */
  411. typedef
  412. int HWCryptoHook_RSALoadKey_t(HWCryptoHook_ContextHandle hwctx,
  413. const char *key_ident,
  414. HWCryptoHook_RSAKeyHandle * keyhandle_r,
  415. const HWCryptoHook_ErrMsgBuf * errors,
  416. HWCryptoHook_PassphraseContext * ppctx);
  417. extern HWCryptoHook_RSALoadKey_t HWCryptoHook_RSALoadKey;
  418. /*-
  419. * The key_ident is a null-terminated string configured by the
  420. * user via the application's usual configuration mechanisms.
  421. * It is provided to the user by the crypto provider's key management
  422. * system. The user must be able to enter at least any string of between
  423. * 1 and 1023 characters inclusive, consisting of printable 7-bit
  424. * ASCII characters. The provider should avoid using
  425. * any characters except alphanumerics and the punctuation
  426. * characters _ - + . / @ ~ (the user is expected to be able
  427. * to enter these without quoting). The string may be case-sensitive.
  428. * The application may allow the user to enter other NULL-terminated strings,
  429. * and the provider must cope (returning an error if the string is not
  430. * valid).
  431. *
  432. * If the key does not exist, no error is recorded and 0 is returned;
  433. * keyhandle_r will be set to 0 instead of to a key handle.
  434. */
  435. typedef
  436. int HWCryptoHook_RSAGetPublicKey_t(HWCryptoHook_RSAKeyHandle k,
  437. HWCryptoHook_MPI * n,
  438. HWCryptoHook_MPI * e,
  439. const HWCryptoHook_ErrMsgBuf * errors);
  440. extern HWCryptoHook_RSAGetPublicKey_t HWCryptoHook_RSAGetPublicKey;
  441. /*-
  442. * The crypto plugin will not store certificates.
  443. *
  444. * Although this function for acquiring the public key value is
  445. * provided, it is not the purpose of this API to deal fully with the
  446. * handling of the public key.
  447. *
  448. * It is expected that the crypto supplier's key generation program
  449. * will provide general facilities for producing X.509
  450. * self-certificates and certificate requests in PEM format. These
  451. * will be given to the user so that they can configure them in the
  452. * application, send them to CAs, or whatever.
  453. *
  454. * In case this kind of certificate handling is not appropriate, the
  455. * crypto supplier's key generation program should be able to be
  456. * configured not to generate such a self-certificate or certificate
  457. * request. Then the application will need to do all of this, and
  458. * will need to store and handle the public key and certificates
  459. * itself.
  460. */
  461. typedef
  462. int HWCryptoHook_RSAUnloadKey_t(HWCryptoHook_RSAKeyHandle k,
  463. const HWCryptoHook_ErrMsgBuf * errors);
  464. extern HWCryptoHook_RSAUnloadKey_t HWCryptoHook_RSAUnloadKey;
  465. /* Might fail due to locking problems, or other serious internal problems. */
  466. typedef
  467. int HWCryptoHook_RSA_t(HWCryptoHook_MPI m,
  468. HWCryptoHook_RSAKeyHandle k,
  469. HWCryptoHook_MPI * r,
  470. const HWCryptoHook_ErrMsgBuf * errors);
  471. extern HWCryptoHook_RSA_t HWCryptoHook_RSA;
  472. /* RSA private key operation (sign or decrypt) - raw, unpadded. */
  473. #endif /* HWCRYPTOHOOK_H */