| blob | b9ed83148598462d5ed7238a6f9f2fcd1778f9a1 |
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
22 /*
23 * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
24 */
26 /*-------------------------------------------------------------------------*/
27 /**
28 * \file KMSAgentPKICommon.h
29 *
30 * X.509 Certificate and Private Key Support Interface
31 *
32 * This module provides simple interfaces to support SSL communication
33 * for the KMS Agent enrollment protocol. Basic classes supporting
34 * X.509 certificates, private key management are provided and hide
35 * specific implementations from users of these classes.
36 */
37 /*-------------------------------------------------------------------------*/
39 #ifndef K_KMSAgentPKICommon_h
40 #define K_KMSAgentPKICommon_h
42 #ifdef WIN32
43 #pragma warning(disable: 4786)
44 #endif
46 #define MAX_CERT_SIZE 4096
47 #define MAX_KEY_SIZE 4096
49 #define DEFAULT_KEY_SIZE 2048
51 #ifdef KMSUSERPKCS12
53 #else
55 #endif
57 /**
58 * This class provides a simple interface for the management of
59 * public keys. Simple load and store operations are provided for
60 * storage and retrieval from memory buffers.
61 */
62 class CPublicKey
63 {
69 /**
70 * This method saves public key into a buffer,
71 * it also returns the actual used buffer length.
72 * @param i_pcBuffer Buffer to receive public key
73 * @param i_iBufferLength length of the buffer provided
74 * @param o_pActualLength actual length of the public key stored into the buffer
75 * @param i_iFormat key format, @see EnumPKIFileFormat
76 */
81 /**
82 * This method loads the public key from a buffer
83 * @param i_pcBuffer
84 * @param i_iLength
85 * @param i_iFormat one of the enums from EnumPKIFileFormat,
86 * only FILE_FORMAT_PEM is supported.
87 * @return true for success, false otherwise
88 */
93 /**
94 * use this object's public key to encrypt plaintext buffer
95 */
105 };
107 /**
108 * This class provides a simple interface for the management of
109 * private keys. Simple load and store operations are provided for
110 * storage and retrieval from memory buffers.
111 *
112 */
113 class CPrivateKey
114 {
120 /**
121 * Saves the private key to a memory buffer specified by
122 * i_pcBuffer. Currently just the PEM format is supported.
123 * Specification of a passphrase allows encryption of the private
124 * key subject to the choice of the implementation.
125 *
126 * @param[in] i_pcBuffer
127 * @param[in] i_iBufferLength
128 * @param[out] o_pActualLength
129 * @param[in] i_pPassphrase optional, if non-null the private key is
130 * wrapped using this passphrase
131 * @param[in] i_iFormat one of the enums from EnumPKIFileFormat,
132 * only FILE_FORMAT_PEM is supported.
133 * @return true for success, false otherwise
134 */
141 /**
142 * This method loads the private key from a buffer
143 * @param i_pcBuffer
144 * @param i_iLength
145 * @param i_pPassphrase optional, if non-null the private key is
146 * unwrapped using this passphrase
147 * @param i_iFormat one of the enums from EnumPKIFileFormat,
148 * only FILE_FORMAT_PEM is supported.
149 * @return true for success, false otherwise
150 */
158 #ifdef KMSUSERPKCS12
161 #endif
165 };
167 /**
168 * This class provides a simple interface for managing X.509
169 * certificates providing only simple load and save operations for
170 * storage and retrieval.
171 *
172 */
173 class CCertificate
174 {
181 /**
182 * save the certificate to the specified file name. Currently,
183 * only FILE_FORMAT_PEM is supported.
184 */
188 /**
189 * save the certificate to the specified buffer. Currently, only
190 * FILE_FORMAT_PEM is supported.
191 */
197 /**
198 * load a certificate from the specified filename. Currently,
199 * only FILE_FORMAT_PEM is supported.
200 */
204 /**
205 * load a certificate from the specified buffer. Currently, only
206 * FILE_FORMAT_PEM is supported.
207 */
212 /**
213 * prints the certificate to stdout
214 */
217 #ifdef KMSUSERPKCS12
229 #endif
232 /**
233 * an opague pointer to implementation specific resources to be
234 * freed by the Destructor.
235 */
237 #ifdef KMSUSERPKCS12
238 /**
239 * saves certificate to PKCS#12 memory BIO
240 * @param i_pPrivateKey
241 * @param i_sPassphrase
242 * @return pointer to the Memory BIO
243 */
247 #endif
249 };
252 /**
253 * This class provides a method for storing an X.509 certificate and
254 * private key to a file. The private key is appended to the
255 * certificate and optionally encrypted with the specified passphrase
256 * for encoding and storage in PEM format.
257 */
258 class CPKI
259 {
266 /**
267 * exports a certificate and associated private key to the
268 * specified file.
269 * @param i_pCertificate a pointer to an instance of a certificate
270 * @param i_pPrivateKey a pointer to an instance of a private key
271 * @param i_pcFileName the name of the file to store the cert and private key
272 * @param i_sPassphrase optional but when provided supplies a
273 * pass phrase to use for encrypting the private key. The cipher
274 * used for encryption is determined by the underlying implementation
275 * which for the reference implementation uses triple DES by default.
276 * @param i_eFileFormat the encoding format to use for the certificate and private key
277 */
283 EnumPKIFileFormat i_eFileFormat );
291 };