blob: 9fc7b89acbd1394ab9207406ec2604dc321cc0e2 [file] [log] [blame]
* ModExp / RSA (with/without KM) plugin API
* The application will load a dynamic library which
* exports entrypoint(s) defined in this file.
* This set of entrypoints provides only a multithreaded,
* synchronous-within-each-thread, facility.
* This file is Copyright 1998-2000 nCipher Corporation Limited.
* Redistribution and use in source and binary forms, with opr without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright notice,
* this list of conditions, and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions, and the following
* disclaimer, in the documentation and/or other materials provided
* with the distribution
* damages arising directly or indirectly from this file, its use or
* this licence. Without prejudice to the generality of the
* foregoing: all liability shall be excluded for direct, indirect,
* special, incidental, consequential or other damages or any loss of
* profits, business, revenue goodwill or anticipated savings;
* liability shall be excluded even if nCipher or anyone else has been
* advised of the possibility of damage. In any event, if the
* exclusion of liability is not effective, the liability of nCipher
* or any author or distributor shall be limited to the lesser of the
* price paid and 1,000 pounds sterling. This licence only fails to
* exclude or limit liability for death or personal injury arising out
* of negligence, and only to the extent that such an exclusion or
* limitation is not effective.
* limited to, any implied warranties of merchantability, fitness for
* a particular purpose, satisfactory quality, and/or non-infringement
* of any third party rights.
* US Government use: This software and documentation is Commercial
* Computer Software and Computer Software Documentation, as defined in
* sub-paragraphs (a)(1) and (a)(5) of DFAR 252.227-7014, "Rights in
* Noncommercial Computer Software and Noncommercial Computer Software
* Documentation." Use, duplication or disclosure by the Government is
* subject to the terms and conditions specified here.
* By using or distributing this file you will be accepting these
* terms and conditions, including the limitation of liability and
* lack of warranty. If you do not wish to accept these terms and
* conditions, DO NOT USE THE FILE.
* The actual dynamically loadable plugin, and the library files for
* static linking, which are also provided in some distributions, are
* not covered by the licence described above. You should have
* received a separate licence with terms and conditions for these
* library files; if you received the library files without a licence,
* please contact nCipher.
* $Id: hwcryptohook.h,v 1.1 2002/10/11 17:10:59 levitte Exp $
# include <sys/types.h>
# include <stdio.h>
# endif
* These structs are defined by the application and opaque to the
* crypto plugin. The application may define these as it sees fit.
* Default declarations are provided here, but the application may
* to prevent these declarations, and instead provide its own
* declarations of these types. (Pointers to them must still be
* ordinary pointers to structs or unions, or the resulting combined
* program will have a type inconsistency.)
typedef struct HWCryptoHook_MutexValue HWCryptoHook_Mutex;
typedef struct HWCryptoHook_CondVarValue HWCryptoHook_CondVar;
typedef struct HWCryptoHook_PassphraseContextValue
typedef struct HWCryptoHook_CallerContextValue HWCryptoHook_CallerContext;
* These next two structs are opaque to the application. The crypto
* plugin will return pointers to them; the caller simply manipulates
* the pointers.
typedef struct HWCryptoHook_Context *HWCryptoHook_ContextHandle;
typedef struct HWCryptoHook_RSAKey *HWCryptoHook_RSAKeyHandle;
typedef struct {
char *buf;
size_t size;
} HWCryptoHook_ErrMsgBuf;
* Used for error reporting. When a HWCryptoHook function fails it
* will return a sentinel value (0 for pointer-valued functions, or a
* negative number, usually HWCRYPTOHOOK_ERROR_FAILED, for
* integer-valued ones). It will, if an ErrMsgBuf is passed, also put
* an error message there.
* size is the size of the buffer, and will not be modified. If you
* pass 0 for size you must pass 0 for buf, and nothing will be
* recorded (just as if you passed 0 for the struct pointer).
* Messages written to the buffer will always be null-terminated, even
* when truncated to fit within size bytes.
* The contents of the buffer are not defined if there is no error.
typedef struct HWCryptoHook_MPIStruct {
unsigned char *buf;
size_t size;
} HWCryptoHook_MPI;
* When one of these is returned, a pointer is passed to the function.
* At call, size is the space available. Afterwards it is updated to
* be set to the actual length (which may be more than the space available,
* if there was not enough room and the result was truncated).
* buf (the pointer) is not updated.
* size is in bytes and may be zero at call or return, but must be a
* multiple of the limb size. Zero limbs at the MS end are not
* permitted.
# define HWCryptoHook_InitFlags_FallbackModExp 0x0002UL
# define HWCryptoHook_InitFlags_FallbackRSAImmed 0x0004UL
* Enable requesting fallback to software in case of problems with the
* hardware support. This indicates to the crypto provider that the
* application is prepared to fall back to software operation if the
* ModExp* or RSAImmed* functions return HWCRYPTOHOOK_ERROR_FALLBACK.
* Without this flag those calls will never return
* HWCRYPTOHOOK_ERROR_FALLBACK. The flag will also cause the crypto
* provider to avoid repeatedly attempting to contact dead hardware
* within a short interval, if appropriate.
# define HWCryptoHook_InitFlags_SimpleForkCheck 0x0010UL
* Without _SimpleForkCheck the library is allowed to assume that the
* application will not fork and call the library in the child(ren).
* When it is specified, this is allowed. However, after a fork
* neither parent nor child may unload any loaded keys or call
* _Finish. Instead, they should call exit (or die with a signal)
* without calling _Finish. After all the children have died the
* parent may unload keys or call _Finish.
* This flag only has any effect on UN*X platforms.
typedef struct {
unsigned long flags;
void *logstream; /* usually a FILE*. See below. */
size_t limbsize; /* bignum format - size of radix type, must
* be power of 2 */
int mslimbfirst; /* 0 or 1 */
int msbytefirst; /* 0 or 1; -1 = native */
* All the callback functions should return 0 on success, or a
* nonzero integer (whose value will be visible in the error message
* put in the buffer passed to the call).
* If a callback is not available pass a null function pointer.
* The callbacks may not call down again into the crypto plugin.
* For thread-safety. Set everything to 0 if you promise only to be
* singlethreaded. maxsimultaneous is the number of calls to
* ModExp[Crt]/RSAImmed{Priv,Pub}/RSA. If you don't know what to
* put there then say 0 and the hook library will use a default.
* maxmutexes is a small limit on the number of simultaneous mutexes
* which will be requested by the library. If there is no small
* limit, set it to 0. If the crypto plugin cannot create the
* advertised number of mutexes the calls to its functions may fail.
* If a low number of mutexes is advertised the plugin will try to
* do the best it can. Making larger numbers of mutexes available
* may improve performance and parallelism by reducing contention
* over critical sections. Unavailability of any mutexes, implying
* single-threaded operation, should be indicated by the setting
* mutex_init et al to 0.
int maxmutexes;
int maxsimultaneous;
size_t mutexsize;
int (*mutex_init) (HWCryptoHook_Mutex *,
HWCryptoHook_CallerContext * cactx);
int (*mutex_acquire) (HWCryptoHook_Mutex *);
void (*mutex_release) (HWCryptoHook_Mutex *);
void (*mutex_destroy) (HWCryptoHook_Mutex *);
* For greater efficiency, can use condition vars internally for
* synchronisation. In this case maxsimultaneous is ignored, but
* the other mutex stuff must be available. In singlethreaded
* programs, set everything to 0.
size_t condvarsize;
int (*condvar_init) (HWCryptoHook_CondVar *,
HWCryptoHook_CallerContext * cactx);
int (*condvar_wait) (HWCryptoHook_CondVar *, HWCryptoHook_Mutex *);
void (*condvar_signal) (HWCryptoHook_CondVar *);
void (*condvar_broadcast) (HWCryptoHook_CondVar *);
void (*condvar_destroy) (HWCryptoHook_CondVar *);
* The semantics of acquiring and releasing mutexes and broadcasting
* and waiting on condition variables are expected to be those from
* POSIX threads (pthreads). The mutexes may be (in pthread-speak)
* fast mutexes, recursive mutexes, or nonrecursive ones.
* The _release/_signal/_broadcast and _destroy functions must
* always succeed when given a valid argument; if they are given an
* invalid argument then the program (crypto plugin + application)
* has an internal error, and they should abort the program.
int (*getpassphrase) (const char *prompt_info,
int *len_io, char *buf,
HWCryptoHook_PassphraseContext * ppctx,
HWCryptoHook_CallerContext * cactx);
* Passphrases and the prompt_info, if they contain high-bit-set
* characters, are UTF-8. The prompt_info may be a null pointer if
* no prompt information is available (it should not be an empty
* string). It will not contain text like `enter passphrase';
* instead it might say something like `Operator Card for John
* Smith' or `SmartCard in nFast Module #1, Slot #1'.
* buf points to a buffer in which to return the passphrase; on
* entry *len_io is the length of the buffer. It should be updated
* by the callback. The returned passphrase should not be
* null-terminated by the callback.
int (*getphystoken) (const char *prompt_info,
const char *wrong_info,
HWCryptoHook_PassphraseContext * ppctx,
HWCryptoHook_CallerContext * cactx);
* Requests that the human user physically insert a different
* smartcard, DataKey, etc. The plugin should check whether the
* currently inserted token(s) are appropriate, and if they are it
* should not make this call.
* prompt_info is as before. wrong_info is a description of the
* currently inserted token(s) so that the user is told what
* something is. wrong_info, like prompt_info, may be null, but
* should not be an empty string. Its contents should be
* syntactically similar to that of prompt_info.
* Note that a single LoadKey operation might cause several calls to
* getpassphrase and/or requestphystoken. If requestphystoken is
* not provided (ie, a null pointer is passed) then the plugin may
* not support loading keys for which authorisation by several cards
* is required. If getpassphrase is not provided then cards with
* passphrases may not be supported.
* getpassphrase and getphystoken do not need to check that the
* passphrase has been entered correctly or the correct token
* inserted; the crypto plugin will do that. If this is not the
* case then the crypto plugin is responsible for calling these
* routines again as appropriate until the correct token(s) and
* passphrase(s) are supplied as required, or until any retry limits
* implemented by the crypto plugin are reached.
* In either case, the application must allow the user to say `no'
* or `cancel' to indicate that they do not know the passphrase or
* have the appropriate token; this should cause the callback to
* return nonzero indicating error.
void (*logmessage) (void *logstream, const char *message);
* A log message will be generated at least every time something goes
* wrong and an ErrMsgBuf is filled in (or would be if one was
* provided). Other diagnostic information may be written there too,
* including more detailed reasons for errors which are reported in an
* ErrMsgBuf.
* When a log message is generated, this callback is called. It
* should write a message to the relevant logging arrangements.
* The message string passed will be null-terminated and may be of arbitrary
* length. It will not be prefixed by the time and date, nor by the
* name of the library that is generating it - if this is required,
* the logmessage callback must do it. The message will not have a
* trailing newline (though it may contain internal newlines).
* If a null pointer is passed for logmessage a default function is
* used. The default function treats logstream as a FILE* which has
* been converted to a void*. If logstream is 0 it does nothing.
* Otherwise it prepends the date and time and library name and
* writes the message to logstream. Each line will be prefixed by a
* descriptive string containing the date, time and identity of the
* crypto plugin. Errors on the logstream are not reported
* anywhere, and the default function doesn't flush the stream, so
* the application must set the buffering how it wants it.
* The crypto plugin may also provide a facility to have copies of
* log messages sent elsewhere, and or for adjusting the verbosity
* of the log messages; any such facilities will be configured by
* external means.
} HWCryptoHook_InitInfo;
HWCryptoHook_ContextHandle HWCryptoHook_Init_t(const HWCryptoHook_InitInfo *
initinfo, size_t initinfosize,
const HWCryptoHook_ErrMsgBuf *
HWCryptoHook_CallerContext *
extern HWCryptoHook_Init_t HWCryptoHook_Init;
* Caller should set initinfosize to the size of the HWCryptoHook struct,
* so it can be extended later.
* On success, a message for display or logging by the server,
* including the name and version number of the plugin, will be filled
* in into *errors; on failure *errors is used for error handling, as
* usual.
* All these functions return 0 on success, HWCRYPTOHOOK_ERROR_FAILED
* on most failures. HWCRYPTOHOOK_ERROR_MPISIZE means at least one of
* the output MPI buffer(s) was too small; the sizes of all have been
* set to the desired size (and for those where the buffer was large
* enough, the value may have been copied in), and no error message
* has been recorded.
* You may pass 0 for the errors struct. In any case, unless you set
* _NoStderr at init time then messages may be reported to stderr.
* The RSAImmed* functions (and key managed RSA) only work with
* modules which have an RSA patent licence - currently that means KM
* units; the ModExp* ones work with all modules, so you need a patent
* licence in the software in the US. They are otherwise identical.
void HWCryptoHook_Finish_t(HWCryptoHook_ContextHandle hwctx);
extern HWCryptoHook_Finish_t HWCryptoHook_Finish;
/* You must not have any calls going or keys loaded when you call this. */
int HWCryptoHook_RandomBytes_t(HWCryptoHook_ContextHandle hwctx,
unsigned char *buf, size_t len,
const HWCryptoHook_ErrMsgBuf * errors);
extern HWCryptoHook_RandomBytes_t HWCryptoHook_RandomBytes;
int HWCryptoHook_ModExp_t(HWCryptoHook_ContextHandle hwctx,
HWCryptoHook_MPI a,
HWCryptoHook_MPI p,
HWCryptoHook_MPI n,
HWCryptoHook_MPI * r,
const HWCryptoHook_ErrMsgBuf * errors);
extern HWCryptoHook_ModExp_t HWCryptoHook_ModExp;
int HWCryptoHook_RSAImmedPub_t(HWCryptoHook_ContextHandle hwctx,
HWCryptoHook_MPI m,
HWCryptoHook_MPI e,
HWCryptoHook_MPI n,
HWCryptoHook_MPI * r,
const HWCryptoHook_ErrMsgBuf * errors);
extern HWCryptoHook_RSAImmedPub_t HWCryptoHook_RSAImmedPub;
int HWCryptoHook_ModExpCRT_t(HWCryptoHook_ContextHandle hwctx,
HWCryptoHook_MPI a,
HWCryptoHook_MPI p,
HWCryptoHook_MPI q,
HWCryptoHook_MPI dmp1,
HWCryptoHook_MPI dmq1,
HWCryptoHook_MPI iqmp,
HWCryptoHook_MPI * r,
const HWCryptoHook_ErrMsgBuf * errors);
extern HWCryptoHook_ModExpCRT_t HWCryptoHook_ModExpCRT;
int HWCryptoHook_RSAImmedPriv_t(HWCryptoHook_ContextHandle hwctx,
HWCryptoHook_MPI m,
HWCryptoHook_MPI p,
HWCryptoHook_MPI q,
HWCryptoHook_MPI dmp1,
HWCryptoHook_MPI dmq1,
HWCryptoHook_MPI iqmp,
HWCryptoHook_MPI * r,
const HWCryptoHook_ErrMsgBuf * errors);
extern HWCryptoHook_RSAImmedPriv_t HWCryptoHook_RSAImmedPriv;
* The RSAImmed* and ModExp* functions may return E_FAILED or
* E_FALLBACK for failure.
* E_FAILED means the failure is permanent and definite and there
* should be no attempt to fall back to software. (Eg, for some
* applications, which support only the acceleration-only
* functions, the `key material' may actually be an encoded key
* identifier, and doing the operation in software would give wrong
* answers.)
* E_FALLBACK means that doing the computation in software would seem
* reasonable. If an application pays attention to this and is
* able to fall back, it should also set the Fallback init flags.
int HWCryptoHook_RSALoadKey_t(HWCryptoHook_ContextHandle hwctx,
const char *key_ident,
HWCryptoHook_RSAKeyHandle * keyhandle_r,
const HWCryptoHook_ErrMsgBuf * errors,
HWCryptoHook_PassphraseContext * ppctx);
extern HWCryptoHook_RSALoadKey_t HWCryptoHook_RSALoadKey;
* The key_ident is a null-terminated string configured by the
* user via the application's usual configuration mechanisms.
* It is provided to the user by the crypto provider's key management
* system. The user must be able to enter at least any string of between
* 1 and 1023 characters inclusive, consisting of printable 7-bit
* ASCII characters. The provider should avoid using
* any characters except alphanumerics and the punctuation
* characters _ - + . / @ ~ (the user is expected to be able
* to enter these without quoting). The string may be case-sensitive.
* The application may allow the user to enter other NULL-terminated strings,
* and the provider must cope (returning an error if the string is not
* valid).
* If the key does not exist, no error is recorded and 0 is returned;
* keyhandle_r will be set to 0 instead of to a key handle.
int HWCryptoHook_RSAGetPublicKey_t(HWCryptoHook_RSAKeyHandle k,
HWCryptoHook_MPI * n,
HWCryptoHook_MPI * e,
const HWCryptoHook_ErrMsgBuf * errors);
extern HWCryptoHook_RSAGetPublicKey_t HWCryptoHook_RSAGetPublicKey;
* The crypto plugin will not store certificates.
* Although this function for acquiring the public key value is
* provided, it is not the purpose of this API to deal fully with the
* handling of the public key.
* It is expected that the crypto supplier's key generation program
* will provide general facilities for producing X.509
* self-certificates and certificate requests in PEM format. These
* will be given to the user so that they can configure them in the
* application, send them to CAs, or whatever.
* In case this kind of certificate handling is not appropriate, the
* crypto supplier's key generation program should be able to be
* configured not to generate such a self-certificate or certificate
* request. Then the application will need to do all of this, and
* will need to store and handle the public key and certificates
* itself.
int HWCryptoHook_RSAUnloadKey_t(HWCryptoHook_RSAKeyHandle k,
const HWCryptoHook_ErrMsgBuf * errors);
extern HWCryptoHook_RSAUnloadKey_t HWCryptoHook_RSAUnloadKey;
/* Might fail due to locking problems, or other serious internal problems. */
int HWCryptoHook_RSA_t(HWCryptoHook_MPI m,
HWCryptoHook_RSAKeyHandle k,
HWCryptoHook_MPI * r,
const HWCryptoHook_ErrMsgBuf * errors);
extern HWCryptoHook_RSA_t HWCryptoHook_RSA;
/* RSA private key operation (sign or decrypt) - raw, unpadded. */
#endif /* HWCRYPTOHOOK_H */