2 * ModExp / RSA (with/without KM) plugin API
4 * The application will load a dynamic library which
5 * exports entrypoint(s) defined in this file.
7 * This set of entrypoints provides only a multithreaded,
8 * synchronous-within-each-thread, facility.
11 * This file is Copyright 1998-1999 nCipher Corporation Limited.
13 * This file is provided for your information and assistance. You are
14 * permitted to copy it verbatim, to use it to create compatible
15 * software, and for review and comment. However, you may not
16 * distribute changed versions or other derivative works. All other
17 * rights are reserved.
19 * IN NO EVENT SHALL NCIPHER CORPORATION LIMITED (`NCIPHER') AND/OR
20 * ANY OTHER AUTHORS OR DISTRIBUTORS OF THIS FILE BE LIABLE for any
21 * damages arising directly or indirectly from this file, its use or
22 * this licence. Without prejudice to the generality of the
23 * foregoing: all liability shall be excluded for direct, indirect,
24 * special, incidental, consequential or other damages or any loss of
25 * profits, business, revenue goodwill or anticipated savings;
26 * liability shall be excluded even if nCipher or anyone else has been
27 * advised of the possibility of damage. In any event, if the
28 * exclusion of liability is not effective, the liability of nCipher
29 * or any author or distributor shall be limited to the lesser of the
30 * price paid and 1,000 pounds sterling. This licence only fails to
31 * exclude or limit liability for death or personal injury arising out
32 * of negligence, and only to the extent that such an exclusion or
33 * limitation is not effective.
35 * NCIPHER AND THE AUTHORS AND DISTRIBUTORS SPECIFICALLY DISCLAIM ALL
36 * AND ANY WARRANTIES (WHETHER EXPRESS OR IMPLIED), including, but not
37 * limited to, any implied warranties of merchantability, fitness for
38 * a particular purpose, satisfactory quality, and/or non-infringement
39 * of any third party rights.
41 * US Government use: This software and documentation is Commercial
42 * Computer Software and Computer Software Documentation, as defined in
43 * sub-paragraphs (a)(1) and (a)(5) of DFAR 252.227-7014, "Rights in
44 * Noncommercial Computer Software and Noncommercial Computer Software
45 * Documentation." Use, duplication or disclosure by the Government is
46 * subject to the terms and conditions specified here.
48 * By using or distributing this file you will be accepting these
49 * terms and conditions, including the limitation of liability and
50 * lack of warranty. If you do not wish to accept these terms and
51 * conditions, DO NOT USE THE FILE.
54 * The actual dynamically loadable plugin, and the library files for
55 * static linking, which are also provided in this distribution, are
56 * not covered by the licence described above. You should have
57 * received a separate licence with terms and conditions for these
58 * library files; if you received the library files without a licence,
59 * please contact nCipher.
62 * $Id: hwcryptohook.h,v 1.2 2000/10/26 21:06:30 levitte Exp $
65 #ifndef HWCRYPTOHOOK_H
66 #define HWCRYPTOHOOK_H
68 #include <sys/types.h>
71 #ifndef HWCRYPTOHOOK_DECLARE_APPTYPES
72 #define HWCRYPTOHOOK_DECLARE_APPTYPES 1
75 #define HWCRYPTOHOOK_ERROR_FAILED -1
76 #define HWCRYPTOHOOK_ERROR_FALLBACK -2
77 #define HWCRYPTOHOOK_ERROR_MPISIZE -3
79 #if HWCRYPTOHOOK_DECLARE_APPTYPES
81 /* These structs are defined by the application and opaque to the
82 * crypto plugin. The application may define these as it sees fit.
83 * Default declarations are provided here, but the application may
84 * #define HWCRYPTOHOOK_DECLARE_APPTYPES 0
85 * to prevent these declarations, and instead provide its own
86 * declarations of these types. (Pointers to them must still be
87 * ordinary pointers to structs or unions, or the resulting combined
88 * program will have a type inconsistency.)
90 typedef struct HWCryptoHook_MutexValue HWCryptoHook_Mutex;
91 typedef struct HWCryptoHook_CondVarValue HWCryptoHook_CondVar;
92 typedef struct HWCryptoHook_PassphraseContextValue HWCryptoHook_PassphraseContext;
93 typedef struct HWCryptoHook_CallerContextValue HWCryptoHook_CallerContext;
95 #endif /* HWCRYPTOHOOK_DECLARE_APPTYPES */
97 /* These next two structs are opaque to the application. The crypto
98 * plugin will return pointers to them; the caller simply manipulates
101 typedef struct HWCryptoHook_Context *HWCryptoHook_ContextHandle;
102 typedef struct HWCryptoHook_RSAKey *HWCryptoHook_RSAKeyHandle;
107 } HWCryptoHook_ErrMsgBuf;
108 /* Used for error reporting. When a HWCryptoHook function fails it
109 * will return a sentinel value (0 for pointer-valued functions, or a
110 * negative number, usually HWCRYPTOHOOK_ERROR_FAILED, for
111 * integer-valued ones). It will, if an ErrMsgBuf is passed, also put
112 * an error message there.
114 * size is the size of the buffer. When the buffer is filled, it will
115 * always be null-terminated. If you pass 0 buf buf you must pass 0
116 * for size, and nothing will be recorded (just as if you passed 0 for
117 * the struct pointer). Size will not be modified when an error is
118 * recorded. The buffer is always null-terminated even if there is an
121 * The contents of the buffer are not defined if there is no error.
124 typedef struct HWCryptoHook_MPIStruct {
128 /* When one of these is returned, a pointer is passed to the function.
129 * At call, size is the space available. Afterwards it is updated.
130 * buf (the pointer) is not updated. size is in bytes and may be
131 * zero, but must be a multiple of the limb size. Zero limbs at the
132 * MS end are not permitted.
135 #define HWCryptoHook_InitFlags_FallbackModExp 0x0002UL
136 #define HWCryptoHook_InitFlags_FallbackRSAImmed 0x0004UL
137 /* Enable requesting fallback to software in case of problems with the
138 * hardware support. This indicates to the crypto provider that the
139 * application is prepared to fall back to software operation if the
140 * ModExp* or RSAImmed* functions return HWCRYPTOHOOK_ERROR_FALLBACK.
141 * Without this flag those calls will never return
142 * HWCRYPTOHOOK_ERROR_FALLBACK. The flag will also cause the crypto
143 * provider to avoid repeatedly attempting to contact dead hardware
144 * within a short interval, if appropriate.
147 #define HWCryptoHook_InitFlags_SimpleForkCheck 0x0010UL
148 /* Without _SimpleForkCheck the library is allowed to assume that the
149 * application will not fork and call the library in the child(ren).
151 * When it is specified, this is allowed. However, after a fork
152 * neither parent nor child may unload any loaded keys or call
153 * _Finish. Instead, they should call exit (or die with a signal)
154 * without calling _Finish. After all the children have died the
155 * parent may unload keys or call _Finish.
157 * This flag only has any effect on UN*X platforms.
162 void *logstream; /* usually a FILE*. See below. */
164 size_t limbsize; /* bignum format - size of radix type, must be power of 2 */
165 int mslimbfirst; /* 0 or 1 */
166 int msbytefirst; /* 0 or 1; -1 = native */
168 /* All the callback functions should return 0 on success, or a
169 * nonzero integer (whose value will be visible in the error message
170 * put in the buffer passed to the call).
172 * If a callback is not available pass a null function pointer.
174 * The callbacks may not call down again into the crypto plugin.
177 /* For thread-safety. Set everything to 0 if you promise only to be
178 * singlethreaded. maxsimultaneous is the number of calls to
179 * ModExp[Crt]/RSAImmed{Priv,Pub}/RSA. If you don't know what to
180 * put there then say 0 and the hook library will use a default.
182 * maxmutexes is a small limit on the number of simultaneous mutexes
183 * which will be requested by the library. If there is no small
184 * limit, set it to 0. If the crypto plugin cannot create the
185 * advertised number of mutexes the calls to its functions may fail.
186 * If a low number of mutexes is advertised the plugin will try to
187 * do the best it can. Making larger numbers of mutexes available
188 * may improve performance and parallelism by reducing contention
189 * over critical sections. Unavailability of any mutexes, implying
190 * single-threaded operation, should be indicated by the setting
191 * mutex_init et al to 0.
196 int (*mutex_init)(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext *cactx);
197 int (*mutex_acquire)(HWCryptoHook_Mutex*);
198 void (*mutex_release)(HWCryptoHook_Mutex*);
199 void (*mutex_destroy)(HWCryptoHook_Mutex*);
201 /* For greater efficiency, can use condition vars internally for
202 * synchronisation. In this case maxsimultaneous is ignored, but
203 * the other mutex stuff must be available. In singlethreaded
204 * programs, set everything to 0.
207 int (*condvar_init)(HWCryptoHook_CondVar*, HWCryptoHook_CallerContext *cactx);
208 int (*condvar_wait)(HWCryptoHook_CondVar*, HWCryptoHook_Mutex*);
209 void (*condvar_signal)(HWCryptoHook_CondVar*);
210 void (*condvar_broadcast)(HWCryptoHook_CondVar*);
211 void (*condvar_destroy)(HWCryptoHook_CondVar*);
213 /* The semantics of acquiring and releasing mutexes and broadcasting
214 * and waiting on condition variables are expected to be those from
215 * POSIX threads (pthreads). The mutexes may be (in pthread-speak)
216 * fast mutexes, recursive mutexes, or nonrecursive ones.
218 * The _release/_signal/_broadcast and _destroy functions must
219 * always succeed when given a valid argument; if they are given an
220 * invalid argument then the program (crypto plugin + application)
221 * has an internal error, and they should abort the program.
224 int (*getpassphrase)(const char *prompt_info,
225 int *len_io, char *buf,
226 HWCryptoHook_PassphraseContext *ppctx,
227 HWCryptoHook_CallerContext *cactx);
228 /* Passphrases and the prompt_info, if they contain high-bit-set
229 * characters, are UTF-8. The prompt_info may be a null pointer if
230 * no prompt information is available (it should not be an empty
231 * string). It will not contain text like `enter passphrase';
232 * instead it might say something like `Operator Card for John
233 * Smith' or `SmartCard in nFast Module #1, Slot #1'.
235 * buf points to a buffer in which to return the passphrase; on
236 * entry *len_io is the length of the buffer. It should be updated
237 * by the callback. The returned passphrase should not be
238 * null-terminated by the callback.
241 int (*getphystoken)(const char *prompt_info,
242 const char *wrong_info,
243 HWCryptoHook_PassphraseContext *ppctx,
244 HWCryptoHook_CallerContext *cactx);
245 /* Requests that the human user physically insert a different
246 * smartcard, DataKey, etc. The plugin should check whether the
247 * currently inserted token(s) are appropriate, and if they are it
248 * should not make this call.
250 * prompt_info is as before. wrong_info is a description of the
251 * currently inserted token(s) so that the user is told what
252 * something is. wrong_info, like prompt_info, may be null, but
253 * should not be an empty string. Its contents should be
254 * syntactically similar to that of prompt_info.
257 /* Note that a single LoadKey operation might cause several calls to
258 * getpassphrase and/or requestphystoken. If requestphystoken is
259 * not provided (ie, a null pointer is passed) then the plugin may
260 * not support loading keys for which authorisation by several cards
261 * is required. If getpassphrase is not provided then cards with
262 * passphrases may not be supported.
264 * getpassphrase and getphystoken do not need to check that the
265 * passphrase has been entered correctly or the correct token
266 * inserted; the crypto plugin will do that. If this is not the
267 * case then the crypto plugin is responsible for calling these
268 * routines again as appropriate until the correct token(s) and
269 * passphrase(s) are supplied as required, or until any retry limits
270 * implemented by the crypto plugin are reached.
272 * In either case, the application must allow the user to say `no'
273 * or `cancel' to indicate that they do not know the passphrase or
274 * have the appropriate token; this should cause the callback to
275 * return nonzero indicating error.
278 void (*logmessage)(void *logstream, const char *message);
279 /* A log message will be generated at least every time something goes
280 * wrong and an ErrMsgBuf is filled in (or would be if one was
281 * provided). Other diagnostic information may be written there too,
282 * including more detailed reasons for errors which are reported in an
285 * When a log message is generated, this callback is called. It
286 * should write a message to the relevant logging arrangements.
288 * The message string passed will be null-terminated and may be of arbitrary
289 * length. It will not be prefixed by the time and date, nor by the
290 * name of the library that is generating it - if this is required,
291 * the logmessage callback must do it. The message will not have a
292 * trailing newline (though it may contain internal newlines).
294 * If a null pointer is passed for logmessage a default function is
295 * used. The default function treats logstream as a FILE* which has
296 * been converted to a void*. If logstream is 0 it does nothing.
297 * Otherwise it prepends the date and time and library name and
298 * writes the message to logstream. Each line will be prefixed by a
299 * descriptive string containing the date, time and identity of the
300 * crypto plugin. Errors on the logstream are not reported
301 * anywhere, and the default function doesn't flush the stream, so
302 * the application must set the buffering how it wants it.
304 * The crypto plugin may also provide a facility to have copies of
305 * log messages sent elsewhere, and or for adjusting the verbosity
306 * of the log messages; any such facilities will be configured by
310 } HWCryptoHook_InitInfo;
313 HWCryptoHook_ContextHandle HWCryptoHook_Init_t(const HWCryptoHook_InitInfo *initinfo,
315 HWCryptoHook_ErrMsgBuf *errors,
316 HWCryptoHook_CallerContext *cactx);
317 extern HWCryptoHook_Init_t HWCryptoHook_Init;
319 /* Caller should set initinfosize to the size of the HWCryptoHook struct,
320 * so it can be extended later.
322 * On success, a message for display or logging by the server,
323 * including the name and version number of the plugin, will be filled
324 * in into *errors; on failure *errors is used for error handling, as
328 /* All these functions return 0 on success, HWCRYPTOHOOK_ERROR_FAILED
329 * on most failures. HWCRYPTOHOOK_ERROR_MPISIZE means at least one of
330 * the output MPI buffer(s) was too small; the sizes of all have been
331 * set to the desired size (and for those where the buffer was large
332 * enough, the value may have been copied in), and no error message
335 * You may pass 0 for the errors struct. In any case, unless you set
336 * _NoStderr at init time then messages may be reported to stderr.
339 /* The RSAImmed* functions (and key managed RSA) only work with
340 * modules which have an RSA patent licence - currently that means KM
341 * units; the ModExp* ones work with all modules, so you need a patent
342 * licence in the software in the US.
346 void HWCryptoHook_Finish_t(HWCryptoHook_ContextHandle hwctx);
347 extern HWCryptoHook_Finish_t HWCryptoHook_Finish;
348 /* You must not have any calls going or keys loaded when you call this. */
351 int HWCryptoHook_RandomBytes_t(HWCryptoHook_ContextHandle hwctx,
352 unsigned char *buf, size_t len,
353 const HWCryptoHook_ErrMsgBuf *errors);
354 extern HWCryptoHook_RandomBytes_t HWCryptoHook_RandomBytes;
357 int HWCryptoHook_ModExp_t(HWCryptoHook_ContextHandle hwctx,
362 const HWCryptoHook_ErrMsgBuf *errors);
363 extern HWCryptoHook_ModExp_t HWCryptoHook_ModExp;
366 int HWCryptoHook_RSAImmedPub_t(HWCryptoHook_ContextHandle hwctx,
371 const HWCryptoHook_ErrMsgBuf *errors);
372 extern HWCryptoHook_RSAImmedPub_t HWCryptoHook_RSAImmedPub;
375 int HWCryptoHook_ModExpCRT_t(HWCryptoHook_ContextHandle hwctx,
379 HWCryptoHook_MPI dmp1,
380 HWCryptoHook_MPI dmq1,
381 HWCryptoHook_MPI iqmp,
383 const HWCryptoHook_ErrMsgBuf *errors);
384 extern HWCryptoHook_ModExpCRT_t HWCryptoHook_ModExpCRT;
387 int HWCryptoHook_RSAImmedPriv_t(HWCryptoHook_ContextHandle hwctx,
391 HWCryptoHook_MPI dmp1,
392 HWCryptoHook_MPI dmq1,
393 HWCryptoHook_MPI iqmp,
395 const HWCryptoHook_ErrMsgBuf *errors);
396 extern HWCryptoHook_RSAImmedPriv_t HWCryptoHook_RSAImmedPriv;
398 /* The RSAImmed* and ModExp* functions may return E_FAILED or
399 * E_FALLBACK for failure.
401 * E_FAILED means the failure is permanent and definite and there
402 * should be no attempt to fall back to software. (Eg, for some
403 * applications, which support only the acceleration-only
404 * functions, the `key material' may actually be an encoded key
405 * identifier, and doing the operation in software would give wrong
408 * E_FALLBACK means that doing the computation in software would seem
409 * reasonable. If an application pays attention to this and is
410 * able to fall back, it should also set the Fallback init flags.
414 int HWCryptoHook_RSALoadKey_t(HWCryptoHook_ContextHandle hwctx,
415 const char *key_ident,
416 HWCryptoHook_RSAKeyHandle *keyhandle_r,
417 const HWCryptoHook_ErrMsgBuf *errors,
418 HWCryptoHook_PassphraseContext *ppctx);
419 extern HWCryptoHook_RSALoadKey_t HWCryptoHook_RSALoadKey;
420 /* The key_ident is a null-terminated string configured by the
421 * user via the application's usual configuration mechanisms.
422 * It is provided to the user by the crypto provider's key management
423 * system. The user must be able to enter at least any string of between
424 * 1 and 1023 characters inclusive, consisting of printable 7-bit
425 * ASCII characters. The provider should avoid using
426 * any characters except alphanumerics and the punctuation
427 * characters _ - + . / @ ~ (the user is expected to be able
428 * to enter these without quoting). The string may be case-sensitive.
429 * The application may allow the user to enter other NULL-terminated strings,
430 * and the provider must cope (returning an error if the string is not
433 * If the key does not exist, it is _not_ an error - in that case,
434 * keyhandle_r will be set to 0 instead of to a key handle.
438 int HWCryptoHook_RSAGetPublicKey_t(HWCryptoHook_RSAKeyHandle k,
441 const HWCryptoHook_ErrMsgBuf *errors);
442 extern HWCryptoHook_RSAGetPublicKey_t HWCryptoHook_RSAGetPublicKey;
443 /* The crypto plugin will not store certificates.
445 * Although this function for acquiring the public key value is
446 * provided, it is not the purpose of this API to deal fully with the
447 * handling of the public key.
449 * It is expected that the crypto supplier's key generation program
450 * will provide general facilities for producing X.509
451 * self-certificates and certificate requests in PEM format. These
452 * will be given to the user so that they can configure them in the
453 * application, send them to CAs, or whatever.
455 * In case this kind of certificate handling is not appropriate, the
456 * crypto supplier's key generation program should be able to be
457 * configured not to generate such a self-certificate or certificate
458 * request. Then the application will need to do all of this, and
459 * will need to store and handle the public key and certificates
464 int HWCryptoHook_RSAUnloadKey_t(HWCryptoHook_RSAKeyHandle k,
465 const HWCryptoHook_ErrMsgBuf *errors);
466 extern HWCryptoHook_RSAUnloadKey_t HWCryptoHook_RSAUnloadKey;
467 /* Might fail due to locking problems, or other serious internal problems. */
470 int HWCryptoHook_RSA_t(HWCryptoHook_MPI m,
471 HWCryptoHook_RSAKeyHandle k,
473 const HWCryptoHook_ErrMsgBuf *errors);
474 extern HWCryptoHook_RSA_t HWCryptoHook_RSA;
476 #endif /*HWCRYPTOHOOK_H*/