Hallo, dies ist ein Test.

PWD: /www/data-lst1/unixsoft/unixsoft/kaempfer/.public_html

Running in File Mode
Relative path: ./../../../../../../usr/include/avahi-ui/../cryptoutil.h
Real path: /usr/include/cryptoutil.h
Zurück

/* * Copyright (c) 2003, 2020, Oracle and/or its affiliates. */ #ifndef _CRYPTOUTIL_H #define _CRYPTOUTIL_H #ifdef __cplusplus extern "C" { #endif #include <libucrypto.h> #include <security/cryptoki.h> #include <sys/crypto/ioctladmin.h> #include <sys/param.h> #include <sys/paths.h> #include <sys/types.h> #include <syslog.h> #define LOG_STDERR -1 /* cryptoerror() log to stderr, not syslog */ #define LCU_SUCCESS 0 #define LCU_FAILURE 1 #define MECH_ID_HEX_LEN 11 /* length of mechanism id in hex form */ #define _PATH_KCF_CONF "/etc/crypto/kcf.conf" #define _PATH_PKCS11_CONF "/etc/crypto/pkcs11.conf" #define _PATH_UCRYPTO_CONF "/etc/crypto/ucrypto.conf" #define _PATH_KCFD_LOCK _PATH_SYSVOL "/kcfd.lock" #define BYTES_IN_WORD 4 /* $ISA substitution for parsing pkcs11.conf data */ #define PKCS11_ISA "/$ISA/" #if defined(_LP64) #if defined(__sparcv9) #define PKCS11_ISA_DIR "/sparcv9/" #elif defined(__amd64) #define PKCS11_ISA_DIR "/amd64/" #else #define PKCS11_ISA_DIR "/64/" #endif #else /* 32-bit */ #define PKCS11_ISA_DIR "/" #endif /* _LP64 */ #define UEF_FRAME_LIB "/usr/lib" PKCS11_ISA_DIR "libpkcs11.so" /* pkcs11.conf and kcf.conf : common keywords and delimiters */ #define SEP_COLON ":" #define SEP_SEMICOLON ";" #define SEP_EQUAL "=" #define SEP_COMMA "," #define METASLOT_KEYWORD "metaslot" #define FIPS_KEYWORD "fips-140" #define EF_DISABLED "disabledlist=" #define EF_ENABLED "enabledlist=" #define EF_NORANDOM "NO_RANDOM" #define METASLOT_TOKEN "metaslot_token=" #define METASLOT_SLOT "metaslot_slot=" #define METASLOT_STATUS "metaslot_status=" #define METASLOT_AUTO_KEY_MIGRATE "metaslot_auto_key_migrate=" #define ENABLED_KEYWORD "enabled" #define DISABLED_KEYWORD "disabled" /* kcf.conf : specific keywords and delimiters */ #define SEP_SLASH '/' #define EF_SUPPORTED "supportedlist=" #define EF_UNLOAD "unload" #define RANDOM "random" /* kcf.conf : update modes */ #define ADD_MODE 1 #define DELETE_MODE 2 #define MODIFY_MODE 3 /* kcf.conf : other */ #define TMPFILE_TEMPLATE "/etc/crypto/admXXXXXX" #define GROUP_SYS 3 /* * These should eventually be subsumed by sys/crypto/common.h */ #define SLOT_DESCRIPTION_SIZE 64 #define TOKEN_LABEL_SIZE 32 #define TOKEN_MANUFACTURER_SIZE 32 #define TOKEN_SERIAL_SIZE 16 /* RFC 7512: PKCS#11 URI prefixes and attributes. */ #define FILE_URI_PREFIX "file://" #define PK11_URI_PREFIX "pkcs11:" #define PK11_TOKEN "token" #define PK11_MANUF "manufacturer" #define PK11_SERIAL "serial" #define PK11_MODEL "model" #define PK11_OBJECT "object" #define PK11_TYPE "type" #define PK11_ID "id" #define PK11_PIN_SOURCE "pin-source" /* * Define the following softtoken and metaslot string values that are shared * by softtoken library, cryptoadm and pktool command. */ #define SOFT_FMRI "svc:/system/pkcs11:softtoken" #define SOFT_PROVIDER "pkcs11_softtoken.so" #define SOFT_SLOT_DESCRIPTION \ "Sun Crypto Softtoken " \ " " #define SOFT_TOKEN_LABEL "Sun Software PKCS#11 softtoken " #define SOFT_TOKEN_SERIAL " " #define SOFT_MANUFACTURER_ID "Oracle Corporation " #define SOFT_DEFAULT_PIN "changeme" #define METASLOT_FMRI "svc:/system/pkcs11:metaslot" #define METASLOT_PROVIDER METASLOT_KEYWORD #define METASLOT_FRAMEWORK_ID 0 #define METASLOT_SLOT_DESCRIPTION \ "Sun Metaslot " \ " " #define METASLOT_TOKEN_LABEL "Sun Metaslot " #define METASLOT_TOKEN_SERIAL " " #define METASLOT_MANUFACTURER_ID \ "Oracle Corporation " #define METASLOT_TOKEN_LABEL_LEN 12 #define KMIP_FMRI "svc:/system/pkcs11:kmip" #define KMIP_PROVIDER "pkcs11_kmip.so" #define KMIP_SLOT_DESC "Oracle Solaris KMIP " #define TPM_FMRI "svc:/system/pkcs11:tpm" #define TPM_PROVIDER "pkcs11_tpm.so" #define KMS_FMRI "svc:/system/pkcs11:kms" #define KMS_PROVIDER "pkcs11_kms.so" /* Default values used by crypto_get_pass() */ #define MAX_PASS_BUFFER 1024 /* from prompts and message strings */ #define MIN_PASS_LENGTH 8 /* minimum passphrase length */ #define MAX_PASS_TRIES 5 /* maximum tries to get passphrase */ /* Standardized strings for crypto_get_pass() for token PINs */ #ifdef TEXT_DOMAIN /* library */ #define CRYPTO_GETTEXT(s) dgettext(TEXT_DOMAIN, (s)) #else /* command */ #define CRYPTO_GETTEXT(s) gettext(s) #endif #define DEFAULT_TOKEN_PROMPT CRYPTO_GETTEXT("Enter PIN for %s: ") #define DEFAULT_TOKEN_REPROMPT CRYPTO_GETTEXT("Re-enter PIN for %s: ") #define DEFAULT_TOKEN_MINSIZE \ CRYPTO_GETTEXT("PIN must be at least %ld characters.\n") #define DEFAULT_TOKEN_MAXTRIES CRYPTO_GETTEXT("Exceeded number of attempts.\n") /* Standardized (and default) strings for crypto_get_pass() for passphrases */ #define DEFAULT_USER_PROMPT CRYPTO_GETTEXT("Enter passphrase: ") #define DEFAULT_USER_REPROMPT CRYPTO_GETTEXT("Re-enter passphrase: ") #define DEFAULT_USER_MINSIZE \ CRYPTO_GETTEXT("Passphrase must be at least %ld characters.\n") #define DEFAULT_USER_MAXTRIES CRYPTO_GETTEXT("Exceeded number of attempts.\n") /* * Flag type for pkcs11_flag2str() and pkcs11_flags2str() * Note: We ignore CKF_DONT_BLOCK and CKF_ARRAY_ATTRIBUTE which are specific. */ #define PK11_FL_LIB 0 #define PK11_FL_SLOT 1 #define PK11_FL_TOKEN 2 #define PK11_FL_SESSION 3 #define PK11_FL_MECH 4 #define PK11_FL_OTP 5 /* * pkcs11.conf parsing */ typedef char libname_t[MAXPATHLEN]; typedef char midstr_t[MECH_ID_HEX_LEN]; typedef struct umechlist { midstr_t name; /* mechanism name in hex form */ struct umechlist *next; } umechlist_t; typedef struct uentry { libname_t name; boolean_t flag_norandom; /* TRUE if random is disabled */ boolean_t flag_enabledlist; /* TRUE if an enabledlist */ umechlist_t *policylist; /* disabledlist or enabledlist */ boolean_t flag_metaslot_enabled; /* TRUE if metaslot's enabled */ boolean_t flag_metaslot_auto_key_migrate; CK_UTF8CHAR metaslot_ks_slot[SLOT_DESCRIPTION_SIZE + 1]; CK_UTF8CHAR metaslot_ks_token[TOKEN_LABEL_SIZE + 1]; int count; } uentry_t; typedef struct uentrylist { uentry_t *puent; struct uentrylist *next; } uentrylist_t; /* Integer represented as a big-endian byte string */ typedef struct biginteger { uchar_t *big_value; uint32_t big_value_len; } biginteger_t; /* Return codes for pkcs11_parse_uri() */ #define PK11_URI_OK 0 #define PK11_URI_INVALID 1 #define PK11_MALLOC_ERROR 2 #define PK11_URI_VALUE_OVERFLOW 3 #define PK11_NOT_PKCS11_URI 4 /* Use built-in passphrase dialog as a PIN source */ #define PK11_URI_BUILTIN_DIALOG ((char *)-1) /* * There is no limit for the attribute length in the spec. 256 bytes should be * enough for the object name. */ #define PK11_MAX_OBJECT_LEN 256 /* * CKA_ID is of type "byte array" which can be of arbitrary length. 256 bytes * should be sufficient though. */ #define PK11_MAX_ID_LEN 256 /* Maximum /etc/crypto/ configuration file line length */ #define CONFLINE_MAX_LEN 4096 /* PKCS#11 invalid Slot ID value */ #define CK_INVALID_SLOT_ID ((CK_SLOT_ID)-1) /* Structure for the PKCS#11 URI. */ typedef struct pkcs11_uri_t { /* CKA_LABEL attribute to the C_FindObjectsInit function. */ CK_UTF8CHAR_PTR object; /* * CKA_CLASS attribute to the C_FindObjectsInit function. The * "objecttype" URI attribute can have a value one of "private", * "public", "cert", "secretkey", and "data". The "objecttype" field can * have a value of CKO_PUBLIC_KEY, CKO_PRIVATE_KEY, CKO_CERTIFICATE, * CKO_SECRET_KEY, and CKO_DATA. This attribute cannot be empty in the * URI. */ CK_ULONG objecttype; /* CKO_DATA is 0 so we need this flag. Not part of the URI itself. */ boolean_t objecttype_present; /* * Token, manufacturer, serial and model are of fixed size length in * the specification. We allocate memory on the fly to distinguish * between an attribute not present and an empty value. We check for * overflows. We always terminate the string with '\0' even when that is * not used in the PKCS#11's CK_TOKEN_INFO structure (fields are padded * with spaces). */ /* Token label from CK_TOKEN_INFO. */ CK_UTF8CHAR_PTR token; /* ManufacturerID from CK_TOKEN_INFO. */ CK_UTF8CHAR_PTR manuf; /* SerialNumber from CK_TOKEN_INFO. */ CK_CHAR_PTR serial; /* Model from CK_TOKEN_INFO. */ CK_UTF8CHAR_PTR model; /* This is a byte array, we need a length parameter as well. */ CK_BYTE_PTR id; int id_len; /* * Location of the file with a token PIN. Application can overload this. * For example, "/bin/askpass|" may mean to read the PIN from a command * '/bin/askpass'. However, the pkcs11_parse_uri() function does not * interpret this field in any way. Application may also decide to use * built-in passphrase dialog. In which case, pinfile will be set to * PK11_URI_BUILTIN_DIALOG. */ char *pinfile; } pkcs11_uri_t; /* * kcf.conf parsing : primitives */ typedef char prov_name_t[MAXNAMELEN]; typedef char mech_name_t[CRYPTO_MAX_MECH_NAME]; typedef struct mechnamelist { mech_name_t name; struct mechnamelist *next; } mechnamelist_t; typedef struct kentry { prov_name_t name; mechnamelist_t *suplist; /* supported list */ uint_t sup_count; mechnamelist_t *dislist; /* disabled list */ uint_t dis_count; boolean_t load; /* B_FALSE after cryptoadm unload */ } kentry_t; typedef struct kentrylist { kentry_t *pent; struct kentrylist *next; } kentrylist_t; /* kcf.conf and pkcs11.conf parsing : externally visible functions */ mechnamelist_t *create_mechname(char *); boolean_t filter_mechnamelist(mechnamelist_t **, const char *); void free_mechnamelist(mechnamelist_t *); int get_dev_info(char *, int, int, mechnamelist_t **); int get_dev_list(crypto_get_dev_list_t **); int get_soft_info(char *, mechnamelist_t **, kentrylist_t *, kentrylist_t *, boolean_t); int get_soft_list(crypto_get_soft_list_t **); int get_kcfconf_info(kentrylist_t **, kentrylist_t **); int get_admindev_info(kentrylist_t **, kentrylist_t **); int check_kernel_for_soft(char *, crypto_get_soft_list_t *, boolean_t *); int check_kernel_for_hard(char *, crypto_get_dev_list_t *, boolean_t *); int check_hardware_provider(char *, char *, int *, int *); kentry_t *create_kentry(char *); void free_kentry(kentry_t *); void free_kentrylist(kentrylist_t *); kentry_t *getent_kef(char *, kentrylist_t *, kentrylist_t *); int disable_kef_software(char *, boolean_t, boolean_t, mechnamelist_t *); int disable_kef_hardware(char *, boolean_t, boolean_t, mechnamelist_t *); int enable_kef(char *, boolean_t, boolean_t, mechnamelist_t *); int install_kef(char *, mechnamelist_t *); int uninstall_kef(char *); int unload_kef_soft(char *); int disable_uef_lib(char *, boolean_t, boolean_t, mechnamelist_t *); int enable_uef_lib(char *, boolean_t, boolean_t, mechnamelist_t *); int install_uef_lib(char *); int uninstall_uef_lib(char *); int disable_metaslot(mechnamelist_t *, boolean_t, boolean_t); int enable_metaslot(char *, char *, boolean_t, mechnamelist_t *, boolean_t, boolean_t); int refresh(void); crypto_load_soft_config_t *setup_soft_conf(kentry_t *); crypto_load_soft_disabled_t *setup_soft_dis(kentry_t *); crypto_load_dev_disabled_t *setup_dev_dis(kentry_t *); int update_kcfconf(kentry_t *, int); int update_pkcs11conf(uentry_t *); boolean_t is_in_policylist(midstr_t, umechlist_t *); char *expand_isa(char *, char *); __PRINTFLIKE(1) extern void cryptodebug(const char *__fmt, ...); __PRINTFLIKE(2) extern void cryptoerror(int __priority, const char *__fmt, ...); extern void cryptodebug_init(const char *__prefix); extern void cryptoerror_off(void); extern void cryptoerror_on(void); extern boolean_t cryptoerror_state(void); extern const char *pkcs11_attr2str(CK_ATTRIBUTE_TYPE __attr); extern CK_RV pkcs11_str2attr(const char *__attr_str, CK_ATTRIBUTE_TYPE *__attr); extern const char *pkcs11_flag2str(int __fl_type, CK_FLAGS __flag); extern char *pkcs11_flags2str(int __fl_type, CK_FLAGS __flags, const char *__separator); extern CK_RV pkcs11_str2flag(int __fl_type, const char *__flag_str, CK_FLAGS *__flag); extern CK_RV pkcs11_str2flags(int __fl_type, const char *__flags_str, CK_FLAGS *__flags, const char *__separator); extern const char *pkcs11_hwftype2str(CK_HW_FEATURE_TYPE __hw_feature); extern CK_RV pkcs11_str2hwftype(const char *__attr_str, CK_HW_FEATURE_TYPE *__hw_feature); extern const char *pkcs11_mech2str(CK_MECHANISM_TYPE __mech); extern CK_RV pkcs11_str2mech(const char *__mech_str, CK_MECHANISM_TYPE_PTR __mech); extern const char *pkcs11_keytype2str(CK_KEY_TYPE __key_type); extern CK_RV pkcs11_str2keytype(const char *__keytype_str, CK_KEY_TYPE *__key_type); extern const char *pkcs11_objclass2str(CK_OBJECT_CLASS __obj_type); extern CK_RV pkcs11_str2objclass(const char *__objclass_str, CK_OBJECT_CLASS *__obj_class); extern const char *pkcs11_retval2str(CK_RV __retval); extern CK_RV pkcs11_str2retval(const char *__retval_str, CK_RV *__retval); extern const char *pkcs11_state2str(CK_STATE __state); extern CK_RV pkcs11_str2state(const char *__state_str, CK_STATE *__state); extern const char *pkcs11_usertype2str(CK_USER_TYPE __user_type); extern CK_RV pkcs11_str2usertype(const char *__usertype_str, CK_USER_TYPE *__user_type); extern int get_pkcs11conf_info(uentrylist_t **__ppliblist); extern umechlist_t *create_umech(char *__name); extern void free_umechlist(umechlist_t *__plist); extern void free_uentrylist(uentrylist_t *__entrylist); extern void free_uentry(uentry_t *__pent); extern uentry_t *getent_uef(char *__libname); extern void tohexstr(const uchar_t *__bytes, size_t __blen, char *__hexstr, size_t __hexlen); extern int hexstr_to_bytes(const char *__hexstr, size_t __hexlen, uchar_t **__bytes, size_t *__blen); extern CK_RV pkcs11_mech2keytype(CK_MECHANISM_TYPE __mech_type, CK_KEY_TYPE *__ktype); extern CK_RV pkcs11_mech2keygen(CK_MECHANISM_TYPE __mech_type, CK_MECHANISM_TYPE *__gen_mech); extern char *pkcs11_strerror(CK_RV __rv); extern char *get_fullpath(char *__dir, char *__filepath); extern int str2lifetime(char *__ltimestr, uint32_t *__ltime); extern char *pkcs11_default_token(void); extern int crypto_get_pass(char *__prompt, char *__confirm, size_t __min_psize, char *__too_short, uint8_t __max_tries, char *__limit_reached, char **__pdata, size_t *__psize); extern int crypto_read_file(char *__filename, void **__dbuf, size_t *__dlen); extern int crypto_copy_file_to_fd(char *__filename, int __fd_out); extern int open_nointr(const char *__path, int __oflag, ...); extern ssize_t readn_nointr(int __fd, void *__dbuf, size_t __dlen); extern ssize_t writen_nointr(int __fd, void *__dbuf, size_t __dlen); extern int update_conf(char *__conf_file, char *__entry); extern int pkcs11_parse_uri(const char *__str, pkcs11_uri_t *__uri); extern void pkcs11_free_uri(pkcs11_uri_t *__uri); extern int memcmp_pad_max(void *__d1, uint_t __d1_len, void *__d2, uint_t __d2_len, uint_t __max_sz); extern char *trim_trailing_whitespace(char *__buf, const size_t __maxlen); extern void bigint_move(biginteger_t *__src, biginteger_t *__dst); extern int bigint_bitlen(biginteger_t *__bigint); extern void bigint_cleanup(biginteger_t *__big); extern int bigint_init(biginteger_t *__bi, uchar_t *__buf, ulong_t __buflen); extern int bigint_pad(biginteger_t *__src, biginteger_t *__dst); extern int bigint_unpad(biginteger_t __src, biginteger_t *__dst); extern int bigint_copy(biginteger_t *__new_bigint, biginteger_t *__old_bigint); extern int bigint_from_template(biginteger_t *__big, CK_ATTRIBUTE_PTR __pAttr); extern int bigint_to_template(biginteger_t *__big, CK_ATTRIBUTE_PTR __pAttr); extern int check_ucf_libs(const char *__caller); extern int pkcs11mech2ucryptomech(CK_MECHANISM_TYPE __pk11mech); extern CK_RV ucryptoerr2pkcs11err(int __errcode); /* internationalized yes/no answer parser */ const char *crypto_get_yesstr(void); const char *crypto_get_nostr(void); const char *crypto_getqstr_yn(const char *, boolean_t); void crypto_getansstr(char *, size_t); int crypto_init_yes(void); int crypto_yes(void); int crypto_yes_check(const char *); int crypto_no(void); int crypto_no_check(const char *); #define crypto_yesstr crypto_get_yesstr() #define crypto_nostr crypto_get_nostr() #ifdef __cplusplus } #endif #endif /* _CRYPTOUTIL_H */