/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#ifndef _SOFTOBJECT_H
#define _SOFTOBJECT_H
#ifdef __cplusplus
extern "C" {
#endif
#include <pthread.h>
#include <security/pkcs11t.h>
#include "softKeystoreUtil.h"
#include "softSession.h"
#define SOFTTOKEN_OBJECT_MAGIC 0xECF0B002
#define SOFT_CREATE_OBJ 1
#define SOFT_GEN_KEY 2
#define SOFT_DERIVE_KEY_DH 3 /* for CKM_DH_PKCS_DERIVE */
#define SOFT_DERIVE_KEY_OTHER 4 /* for CKM_MD5_KEY_DERIVATION and */
/* CKM_SHA1_KEY_DERIVATION */
#define SOFT_UNWRAP_KEY 5
#define SOFT_CREATE_OBJ_INT 6 /* internal object creation */
typedef struct biginteger {
CK_BYTE *big_value;
CK_ULONG big_value_len;
} biginteger_t;
/*
* Secret key Struct
*/
typedef struct secret_key_obj {
CK_BYTE *sk_value;
CK_ULONG sk_value_len;
void *key_sched;
size_t keysched_len;
} secret_key_obj_t;
/*
* PKCS11: RSA Public Key Object Attributes
*/
typedef struct rsa_pub_key {
biginteger_t modulus;
CK_ULONG modulus_bits;
biginteger_t pub_exponent;
} rsa_pub_key_t;
/*
* PKCS11: DSA Public Key Object Attributes
*/
typedef struct dsa_pub_key {
biginteger_t prime;
biginteger_t subprime;
biginteger_t base;
biginteger_t value;
} dsa_pub_key_t;
/*
* PKCS11: Diffie-Hellman Public Key Object Attributes
*/
typedef struct dh_pub_key {
biginteger_t prime;
biginteger_t base;
biginteger_t value;
} dh_pub_key_t;
/*
* PKCS11: X9.42 Diffie-Hellman Public Key Object Attributes
*/
typedef struct dh942_pub_key {
biginteger_t prime;
biginteger_t base;
biginteger_t subprime;
biginteger_t value;
} dh942_pub_key_t;
/*
* PKCS11: Elliptic Curve Public Key Object Attributes
*/
typedef struct ec_pub_key {
biginteger_t param;
biginteger_t point;
} ec_pub_key_t;
/*
* Public Key Main Struct
*/
typedef struct public_key_obj {
union {
rsa_pub_key_t rsa_pub_key; /* RSA public key */
dsa_pub_key_t dsa_pub_key; /* DSA public key */
dh_pub_key_t dh_pub_key; /* DH public key */
dh942_pub_key_t dh942_pub_key; /* DH9.42 public key */
ec_pub_key_t ec_pub_key; /* Elliptic Curve public key */
} key_type_u;
} public_key_obj_t;
/*
* PKCS11: RSA Private Key Object Attributes
*/
typedef struct rsa_pri_key {
biginteger_t modulus;
biginteger_t pub_exponent;
biginteger_t pri_exponent;
biginteger_t prime_1;
biginteger_t prime_2;
biginteger_t exponent_1;
biginteger_t exponent_2;
biginteger_t coefficient;
} rsa_pri_key_t;
/*
* PKCS11: DSA Private Key Object Attributes
*/
typedef struct dsa_pri_key {
biginteger_t prime;
biginteger_t subprime;
biginteger_t base;
biginteger_t value;
} dsa_pri_key_t;
/*
* PKCS11: Diffie-Hellman Private Key Object Attributes
*/
typedef struct dh_pri_key {
biginteger_t prime;
biginteger_t base;
biginteger_t value;
CK_ULONG value_bits;
} dh_pri_key_t;
/*
* PKCS11: X9.42 Diffie-Hellman Private Key Object Attributes
*/
typedef struct dh942_pri_key {
biginteger_t prime;
biginteger_t base;
biginteger_t subprime;
biginteger_t value;
} dh942_pri_key_t;
/*
* PKCS11: Elliptic Curve Private Key Object Attributes
*/
typedef struct ec_pri_key {
biginteger_t param;
biginteger_t value;
} ec_pri_key_t;
/*
* Private Key Main Struct
*/
typedef struct private_key_obj {
union {
rsa_pri_key_t rsa_pri_key; /* RSA private key */
dsa_pri_key_t dsa_pri_key; /* DSA private key */
dh_pri_key_t dh_pri_key; /* DH private key */
dh942_pri_key_t dh942_pri_key; /* DH9.42 private key */
ec_pri_key_t ec_pri_key; /* Elliptic Curve private key */
} key_type_u;
} private_key_obj_t;
/*
* PKCS11: DSA Domain Parameters Object Attributes
*/
typedef struct dsa_dom_key {
biginteger_t prime;
biginteger_t subprime;
biginteger_t base;
CK_ULONG prime_bits;
} dsa_dom_key_t;
/*
* PKCS11: Diffie-Hellman Domain Parameters Object Attributes
*/
typedef struct dh_dom_key {
biginteger_t prime;
biginteger_t base;
CK_ULONG prime_bits;
} dh_dom_key_t;
/*
* PKCS11: X9.42 Diffie-Hellman Domain Parameters Object Attributes
*/
typedef struct dh942_dom_key {
biginteger_t prime;
biginteger_t base;
biginteger_t subprime;
CK_ULONG prime_bits;
CK_ULONG subprime_bits;
} dh942_dom_key_t;
/*
* Domain Parameters Main Struct
*/
typedef struct domain_obj {
union {
dsa_dom_key_t dsa_dom_key; /* DSA domain parameters */
dh_dom_key_t dh_dom_key; /* DH domain parameters */
dh942_dom_key_t dh942_dom_key; /* DH9.42 domain parameters */
} key_type_u;
} domain_obj_t;
typedef struct cert_attr_type {
CK_BYTE *value;
CK_ULONG length;
} cert_attr_t;
/*
* X.509 Public Key Certificate Structure.
* This structure contains only the attributes that are
* NOT modifiable after creation.
* ID, ISSUER, and SUBJECT attributes are kept in the extra_attrlistp
* record.
*/
typedef struct x509_cert {
cert_attr_t *subject; /* DER encoding of certificate subject name */
cert_attr_t *value; /* BER encoding of the cert */
} x509_cert_t;
/*
* X.509 Attribute Certificiate Structure
* This structure contains only the attributes that are
* NOT modifiable after creation.
* AC_ISSUER, SERIAL_NUMBER, and ATTR_TYPES are kept in the
* extra_attrlistp record so they may be modified.
*/
typedef struct x509_attr_cert {
cert_attr_t *owner; /* DER encoding of attr cert subject field */
cert_attr_t *value; /* BER encoding of cert */
} x509_attr_cert_t;
/*
* Certificate Object Main Struct
*/
typedef struct certificate_obj {
CK_CERTIFICATE_TYPE certificate_type;
union {
x509_cert_t x509;
x509_attr_cert_t x509_attr;
} cert_type_u;
} certificate_obj_t;
/*
* This structure is used to hold the attributes in the
* Extra Attribute List.
*/
typedef struct attribute_info {
CK_ATTRIBUTE attr;
struct attribute_info *next;
} attribute_info_t;
typedef attribute_info_t *CK_ATTRIBUTE_INFO_PTR;
/*
* This is the main structure of the Objects.
*/
typedef struct object {
/* Generic common fields. Always present */
uint_t version; /* for token objects only */
CK_OBJECT_CLASS class;
CK_KEY_TYPE key_type;
CK_CERTIFICATE_TYPE cert_type;
ulong_t magic_marker;
uint64_t bool_attr_mask; /* see below */
CK_MECHANISM_TYPE mechanism;
uchar_t object_type; /* see below */
struct ks_obj_handle ks_handle; /* keystore handle */
/* Fields for access and arbitration */
pthread_mutex_t object_mutex;
struct object *next;
struct object *prev;
/* Extra non-boolean attribute list */
CK_ATTRIBUTE_INFO_PTR extra_attrlistp;
/* For each object, only one of these object classes is presented */
union {
public_key_obj_t *public_key;
private_key_obj_t *private_key;
secret_key_obj_t *secret_key;
domain_obj_t *domain;
certificate_obj_t *certificate;
} object_class_u;
/* Session handle that the object belongs to */
CK_SESSION_HANDLE session_handle;
uint32_t obj_refcnt; /* object reference count */
pthread_cond_t obj_free_cond; /* cond variable for signal and wait */
uint32_t obj_delete_sync; /* object delete sync flags */
} soft_object_t;
typedef struct find_context {
soft_object_t **objs_found;
CK_ULONG num_results;
CK_ULONG next_result_index; /* next result object to return */
} find_context_t;
/*
* The following structure is used to link the to-be-freed session
* objects into a linked list. The objects on this linked list have
* not yet been freed via free() after C_DestroyObject() call; instead
* they are added to this list. The actual free will take place when
* the number of objects queued reaches MAX_OBJ_TO_BE_FREED, at which
* time the first object in the list will be freed.
*/
#define MAX_OBJ_TO_BE_FREED 300
typedef struct obj_to_be_freed_list {
struct object *first; /* points to the first obj in the list */
struct object *last; /* points to the last obj in the list */
uint32_t count; /* current total objs in the list */
pthread_mutex_t obj_to_be_free_mutex;
} obj_to_be_freed_list_t;
/*
* Object type
*/
#define SESSION_PUBLIC 0 /* CKA_TOKEN = 0, CKA_PRIVATE = 0 */
#define SESSION_PRIVATE 1 /* CKA_TOKEN = 0, CKA_PRIVATE = 1 */
#define TOKEN_PUBLIC 2 /* CKA_TOKEN = 1, CKA_PRIVATE = 0 */
#define TOKEN_PRIVATE 3 /* CKA_TOKEN = 1, CKA_PRIVATE = 1 */
#define TOKEN_OBJECT 2
#define PRIVATE_OBJECT 1
typedef enum {
ALL_TOKEN = 0,
PUBLIC_TOKEN = 1,
PRIVATE_TOKEN = 2
} token_obj_type_t;
#define IS_TOKEN_OBJECT(objp) \
((objp->object_type == TOKEN_PUBLIC) || \
(objp->object_type == TOKEN_PRIVATE))
/*
* Types associated with copying object's content
*/
#define SOFT_SET_ATTR_VALUE 1 /* for C_SetAttributeValue */
#define SOFT_COPY_OBJECT 2 /* for C_CopyObject */
#define SOFT_COPY_OBJ_ORIG_SH 3 /* for copying an object but keeps */
/* the original session handle */
/*
* The following definitions are the shortcuts
*/
/*
* RSA Public Key Object Attributes
*/
#define OBJ_PUB(o) \
((o)->object_class_u.public_key)
#define KEY_PUB_RSA(k) \
&((k)->key_type_u.rsa_pub_key)
#define OBJ_PUB_RSA_MOD(o) \
&((o)->object_class_u.public_key->key_type_u.rsa_pub_key.modulus)
#define KEY_PUB_RSA_MOD(k) \
&((k)->key_type_u.rsa_pub_key.modulus)
#define OBJ_PUB_RSA_PUBEXPO(o) \
&((o)->object_class_u.public_key->key_type_u.rsa_pub_key.pub_exponent)
#define KEY_PUB_RSA_PUBEXPO(k) \
&((k)->key_type_u.rsa_pub_key.pub_exponent)
#define OBJ_PUB_RSA_MOD_BITS(o) \
((o)->object_class_u.public_key->key_type_u.rsa_pub_key.modulus_bits)
#define KEY_PUB_RSA_MOD_BITS(k) \
((k)->key_type_u.rsa_pub_key.modulus_bits)
/*
* DSA Public Key Object Attributes
*/
#define KEY_PUB_DSA(k) \
&((k)->key_type_u.dsa_pub_key)
#define OBJ_PUB_DSA_PRIME(o) \
&((o)->object_class_u.public_key->key_type_u.dsa_pub_key.prime)
#define KEY_PUB_DSA_PRIME(k) \
&((k)->key_type_u.dsa_pub_key.prime)
#define OBJ_PUB_DSA_SUBPRIME(o) \
&((o)->object_class_u.public_key->key_type_u.dsa_pub_key.subprime)
#define KEY_PUB_DSA_SUBPRIME(k) \
&((k)->key_type_u.dsa_pub_key.subprime)
#define OBJ_PUB_DSA_BASE(o) \
&((o)->object_class_u.public_key->key_type_u.dsa_pub_key.base)
#define KEY_PUB_DSA_BASE(k) \
&((k)->key_type_u.dsa_pub_key.base)
#define OBJ_PUB_DSA_VALUE(o) \
&((o)->object_class_u.public_key->key_type_u.dsa_pub_key.value)
#define KEY_PUB_DSA_VALUE(k) \
&((k)->key_type_u.dsa_pub_key.value)
/*
* Diffie-Hellman Public Key Object Attributes
*/
#define KEY_PUB_DH(k) \
&((k)->key_type_u.dh_pub_key)
#define OBJ_PUB_DH_PRIME(o) \
&((o)->object_class_u.public_key->key_type_u.dh_pub_key.prime)
#define KEY_PUB_DH_PRIME(k) \
&((k)->key_type_u.dh_pub_key.prime)
#define OBJ_PUB_DH_BASE(o) \
&((o)->object_class_u.public_key->key_type_u.dh_pub_key.base)
#define KEY_PUB_DH_BASE(k) \
&((k)->key_type_u.dh_pub_key.base)
#define OBJ_PUB_DH_VALUE(o) \
&((o)->object_class_u.public_key->key_type_u.dh_pub_key.value)
#define KEY_PUB_DH_VALUE(k) \
&((k)->key_type_u.dh_pub_key.value)
/*
* X9.42 Diffie-Hellman Public Key Object Attributes
*/
#define KEY_PUB_DH942(k) \
&((k)->key_type_u.dh942_pub_key)
#define OBJ_PUB_DH942_PRIME(o) \
&((o)->object_class_u.public_key->key_type_u.dh942_pub_key.prime)
#define KEY_PUB_DH942_PRIME(k) \
&((k)->key_type_u.dh942_pub_key.prime)
#define OBJ_PUB_DH942_BASE(o) \
&((o)->object_class_u.public_key->key_type_u.dh942_pub_key.base)
#define KEY_PUB_DH942_BASE(k) \
&((k)->key_type_u.dh942_pub_key.base)
#define OBJ_PUB_DH942_SUBPRIME(o) \
&((o)->object_class_u.public_key->key_type_u.dh942_pub_key.subprime)
#define KEY_PUB_DH942_SUBPRIME(k) \
&((k)->key_type_u.dh942_pub_key.subprime)
#define OBJ_PUB_DH942_VALUE(o) \
&((o)->object_class_u.public_key->key_type_u.dh942_pub_key.value)
#define KEY_PUB_DH942_VALUE(k) \
&((k)->key_type_u.dh942_pub_key.value)
/*
* Elliptic Curve Public Key Object Attributes
*/
#define KEY_PUB_EC(k) \
&((k)->key_type_u.ec_pub_key)
#define OBJ_PUB_EC_POINT(o) \
&((o)->object_class_u.public_key->key_type_u.ec_pub_key.point)
#define KEY_PUB_EC_POINT(k) \
&((k)->key_type_u.ec_pub_key.point)
/*
* RSA Private Key Object Attributes
*/
#define OBJ_PRI(o) \
((o)->object_class_u.private_key)
#define KEY_PRI_RSA(k) \
&((k)->key_type_u.rsa_pri_key)
#define OBJ_PRI_RSA_MOD(o) \
&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.modulus)
#define KEY_PRI_RSA_MOD(k) \
&((k)->key_type_u.rsa_pri_key.modulus)
#define OBJ_PRI_RSA_PUBEXPO(o) \
&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.pub_exponent)
#define KEY_PRI_RSA_PUBEXPO(k) \
&((k)->key_type_u.rsa_pri_key.pub_exponent)
#define OBJ_PRI_RSA_PRIEXPO(o) \
&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.pri_exponent)
#define KEY_PRI_RSA_PRIEXPO(k) \
&((k)->key_type_u.rsa_pri_key.pri_exponent)
#define OBJ_PRI_RSA_PRIME1(o) \
&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.prime_1)
#define KEY_PRI_RSA_PRIME1(k) \
&((k)->key_type_u.rsa_pri_key.prime_1)
#define OBJ_PRI_RSA_PRIME2(o) \
&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.prime_2)
#define KEY_PRI_RSA_PRIME2(k) \
&((k)->key_type_u.rsa_pri_key.prime_2)
#define OBJ_PRI_RSA_EXPO1(o) \
&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.exponent_1)
#define KEY_PRI_RSA_EXPO1(k) \
&((k)->key_type_u.rsa_pri_key.exponent_1)
#define OBJ_PRI_RSA_EXPO2(o) \
&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.exponent_2)
#define KEY_PRI_RSA_EXPO2(k) \
&((k)->key_type_u.rsa_pri_key.exponent_2)
#define OBJ_PRI_RSA_COEF(o) \
&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.coefficient)
#define KEY_PRI_RSA_COEF(k) \
&((k)->key_type_u.rsa_pri_key.coefficient)
/*
* DSA Private Key Object Attributes
*/
#define KEY_PRI_DSA(k) \
&((k)->key_type_u.dsa_pri_key)
#define OBJ_PRI_DSA_PRIME(o) \
&((o)->object_class_u.private_key->key_type_u.dsa_pri_key.prime)
#define KEY_PRI_DSA_PRIME(k) \
&((k)->key_type_u.dsa_pri_key.prime)
#define OBJ_PRI_DSA_SUBPRIME(o) \
&((o)->object_class_u.private_key->key_type_u.dsa_pri_key.subprime)
#define KEY_PRI_DSA_SUBPRIME(k) \
&((k)->key_type_u.dsa_pri_key.subprime)
#define OBJ_PRI_DSA_BASE(o) \
&((o)->object_class_u.private_key->key_type_u.dsa_pri_key.base)
#define KEY_PRI_DSA_BASE(k) \
&((k)->key_type_u.dsa_pri_key.base)
#define OBJ_PRI_DSA_VALUE(o) \
&((o)->object_class_u.private_key->key_type_u.dsa_pri_key.value)
#define KEY_PRI_DSA_VALUE(k) \
&((k)->key_type_u.dsa_pri_key.value)
/*
* Diffie-Hellman Private Key Object Attributes
*/
#define KEY_PRI_DH(k) \
&((k)->key_type_u.dh_pri_key)
#define OBJ_PRI_DH_PRIME(o) \
&((o)->object_class_u.private_key->key_type_u.dh_pri_key.prime)
#define KEY_PRI_DH_PRIME(k) \
&((k)->key_type_u.dh_pri_key.prime)
#define OBJ_PRI_DH_BASE(o) \
&((o)->object_class_u.private_key->key_type_u.dh_pri_key.base)
#define KEY_PRI_DH_BASE(k) \
&((k)->key_type_u.dh_pri_key.base)
#define OBJ_PRI_DH_VALUE(o) \
&((o)->object_class_u.private_key->key_type_u.dh_pri_key.value)
#define KEY_PRI_DH_VALUE(k) \
&((k)->key_type_u.dh_pri_key.value)
#define OBJ_PRI_DH_VAL_BITS(o) \
((o)->object_class_u.private_key->key_type_u.dh_pri_key.value_bits)
#define KEY_PRI_DH_VAL_BITS(k) \
((k)->key_type_u.dh_pri_key.value_bits)
/*
* X9.42 Diffie-Hellman Private Key Object Attributes
*/
#define KEY_PRI_DH942(k) \
&((k)->key_type_u.dh942_pri_key)
#define OBJ_PRI_DH942_PRIME(o) \
&((o)->object_class_u.private_key->key_type_u.dh942_pri_key.prime)
#define KEY_PRI_DH942_PRIME(k) \
&((k)->key_type_u.dh942_pri_key.prime)
#define OBJ_PRI_DH942_BASE(o) \
&((o)->object_class_u.private_key->key_type_u.dh942_pri_key.base)
#define KEY_PRI_DH942_BASE(k) \
&((k)->key_type_u.dh942_pri_key.base)
#define OBJ_PRI_DH942_SUBPRIME(o) \
&((o)->object_class_u.private_key->key_type_u.dh942_pri_key.subprime)
#define KEY_PRI_DH942_SUBPRIME(k) \
&((k)->key_type_u.dh942_pri_key.subprime)
#define OBJ_PRI_DH942_VALUE(o) \
&((o)->object_class_u.private_key->key_type_u.dh942_pri_key.value)
#define KEY_PRI_DH942_VALUE(k) \
&((k)->key_type_u.dh942_pri_key.value)
/*
* Elliptic Curve Private Key Object Attributes
*/
#define KEY_PRI_EC(k) \
&((k)->key_type_u.ec_pri_key)
#define OBJ_PRI_EC_VALUE(o) \
&((o)->object_class_u.private_key->key_type_u.ec_pri_key.value)
#define KEY_PRI_EC_VALUE(k) \
&((k)->key_type_u.ec_pri_key.value)
/*
* DSA Domain Parameters Object Attributes
*/
#define OBJ_DOM(o) \
((o)->object_class_u.domain)
#define KEY_DOM_DSA(k) \
&((k)->key_type_u.dsa_dom_key)
#define OBJ_DOM_DSA_PRIME(o) \
&((o)->object_class_u.domain->key_type_u.dsa_dom_key.prime)
#define KEY_DOM_DSA_PRIME(k) \
&((k)->key_type_u.dsa_dom_key.prime)
#define OBJ_DOM_DSA_SUBPRIME(o) \
&((o)->object_class_u.domain->key_type_u.dsa_dom_key.subprime)
#define KEY_DOM_DSA_SUBPRIME(k) \
&((k)->key_type_u.dsa_dom_key.subprime)
#define OBJ_DOM_DSA_BASE(o) \
&((o)->object_class_u.domain->key_type_u.dsa_dom_key.base)
#define KEY_DOM_DSA_BASE(k) \
&((k)->key_type_u.dsa_dom_key.base)
#define OBJ_DOM_DSA_PRIME_BITS(o) \
((o)->object_class_u.domain->key_type_u.dsa_dom_key.prime_bits)
/*
* Diffie-Hellman Domain Parameters Object Attributes
*/
#define KEY_DOM_DH(k) \
&((k)->key_type_u.dh_dom_key)
#define OBJ_DOM_DH_PRIME(o) \
&((o)->object_class_u.domain->key_type_u.dh_dom_key.prime)
#define KEY_DOM_DH_PRIME(k) \
&((k)->key_type_u.dh_dom_key.prime)
#define OBJ_DOM_DH_BASE(o) \
&((o)->object_class_u.domain->key_type_u.dh_dom_key.base)
#define KEY_DOM_DH_BASE(k) \
&((k)->key_type_u.dh_dom_key.base)
#define OBJ_DOM_DH_PRIME_BITS(o) \
((o)->object_class_u.domain->key_type_u.dh_dom_key.prime_bits)
/*
* X9.42 Diffie-Hellman Domain Parameters Object Attributes
*/
#define KEY_DOM_DH942(k) \
&((k)->key_type_u.dh942_dom_key)
#define OBJ_DOM_DH942_PRIME(o) \
&((o)->object_class_u.domain->key_type_u.dh942_dom_key.prime)
#define KEY_DOM_DH942_PRIME(k) \
&((k)->key_type_u.dh942_dom_key.prime)
#define OBJ_DOM_DH942_BASE(o) \
&((o)->object_class_u.domain->key_type_u.dh942_dom_key.base)
#define KEY_DOM_DH942_BASE(k) \
&((k)->key_type_u.dh942_dom_key.base)
#define OBJ_DOM_DH942_SUBPRIME(o) \
&((o)->object_class_u.domain->key_type_u.dh942_dom_key.subprime)
#define KEY_DOM_DH942_SUBPRIME(k) \
&((k)->key_type_u.dh942_dom_key.subprime)
#define OBJ_DOM_DH942_PRIME_BITS(o) \
((o)->object_class_u.domain->key_type_u.dh942_dom_key.prime_bits)
#define OBJ_DOM_DH942_SUBPRIME_BITS(o) \
((o)->object_class_u.domain->key_type_u.dh942_dom_key.subprime_bits)
/*
* Secret Key Object Attributes
*/
#define OBJ_SEC(o) \
((o)->object_class_u.secret_key)
#define OBJ_SEC_VALUE(o) \
((o)->object_class_u.secret_key->sk_value)
#define OBJ_SEC_VALUE_LEN(o) \
((o)->object_class_u.secret_key->sk_value_len)
#define OBJ_KEY_SCHED(o) \
((o)->object_class_u.secret_key->key_sched)
#define OBJ_KEY_SCHED_LEN(o) \
((o)->object_class_u.secret_key->keysched_len)
#define OBJ_CERT(o) \
((o)->object_class_u.certificate)
/*
* X.509 Key Certificate object attributes
*/
#define X509_CERT(o) \
((o)->object_class_u.certificate->cert_type_u.x509)
#define X509_CERT_SUBJECT(o) \
((o)->object_class_u.certificate->cert_type_u.x509.subject)
#define X509_CERT_VALUE(o) \
((o)->object_class_u.certificate->cert_type_u.x509.value)
/*
* X.509 Attribute Certificate object attributes
*/
#define X509_ATTR_CERT(o) \
((o)->object_class_u.certificate->cert_type_u.x509_attr)
#define X509_ATTR_CERT_OWNER(o) \
((o)->object_class_u.certificate->cert_type_u.x509_attr.owner)
#define X509_ATTR_CERT_VALUE(o) \
((o)->object_class_u.certificate->cert_type_u.x509_attr.value)
/*
* key related attributes with CK_BBOOL data type
*/
#define DERIVE_BOOL_ON 0x00000001
#define LOCAL_BOOL_ON 0x00000002
#define SENSITIVE_BOOL_ON 0x00000004
#define SECONDARY_AUTH_BOOL_ON 0x00000008
#define ENCRYPT_BOOL_ON 0x00000010
#define DECRYPT_BOOL_ON 0x00000020
#define SIGN_BOOL_ON 0x00000040
#define SIGN_RECOVER_BOOL_ON 0x00000080
#define VERIFY_BOOL_ON 0x00000100
#define VERIFY_RECOVER_BOOL_ON 0x00000200
#define WRAP_BOOL_ON 0x00000400
#define UNWRAP_BOOL_ON 0x00000800
#define TRUSTED_BOOL_ON 0x00001000
#define EXTRACTABLE_BOOL_ON 0x00002000
#define ALWAYS_SENSITIVE_BOOL_ON 0x00004000
#define NEVER_EXTRACTABLE_BOOL_ON 0x00008000
#define NOT_MODIFIABLE_BOOL_ON 0x00010000
#define PUBLIC_KEY_DEFAULT (ENCRYPT_BOOL_ON|\
WRAP_BOOL_ON|\
VERIFY_BOOL_ON|\
VERIFY_RECOVER_BOOL_ON)
#define PRIVATE_KEY_DEFAULT (DECRYPT_BOOL_ON|\
UNWRAP_BOOL_ON|\
SIGN_BOOL_ON|\
SIGN_RECOVER_BOOL_ON|\
EXTRACTABLE_BOOL_ON)
#define SECRET_KEY_DEFAULT (ENCRYPT_BOOL_ON|\
DECRYPT_BOOL_ON|\
WRAP_BOOL_ON|\
UNWRAP_BOOL_ON|\
SIGN_BOOL_ON|\
VERIFY_BOOL_ON|\
EXTRACTABLE_BOOL_ON)
/*
* MAX_KEY_ATTR_BUFLEN
* The maximum buffer size needed for public or private key attributes
* should be 514 bytes. Just to be safe we give a little more space.
*/
#define MAX_KEY_ATTR_BUFLEN 1024
/*
* Flag definitions for obj_delete_sync
*/
#define OBJECT_IS_DELETING 1 /* Object is in a deleting state */
#define OBJECT_REFCNT_WAITING 2 /* Waiting for object reference */
/* count to become zero */
/*
* This macro is used to type cast an object handle to a pointer to
* the object struct. Also, it checks to see if the object struct
* is tagged with an object magic number. This is to detect when an
* application passes a bogus object pointer.
* Also, it checks to see if the object is in the deleting state that
* another thread is performing. If not, increment the object reference
* count by one. This is to prevent this object from being deleted by
* other thread.
*/
#define HANDLE2OBJECT_COMMON(hObject, object_p, rv, REFCNT_CODE) { \
object_p = (soft_object_t *)(hObject); \
if ((object_p == NULL) || \
(object_p->magic_marker != SOFTTOKEN_OBJECT_MAGIC)) {\
rv = CKR_OBJECT_HANDLE_INVALID; \
} else { \
(void) pthread_mutex_lock(&object_p->object_mutex); \
if (!(object_p->obj_delete_sync & OBJECT_IS_DELETING)) { \
REFCNT_CODE; \
rv = CKR_OK; \
} else { \
rv = CKR_OBJECT_HANDLE_INVALID; \
} \
(void) pthread_mutex_unlock(&object_p->object_mutex); \
} \
}
#define HANDLE2OBJECT(hObject, object_p, rv) \
HANDLE2OBJECT_COMMON(hObject, object_p, rv, object_p->obj_refcnt++)
#define HANDLE2OBJECT_DESTROY(hObject, object_p, rv) \
HANDLE2OBJECT_COMMON(hObject, object_p, rv, /* no refcnt increment */)
#define OBJ_REFRELE(object_p) { \
(void) pthread_mutex_lock(&object_p->object_mutex); \
if ((--object_p->obj_refcnt) == 0 && \
(object_p->obj_delete_sync & OBJECT_REFCNT_WAITING)) { \
(void) pthread_cond_signal(&object_p->obj_free_cond); \
} \
(void) pthread_mutex_unlock(&object_p->object_mutex); \
}
/*
* Function Prototypes.
*/
void soft_cleanup_object(soft_object_t *objp);
CK_RV soft_add_object(CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
CK_ULONG *objecthandle_p, soft_session_t *sp);
void soft_delete_object(soft_session_t *sp, soft_object_t *objp,
boolean_t force, boolean_t lock_held);
void soft_cleanup_extra_attr(soft_object_t *object_p);
CK_RV soft_copy_extra_attr(CK_ATTRIBUTE_INFO_PTR old_attrp,
soft_object_t *object_p);
void soft_cleanup_object_bigint_attrs(soft_object_t *object_p);
CK_RV soft_build_object(CK_ATTRIBUTE_PTR template,
CK_ULONG ulAttrNum, soft_object_t *new_object);
CK_RV soft_build_secret_key_object(CK_ATTRIBUTE_PTR template,
CK_ULONG ulAttrNum, soft_object_t *new_object, CK_ULONG mode,
CK_ULONG key_len, CK_KEY_TYPE key_type);
CK_RV soft_copy_object(soft_object_t *old_object, soft_object_t **new_object,
CK_ULONG object_func, soft_session_t *sp);
void soft_merge_object(soft_object_t *old_object, soft_object_t *new_object);
CK_RV soft_get_attribute(soft_object_t *object_p, CK_ATTRIBUTE_PTR template);
CK_RV soft_set_attribute(soft_object_t *object_p, CK_ATTRIBUTE_PTR template,
boolean_t copy);
CK_RV soft_set_common_storage_attribute(soft_object_t *object_p,
CK_ATTRIBUTE_PTR template, boolean_t copy);
CK_RV soft_get_public_value(soft_object_t *, CK_ATTRIBUTE_TYPE, uchar_t *,
uint32_t *);
CK_RV soft_get_private_value(soft_object_t *, CK_ATTRIBUTE_TYPE, uchar_t *,
uint32_t *);
CK_RV get_ulong_attr_from_object(CK_ULONG value, CK_ATTRIBUTE_PTR template);
void copy_bigint_attr(biginteger_t *src, biginteger_t *dst);
void soft_add_object_to_session(soft_object_t *, soft_session_t *);
CK_RV soft_build_key(CK_ATTRIBUTE_PTR, CK_ULONG, soft_object_t *,
CK_OBJECT_CLASS, CK_KEY_TYPE, CK_ULONG, CK_ULONG);
CK_RV soft_copy_public_key_attr(public_key_obj_t *old_pub_key_obj_p,
public_key_obj_t **new_pub_key_obj_p, CK_KEY_TYPE key_type);
CK_RV soft_copy_private_key_attr(private_key_obj_t *old_pri_key_obj_p,
private_key_obj_t **new_pri_key_obj_p, CK_KEY_TYPE key_type);
CK_RV soft_copy_secret_key_attr(secret_key_obj_t *old_secret_key_obj_p,
secret_key_obj_t **new_secret_key_obj_p);
CK_RV soft_copy_domain_attr(domain_obj_t *old_domain_obj_p,
domain_obj_t **new_domain_obj_p, CK_KEY_TYPE key_type);
CK_RV soft_validate_attr(CK_ATTRIBUTE_PTR template, CK_ULONG ulAttrNum,
CK_OBJECT_CLASS *class);
CK_RV soft_find_objects_init(soft_session_t *sp, CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount);
void soft_find_objects_final(soft_session_t *sp);
void soft_find_objects(soft_session_t *sp, CK_OBJECT_HANDLE *obj_found,
CK_ULONG max_obj_requested, CK_ULONG *found_obj_count);
void soft_process_find_attr(CK_OBJECT_CLASS *pclasses,
CK_ULONG *num_result_pclasses, CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount);
boolean_t soft_find_match_attrs(soft_object_t *obj, CK_OBJECT_CLASS *pclasses,
CK_ULONG num_pclasses, CK_ATTRIBUTE *tmpl_attr, CK_ULONG num_attr);
CK_ATTRIBUTE_PTR get_extra_attr(CK_ATTRIBUTE_TYPE type, soft_object_t *obj);
CK_RV get_string_from_template(CK_ATTRIBUTE_PTR dest, CK_ATTRIBUTE_PTR src);
void string_attr_cleanup(CK_ATTRIBUTE_PTR template);
void soft_cleanup_cert_object(soft_object_t *object_p);
CK_RV soft_get_certificate_attribute(soft_object_t *object_p,
CK_ATTRIBUTE_PTR template);
CK_RV soft_set_certificate_attribute(soft_object_t *object_p,
CK_ATTRIBUTE_PTR template, boolean_t copy);
CK_RV soft_copy_certificate(certificate_obj_t *old, certificate_obj_t **new,
CK_CERTIFICATE_TYPE type);
CK_RV get_cert_attr_from_template(cert_attr_t **dest,
CK_ATTRIBUTE_PTR src);
/* Token object related function prototypes */
void soft_add_token_object_to_slot(soft_object_t *objp);
void soft_remove_token_object_from_slot(soft_object_t *objp,
boolean_t lock_held);
void soft_delete_token_object(soft_object_t *objp, boolean_t persistent,
boolean_t lock_held);
void soft_delete_all_in_core_token_objects(token_obj_type_t type);
void soft_validate_token_objects(boolean_t validate);
CK_RV soft_object_write_access_check(soft_session_t *sp, soft_object_t *objp);
CK_RV soft_pin_expired_check(soft_object_t *objp);
CK_RV soft_copy_to_old_object(soft_object_t *new, soft_object_t *old);
CK_RV soft_keystore_load_latest_object(soft_object_t *old_obj);
CK_RV refresh_token_objects();
void bigint_attr_cleanup(biginteger_t *big);
CK_RV soft_add_extra_attr(CK_ATTRIBUTE_PTR template, soft_object_t *object_p);
CK_RV get_bigint_attr_from_template(biginteger_t *big,
CK_ATTRIBUTE_PTR template);
#ifdef __cplusplus
}
#endif
#endif /* _SOFTOBJECT_H */