1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #ifndef _METAGLOBAL_H 27 #define _METAGLOBAL_H 28 29 30 /* 31 * This file contains all the data structures used for the meta slot 32 */ 33 34 #ifdef __cplusplus 35 extern "C" { 36 #endif 37 38 #include <assert.h> 39 #include <pthread.h> 40 #include <synch.h> 41 #include <unistd.h> 42 #include <security/cryptoki.h> 43 #include <stdio.h> 44 #include <cryptoutil.h> 45 #include <pkcs11Session.h> 46 #include <pkcs11Slot.h> 47 #include <sys/crypto/ioctl.h> 48 49 /* 50 * In "generic_attr_t", attributes that are not CK_BBOOL and 51 * CK_ULONG, the data will be stored in generic_data. 52 * Currently, 16 bytes will be pre-allocated for this. 53 * This is just a _WILD_ guess. If actual 54 * experience shows that 16 bytes is too small for most of the 55 * data that will be stored here, and cause this 56 * memory to be reallocated all the time, this should be increased. 57 */ 58 #define INITIAL_ATTR_LEN 16 59 60 /* We provide one slot, with the following arbitrary identifier. */ 61 #define METASLOT_SLOTID 42 62 63 /* Metaslot is always the first slot in the framdwork, with slotID=0 */ 64 #define METASLOT_FRAMEWORK_ID 0 65 66 /* 67 * These are the 2 acceptable string values for ${METASLOT_ENABLE} and 68 * ${METASLOT_AUTO_KEY_MIGRATE} environment variable 69 */ 70 #define TRUE_STRING "true" 71 #define FALSE_STRING "false" 72 73 /* Magic values for different data structures */ 74 #define METASLOT_SESSION_MAGIC 0xECF00004 75 #define METASLOT_SESSION_BADMAGIC 0xBAD00004 76 #define METASLOT_OBJECT_MAGIC 0xECF0B004 77 #define METASLOT_OBJECT_BADMAGIC 0xBAD0B004 78 #define METASLOT_OPSTATE_MAGIC 0xECF09004 79 #define METASLOT_OPSTATE_BADMAGIC 0xBAD09004 80 81 #define IS_READ_ONLY_SESSION(session_flag) \ 82 (!(session_flag & CKF_RW_SESSION)) 83 84 /* 85 * Operation modes passed to meta_do_operation() 86 * MODE_UPDATE_WITHKEY is only used for C_DigestKey. 87 */ 88 #define MODE_SINGLE 0x0100 89 #define MODE_UPDATE 0x0200 90 #define MODE_UPDATE_WITHKEY 0x0400 91 #define MODE_FINAL 0x1000 92 93 94 /* CK_INFO: Information about cryptoki */ 95 #define METASLOT_CRYPTOKI_VERSION_MAJOR 2 96 #define METASLOT_CRYPTOKI_VERSION_MINOR 11 97 #define METASLOT_MANUFACTURER_ID "Sun Microsystems, Inc. " 98 #define METASLOT_LIBRARY_DESCRIPTION "Sun Metaslot " 99 #define METASLOT_LIBRARY_VERSION_MAJOR 1 100 #define METASLOT_LIBRARY_VERSION_MINOR 1 101 102 /* CK_SLOT_INFO */ 103 #define METASLOT_SLOT_DESCRIPTION "Sun Metaslot " \ 104 " " 105 #define METASLOT_HARDWARE_VERSION_MAJOR 0 106 #define METASLOT_HARDWARE_VERSION_MINOR 0 107 #define METASLOT_FIRMWARE_VERSION_MAJOR 0 108 #define METASLOT_FIRMWARE_VERSION_MINOR 0 109 110 /* CK_TOKEN_INFO: More information about token */ 111 #define METASLOT_TOKEN_LABEL "Sun Metaslot " 112 #define METASLOT_TOKEN_MODEL "1.0 " 113 #define RANDOM_DEVICE "/dev/urandom" 114 115 /* 116 * Maximum number of objects and sessions to queue up before actually 117 * freeing them using the free() system. This is necessary to workaround 118 * a problem in which applications re-uses handles that are no longer valid 119 */ 120 #define MAX_OBJ_TO_BE_FREED 300 121 #define MAX_SESSION_TO_BE_FREED 300 122 123 /* 124 * The following 2 functions deals with inserting and deleting 125 * from double linked lists. It can work with any data structure 126 * that have "prev" and "next" defined. 127 */ 128 129 /* This always inserts into the head of the list */ 130 #define INSERT_INTO_LIST(list, item) \ 131 { \ 132 if ((list) == NULL) { \ 133 (item)->prev = NULL; \ 134 (item)->next = NULL; \ 135 (list) = (item); \ 136 } else { \ 137 (item)->next = (list); \ 138 (item)->prev = NULL; \ 139 (list)->prev = (item); \ 140 (list) = (item); \ 141 } \ 142 } 143 144 145 /* 146 * Remove item from list 147 */ 148 #define REMOVE_FROM_LIST(list, item) \ 149 { \ 150 /* item is at the beginning of the list */ \ 151 if ((list) == item) { \ 152 if ((item)->next == NULL) { \ 153 (list) = NULL; \ 154 } else { \ 155 (item)->next->prev = NULL; \ 156 (list) = (item)->next; \ 157 } \ 158 } else { \ 159 /* \ 160 * let the items which are initialized and not \ 161 * connected to the list trip over the asserts \ 162 */ \ 163 if ((item)->next) { \ 164 (item)->next->prev = item->prev; \ 165 assert((item)->prev != NULL); \ 166 (item)->prev->next = (item)->next; \ 167 } else { \ 168 assert((item)->prev != NULL); \ 169 (item)->prev->next = NULL; \ 170 } \ 171 } \ 172 } 173 174 /* 175 * OBJRELEASE 176 * 177 * Signal that a metaobject is no longer in use (but is still valid). 178 */ 179 #define OBJRELEASE(object) \ 180 if (object != NULL) { \ 181 (void) pthread_rwlock_unlock(&object->object_lock); \ 182 } 183 184 /* 185 * REFRELEASE 186 * 187 * Signal that a metasession is no longer in use (but is still valid). 188 * 189 */ 190 #define REFRELEASE(session) \ 191 if (session != NULL) { \ 192 (void) pthread_rwlock_unlock(&session->session_lock); \ 193 } 194 195 /* FreeObject/FreeToken Enumeration */ 196 typedef enum { 197 FREE_UNCHECKED = 0, /* Has not been checked */ 198 FREE_DISABLED = 1, /* No supported provider or key type */ 199 FREE_ALLOWED_KEY = 2, /* Supported key type */ 200 FREE_ENABLED = 3 /* FreeObject/Token enabled */ 201 } freeobject_state_t; 202 203 204 /* Generic attribute type, for storing and managing PKCS#11 attributes. */ 205 typedef struct _attr { 206 CK_ATTRIBUTE attribute; 207 208 boolean_t isMalloced; 209 210 /* attr is necessary for creating a clone of the object */ 211 boolean_t isCloneAttr; 212 213 /* 214 * depends on the PKCS#11 implementation, this attr might or might 215 * not have a value. It's OK for it to not have a value 216 * (ie: the default value is empty) 217 */ 218 boolean_t canBeEmptyValue; 219 220 boolean_t hasValueForClone; 221 222 CK_BBOOL generic_bbool; 223 CK_ULONG generic_ulong; 224 CK_BYTE generic_data[INITIAL_ATTR_LEN]; 225 } generic_attr_t; 226 227 /* 228 * These need to be defined here before the actual structures are defined 229 * because they are used in some of the structure definitions. 230 */ 231 typedef struct slotobject slot_object_t; 232 typedef struct metasession meta_session_t; 233 typedef struct metaobject meta_object_t; 234 typedef struct metaopstate meta_opstate_t; 235 236 /* 237 * slot_session_t 238 * 239 * Wrapper for a session on a provider. This structure is only used internally 240 * in metaslot; it is never revealed to applications. 241 */ 242 typedef struct slotsession { 243 CK_ULONG slotnum; 244 CK_SLOT_ID fw_st_id; /* used for accessing framework's slottable */ 245 CK_SESSION_HANDLE hSession; 246 247 boolean_t is_dualop_capable; 248 CK_FLAGS session_flags; /* what type of session */ 249 250 struct slotsession *next; 251 struct slotsession *prev; 252 253 pthread_rwlock_t object_list_lock; 254 slot_object_t *object_list_head; 255 } slot_session_t; 256 257 258 /* 259 * slot_object_t 260 * 261 * Wrapper for an object on a provider. This structure is only used internally 262 * in metaslot; it is never revealed to applications. 263 */ 264 struct slotobject { 265 CK_OBJECT_HANDLE hObject; 266 267 struct slotobject *next; 268 struct slotobject *prev; 269 270 slot_session_t *creator_session; 271 272 boolean_t isToken; 273 }; 274 275 276 /* 277 * mechinfo_t 278 * 279 * A mechinfo_t is created for each mechanism on a slot. 280 * 281 * This information is used for selecting which slots support the given 282 * mechanism for a crypto operation. 283 * 284 */ 285 typedef struct mechinfo { 286 CK_ULONG slotnum; 287 288 boolean_t initialized; 289 boolean_t supported; 290 CK_MECHANISM_INFO mechanism_info; 291 } mechinfo_t; 292 293 294 /* 295 * operation_info_t 296 * 297 * Part of a meta_session_t, used to track active operations. 298 */ 299 typedef struct opinfo { 300 CK_FLAGS type; 301 slot_session_t *session; 302 mechinfo_t *stats; 303 } operation_info_t; 304 305 typedef struct find_objs_info { 306 boolean_t op_active; /* Indicate whether FindObjects is active */ 307 meta_object_t **matched_objs; 308 int num_matched_objs; 309 int next_result_index; /* index of next object to be returned */ 310 } find_objs_info_t; 311 312 typedef struct mech_support_info { 313 CK_MECHANISM_TYPE mech; 314 /* Array of mechinfo_t allocated based on number of slots */ 315 mechinfo_t **supporting_slots; 316 unsigned long num_supporting_slots; 317 } mech_support_info_t; 318 319 typedef struct crypto_init { 320 CK_FLAGS optype; /* place holder for init parameters */ 321 struct metasession *session; /* place holder for init parameters */ 322 CK_MECHANISM *pMech; /* place holder for init parameters */ 323 struct metaobject *key; /* place holder for init parameters */ 324 CK_ULONG slotnum; /* slot where the init operation took place */ 325 boolean_t done; /* set when the real init is done */ 326 boolean_t app; /* set when C_xxxInit is called by app */ 327 } crypto_init_t; 328 329 /* 330 * meta_session_t 331 * 332 * The internal state for a meta-session is kept here. The session handles 333 * given to applications are always pointers to a structure of this type. 334 * 335 */ 336 struct metasession { 337 ulong_t magic_marker; 338 pthread_rwlock_t session_lock; 339 340 pthread_mutex_t isClosingSession_lock; 341 boolean_t isClosingSession; 342 343 struct metasession *next; 344 struct metasession *prev; 345 346 CK_FLAGS session_flags; 347 348 /* 349 * Could have just declared this as "op", but declaring it as 350 * op1 so that "op2" can be easily added when dual-op support 351 * is implemented in the future 352 */ 353 operation_info_t op1; 354 355 /* 356 * This is for keeping track of which slots support a particular 357 * mechanism. This information doesn't 358 * have to be kept on a per session bases, but having the 359 * memory pre-allocated per session would make things much simpiler, 360 * because memory doesn't need to be allocated/deallocated everytime 361 * we do an operation. 362 */ 363 mech_support_info_t mech_support_info; 364 365 366 /* Session objects created by this session. */ 367 pthread_rwlock_t object_list_lock; 368 meta_object_t *object_list_head; 369 370 /* C_FindObjects support. */ 371 find_objs_info_t find_objs_info; 372 373 /* deferred init to be used by digest, encrypt, decrypt */ 374 crypto_init_t init; 375 }; 376 377 378 /* 379 * meta_object_t 380 * 381 * The internal state for a meta-object is kept here. The object handles 382 * given to applications are always pointers to a structure of this type. 383 */ 384 struct metaobject { 385 ulong_t magic_marker; 386 pthread_rwlock_t object_lock; 387 388 pthread_mutex_t isClosingObject_lock; 389 boolean_t isClosingObject; 390 391 struct metaobject *next; 392 struct metaobject *prev; 393 394 meta_session_t *creator_session; /* Only set for session objects */ 395 396 boolean_t isToken; /* alias for CKA_TOKEN */ 397 boolean_t isPrivate; /* alias for CKA_PRIVATE */ 398 boolean_t isSensitive; /* alias for CKA_SENSITIVE */ 399 boolean_t isExtractable; /* alias for CKA_EXTRACTABLE */ 400 401 freeobject_state_t isFreeToken; 402 freeobject_state_t isFreeObject; 403 404 CK_ULONG master_clone_slotnum; /* set when object is created */ 405 slot_object_t **clones; 406 /* indicate if tried to create clone object in a slot */ 407 boolean_t *tried_create_clone; 408 409 pthread_rwlock_t attribute_lock; 410 size_t num_attributes; 411 generic_attr_t *attributes; 412 413 pthread_mutex_t clone_create_lock; 414 size_t clone_template_size; /* 0 if not yet known. */ 415 CK_ATTRIBUTE *clone_template; /* NULL if not yet known. */ 416 }; 417 418 419 /* 420 * struct metaopstate 421 * 422 * Used as the format for the operation state returned via 423 * C_GetOperationState. 424 */ 425 typedef struct opstate_data { 426 CK_FLAGS op_type; 427 CK_ULONG op_slotnum; 428 CK_ULONG op_state_len; 429 boolean_t op_init_app; 430 boolean_t op_init_done; 431 } opstate_data_t; 432 433 struct metaopstate { 434 ulong_t magic_marker; 435 /* 436 * Could have just declared this as "state", but declaring it like this 437 * so that when dual-op support is implemented in the future, the 438 * changes will be simplier. 439 */ 440 struct opstate_data state[1]; 441 }; 442 443 444 /* 445 * session_pool_t 446 * 447 * Used to cache open sessions in a slot. 448 */ 449 typedef struct sessionpool { 450 pthread_mutex_t list_lock; 451 452 /* list of sessions that's currently in use */ 453 slot_session_t *active_list_head; 454 455 /* 456 * list of sessions that are not in use, but can't be deleted because 457 * either session/token objects are created using these sessions 458 * or we need to have one session left with the provider to maintain 459 * the logged in state. Any of these sessions could be re-used if 460 * a session is needed to be established with a provider. 461 */ 462 slot_session_t *persist_list_head; 463 464 /* 465 * List of sessions that are not in use at the moment. We keep 466 * a list of sessions with a particular provider instead of 467 * creating a new session everytime for efficiency 468 */ 469 slot_session_t *idle_list_head; 470 boolean_t keep_one_alive; 471 int num_idle_sessions; /* number of sessions in "idle_list_head" */ 472 } session_pool_t; 473 474 475 /* 476 * slot_data_t 477 * 478 * Each slot has a session pool, a collection of persistant sessions to 479 * allow for more efficient operation. Specifically, to allow reuse of 480 * previously session objects (which need the creating session to stick 481 * around), as well as being frugal with creating/closing sessions. 482 */ 483 typedef struct slotdata { 484 CK_SLOT_ID fw_st_id; /* framework slot table ID */ 485 486 session_pool_t session_pool; 487 488 pthread_rwlock_t tokenobject_list_lock; 489 slot_object_t *tokenobject_list_head; 490 } slot_data_t; 491 492 493 typedef enum { 494 ALL_TOKEN = 0, 495 PUBLIC_TOKEN = 1, 496 PRIVATE_TOKEN = 2 497 } token_obj_type_t; 498 499 /* 500 * metaslot_config_t 501 * 502 * This holds the configuration information for meta slot. 503 * It will first be filled with values that users defined 504 * in environment variables. Any value not defined by the user 505 * will be filled with values from the system wide configuration file. 506 */ 507 typedef struct _metaslot_config { 508 /* token to be used as the keystore for metaslot */ 509 boolean_t keystore_token_specified; 510 CK_UTF8CHAR keystore_token[TOKEN_LABEL_SIZE + 1]; 511 512 /* slot to be used as the keystore for metaslot */ 513 boolean_t keystore_slot_specified; 514 CK_UTF8CHAR keystore_slot[SLOT_DESCRIPTION_SIZE + 1]; 515 516 /* should meta slot be enabled or not */ 517 boolean_t enabled_specified; 518 boolean_t enabled; 519 520 /* should auto migration of sensitive token objects be enabled or not */ 521 boolean_t auto_key_migrate_specified; 522 boolean_t auto_key_migrate; 523 } metaslot_config_t; 524 525 /* 526 * The following 2 structures are used to link the to-be-freed 527 * meta sessions and meta objects into linked lists. 528 * The items on these linked list have not yet been freed via free(); instead 529 * they are added to this list. The actual free will take place when 530 * the number of objects queued reaches MAX_OBJ_TO_BE_FREED or 531 * MAX_SESSION_TO_BE_FREED, at which time the first object in the 532 * list will be freed. 533 */ 534 typedef struct obj_to_be_freed_list { 535 meta_object_t *first; /* points to first obj in the list */ 536 meta_object_t *last; /* points to last obj in the list */ 537 uint32_t count; /* current total objs in the list */ 538 pthread_mutex_t obj_to_be_free_mutex; 539 } object_to_be_freed_list_t; 540 541 typedef struct ses_to_be_freed_list { 542 meta_session_t *first; /* points to first session in the list */ 543 meta_session_t *last; /* points to last session in the list */ 544 uint32_t count; /* current total session in the list */ 545 pthread_mutex_t ses_to_be_free_mutex; 546 } ses_to_be_freed_list_t; 547 548 typedef struct cipher_mechs_threshold { 549 int mech_type; 550 uint32_t mech_threshold; 551 } cipher_mechs_threshold_t; 552 553 /* Global variables */ 554 extern metaslot_config_t metaslot_config; 555 extern boolean_t metaslot_enabled; 556 extern CK_SLOT_ID metaslot_keystore_slotid; 557 extern boolean_t metaslot_auto_key_migrate; 558 extern struct CK_FUNCTION_LIST metaslot_functionList; 559 extern int meta_urandom_seed_fd; 560 extern pthread_mutex_t initmutex; 561 562 extern ses_to_be_freed_list_t ses_delay_freed; 563 extern object_to_be_freed_list_t obj_delay_freed; 564 extern void (*Tmp_GetThreshold)(void *); 565 566 extern CK_BBOOL falsevalue; 567 extern CK_BBOOL truevalue; 568 569 /* --- Prototypes --- */ 570 571 CK_RV meta_slotManager_initialize(); 572 void meta_slotManager_finalize(); 573 void meta_slotManager_find_object_token(); 574 CK_RV meta_get_slot_session(CK_ULONG slotnum, slot_session_t **session, 575 CK_FLAGS flags); 576 void meta_release_slot_session(slot_session_t *session); 577 578 CK_RV meta_mechManager_initialize(); 579 void meta_mechManager_finalize(); 580 CK_RV meta_mechManager_get_mechs(CK_MECHANISM_TYPE *list, CK_ULONG *listsize); 581 CK_RV meta_mechManager_get_slots(mech_support_info_t *mech_support_info, 582 boolean_t force_update, CK_MECHANISM_INFO *mech_info); 583 CK_RV meta_mechManager_slot_supports_mech(CK_MECHANISM_TYPE mechanism, 584 CK_ULONG slotnum, boolean_t *supports, mechinfo_t **slot_info, 585 boolean_t force_update, CK_MECHANISM_INFO *mech_info); 586 587 CK_RV meta_operation_init(CK_FLAGS optype, meta_session_t *session, 588 CK_MECHANISM *pMechanism, meta_object_t *key); 589 CK_RV meta_operation_init_defer(CK_FLAGS optype, meta_session_t *session, 590 CK_MECHANISM *pMechanism, meta_object_t *key); 591 CK_RV meta_do_operation(CK_FLAGS optype, int mode, 592 meta_session_t *session, meta_object_t *object, 593 CK_BYTE *in, CK_ULONG inLen, CK_BYTE *out, CK_ULONG *outLen); 594 595 void meta_operation_cleanup(meta_session_t *session, CK_FLAGS optype, 596 boolean_t finished_normally); 597 598 CK_RV meta_generate_keys(meta_session_t *session, CK_MECHANISM *pMechanism, 599 CK_ATTRIBUTE *k1Template, CK_ULONG k1AttrCount, meta_object_t *key1, 600 CK_ATTRIBUTE *k2Template, CK_ULONG k2AttrCount, meta_object_t *key2); 601 602 CK_RV meta_wrap_key(meta_session_t *session, 603 CK_MECHANISM *pMechanism, meta_object_t *wrappingkey, 604 meta_object_t *inputkey, 605 CK_BYTE *wrapped_key, CK_ULONG *wrapped_key_len); 606 607 CK_RV meta_unwrap_key(meta_session_t *session, 608 CK_MECHANISM *pMechanism, meta_object_t *unwrapping_key, 609 CK_BYTE *wrapped_key, CK_ULONG wrapped_key_len, 610 CK_ATTRIBUTE *template, CK_ULONG template_size, 611 meta_object_t *unwrapped_key); 612 613 CK_RV meta_derive_key(meta_session_t *session, CK_MECHANISM *pMech, 614 meta_object_t *basekey1, meta_object_t *basekey2, 615 CK_OBJECT_HANDLE *phBaseKey2, 616 CK_ATTRIBUTE *pTemplate, CK_ULONG ulAttributeCount, 617 meta_object_t *newKey1, meta_object_t *newKey2, 618 meta_object_t *newKey3, meta_object_t *newKey4); 619 620 void get_user_metaslot_config(); 621 622 CK_RV meta_sessionManager_initialize(); 623 void meta_sessionManager_finalize(); 624 CK_RV meta_handle2session(CK_SESSION_HANDLE hSession, 625 meta_session_t **session_p); 626 CK_RV meta_session_alloc(meta_session_t **newSession); 627 CK_RV meta_session_activate(meta_session_t *session); 628 CK_RV meta_session_deactivate(meta_session_t *session, 629 boolean_t have_sessionlist_lock); 630 void meta_session_dealloc(meta_session_t *session); 631 void meta_session_delay_free(meta_session_t *sp); 632 633 CK_RV meta_objectManager_initialize(); 634 void meta_objectManager_finalize(); 635 CK_RV meta_handle2object(CK_OBJECT_HANDLE hObject, meta_object_t **object); 636 CK_RV meta_object_alloc(meta_session_t *session, meta_object_t **object); 637 CK_RV meta_object_get_attr(slot_session_t *slot_session, 638 CK_OBJECT_HANDLE hObject, meta_object_t *object); 639 void meta_object_activate(meta_object_t *object); 640 CK_RV meta_object_deactivate(meta_object_t *object, boolean_t have_list_lock, 641 boolean_t have_object_lock); 642 CK_RV meta_object_dealloc(meta_session_t *session, meta_object_t *object, 643 boolean_t nukeSourceObj); 644 CK_RV meta_slot_object_alloc(slot_object_t **object); 645 void meta_slot_object_activate(slot_object_t *object, slot_session_t *session, 646 boolean_t isToken); 647 void meta_slot_object_deactivate(slot_object_t *object); 648 void meta_slot_object_dealloc(slot_object_t *object); 649 CK_RV meta_object_copyin(meta_object_t *object); 650 CK_RV meta_object_get_clone(meta_object_t *object, 651 CK_ULONG slot_num, slot_session_t *slot_session, 652 slot_object_t **clone); 653 meta_object_t *meta_object_find_by_handle(CK_OBJECT_HANDLE hObject, 654 CK_ULONG slotnum, boolean_t token_only); 655 CK_RV meta_token_object_deactivate(token_obj_type_t token_type); 656 void meta_object_delay_free(meta_object_t *objp); 657 boolean_t meta_freeobject_set(meta_object_t *object, CK_ATTRIBUTE *tmpl, 658 CK_ULONG tmpl_len, boolean_t create); 659 CK_RV meta_freetoken_set(CK_ULONG slot_num, CK_BBOOL *current_value, 660 CK_ATTRIBUTE *tmpl, CK_ULONG tmpl_len); 661 boolean_t meta_freeobject_check(meta_session_t *session, meta_object_t *obj, 662 CK_MECHANISM *pMech, CK_ATTRIBUTE *tmpl, CK_ULONG tmpl_len, 663 CK_KEY_TYPE keytype); 664 boolean_t meta_freeobject_clone(meta_session_t *session, meta_object_t *object); 665 666 CK_RV get_master_attributes_by_object(slot_session_t *session, 667 slot_object_t *slot_object, generic_attr_t **attributes, 668 size_t *num_attributes); 669 CK_RV get_master_attributes_by_template( 670 CK_ATTRIBUTE *template, CK_ULONG template_size, 671 generic_attr_t **attributes, size_t *num_attributes); 672 CK_RV get_master_template_by_type(CK_OBJECT_CLASS class, CK_ULONG subtype, 673 generic_attr_t **attributes, size_t *num_attributes); 674 CK_RV get_master_attributes_by_type(CK_OBJECT_CLASS class, CK_ULONG subtype, 675 generic_attr_t **attributes, size_t *num_attributes); 676 CK_RV get_master_attributes_by_duplication( 677 generic_attr_t *src_attrs, size_t num_src_attrs, 678 generic_attr_t **dst_attrs, size_t *num_dst_attrs); 679 void dealloc_attributes(generic_attr_t *attributes, size_t num_attributes); 680 CK_RV attribute_set_value(CK_ATTRIBUTE *new_attr, 681 generic_attr_t *attributes, size_t num_attributes); 682 boolean_t get_template_ulong(CK_ATTRIBUTE_TYPE type, CK_ATTRIBUTE *attributes, 683 CK_ULONG num_attributes, CK_ULONG *result); 684 boolean_t get_template_boolean(CK_ATTRIBUTE_TYPE type, 685 CK_ATTRIBUTE *attributes, CK_ULONG num_attributes, boolean_t *result); 686 int set_template_boolean(CK_ATTRIBUTE_TYPE type, 687 CK_ATTRIBUTE *attributes, CK_ULONG num_attributes, boolean_t local, 688 CK_BBOOL *value); 689 CK_ULONG get_keystore_slotnum(void); 690 CK_ULONG get_softtoken_slotnum(void); 691 CK_SLOT_ID meta_slotManager_get_framework_table_id(CK_ULONG slotnum); 692 CK_ULONG meta_slotManager_get_slotcount(void); 693 boolean_t meta_slotManager_token_write_protected(void); 694 boolean_t metaslot_logged_in(); 695 void metaslot_set_logged_in_flag(boolean_t value); 696 697 /* 698 * Prototypes for the various meta_Foo implementations of C_Foo. 699 * 700 */ 701 CK_RV meta_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList); 702 CK_RV meta_Initialize(CK_VOID_PTR pInitArgs); 703 CK_RV meta_Finalize(CK_VOID_PTR pReserved); 704 CK_RV meta_GetInfo(CK_INFO_PTR pInfo); 705 CK_RV meta_GetSlotList(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, 706 CK_ULONG_PTR pulCount); 707 CK_RV meta_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo); 708 CK_RV meta_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo); 709 CK_RV meta_GetMechanismList(CK_SLOT_ID slotID, 710 CK_MECHANISM_TYPE_PTR pMechanismList, CK_ULONG_PTR pulCount); 711 CK_RV meta_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, 712 CK_MECHANISM_INFO_PTR pInfo); 713 CK_RV meta_InitToken(CK_SLOT_ID slotID, CK_UTF8CHAR_PTR pPin, 714 CK_ULONG ulPinLen, CK_UTF8CHAR_PTR pLabel); 715 CK_RV meta_InitPIN(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pPin, 716 CK_ULONG ulPinLen); 717 CK_RV meta_SetPIN(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pOldPin, 718 CK_ULONG ulOldPinLen, CK_UTF8CHAR_PTR pNewPin, CK_ULONG ulNewPinLen); 719 CK_RV meta_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags, 720 CK_VOID_PTR pApplication, CK_NOTIFY Notify, 721 CK_SESSION_HANDLE_PTR phSession); 722 CK_RV meta_CloseSession(CK_SESSION_HANDLE hSession); 723 CK_RV meta_CloseAllSessions(CK_SLOT_ID slotID); 724 CK_RV meta_GetSessionInfo(CK_SESSION_HANDLE hSession, 725 CK_SESSION_INFO_PTR pInfo); 726 CK_RV meta_GetOperationState(CK_SESSION_HANDLE hSession, 727 CK_BYTE_PTR pOperationState, CK_ULONG_PTR pulOperationStateLen); 728 CK_RV meta_SetOperationState(CK_SESSION_HANDLE hSession, 729 CK_BYTE_PTR pOperationState, CK_ULONG ulOperationStateLen, 730 CK_OBJECT_HANDLE hEncryptionKey, CK_OBJECT_HANDLE hAuthenticationKey); 731 CK_RV meta_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, 732 CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen); 733 CK_RV meta_Logout(CK_SESSION_HANDLE hSession); 734 CK_RV meta_CreateObject(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate, 735 CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phObject); 736 CK_RV meta_CopyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, 737 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, 738 CK_OBJECT_HANDLE_PTR phNewObject); 739 CK_RV meta_DestroyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject); 740 CK_RV meta_GetObjectSize(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, 741 CK_ULONG_PTR pulSize); 742 CK_RV meta_GetAttributeValue(CK_SESSION_HANDLE hSession, 743 CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount); 744 CK_RV meta_SetAttributeValue(CK_SESSION_HANDLE hSession, 745 CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount); 746 CK_RV meta_FindObjectsInit(CK_SESSION_HANDLE hSession, 747 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount); 748 CK_RV meta_FindObjects(CK_SESSION_HANDLE hSession, 749 CK_OBJECT_HANDLE_PTR phObject, CK_ULONG ulMaxObjectCount, 750 CK_ULONG_PTR pulObjectCount); 751 CK_RV meta_FindObjectsFinal(CK_SESSION_HANDLE hSession); 752 CK_RV meta_EncryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, 753 CK_OBJECT_HANDLE hKey); 754 CK_RV meta_Encrypt(CK_SESSION_HANDLE hSession, 755 CK_BYTE_PTR pData, CK_ULONG ulDataLen, 756 CK_BYTE_PTR pEncryptedData, CK_ULONG_PTR pulEncryptedDataLen); 757 CK_RV meta_EncryptUpdate(CK_SESSION_HANDLE hSession, 758 CK_BYTE_PTR pPart, CK_ULONG ulPartLen, 759 CK_BYTE_PTR pEncryptedPart, CK_ULONG_PTR pulEncryptedPartLen); 760 CK_RV meta_EncryptFinal(CK_SESSION_HANDLE hSession, 761 CK_BYTE_PTR pLastEncryptedPart, CK_ULONG_PTR pulLastEncryptedPartLen); 762 CK_RV meta_DecryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, 763 CK_OBJECT_HANDLE hKey); 764 CK_RV meta_Decrypt(CK_SESSION_HANDLE hSession, 765 CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen, 766 CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen); 767 CK_RV meta_DecryptUpdate(CK_SESSION_HANDLE hSession, 768 CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen, 769 CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen); 770 CK_RV meta_DecryptFinal(CK_SESSION_HANDLE hSession, 771 CK_BYTE_PTR pLastPart, CK_ULONG_PTR pulLastPartLen); 772 CK_RV meta_DigestInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism); 773 CK_RV meta_Digest(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, 774 CK_ULONG ulDataLen, CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen); 775 CK_RV meta_DigestUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, 776 CK_ULONG ulPartLen); 777 CK_RV meta_DigestKey(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey); 778 CK_RV meta_DigestFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pDigest, 779 CK_ULONG_PTR pulDigestLen); 780 CK_RV meta_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, 781 CK_OBJECT_HANDLE hKey); 782 CK_RV meta_Sign(CK_SESSION_HANDLE hSession, 783 CK_BYTE_PTR pData, CK_ULONG ulDataLen, 784 CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen); 785 CK_RV meta_SignUpdate(CK_SESSION_HANDLE hSession, 786 CK_BYTE_PTR pPart, CK_ULONG ulPartLen); 787 CK_RV meta_SignFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, 788 CK_ULONG_PTR pulSignatureLen); 789 CK_RV meta_SignRecoverInit(CK_SESSION_HANDLE hSession, 790 CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey); 791 CK_RV meta_SignRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, 792 CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen); 793 CK_RV meta_VerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, 794 CK_OBJECT_HANDLE hKey); 795 CK_RV meta_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, 796 CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen); 797 CK_RV meta_VerifyUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, 798 CK_ULONG ulPartLen); 799 CK_RV meta_VerifyFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, 800 CK_ULONG ulSignatureLen); 801 CK_RV meta_VerifyRecoverInit(CK_SESSION_HANDLE hSession, 802 CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey); 803 CK_RV meta_VerifyRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, 804 CK_ULONG ulSignatureLen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen); 805 CK_RV meta_DigestEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, 806 CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart, 807 CK_ULONG_PTR pulEncryptedPartLen); 808 CK_RV meta_DecryptDigestUpdate(CK_SESSION_HANDLE hSession, 809 CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen, 810 CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen); 811 CK_RV meta_SignEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, 812 CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart, 813 CK_ULONG_PTR pulEncryptedPartLen); 814 CK_RV meta_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession, 815 CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen, 816 CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen); 817 CK_RV meta_GenerateKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, 818 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phKey); 819 CK_RV meta_GenerateKeyPair(CK_SESSION_HANDLE hSession, 820 CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pPublicKeyTemplate, 821 CK_ULONG ulPublicKeyAttributeCount, CK_ATTRIBUTE_PTR pPrivateKeyTemplate, 822 CK_ULONG ulPrivateKeyAttributeCount, CK_OBJECT_HANDLE_PTR phPublicKey, 823 CK_OBJECT_HANDLE_PTR phPrivateKey); 824 CK_RV meta_WrapKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, 825 CK_OBJECT_HANDLE hWrappingKey, CK_OBJECT_HANDLE hKey, 826 CK_BYTE_PTR pWrappedKey, CK_ULONG_PTR pulWrappedKeyLen); 827 CK_RV meta_UnwrapKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, 828 CK_OBJECT_HANDLE hUnwrappingKey, CK_BYTE_PTR pWrappedKey, 829 CK_ULONG ulWrappedKeyLen, CK_ATTRIBUTE_PTR pTemplate, 830 CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey); 831 CK_RV meta_DeriveKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, 832 CK_OBJECT_HANDLE hBaseKey, CK_ATTRIBUTE_PTR pTemplate, 833 CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey); 834 CK_RV meta_SeedRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSeed, 835 CK_ULONG ulSeedLen); 836 CK_RV meta_GenerateRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pRandomData, 837 CK_ULONG ulRandomLen); 838 CK_RV meta_GetFunctionStatus(CK_SESSION_HANDLE hSession); 839 CK_RV meta_CancelFunction(CK_SESSION_HANDLE hSession); 840 CK_RV meta_WaitForSlotEvent(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot, 841 CK_VOID_PTR pReserved); 842 843 #ifdef __cplusplus 844 } 845 #endif 846 847 #endif /* _METAGLOBAL_H */ 848