1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #ifndef _METAGLOBAL_H 27 #define _METAGLOBAL_H 28 29 #pragma ident "%Z%%M% %I% %E% SMI" 30 31 /* 32 * This file contains all the data structures used for the meta slot 33 */ 34 35 #ifdef __cplusplus 36 extern "C" { 37 #endif 38 39 #include <pthread.h> 40 #include <synch.h> 41 #include <unistd.h> 42 #include <security/cryptoki.h> 43 #include <stdio.h> 44 #include <cryptoutil.h> 45 #include <pkcs11Session.h> 46 #include <pkcs11Slot.h> 47 48 /* 49 * In "generic_attr_t", attributes that are not CK_BBOOL and 50 * CK_ULONG, the data will be stored in generic_data. 51 * Currently, 16 bytes will be pre-allocated for this. 52 * This is just a _WILD_ guess. If actual 53 * experience shows that 16 bytes is too small for most of the 54 * data that will be stored here, and cause this 55 * memory to be reallocated all the time, this should be increased. 56 */ 57 #define INITIAL_ATTR_LEN 16 58 59 /* We provide one slot, with the following arbitrary identifier. */ 60 #define METASLOT_SLOTID 42 61 62 /* Metaslot is always the first slot in the framdwork, with slotID=0 */ 63 #define METASLOT_FRAMEWORK_ID 0 64 65 /* 66 * These are the 2 acceptable string values for ${METASLOT_ENABLE} and 67 * ${METASLOT_AUTO_KEY_MIGRATE} environment variable 68 */ 69 #define TRUE_STRING "true" 70 #define FALSE_STRING "false" 71 72 /* Magic values for different data structures */ 73 #define METASLOT_SESSION_MAGIC 0xECF00004 74 #define METASLOT_SESSION_BADMAGIC 0xBAD00004 75 #define METASLOT_OBJECT_MAGIC 0xECF0B004 76 #define METASLOT_OBJECT_BADMAGIC 0xBAD0B004 77 #define METASLOT_OPSTATE_MAGIC 0xECF09004 78 #define METASLOT_OPSTATE_BADMAGIC 0xBAD09004 79 80 #define IS_READ_ONLY_SESSION(session_flag) \ 81 (!(session_flag & CKF_RW_SESSION)) 82 83 /* 84 * Operation types passed to meta_init_operation() / meta_do_operation() 85 * Operation modes passed to meta_do_operation() 86 * 87 * OP_* and MODE_* must be disjoint (treat as a bitmask), see meta_do_operation 88 * 89 * MODE_UPDATE_WITHKEY is only used for C_DigestKey. 90 */ 91 #define OP_UNUSED 0x0000 92 #define OP_ENCRYPT 0x0001 93 #define OP_DECRYPT 0x0002 94 #define OP_DIGEST 0x0004 95 #define OP_SIGN 0x0008 96 #define OP_VERIFY 0x0010 97 #define OP_SIGNRECOVER 0x0020 98 #define OP_VERIFYRECOVER 0x0040 99 #define MODE_SINGLE 0x0100 100 #define MODE_UPDATE 0x0200 101 #define MODE_UPDATE_WITHKEY 0x0400 102 #define MODE_FINAL 0x1000 103 104 105 /* CK_INFO: Information about cryptoki */ 106 #define METASLOT_CRYPTOKI_VERSION_MAJOR 2 107 #define METASLOT_CRYPTOKI_VERSION_MINOR 11 108 #define METASLOT_MANUFACTURER_ID "Sun Microsystems, Inc. " 109 #define METASLOT_LIBRARY_DESCRIPTION "Sun Metaslot " 110 #define METASLOT_LIBRARY_VERSION_MAJOR 1 111 #define METASLOT_LIBRARY_VERSION_MINOR 1 112 113 /* CK_SLOT_INFO */ 114 #define METASLOT_SLOT_DESCRIPTION "Sun Metaslot " \ 115 " " 116 #define METASLOT_HARDWARE_VERSION_MAJOR 0 117 #define METASLOT_HARDWARE_VERSION_MINOR 0 118 #define METASLOT_FIRMWARE_VERSION_MAJOR 0 119 #define METASLOT_FIRMWARE_VERSION_MINOR 0 120 121 /* CK_TOKEN_INFO: More information about token */ 122 #define METASLOT_TOKEN_LABEL "Sun Metaslot " 123 #define METASLOT_TOKEN_MODEL "1.0 " 124 #define RANDOM_DEVICE "/dev/urandom" 125 126 /* 127 * Maximum number of objects and sessions to queue up before actually 128 * freeing them using the free() system. This is necessary to workaround 129 * a problem in which applications re-uses handles that are no longer valid 130 */ 131 #define MAX_OBJ_TO_BE_FREED 300 132 #define MAX_SESSION_TO_BE_FREED 300 133 134 /* 135 * The following 2 functions deals with inserting and deleting 136 * from double linked lists. It can work with any data structure 137 * that have "prev" and "next" defined. 138 */ 139 140 /* This always inserts into the head of the list */ 141 #define INSERT_INTO_LIST(list, item) \ 142 { \ 143 if ((list) == NULL) { \ 144 (item)->prev = NULL; \ 145 (item)->next = NULL; \ 146 (list) = (item); \ 147 } else { \ 148 (item)->next = (list); \ 149 (item)->prev = NULL; \ 150 (list)->prev = (item); \ 151 (list) = (item); \ 152 } \ 153 } 154 155 156 /* 157 * Remove item from list 158 */ 159 #define REMOVE_FROM_LIST(list, item) \ 160 { \ 161 if ((list) == item) { \ 162 if ((item)->next == NULL) { \ 163 (list) = NULL; \ 164 } else { \ 165 (item)->next->prev = NULL; \ 166 (list) = (item)->next; \ 167 } \ 168 } else { \ 169 if ((item)->next) { \ 170 (item)->next->prev = item->prev; \ 171 (item)->prev->next = (item)->next; \ 172 } else { \ 173 (item)->prev->next = NULL; \ 174 } \ 175 } \ 176 } 177 178 /* 179 * OBJRELEASE 180 * 181 * Signal that a metaobject is no longer in use (but is still valid). 182 */ 183 #define OBJRELEASE(object) \ 184 if (object != NULL) { \ 185 (void) pthread_rwlock_unlock(&object->object_lock); \ 186 } 187 188 /* 189 * REFRELEASE 190 * 191 * Signal that a metasession is no longer in use (but is still valid). 192 * 193 */ 194 #define REFRELEASE(session) \ 195 if (session != NULL) { \ 196 (void) pthread_rwlock_unlock(&session->session_lock); \ 197 } 198 199 200 /* Generic attribute type, for storing and managing PKCS#11 attributes. */ 201 typedef struct _attr { 202 CK_ATTRIBUTE attribute; 203 204 boolean_t isMalloced; 205 206 /* attr is necessary for creating a clone of the object */ 207 boolean_t isCloneAttr; 208 209 /* 210 * depends on the PKCS#11 implementation, this attr might or might 211 * not have a value. It's OK for it to not have a value 212 * (ie: the default value is empty) 213 */ 214 boolean_t canBeEmptyValue; 215 216 boolean_t hasValueForClone; 217 218 CK_BBOOL generic_bbool; 219 CK_ULONG generic_ulong; 220 CK_BYTE generic_data[INITIAL_ATTR_LEN]; 221 } generic_attr_t; 222 223 /* 224 * These need to be defined here before the actual structures are defined 225 * because they are used in some of the structure definitions. 226 */ 227 typedef struct slotobject slot_object_t; 228 typedef struct metasession meta_session_t; 229 typedef struct metaobject meta_object_t; 230 typedef struct metaopstate meta_opstate_t; 231 232 /* 233 * slot_session_t 234 * 235 * Wrapper for a session on a provider. This structure is only used internally 236 * in metaslot; it is never revealed to applications. 237 */ 238 typedef struct slotsession { 239 CK_ULONG slotnum; 240 CK_SLOT_ID fw_st_id; /* used for accessing framework's slottable */ 241 CK_SESSION_HANDLE hSession; 242 243 boolean_t is_dualop_capable; 244 CK_FLAGS session_flags; /* what type of session */ 245 246 struct slotsession *next; 247 struct slotsession *prev; 248 249 pthread_rwlock_t object_list_lock; 250 slot_object_t *object_list_head; 251 } slot_session_t; 252 253 254 /* 255 * slot_object_t 256 * 257 * Wrapper for an object on a provider. This structure is only used internally 258 * in metaslot; it is never revealed to applications. 259 */ 260 struct slotobject { 261 CK_OBJECT_HANDLE hObject; 262 263 struct slotobject *next; 264 struct slotobject *prev; 265 266 slot_session_t *creator_session; 267 268 boolean_t isToken; 269 }; 270 271 272 /* 273 * mechinfo_t 274 * 275 * A mechinfo_t is created for each mechanism on a slot. 276 * 277 * This information is used for selecting which slots support the given 278 * mechanism for a crypto operation. 279 * 280 */ 281 typedef struct mechinfo { 282 CK_ULONG slotnum; 283 284 boolean_t initialized; 285 boolean_t supported; 286 CK_MECHANISM_INFO mechanism_info; 287 } mechinfo_t; 288 289 290 /* 291 * operation_info_t 292 * 293 * Part of a meta_session_t, used to track active operations. 294 */ 295 typedef struct opinfo { 296 int type; 297 slot_session_t *session; 298 mechinfo_t *stats; 299 } operation_info_t; 300 301 typedef struct find_objs_info { 302 boolean_t op_active; /* Indicate whether FindObjects is active */ 303 meta_object_t **matched_objs; 304 int num_matched_objs; 305 int next_result_index; /* index of next object to be returned */ 306 } find_objs_info_t; 307 308 typedef struct mech_support_info { 309 CK_MECHANISM_TYPE mech; 310 /* Array of mechinfo_t allocated based on number of slots */ 311 mechinfo_t **supporting_slots; 312 unsigned long num_supporting_slots; 313 } mech_support_info_t; 314 315 /* 316 * meta_session_t 317 * 318 * The internal state for a meta-session is kept here. The session handles 319 * given to applications are always pointers to a structure of this type. 320 * 321 */ 322 struct metasession { 323 ulong_t magic_marker; 324 pthread_rwlock_t session_lock; 325 326 pthread_mutex_t isClosingSession_lock; 327 boolean_t isClosingSession; 328 329 struct metasession *next; 330 struct metasession *prev; 331 332 CK_FLAGS session_flags; 333 334 /* 335 * Could have just declared this as "op", but declaring it as 336 * op1 so that "op2" can be easily added when dual-op support 337 * is implemented in the future 338 */ 339 operation_info_t op1; 340 341 /* 342 * This is for keeping track of which slots support a particular 343 * mechanism. This information doesn't 344 * have to be kept on a per session bases, but having the 345 * memory pre-allocated per session would make things much simpiler, 346 * because memory doesn't need to be allocated/deallocated everytime 347 * we do an operation. 348 */ 349 mech_support_info_t mech_support_info; 350 351 352 /* Session objects created by this session. */ 353 pthread_rwlock_t object_list_lock; 354 meta_object_t *object_list_head; 355 356 /* C_FindObjects support. */ 357 find_objs_info_t find_objs_info; 358 }; 359 360 361 /* 362 * meta_object_t 363 * 364 * The internal state for a meta-object is kept here. The object handles 365 * given to applications are always pointers to a structure of this type. 366 */ 367 struct metaobject { 368 ulong_t magic_marker; 369 pthread_rwlock_t object_lock; 370 371 pthread_mutex_t isClosingObject_lock; 372 boolean_t isClosingObject; 373 374 struct metaobject *next; 375 struct metaobject *prev; 376 377 meta_session_t *creator_session; /* Only set for session objects */ 378 379 boolean_t isToken; /* alias for CKA_TOKEN */ 380 boolean_t isPrivate; /* alias for CKA_PRIVATE */ 381 boolean_t isSensitive; /* alias for CKA_SENSITIVE */ 382 boolean_t isExtractable; /* alias for CKA_EXTRACTABLE */ 383 384 CK_ULONG master_clone_slotnum; /* set when object is created */ 385 slot_object_t **clones; 386 /* indicate if tried to create clone object in a slot */ 387 boolean_t *tried_create_clone; 388 389 pthread_rwlock_t attribute_lock; 390 size_t num_attributes; 391 generic_attr_t *attributes; 392 393 pthread_mutex_t clone_create_lock; 394 size_t clone_template_size; /* 0 if not yet known. */ 395 CK_ATTRIBUTE *clone_template; /* NULL if not yet known. */ 396 }; 397 398 399 /* 400 * struct metaopstate 401 * 402 * Used as the format for the operation state returned via 403 * C_GetOperationState. 404 */ 405 typedef struct opstate_data { 406 int op_type; 407 CK_ULONG op_slotnum; 408 CK_ULONG op_state_len; 409 } opstate_data_t; 410 411 struct metaopstate { 412 ulong_t magic_marker; 413 /* 414 * Could have just declared this as "state", but declaring it like this 415 * so that when dual-op support is implemented in the future, the 416 * changes will be simplier. 417 */ 418 struct opstate_data state[1]; 419 }; 420 421 422 /* 423 * session_pool_t 424 * 425 * Used to cache open sessions in a slot. 426 */ 427 typedef struct sessionpool { 428 pthread_mutex_t list_lock; 429 430 /* list of sessions that's currently in use */ 431 slot_session_t *active_list_head; 432 433 /* 434 * list of sessions that are not in use, but can't be deleted because 435 * either session/token objects are created using these sessions 436 * or we need to have one session left with the provider to maintain 437 * the logged in state. Any of these sessions could be re-used if 438 * a session is needed to be established with a provider. 439 */ 440 slot_session_t *persist_list_head; 441 442 /* 443 * List of sessions that are not in use at the moment. We keep 444 * a list of sessions with a particular provider instead of 445 * creating a new session everytime for efficiency 446 */ 447 slot_session_t *idle_list_head; 448 boolean_t keep_one_alive; 449 int num_idle_sessions; /* number of sessions in "idle_list_head" */ 450 } session_pool_t; 451 452 453 /* 454 * slot_data_t 455 * 456 * Each slot has a session pool, a collection of persistant sessions to 457 * allow for more efficient operation. Specifically, to allow reuse of 458 * previously session objects (which need the creating session to stick 459 * around), as well as being frugal with creating/closing sessions. 460 */ 461 typedef struct slotdata { 462 CK_SLOT_ID fw_st_id; /* framework slot table ID */ 463 464 session_pool_t session_pool; 465 466 pthread_rwlock_t tokenobject_list_lock; 467 slot_object_t *tokenobject_list_head; 468 } slot_data_t; 469 470 471 typedef enum { 472 ALL_TOKEN = 0, 473 PUBLIC_TOKEN = 1, 474 PRIVATE_TOKEN = 2 475 } token_obj_type_t; 476 477 /* 478 * metaslot_config_t 479 * 480 * This holds the configuration information for meta slot. 481 * It will first be filled with values that users defined 482 * in environment variables. Any value not defined by the user 483 * will be filled with values from the system wide configuration file. 484 */ 485 typedef struct _metaslot_config { 486 /* token to be used as the keystore for metaslot */ 487 boolean_t keystore_token_specified; 488 CK_UTF8CHAR keystore_token[TOKEN_LABEL_SIZE + 1]; 489 490 /* slot to be used as the keystore for metaslot */ 491 boolean_t keystore_slot_specified; 492 CK_UTF8CHAR keystore_slot[SLOT_DESCRIPTION_SIZE + 1]; 493 494 /* should meta slot be enabled or not */ 495 boolean_t enabled_specified; 496 boolean_t enabled; 497 498 /* should auto migration of sensitive token objects be enabled or not */ 499 boolean_t auto_key_migrate_specified; 500 boolean_t auto_key_migrate; 501 } metaslot_config_t; 502 503 /* 504 * The following 2 structures are used to link the to-be-freed 505 * meta sessions and meta objects into linked lists. 506 * The items on these linked list have not yet been freed via free(); instead 507 * they are added to this list. The actual free will take place when 508 * the number of objects queued reaches MAX_OBJ_TO_BE_FREED or 509 * MAX_SESSION_TO_BE_FREED, at which time the first object in the 510 * list will be freed. 511 */ 512 typedef struct obj_to_be_freed_list { 513 meta_object_t *first; /* points to first obj in the list */ 514 meta_object_t *last; /* points to last obj in the list */ 515 uint32_t count; /* current total objs in the list */ 516 pthread_mutex_t obj_to_be_free_mutex; 517 } object_to_be_freed_list_t; 518 519 typedef struct ses_to_be_freed_list { 520 meta_session_t *first; /* points to first session in the list */ 521 meta_session_t *last; /* points to last session in the list */ 522 uint32_t count; /* current total session in the list */ 523 pthread_mutex_t ses_to_be_free_mutex; 524 } ses_to_be_freed_list_t; 525 526 /* Global variables */ 527 extern metaslot_config_t metaslot_config; 528 extern boolean_t metaslot_enabled; 529 extern CK_SLOT_ID metaslot_keystore_slotid; 530 extern boolean_t metaslot_auto_key_migrate; 531 extern struct CK_FUNCTION_LIST metaslot_functionList; 532 extern int meta_urandom_seed_fd; 533 extern pthread_mutex_t initmutex; 534 535 extern ses_to_be_freed_list_t ses_delay_freed; 536 extern object_to_be_freed_list_t obj_delay_freed; 537 538 /* --- Prototypes --- */ 539 540 CK_RV meta_slotManager_initialize(); 541 void meta_slotManager_finalize(); 542 void meta_slotManager_find_object_token(); 543 CK_RV meta_get_slot_session(CK_ULONG slotnum, slot_session_t **session, 544 CK_FLAGS flags); 545 void meta_release_slot_session(slot_session_t *session); 546 547 CK_RV meta_mechManager_initialize(); 548 void meta_mechManager_finalize(); 549 CK_RV meta_mechManager_get_mechs(CK_MECHANISM_TYPE *list, CK_ULONG *listsize); 550 CK_RV meta_mechManager_get_slots(mech_support_info_t *mech_support_info, 551 boolean_t force_update); 552 CK_RV meta_mechManager_slot_supports_mech(CK_MECHANISM_TYPE mechanism, 553 CK_ULONG slotnum, boolean_t *supports, mechinfo_t **slot_info, 554 boolean_t force_update); 555 556 CK_RV meta_operation_init(int optype, meta_session_t *session, 557 CK_MECHANISM *pMechanism, meta_object_t *key); 558 CK_RV meta_do_operation(int optype, int mode, 559 meta_session_t *session, meta_object_t *object, 560 CK_BYTE *in, CK_ULONG inLen, CK_BYTE *out, CK_ULONG *outLen); 561 562 void meta_operation_cleanup(meta_session_t *session, int optype, 563 boolean_t finished_normally); 564 565 CK_RV meta_generate_keys(meta_session_t *session, CK_MECHANISM *pMechanism, 566 CK_ATTRIBUTE *k1Template, CK_ULONG k1AttrCount, meta_object_t *key1, 567 CK_ATTRIBUTE *k2Template, CK_ULONG k2AttrCount, meta_object_t *key2); 568 569 CK_RV meta_wrap_key(meta_session_t *session, 570 CK_MECHANISM *pMechanism, meta_object_t *wrappingkey, 571 meta_object_t *inputkey, 572 CK_BYTE *wrapped_key, CK_ULONG *wrapped_key_len); 573 574 CK_RV meta_unwrap_key(meta_session_t *session, 575 CK_MECHANISM *pMechanism, meta_object_t *unwrapping_key, 576 CK_BYTE *wrapped_key, CK_ULONG wrapped_key_len, 577 CK_ATTRIBUTE *template, CK_ULONG template_size, 578 meta_object_t *unwrapped_key); 579 580 CK_RV meta_derive_key(meta_session_t *session, CK_MECHANISM *pMech, 581 meta_object_t *basekey1, meta_object_t *basekey2, 582 CK_OBJECT_HANDLE *phBaseKey2, 583 CK_ATTRIBUTE *pTemplate, CK_ULONG ulAttributeCount, 584 meta_object_t *newKey1, meta_object_t *newKey2, 585 meta_object_t *newKey3, meta_object_t *newKey4); 586 587 void get_user_metaslot_config(); 588 589 CK_RV meta_sessionManager_initialize(); 590 void meta_sessionManager_finalize(); 591 CK_RV meta_handle2session(CK_SESSION_HANDLE hSession, 592 meta_session_t **session_p); 593 CK_RV meta_session_alloc(meta_session_t **newSession); 594 CK_RV meta_session_activate(meta_session_t *session); 595 CK_RV meta_session_deactivate(meta_session_t *session, 596 boolean_t have_sessionlist_lock); 597 void meta_session_dealloc(meta_session_t *session); 598 void meta_session_delay_free(meta_session_t *sp); 599 600 CK_RV meta_objectManager_initialize(); 601 void meta_objectManager_finalize(); 602 CK_RV meta_handle2object(CK_OBJECT_HANDLE hObject, meta_object_t **object); 603 CK_RV meta_object_alloc(meta_session_t *session, meta_object_t **object); 604 CK_RV meta_object_get_attr(slot_session_t *slot_session, 605 CK_OBJECT_HANDLE hObject, meta_object_t *object); 606 void meta_object_activate(meta_object_t *object); 607 CK_RV meta_object_deactivate(meta_object_t *object, boolean_t have_list_lock, 608 boolean_t have_object_lock); 609 CK_RV meta_object_dealloc(meta_object_t *object, boolean_t nukeSourceObj); 610 CK_RV meta_slot_object_alloc(slot_object_t **object); 611 void meta_slot_object_activate(slot_object_t *object, slot_session_t *session, 612 boolean_t isToken); 613 void meta_slot_object_deactivate(slot_object_t *object); 614 void meta_slot_object_dealloc(slot_object_t *object); 615 CK_RV meta_object_copyin(meta_object_t *object); 616 CK_RV meta_object_get_clone(meta_object_t *object, 617 CK_ULONG slot_num, slot_session_t *slot_session, 618 slot_object_t **clone); 619 meta_object_t *meta_object_find_by_handle(CK_OBJECT_HANDLE hObject, 620 CK_ULONG slotnum, boolean_t token_only); 621 CK_RV meta_token_object_deactivate(token_obj_type_t token_type); 622 void meta_object_delay_free(meta_object_t *objp); 623 624 625 626 CK_RV get_master_attributes_by_object(slot_session_t *session, 627 slot_object_t *slot_object, generic_attr_t **attributes, 628 size_t *num_attributes); 629 CK_RV get_master_attributes_by_template( 630 CK_ATTRIBUTE *template, CK_ULONG template_size, 631 generic_attr_t **attributes, size_t *num_attributes); 632 CK_RV get_master_template_by_type(CK_OBJECT_CLASS class, CK_ULONG subtype, 633 generic_attr_t **attributes, size_t *num_attributes); 634 CK_RV get_master_attributes_by_type(CK_OBJECT_CLASS class, CK_ULONG subtype, 635 generic_attr_t **attributes, size_t *num_attributes); 636 CK_RV get_master_attributes_by_duplication( 637 generic_attr_t *src_attrs, size_t num_src_attrs, 638 generic_attr_t **dst_attrs, size_t *num_dst_attrs); 639 void dealloc_attributes(generic_attr_t *attributes, size_t num_attributes); 640 CK_RV attribute_set_value(CK_ATTRIBUTE *new_attr, 641 generic_attr_t *attributes, size_t num_attributes); 642 boolean_t get_template_ulong(CK_ATTRIBUTE_TYPE type, CK_ATTRIBUTE *attributes, 643 CK_ULONG num_attributes, CK_ULONG *result); 644 boolean_t get_template_boolean(CK_ATTRIBUTE_TYPE type, 645 CK_ATTRIBUTE *attributes, CK_ULONG num_attributes, boolean_t *result); 646 647 CK_ULONG get_keystore_slotnum(void); 648 CK_SLOT_ID meta_slotManager_get_framework_table_id(CK_ULONG slotnum); 649 CK_ULONG meta_slotManager_get_slotcount(void); 650 boolean_t meta_slotManager_token_write_protected(void); 651 boolean_t metaslot_logged_in(); 652 void metaslot_set_logged_in_flag(boolean_t value); 653 654 int looping_read(int, void *, int); 655 int looping_write(int, void *, int); 656 657 /* 658 * Prototypes for the various meta_Foo implementations of C_Foo. 659 * 660 */ 661 CK_RV meta_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList); 662 CK_RV meta_Initialize(CK_VOID_PTR pInitArgs); 663 CK_RV meta_Finalize(CK_VOID_PTR pReserved); 664 CK_RV meta_GetInfo(CK_INFO_PTR pInfo); 665 CK_RV meta_GetSlotList(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, 666 CK_ULONG_PTR pulCount); 667 CK_RV meta_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo); 668 CK_RV meta_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo); 669 CK_RV meta_GetMechanismList(CK_SLOT_ID slotID, 670 CK_MECHANISM_TYPE_PTR pMechanismList, CK_ULONG_PTR pulCount); 671 CK_RV meta_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, 672 CK_MECHANISM_INFO_PTR pInfo); 673 CK_RV meta_InitToken(CK_SLOT_ID slotID, CK_UTF8CHAR_PTR pPin, 674 CK_ULONG ulPinLen, CK_UTF8CHAR_PTR pLabel); 675 CK_RV meta_InitPIN(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pPin, 676 CK_ULONG ulPinLen); 677 CK_RV meta_SetPIN(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pOldPin, 678 CK_ULONG ulOldPinLen, CK_UTF8CHAR_PTR pNewPin, CK_ULONG ulNewPinLen); 679 CK_RV meta_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags, 680 CK_VOID_PTR pApplication, CK_NOTIFY Notify, 681 CK_SESSION_HANDLE_PTR phSession); 682 CK_RV meta_CloseSession(CK_SESSION_HANDLE hSession); 683 CK_RV meta_CloseAllSessions(CK_SLOT_ID slotID); 684 CK_RV meta_GetSessionInfo(CK_SESSION_HANDLE hSession, 685 CK_SESSION_INFO_PTR pInfo); 686 CK_RV meta_GetOperationState(CK_SESSION_HANDLE hSession, 687 CK_BYTE_PTR pOperationState, CK_ULONG_PTR pulOperationStateLen); 688 CK_RV meta_SetOperationState(CK_SESSION_HANDLE hSession, 689 CK_BYTE_PTR pOperationState, CK_ULONG ulOperationStateLen, 690 CK_OBJECT_HANDLE hEncryptionKey, CK_OBJECT_HANDLE hAuthenticationKey); 691 CK_RV meta_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, 692 CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen); 693 CK_RV meta_Logout(CK_SESSION_HANDLE hSession); 694 CK_RV meta_CreateObject(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate, 695 CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phObject); 696 CK_RV meta_CopyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, 697 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, 698 CK_OBJECT_HANDLE_PTR phNewObject); 699 CK_RV meta_DestroyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject); 700 CK_RV meta_GetObjectSize(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, 701 CK_ULONG_PTR pulSize); 702 CK_RV meta_GetAttributeValue(CK_SESSION_HANDLE hSession, 703 CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount); 704 CK_RV meta_SetAttributeValue(CK_SESSION_HANDLE hSession, 705 CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount); 706 CK_RV meta_FindObjectsInit(CK_SESSION_HANDLE hSession, 707 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount); 708 CK_RV meta_FindObjects(CK_SESSION_HANDLE hSession, 709 CK_OBJECT_HANDLE_PTR phObject, CK_ULONG ulMaxObjectCount, 710 CK_ULONG_PTR pulObjectCount); 711 CK_RV meta_FindObjectsFinal(CK_SESSION_HANDLE hSession); 712 CK_RV meta_EncryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, 713 CK_OBJECT_HANDLE hKey); 714 CK_RV meta_Encrypt(CK_SESSION_HANDLE hSession, 715 CK_BYTE_PTR pData, CK_ULONG ulDataLen, 716 CK_BYTE_PTR pEncryptedData, CK_ULONG_PTR pulEncryptedDataLen); 717 CK_RV meta_EncryptUpdate(CK_SESSION_HANDLE hSession, 718 CK_BYTE_PTR pPart, CK_ULONG ulPartLen, 719 CK_BYTE_PTR pEncryptedPart, CK_ULONG_PTR pulEncryptedPartLen); 720 CK_RV meta_EncryptFinal(CK_SESSION_HANDLE hSession, 721 CK_BYTE_PTR pLastEncryptedPart, CK_ULONG_PTR pulLastEncryptedPartLen); 722 CK_RV meta_DecryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, 723 CK_OBJECT_HANDLE hKey); 724 CK_RV meta_Decrypt(CK_SESSION_HANDLE hSession, 725 CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen, 726 CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen); 727 CK_RV meta_DecryptUpdate(CK_SESSION_HANDLE hSession, 728 CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen, 729 CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen); 730 CK_RV meta_DecryptFinal(CK_SESSION_HANDLE hSession, 731 CK_BYTE_PTR pLastPart, CK_ULONG_PTR pulLastPartLen); 732 CK_RV meta_DigestInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism); 733 CK_RV meta_Digest(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, 734 CK_ULONG ulDataLen, CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen); 735 CK_RV meta_DigestUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, 736 CK_ULONG ulPartLen); 737 CK_RV meta_DigestKey(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey); 738 CK_RV meta_DigestFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pDigest, 739 CK_ULONG_PTR pulDigestLen); 740 CK_RV meta_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, 741 CK_OBJECT_HANDLE hKey); 742 CK_RV meta_Sign(CK_SESSION_HANDLE hSession, 743 CK_BYTE_PTR pData, CK_ULONG ulDataLen, 744 CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen); 745 CK_RV meta_SignUpdate(CK_SESSION_HANDLE hSession, 746 CK_BYTE_PTR pPart, CK_ULONG ulPartLen); 747 CK_RV meta_SignFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, 748 CK_ULONG_PTR pulSignatureLen); 749 CK_RV meta_SignRecoverInit(CK_SESSION_HANDLE hSession, 750 CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey); 751 CK_RV meta_SignRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, 752 CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen); 753 CK_RV meta_VerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, 754 CK_OBJECT_HANDLE hKey); 755 CK_RV meta_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, 756 CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen); 757 CK_RV meta_VerifyUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, 758 CK_ULONG ulPartLen); 759 CK_RV meta_VerifyFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, 760 CK_ULONG ulSignatureLen); 761 CK_RV meta_VerifyRecoverInit(CK_SESSION_HANDLE hSession, 762 CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey); 763 CK_RV meta_VerifyRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, 764 CK_ULONG ulSignatureLen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen); 765 CK_RV meta_DigestEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, 766 CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart, 767 CK_ULONG_PTR pulEncryptedPartLen); 768 CK_RV meta_DecryptDigestUpdate(CK_SESSION_HANDLE hSession, 769 CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen, 770 CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen); 771 CK_RV meta_SignEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, 772 CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart, 773 CK_ULONG_PTR pulEncryptedPartLen); 774 CK_RV meta_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession, 775 CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen, 776 CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen); 777 CK_RV meta_GenerateKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, 778 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phKey); 779 CK_RV meta_GenerateKeyPair(CK_SESSION_HANDLE hSession, 780 CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pPublicKeyTemplate, 781 CK_ULONG ulPublicKeyAttributeCount, CK_ATTRIBUTE_PTR pPrivateKeyTemplate, 782 CK_ULONG ulPrivateKeyAttributeCount, CK_OBJECT_HANDLE_PTR phPublicKey, 783 CK_OBJECT_HANDLE_PTR phPrivateKey); 784 CK_RV meta_WrapKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, 785 CK_OBJECT_HANDLE hWrappingKey, CK_OBJECT_HANDLE hKey, 786 CK_BYTE_PTR pWrappedKey, CK_ULONG_PTR pulWrappedKeyLen); 787 CK_RV meta_UnwrapKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, 788 CK_OBJECT_HANDLE hUnwrappingKey, CK_BYTE_PTR pWrappedKey, 789 CK_ULONG ulWrappedKeyLen, CK_ATTRIBUTE_PTR pTemplate, 790 CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey); 791 CK_RV meta_DeriveKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, 792 CK_OBJECT_HANDLE hBaseKey, CK_ATTRIBUTE_PTR pTemplate, 793 CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey); 794 CK_RV meta_SeedRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSeed, 795 CK_ULONG ulSeedLen); 796 CK_RV meta_GenerateRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pRandomData, 797 CK_ULONG ulRandomLen); 798 CK_RV meta_GetFunctionStatus(CK_SESSION_HANDLE hSession); 799 CK_RV meta_CancelFunction(CK_SESSION_HANDLE hSession); 800 CK_RV meta_WaitForSlotEvent(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot, 801 CK_VOID_PTR pReserved); 802 803 #ifdef __cplusplus 804 } 805 #endif 806 807 #endif /* _METAGLOBAL_H */ 808