xref: /illumos-gate/usr/src/lib/pkcs11/pkcs11_softtoken/common/softObject.h (revision 1de082f7b7fd4b6629e14b0f9b8f94f6c0bda3c2)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #ifndef	_SOFTOBJECT_H
27 #define	_SOFTOBJECT_H
28 
29 #ifdef __cplusplus
30 extern "C" {
31 #endif
32 
33 #include <pthread.h>
34 #include <security/pkcs11t.h>
35 #include "softKeystoreUtil.h"
36 #include "softSession.h"
37 
38 
39 #define	SOFTTOKEN_OBJECT_MAGIC	0xECF0B002
40 
41 #define	SOFT_CREATE_OBJ		1
42 #define	SOFT_GEN_KEY		2
43 #define	SOFT_DERIVE_KEY_DH	3	/* for CKM_DH_PKCS_DERIVE */
44 #define	SOFT_DERIVE_KEY_OTHER	4	/* for CKM_MD5_KEY_DERIVATION and */
45 					/* CKM_SHA1_KEY_DERIVATION */
46 #define	SOFT_UNWRAP_KEY		5
47 #define	SOFT_CREATE_OBJ_INT	6	/* internal object creation */
48 
49 typedef struct biginteger {
50 	CK_BYTE *big_value;
51 	CK_ULONG big_value_len;
52 } biginteger_t;
53 
54 
55 /*
56  * Secret key Struct
57  */
58 typedef struct secret_key_obj {
59 	CK_BYTE *sk_value;
60 	CK_ULONG sk_value_len;
61 	void *key_sched;
62 	size_t keysched_len;
63 } secret_key_obj_t;
64 
65 
66 /*
67  * PKCS11: RSA Public Key Object Attributes
68  */
69 typedef struct rsa_pub_key {
70 	biginteger_t modulus;
71 	CK_ULONG modulus_bits;
72 	biginteger_t pub_exponent;
73 } rsa_pub_key_t;
74 
75 
76 /*
77  * PKCS11: DSA Public Key Object Attributes
78  */
79 typedef struct dsa_pub_key {
80 	biginteger_t prime;
81 	biginteger_t subprime;
82 	biginteger_t base;
83 	biginteger_t value;
84 } dsa_pub_key_t;
85 
86 
87 /*
88  * PKCS11: Diffie-Hellman Public Key Object Attributes
89  */
90 typedef struct dh_pub_key {
91 	biginteger_t prime;
92 	biginteger_t base;
93 	biginteger_t value;
94 } dh_pub_key_t;
95 
96 
97 /*
98  * PKCS11: X9.42 Diffie-Hellman Public Key Object Attributes
99  */
100 typedef struct dh942_pub_key {
101 	biginteger_t prime;
102 	biginteger_t base;
103 	biginteger_t subprime;
104 	biginteger_t value;
105 } dh942_pub_key_t;
106 
107 
108 /*
109  * PKCS11: Elliptic Curve Public Key Object Attributes
110  */
111 typedef struct ec_pub_key {
112 	biginteger_t param;
113 	biginteger_t point;
114 } ec_pub_key_t;
115 
116 
117 /*
118  * Public Key Main Struct
119  */
120 typedef struct public_key_obj {
121 	union {
122 		rsa_pub_key_t rsa_pub_key; /* RSA public key */
123 		dsa_pub_key_t dsa_pub_key; /* DSA public key */
124 		dh_pub_key_t  dh_pub_key;  /* DH public key */
125 		dh942_pub_key_t dh942_pub_key;	/* DH9.42 public key */
126 		ec_pub_key_t ec_pub_key; /* Elliptic Curve public key */
127 	} key_type_u;
128 } public_key_obj_t;
129 
130 /*
131  * PKCS11: RSA Private Key Object Attributes
132  */
133 typedef struct rsa_pri_key {
134 	biginteger_t modulus;
135 	biginteger_t pub_exponent;
136 	biginteger_t pri_exponent;
137 	biginteger_t prime_1;
138 	biginteger_t prime_2;
139 	biginteger_t exponent_1;
140 	biginteger_t exponent_2;
141 	biginteger_t coefficient;
142 } rsa_pri_key_t;
143 
144 /*
145  * PKCS11: DSA Private Key Object Attributes
146  */
147 typedef struct dsa_pri_key {
148 	biginteger_t prime;
149 	biginteger_t subprime;
150 	biginteger_t base;
151 	biginteger_t value;
152 } dsa_pri_key_t;
153 
154 
155 /*
156  * PKCS11: Diffie-Hellman Private Key Object Attributes
157  */
158 typedef struct dh_pri_key {
159 	biginteger_t prime;
160 	biginteger_t base;
161 	biginteger_t value;
162 	CK_ULONG value_bits;
163 } dh_pri_key_t;
164 
165 /*
166  * PKCS11: X9.42 Diffie-Hellman Private Key Object Attributes
167  */
168 typedef struct dh942_pri_key {
169 	biginteger_t prime;
170 	biginteger_t base;
171 	biginteger_t subprime;
172 	biginteger_t value;
173 } dh942_pri_key_t;
174 
175 /*
176  * PKCS11: Elliptic Curve Private Key Object Attributes
177  */
178 typedef struct ec_pri_key {
179 	biginteger_t param;
180 	biginteger_t value;
181 } ec_pri_key_t;
182 
183 
184 /*
185  * Private Key Main Struct
186  */
187 typedef struct private_key_obj {
188 	union {
189 		rsa_pri_key_t rsa_pri_key; /* RSA private key */
190 		dsa_pri_key_t dsa_pri_key; /* DSA private key */
191 		dh_pri_key_t  dh_pri_key;  /* DH private key */
192 		dh942_pri_key_t dh942_pri_key;	/* DH9.42 private key */
193 		ec_pri_key_t ec_pri_key; /* Elliptic Curve private key */
194 	} key_type_u;
195 } private_key_obj_t;
196 
197 /*
198  * PKCS11: DSA Domain Parameters Object Attributes
199  */
200 typedef struct dsa_dom_key {
201 	biginteger_t prime;
202 	biginteger_t subprime;
203 	biginteger_t base;
204 	CK_ULONG prime_bits;
205 } dsa_dom_key_t;
206 
207 
208 /*
209  * PKCS11: Diffie-Hellman Domain Parameters Object Attributes
210  */
211 typedef struct dh_dom_key {
212 	biginteger_t prime;
213 	biginteger_t base;
214 	CK_ULONG prime_bits;
215 } dh_dom_key_t;
216 
217 
218 /*
219  * PKCS11: X9.42 Diffie-Hellman Domain Parameters Object Attributes
220  */
221 typedef struct dh942_dom_key {
222 	biginteger_t prime;
223 	biginteger_t base;
224 	biginteger_t subprime;
225 	CK_ULONG prime_bits;
226 	CK_ULONG subprime_bits;
227 } dh942_dom_key_t;
228 
229 /*
230  * Domain Parameters Main Struct
231  */
232 typedef struct domain_obj {
233 	union {
234 		dsa_dom_key_t dsa_dom_key; /* DSA domain parameters */
235 		dh_dom_key_t  dh_dom_key;  /* DH domain parameters */
236 		dh942_dom_key_t dh942_dom_key;  /* DH9.42 domain parameters */
237 	} key_type_u;
238 } domain_obj_t;
239 
240 typedef struct cert_attr_type {
241 	CK_BYTE *value;
242 	CK_ULONG length;
243 } cert_attr_t;
244 
245 /*
246  * X.509 Public Key Certificate Structure.
247  * This structure contains only the attributes that are
248  * NOT modifiable after creation.
249  * ID, ISSUER, and SUBJECT attributes are kept in the extra_attrlistp
250  * record.
251  */
252 typedef struct x509_cert {
253 	cert_attr_t *subject; /* DER encoding of certificate subject name */
254 	cert_attr_t *value;	/* BER encoding of the cert */
255 } x509_cert_t;
256 
257 /*
258  * X.509 Attribute Certificiate Structure
259  * This structure contains only the attributes that are
260  * NOT modifiable after creation.
261  * AC_ISSUER, SERIAL_NUMBER, and ATTR_TYPES are kept in the
262  * extra_attrlistp record so they may be modified.
263  */
264 typedef struct x509_attr_cert {
265 	cert_attr_t *owner;	 /* DER encoding of attr cert subject field */
266 	cert_attr_t *value;	/* BER encoding of cert */
267 } x509_attr_cert_t;
268 
269 /*
270  * Certificate Object Main Struct
271  */
272 typedef struct certificate_obj {
273 	CK_CERTIFICATE_TYPE certificate_type;
274 	union {
275 		x509_cert_t  	x509;
276 		x509_attr_cert_t x509_attr;
277 	} cert_type_u;
278 } certificate_obj_t;
279 
280 /*
281  * This structure is used to hold the attributes in the
282  * Extra Attribute List.
283  */
284 typedef struct attribute_info {
285 	CK_ATTRIBUTE	attr;
286 	struct attribute_info *next;
287 } attribute_info_t;
288 
289 
290 typedef attribute_info_t *CK_ATTRIBUTE_INFO_PTR;
291 
292 /*
293  * This is the main structure of the Objects.
294  */
295 typedef struct object {
296 	/* Generic common fields. Always present */
297 	uint_t			version;	/* for token objects only */
298 	CK_OBJECT_CLASS 	class;
299 	CK_KEY_TYPE		key_type;
300 	CK_CERTIFICATE_TYPE	cert_type;
301 	ulong_t			magic_marker;
302 	uint64_t		bool_attr_mask;	/* see below */
303 	CK_MECHANISM_TYPE	mechanism;
304 	uchar_t object_type;		/* see below */
305 	struct ks_obj_handle ks_handle;	/* keystore handle */
306 
307 	/* Fields for access and arbitration */
308 	pthread_mutex_t	object_mutex;
309 	struct object *next;
310 	struct object *prev;
311 
312 	/* Extra non-boolean attribute list */
313 	CK_ATTRIBUTE_INFO_PTR extra_attrlistp;
314 
315 	/* For each object, only one of these object classes is presented */
316 	union {
317 		public_key_obj_t  *public_key;
318 		private_key_obj_t *private_key;
319 		secret_key_obj_t  *secret_key;
320 		domain_obj_t	  *domain;
321 		certificate_obj_t *certificate;
322 	} object_class_u;
323 
324 	/* Session handle that the object belongs to */
325 	CK_SESSION_HANDLE	session_handle;
326 	uint32_t	obj_refcnt;	/* object reference count */
327 	pthread_cond_t	obj_free_cond;	/* cond variable for signal and wait */
328 	uint32_t	obj_delete_sync;	/* object delete sync flags */
329 
330 } soft_object_t;
331 
332 typedef struct find_context {
333 	soft_object_t **objs_found;
334 	CK_ULONG num_results;
335 	CK_ULONG next_result_index;	/* next result object to return */
336 } find_context_t;
337 
338 /*
339  * The following structure is used to link the to-be-freed session
340  * objects into a linked list. The objects on this linked list have
341  * not yet been freed via free() after C_DestroyObject() call; instead
342  * they are added to this list. The actual free will take place when
343  * the number of objects queued reaches MAX_OBJ_TO_BE_FREED, at which
344  * time the first object in the list will be freed.
345  */
346 #define	MAX_OBJ_TO_BE_FREED		300
347 
348 typedef struct obj_to_be_freed_list {
349 	struct object	*first;	/* points to the first obj in the list */
350 	struct object	*last;	/* points to the last obj in the list */
351 	uint32_t	count;	/* current total objs in the list */
352 	pthread_mutex_t	obj_to_be_free_mutex;
353 } obj_to_be_freed_list_t;
354 
355 /*
356  * Object type
357  */
358 #define	SESSION_PUBLIC		0	/* CKA_TOKEN = 0, CKA_PRIVATE = 0 */
359 #define	SESSION_PRIVATE		1	/* CKA_TOKEN = 0, CKA_PRIVATE = 1 */
360 #define	TOKEN_PUBLIC		2	/* CKA_TOKEN = 1, CKA_PRIVATE = 0 */
361 #define	TOKEN_PRIVATE		3	/* CKA_TOKEN = 1, CKA_PRIVATE = 1 */
362 
363 #define	TOKEN_OBJECT		2
364 #define	PRIVATE_OBJECT		1
365 
366 typedef enum {
367 		ALL_TOKEN = 0,
368 		PUBLIC_TOKEN = 1,
369 		PRIVATE_TOKEN = 2
370 } token_obj_type_t;
371 
372 #define	IS_TOKEN_OBJECT(objp)	\
373 	((objp->object_type == TOKEN_PUBLIC) || \
374 	(objp->object_type == TOKEN_PRIVATE))
375 
376 /*
377  * Types associated with copying object's content
378  */
379 #define	SOFT_SET_ATTR_VALUE	1	/* for C_SetAttributeValue */
380 #define	SOFT_COPY_OBJECT	2	/* for C_CopyObject */
381 #define	SOFT_COPY_OBJ_ORIG_SH	3	/* for copying an object but keeps */
382 					/* the original session handle */
383 
384 /*
385  * The following definitions are the shortcuts
386  */
387 
388 /*
389  * RSA Public Key Object Attributes
390  */
391 #define	OBJ_PUB(o) \
392 	((o)->object_class_u.public_key)
393 #define	KEY_PUB_RSA(k) \
394 	&((k)->key_type_u.rsa_pub_key)
395 #define	OBJ_PUB_RSA_MOD(o) \
396 	&((o)->object_class_u.public_key->key_type_u.rsa_pub_key.modulus)
397 #define	KEY_PUB_RSA_MOD(k) \
398 	&((k)->key_type_u.rsa_pub_key.modulus)
399 #define	OBJ_PUB_RSA_PUBEXPO(o) \
400 	&((o)->object_class_u.public_key->key_type_u.rsa_pub_key.pub_exponent)
401 #define	KEY_PUB_RSA_PUBEXPO(k) \
402 	&((k)->key_type_u.rsa_pub_key.pub_exponent)
403 #define	OBJ_PUB_RSA_MOD_BITS(o) \
404 	((o)->object_class_u.public_key->key_type_u.rsa_pub_key.modulus_bits)
405 #define	KEY_PUB_RSA_MOD_BITS(k) \
406 	((k)->key_type_u.rsa_pub_key.modulus_bits)
407 
408 /*
409  * DSA Public Key Object Attributes
410  */
411 #define	KEY_PUB_DSA(k) \
412 	&((k)->key_type_u.dsa_pub_key)
413 #define	OBJ_PUB_DSA_PRIME(o) \
414 	&((o)->object_class_u.public_key->key_type_u.dsa_pub_key.prime)
415 #define	KEY_PUB_DSA_PRIME(k) \
416 	&((k)->key_type_u.dsa_pub_key.prime)
417 #define	OBJ_PUB_DSA_SUBPRIME(o) \
418 	&((o)->object_class_u.public_key->key_type_u.dsa_pub_key.subprime)
419 #define	KEY_PUB_DSA_SUBPRIME(k) \
420 	&((k)->key_type_u.dsa_pub_key.subprime)
421 #define	OBJ_PUB_DSA_BASE(o) \
422 	&((o)->object_class_u.public_key->key_type_u.dsa_pub_key.base)
423 #define	KEY_PUB_DSA_BASE(k) \
424 	&((k)->key_type_u.dsa_pub_key.base)
425 #define	OBJ_PUB_DSA_VALUE(o) \
426 	&((o)->object_class_u.public_key->key_type_u.dsa_pub_key.value)
427 #define	KEY_PUB_DSA_VALUE(k) \
428 	&((k)->key_type_u.dsa_pub_key.value)
429 
430 /*
431  * Diffie-Hellman Public Key Object Attributes
432  */
433 #define	KEY_PUB_DH(k) \
434 	&((k)->key_type_u.dh_pub_key)
435 #define	OBJ_PUB_DH_PRIME(o) \
436 	&((o)->object_class_u.public_key->key_type_u.dh_pub_key.prime)
437 #define	KEY_PUB_DH_PRIME(k) \
438 	&((k)->key_type_u.dh_pub_key.prime)
439 #define	OBJ_PUB_DH_BASE(o) \
440 	&((o)->object_class_u.public_key->key_type_u.dh_pub_key.base)
441 #define	KEY_PUB_DH_BASE(k) \
442 	&((k)->key_type_u.dh_pub_key.base)
443 #define	OBJ_PUB_DH_VALUE(o) \
444 	&((o)->object_class_u.public_key->key_type_u.dh_pub_key.value)
445 #define	KEY_PUB_DH_VALUE(k) \
446 	&((k)->key_type_u.dh_pub_key.value)
447 
448 /*
449  * X9.42 Diffie-Hellman Public Key Object Attributes
450  */
451 #define	KEY_PUB_DH942(k) \
452 	&((k)->key_type_u.dh942_pub_key)
453 #define	OBJ_PUB_DH942_PRIME(o) \
454 	&((o)->object_class_u.public_key->key_type_u.dh942_pub_key.prime)
455 #define	KEY_PUB_DH942_PRIME(k) \
456 	&((k)->key_type_u.dh942_pub_key.prime)
457 #define	OBJ_PUB_DH942_BASE(o) \
458 	&((o)->object_class_u.public_key->key_type_u.dh942_pub_key.base)
459 #define	KEY_PUB_DH942_BASE(k) \
460 	&((k)->key_type_u.dh942_pub_key.base)
461 #define	OBJ_PUB_DH942_SUBPRIME(o) \
462 	&((o)->object_class_u.public_key->key_type_u.dh942_pub_key.subprime)
463 #define	KEY_PUB_DH942_SUBPRIME(k) \
464 	&((k)->key_type_u.dh942_pub_key.subprime)
465 #define	OBJ_PUB_DH942_VALUE(o) \
466 	&((o)->object_class_u.public_key->key_type_u.dh942_pub_key.value)
467 #define	KEY_PUB_DH942_VALUE(k) \
468 	&((k)->key_type_u.dh942_pub_key.value)
469 
470 /*
471  * Elliptic Curve Public Key Object Attributes
472  */
473 #define	KEY_PUB_EC(k) \
474 	&((k)->key_type_u.ec_pub_key)
475 #define	OBJ_PUB_EC_POINT(o) \
476 	&((o)->object_class_u.public_key->key_type_u.ec_pub_key.point)
477 #define	KEY_PUB_EC_POINT(k) \
478 	&((k)->key_type_u.ec_pub_key.point)
479 
480 
481 /*
482  * RSA Private Key Object Attributes
483  */
484 #define	OBJ_PRI(o) \
485 	((o)->object_class_u.private_key)
486 #define	KEY_PRI_RSA(k) \
487 	&((k)->key_type_u.rsa_pri_key)
488 #define	OBJ_PRI_RSA_MOD(o) \
489 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.modulus)
490 #define	KEY_PRI_RSA_MOD(k) \
491 	&((k)->key_type_u.rsa_pri_key.modulus)
492 #define	OBJ_PRI_RSA_PUBEXPO(o) \
493 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.pub_exponent)
494 #define	KEY_PRI_RSA_PUBEXPO(k) \
495 	&((k)->key_type_u.rsa_pri_key.pub_exponent)
496 #define	OBJ_PRI_RSA_PRIEXPO(o) \
497 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.pri_exponent)
498 #define	KEY_PRI_RSA_PRIEXPO(k) \
499 	&((k)->key_type_u.rsa_pri_key.pri_exponent)
500 #define	OBJ_PRI_RSA_PRIME1(o) \
501 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.prime_1)
502 #define	KEY_PRI_RSA_PRIME1(k) \
503 	&((k)->key_type_u.rsa_pri_key.prime_1)
504 #define	OBJ_PRI_RSA_PRIME2(o) \
505 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.prime_2)
506 #define	KEY_PRI_RSA_PRIME2(k) \
507 	&((k)->key_type_u.rsa_pri_key.prime_2)
508 #define	OBJ_PRI_RSA_EXPO1(o) \
509 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.exponent_1)
510 #define	KEY_PRI_RSA_EXPO1(k) \
511 	&((k)->key_type_u.rsa_pri_key.exponent_1)
512 #define	OBJ_PRI_RSA_EXPO2(o) \
513 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.exponent_2)
514 #define	KEY_PRI_RSA_EXPO2(k) \
515 	&((k)->key_type_u.rsa_pri_key.exponent_2)
516 #define	OBJ_PRI_RSA_COEF(o) \
517 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.coefficient)
518 #define	KEY_PRI_RSA_COEF(k) \
519 	&((k)->key_type_u.rsa_pri_key.coefficient)
520 
521 /*
522  * DSA Private Key Object Attributes
523  */
524 #define	KEY_PRI_DSA(k) \
525 	&((k)->key_type_u.dsa_pri_key)
526 #define	OBJ_PRI_DSA_PRIME(o) \
527 	&((o)->object_class_u.private_key->key_type_u.dsa_pri_key.prime)
528 #define	KEY_PRI_DSA_PRIME(k) \
529 	&((k)->key_type_u.dsa_pri_key.prime)
530 #define	OBJ_PRI_DSA_SUBPRIME(o) \
531 	&((o)->object_class_u.private_key->key_type_u.dsa_pri_key.subprime)
532 #define	KEY_PRI_DSA_SUBPRIME(k) \
533 	&((k)->key_type_u.dsa_pri_key.subprime)
534 #define	OBJ_PRI_DSA_BASE(o) \
535 	&((o)->object_class_u.private_key->key_type_u.dsa_pri_key.base)
536 #define	KEY_PRI_DSA_BASE(k) \
537 	&((k)->key_type_u.dsa_pri_key.base)
538 #define	OBJ_PRI_DSA_VALUE(o) \
539 	&((o)->object_class_u.private_key->key_type_u.dsa_pri_key.value)
540 #define	KEY_PRI_DSA_VALUE(k) \
541 	&((k)->key_type_u.dsa_pri_key.value)
542 
543 /*
544  * Diffie-Hellman Private Key Object Attributes
545  */
546 #define	KEY_PRI_DH(k) \
547 	&((k)->key_type_u.dh_pri_key)
548 #define	OBJ_PRI_DH_PRIME(o) \
549 	&((o)->object_class_u.private_key->key_type_u.dh_pri_key.prime)
550 #define	KEY_PRI_DH_PRIME(k) \
551 	&((k)->key_type_u.dh_pri_key.prime)
552 #define	OBJ_PRI_DH_BASE(o) \
553 	&((o)->object_class_u.private_key->key_type_u.dh_pri_key.base)
554 #define	KEY_PRI_DH_BASE(k) \
555 	&((k)->key_type_u.dh_pri_key.base)
556 #define	OBJ_PRI_DH_VALUE(o) \
557 	&((o)->object_class_u.private_key->key_type_u.dh_pri_key.value)
558 #define	KEY_PRI_DH_VALUE(k) \
559 	&((k)->key_type_u.dh_pri_key.value)
560 #define	OBJ_PRI_DH_VAL_BITS(o) \
561 	((o)->object_class_u.private_key->key_type_u.dh_pri_key.value_bits)
562 #define	KEY_PRI_DH_VAL_BITS(k) \
563 	((k)->key_type_u.dh_pri_key.value_bits)
564 
565 /*
566  * X9.42 Diffie-Hellman Private Key Object Attributes
567  */
568 #define	KEY_PRI_DH942(k) \
569 	&((k)->key_type_u.dh942_pri_key)
570 #define	OBJ_PRI_DH942_PRIME(o) \
571 	&((o)->object_class_u.private_key->key_type_u.dh942_pri_key.prime)
572 #define	KEY_PRI_DH942_PRIME(k) \
573 	&((k)->key_type_u.dh942_pri_key.prime)
574 #define	OBJ_PRI_DH942_BASE(o) \
575 	&((o)->object_class_u.private_key->key_type_u.dh942_pri_key.base)
576 #define	KEY_PRI_DH942_BASE(k) \
577 	&((k)->key_type_u.dh942_pri_key.base)
578 #define	OBJ_PRI_DH942_SUBPRIME(o) \
579 	&((o)->object_class_u.private_key->key_type_u.dh942_pri_key.subprime)
580 #define	KEY_PRI_DH942_SUBPRIME(k) \
581 	&((k)->key_type_u.dh942_pri_key.subprime)
582 #define	OBJ_PRI_DH942_VALUE(o) \
583 	&((o)->object_class_u.private_key->key_type_u.dh942_pri_key.value)
584 #define	KEY_PRI_DH942_VALUE(k) \
585 	&((k)->key_type_u.dh942_pri_key.value)
586 
587 /*
588  * Elliptic Curve Private Key Object Attributes
589  */
590 
591 #define	KEY_PRI_EC(k) \
592 	&((k)->key_type_u.ec_pri_key)
593 #define	OBJ_PRI_EC_VALUE(o) \
594 	&((o)->object_class_u.private_key->key_type_u.ec_pri_key.value)
595 #define	KEY_PRI_EC_VALUE(k) \
596 	&((k)->key_type_u.ec_pri_key.value)
597 
598 /*
599  * DSA Domain Parameters Object Attributes
600  */
601 #define	OBJ_DOM(o) \
602 	((o)->object_class_u.domain)
603 #define	KEY_DOM_DSA(k) \
604 	&((k)->key_type_u.dsa_dom_key)
605 #define	OBJ_DOM_DSA_PRIME(o) \
606 	&((o)->object_class_u.domain->key_type_u.dsa_dom_key.prime)
607 #define	KEY_DOM_DSA_PRIME(k) \
608 	&((k)->key_type_u.dsa_dom_key.prime)
609 #define	OBJ_DOM_DSA_SUBPRIME(o) \
610 	&((o)->object_class_u.domain->key_type_u.dsa_dom_key.subprime)
611 #define	KEY_DOM_DSA_SUBPRIME(k) \
612 	&((k)->key_type_u.dsa_dom_key.subprime)
613 #define	OBJ_DOM_DSA_BASE(o) \
614 	&((o)->object_class_u.domain->key_type_u.dsa_dom_key.base)
615 #define	KEY_DOM_DSA_BASE(k) \
616 	&((k)->key_type_u.dsa_dom_key.base)
617 #define	OBJ_DOM_DSA_PRIME_BITS(o) \
618 	((o)->object_class_u.domain->key_type_u.dsa_dom_key.prime_bits)
619 
620 /*
621  * Diffie-Hellman Domain Parameters Object Attributes
622  */
623 #define	KEY_DOM_DH(k) \
624 	&((k)->key_type_u.dh_dom_key)
625 #define	OBJ_DOM_DH_PRIME(o) \
626 	&((o)->object_class_u.domain->key_type_u.dh_dom_key.prime)
627 #define	KEY_DOM_DH_PRIME(k) \
628 	&((k)->key_type_u.dh_dom_key.prime)
629 #define	OBJ_DOM_DH_BASE(o) \
630 	&((o)->object_class_u.domain->key_type_u.dh_dom_key.base)
631 #define	KEY_DOM_DH_BASE(k) \
632 	&((k)->key_type_u.dh_dom_key.base)
633 #define	OBJ_DOM_DH_PRIME_BITS(o) \
634 	((o)->object_class_u.domain->key_type_u.dh_dom_key.prime_bits)
635 
636 /*
637  * X9.42 Diffie-Hellman Domain Parameters Object Attributes
638  */
639 #define	KEY_DOM_DH942(k) \
640 	&((k)->key_type_u.dh942_dom_key)
641 #define	OBJ_DOM_DH942_PRIME(o) \
642 	&((o)->object_class_u.domain->key_type_u.dh942_dom_key.prime)
643 #define	KEY_DOM_DH942_PRIME(k) \
644 	&((k)->key_type_u.dh942_dom_key.prime)
645 #define	OBJ_DOM_DH942_BASE(o) \
646 	&((o)->object_class_u.domain->key_type_u.dh942_dom_key.base)
647 #define	KEY_DOM_DH942_BASE(k) \
648 	&((k)->key_type_u.dh942_dom_key.base)
649 #define	OBJ_DOM_DH942_SUBPRIME(o) \
650 	&((o)->object_class_u.domain->key_type_u.dh942_dom_key.subprime)
651 #define	KEY_DOM_DH942_SUBPRIME(k) \
652 	&((k)->key_type_u.dh942_dom_key.subprime)
653 #define	OBJ_DOM_DH942_PRIME_BITS(o) \
654 	((o)->object_class_u.domain->key_type_u.dh942_dom_key.prime_bits)
655 #define	OBJ_DOM_DH942_SUBPRIME_BITS(o) \
656 	((o)->object_class_u.domain->key_type_u.dh942_dom_key.subprime_bits)
657 
658 /*
659  * Secret Key Object Attributes
660  */
661 #define	OBJ_SEC(o) \
662 	((o)->object_class_u.secret_key)
663 #define	OBJ_SEC_VALUE(o) \
664 	((o)->object_class_u.secret_key->sk_value)
665 #define	OBJ_SEC_VALUE_LEN(o) \
666 	((o)->object_class_u.secret_key->sk_value_len)
667 #define	OBJ_KEY_SCHED(o) \
668 	((o)->object_class_u.secret_key->key_sched)
669 #define	OBJ_KEY_SCHED_LEN(o) \
670 	((o)->object_class_u.secret_key->keysched_len)
671 
672 #define	OBJ_CERT(o) \
673 	((o)->object_class_u.certificate)
674 /*
675  * X.509 Key Certificate object attributes
676  */
677 #define	X509_CERT(o) \
678 	((o)->object_class_u.certificate->cert_type_u.x509)
679 #define	X509_CERT_SUBJECT(o) \
680 	((o)->object_class_u.certificate->cert_type_u.x509.subject)
681 #define	X509_CERT_VALUE(o) \
682 	((o)->object_class_u.certificate->cert_type_u.x509.value)
683 
684 /*
685  * X.509 Attribute Certificate object attributes
686  */
687 #define	X509_ATTR_CERT(o) \
688 	((o)->object_class_u.certificate->cert_type_u.x509_attr)
689 #define	X509_ATTR_CERT_OWNER(o) \
690 	((o)->object_class_u.certificate->cert_type_u.x509_attr.owner)
691 #define	X509_ATTR_CERT_VALUE(o) \
692 	((o)->object_class_u.certificate->cert_type_u.x509_attr.value)
693 
694 /*
695  * key related attributes with CK_BBOOL data type
696  */
697 #define	DERIVE_BOOL_ON			0x00000001
698 #define	LOCAL_BOOL_ON			0x00000002
699 #define	SENSITIVE_BOOL_ON		0x00000004
700 #define	SECONDARY_AUTH_BOOL_ON		0x00000008
701 #define	ENCRYPT_BOOL_ON			0x00000010
702 #define	DECRYPT_BOOL_ON			0x00000020
703 #define	SIGN_BOOL_ON			0x00000040
704 #define	SIGN_RECOVER_BOOL_ON		0x00000080
705 #define	VERIFY_BOOL_ON			0x00000100
706 #define	VERIFY_RECOVER_BOOL_ON		0x00000200
707 #define	WRAP_BOOL_ON			0x00000400
708 #define	UNWRAP_BOOL_ON			0x00000800
709 #define	TRUSTED_BOOL_ON			0x00001000
710 #define	EXTRACTABLE_BOOL_ON		0x00002000
711 #define	ALWAYS_SENSITIVE_BOOL_ON	0x00004000
712 #define	NEVER_EXTRACTABLE_BOOL_ON	0x00008000
713 #define	NOT_MODIFIABLE_BOOL_ON		0x00010000
714 
715 #define	PUBLIC_KEY_DEFAULT	(ENCRYPT_BOOL_ON|\
716 				WRAP_BOOL_ON|\
717 				VERIFY_BOOL_ON|\
718 				VERIFY_RECOVER_BOOL_ON)
719 
720 #define	PRIVATE_KEY_DEFAULT	(DECRYPT_BOOL_ON|\
721 				UNWRAP_BOOL_ON|\
722 				SIGN_BOOL_ON|\
723 				SIGN_RECOVER_BOOL_ON|\
724 				EXTRACTABLE_BOOL_ON)
725 
726 #define	SECRET_KEY_DEFAULT	(ENCRYPT_BOOL_ON|\
727 				DECRYPT_BOOL_ON|\
728 				WRAP_BOOL_ON|\
729 				UNWRAP_BOOL_ON|\
730 				SIGN_BOOL_ON|\
731 				VERIFY_BOOL_ON|\
732 				EXTRACTABLE_BOOL_ON)
733 
734 /*
735  * MAX_KEY_ATTR_BUFLEN
736  * The maximum buffer size needed for public or private key attributes
737  * should be 514 bytes.  Just to be safe we give a little more space.
738  */
739 #define	MAX_KEY_ATTR_BUFLEN 1024
740 
741 /*
742  * Flag definitions for obj_delete_sync
743  */
744 #define	OBJECT_IS_DELETING	1	/* Object is in a deleting state */
745 #define	OBJECT_REFCNT_WAITING	2	/* Waiting for object reference */
746 					/* count to become zero */
747 
748 /*
749  * This macro is used to type cast an object handle to a pointer to
750  * the object struct. Also, it checks to see if the object struct
751  * is tagged with an object magic number. This is to detect when an
752  * application passes a bogus object pointer.
753  * Also, it checks to see if the object is in the deleting state that
754  * another thread is performing. If not, increment the object reference
755  * count by one. This is to prevent this object from being deleted by
756  * other thread.
757  */
758 #define	HANDLE2OBJECT_COMMON(hObject, object_p, rv, REFCNT_CODE) { \
759 	object_p = (soft_object_t *)(hObject); \
760 	if ((object_p == NULL) || \
761 		(object_p->magic_marker != SOFTTOKEN_OBJECT_MAGIC)) {\
762 			rv = CKR_OBJECT_HANDLE_INVALID; \
763 	} else { \
764 		(void) pthread_mutex_lock(&object_p->object_mutex); \
765 		if (!(object_p->obj_delete_sync & OBJECT_IS_DELETING)) { \
766 			REFCNT_CODE; \
767 			rv = CKR_OK; \
768 		} else { \
769 			rv = CKR_OBJECT_HANDLE_INVALID; \
770 		} \
771 		(void) pthread_mutex_unlock(&object_p->object_mutex); \
772 	} \
773 }
774 
775 #define	HANDLE2OBJECT(hObject, object_p, rv) \
776 	HANDLE2OBJECT_COMMON(hObject, object_p, rv, object_p->obj_refcnt++)
777 
778 #define	HANDLE2OBJECT_DESTROY(hObject, object_p, rv) \
779 	HANDLE2OBJECT_COMMON(hObject, object_p, rv, /* no refcnt increment */)
780 
781 
782 #define	OBJ_REFRELE(object_p) { \
783 	(void) pthread_mutex_lock(&object_p->object_mutex); \
784 	if ((--object_p->obj_refcnt) == 0 && \
785 	    (object_p->obj_delete_sync & OBJECT_REFCNT_WAITING)) { \
786 		(void) pthread_cond_signal(&object_p->obj_free_cond); \
787 	} \
788 	(void) pthread_mutex_unlock(&object_p->object_mutex); \
789 }
790 
791 /*
792  * Function Prototypes.
793  */
794 void soft_cleanup_object(soft_object_t *objp);
795 
796 CK_RV soft_add_object(CK_ATTRIBUTE_PTR pTemplate,  CK_ULONG ulCount,
797 	CK_ULONG *objecthandle_p, soft_session_t *sp);
798 
799 void soft_delete_object(soft_session_t *sp, soft_object_t *objp,
800 	boolean_t force, boolean_t lock_held);
801 
802 void soft_cleanup_extra_attr(soft_object_t *object_p);
803 
804 CK_RV soft_copy_extra_attr(CK_ATTRIBUTE_INFO_PTR old_attrp,
805 	soft_object_t *object_p);
806 
807 void soft_cleanup_object_bigint_attrs(soft_object_t *object_p);
808 
809 CK_RV soft_build_object(CK_ATTRIBUTE_PTR template,
810 	CK_ULONG ulAttrNum, soft_object_t *new_object);
811 
812 CK_RV soft_build_secret_key_object(CK_ATTRIBUTE_PTR template,
813 	CK_ULONG ulAttrNum, soft_object_t *new_object, CK_ULONG mode,
814 	CK_ULONG key_len, CK_KEY_TYPE key_type);
815 
816 CK_RV soft_copy_object(soft_object_t *old_object, soft_object_t **new_object,
817 	CK_ULONG object_func, soft_session_t *sp);
818 
819 void soft_merge_object(soft_object_t *old_object, soft_object_t *new_object);
820 
821 CK_RV soft_get_attribute(soft_object_t *object_p, CK_ATTRIBUTE_PTR template);
822 
823 CK_RV soft_set_attribute(soft_object_t *object_p, CK_ATTRIBUTE_PTR template,
824 	boolean_t copy);
825 
826 CK_RV soft_set_common_storage_attribute(soft_object_t *object_p,
827 	CK_ATTRIBUTE_PTR template, boolean_t copy);
828 
829 CK_RV soft_get_public_value(soft_object_t *, CK_ATTRIBUTE_TYPE, uchar_t *,
830 	uint32_t *);
831 
832 CK_RV soft_get_private_value(soft_object_t *, CK_ATTRIBUTE_TYPE, uchar_t *,
833 	uint32_t *);
834 
835 CK_RV get_ulong_attr_from_object(CK_ULONG value, CK_ATTRIBUTE_PTR template);
836 
837 void copy_bigint_attr(biginteger_t *src, biginteger_t *dst);
838 
839 void soft_add_object_to_session(soft_object_t *, soft_session_t *);
840 
841 CK_RV soft_build_key(CK_ATTRIBUTE_PTR, CK_ULONG, soft_object_t *,
842 	CK_OBJECT_CLASS, CK_KEY_TYPE, CK_ULONG, CK_ULONG);
843 
844 CK_RV soft_copy_public_key_attr(public_key_obj_t *old_pub_key_obj_p,
845 	public_key_obj_t **new_pub_key_obj_p, CK_KEY_TYPE key_type);
846 
847 CK_RV soft_copy_private_key_attr(private_key_obj_t *old_pri_key_obj_p,
848 	private_key_obj_t **new_pri_key_obj_p, CK_KEY_TYPE key_type);
849 
850 CK_RV soft_copy_secret_key_attr(secret_key_obj_t *old_secret_key_obj_p,
851 	secret_key_obj_t **new_secret_key_obj_p);
852 
853 CK_RV soft_copy_domain_attr(domain_obj_t *old_domain_obj_p,
854 	domain_obj_t **new_domain_obj_p, CK_KEY_TYPE key_type);
855 
856 CK_RV soft_validate_attr(CK_ATTRIBUTE_PTR template, CK_ULONG ulAttrNum,
857 	CK_OBJECT_CLASS *class);
858 
859 CK_RV soft_find_objects_init(soft_session_t *sp, CK_ATTRIBUTE_PTR pTemplate,
860 	CK_ULONG ulCount);
861 
862 void soft_find_objects_final(soft_session_t *sp);
863 
864 void soft_find_objects(soft_session_t *sp, CK_OBJECT_HANDLE *obj_found,
865 	CK_ULONG max_obj_requested, CK_ULONG *found_obj_count);
866 
867 void soft_process_find_attr(CK_OBJECT_CLASS *pclasses,
868 	CK_ULONG *num_result_pclasses, CK_ATTRIBUTE_PTR pTemplate,
869 	CK_ULONG ulCount);
870 
871 boolean_t soft_find_match_attrs(soft_object_t *obj, CK_OBJECT_CLASS *pclasses,
872 	CK_ULONG num_pclasses, CK_ATTRIBUTE *tmpl_attr, CK_ULONG num_attr);
873 
874 CK_ATTRIBUTE_PTR get_extra_attr(CK_ATTRIBUTE_TYPE type, soft_object_t *obj);
875 
876 CK_RV get_string_from_template(CK_ATTRIBUTE_PTR dest, CK_ATTRIBUTE_PTR src);
877 
878 void string_attr_cleanup(CK_ATTRIBUTE_PTR template);
879 
880 void soft_cleanup_cert_object(soft_object_t *object_p);
881 
882 CK_RV soft_get_certificate_attribute(soft_object_t *object_p,
883 	CK_ATTRIBUTE_PTR template);
884 
885 CK_RV soft_set_certificate_attribute(soft_object_t *object_p,
886 	CK_ATTRIBUTE_PTR template, boolean_t copy);
887 
888 CK_RV soft_copy_certificate(certificate_obj_t *old, certificate_obj_t **new,
889 	CK_CERTIFICATE_TYPE type);
890 
891 CK_RV get_cert_attr_from_template(cert_attr_t **dest,
892 	CK_ATTRIBUTE_PTR src);
893 
894 /* Token object related function prototypes */
895 
896 void soft_add_token_object_to_slot(soft_object_t *objp);
897 
898 void soft_remove_token_object_from_slot(soft_object_t *objp,
899 	boolean_t lock_held);
900 
901 void soft_delete_token_object(soft_object_t *objp, boolean_t persistent,
902 	boolean_t lock_held);
903 
904 void soft_delete_all_in_core_token_objects(token_obj_type_t type);
905 
906 void soft_validate_token_objects(boolean_t validate);
907 
908 CK_RV soft_object_write_access_check(soft_session_t *sp, soft_object_t *objp);
909 
910 CK_RV soft_pin_expired_check(soft_object_t *objp);
911 
912 CK_RV soft_copy_to_old_object(soft_object_t *new, soft_object_t *old);
913 
914 CK_RV soft_keystore_load_latest_object(soft_object_t *old_obj);
915 
916 CK_RV refresh_token_objects();
917 
918 void bigint_attr_cleanup(biginteger_t *big);
919 
920 CK_RV soft_add_extra_attr(CK_ATTRIBUTE_PTR template, soft_object_t *object_p);
921 
922 CK_RV get_bigint_attr_from_template(biginteger_t *big,
923 	CK_ATTRIBUTE_PTR template);
924 
925 #ifdef	__cplusplus
926 }
927 #endif
928 
929 #endif /* _SOFTOBJECT_H */
930