1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #ifndef _SOFTOBJECT_H 27 #define _SOFTOBJECT_H 28 29 #pragma ident "%Z%%M% %I% %E% SMI" 30 31 #ifdef __cplusplus 32 extern "C" { 33 #endif 34 35 #include <pthread.h> 36 #include <security/pkcs11t.h> 37 #include "softKeystoreUtil.h" 38 #include "softSession.h" 39 40 41 #define SOFTTOKEN_OBJECT_MAGIC 0xECF0B002 42 43 #define SOFT_CREATE_OBJ 1 44 #define SOFT_GEN_KEY 2 45 #define SOFT_DERIVE_KEY_DH 3 /* for CKM_DH_PKCS_DERIVE */ 46 #define SOFT_DERIVE_KEY_OTHER 4 /* for CKM_MD5_KEY_DERIVATION and */ 47 /* CKM_SHA1_KEY_DERIVATION */ 48 #define SOFT_UNWRAP_KEY 5 49 #define SOFT_CREATE_OBJ_INT 6 /* internal object creation */ 50 51 typedef struct biginteger { 52 CK_BYTE *big_value; 53 CK_ULONG big_value_len; 54 } biginteger_t; 55 56 57 /* 58 * Secret key Struct 59 */ 60 typedef struct secret_key_obj { 61 CK_BYTE *sk_value; 62 CK_ULONG sk_value_len; 63 void *key_sched; 64 size_t keysched_len; 65 } secret_key_obj_t; 66 67 68 /* 69 * PKCS11: RSA Public Key Object Attributes 70 */ 71 typedef struct rsa_pub_key { 72 biginteger_t modulus; 73 CK_ULONG modulus_bits; 74 biginteger_t pub_exponent; 75 } rsa_pub_key_t; 76 77 78 /* 79 * PKCS11: DSA Public Key Object Attributes 80 */ 81 typedef struct dsa_pub_key { 82 biginteger_t prime; 83 biginteger_t subprime; 84 biginteger_t base; 85 biginteger_t value; 86 } dsa_pub_key_t; 87 88 89 /* 90 * PKCS11: Diffie-Hellman Public Key Object Attributes 91 */ 92 typedef struct dh_pub_key { 93 biginteger_t prime; 94 biginteger_t base; 95 biginteger_t value; 96 } dh_pub_key_t; 97 98 99 /* 100 * PKCS11: X9.42 Diffie-Hellman Public Key Object Attributes 101 */ 102 typedef struct dh942_pub_key { 103 biginteger_t prime; 104 biginteger_t base; 105 biginteger_t subprime; 106 biginteger_t value; 107 } dh942_pub_key_t; 108 109 110 /* 111 * PKCS11: Elliptic Curve Public Key Object Attributes 112 */ 113 typedef struct ec_pub_key { 114 biginteger_t param; 115 biginteger_t point; 116 } ec_pub_key_t; 117 118 119 /* 120 * Public Key Main Struct 121 */ 122 typedef struct public_key_obj { 123 union { 124 rsa_pub_key_t rsa_pub_key; /* RSA public key */ 125 dsa_pub_key_t dsa_pub_key; /* DSA public key */ 126 dh_pub_key_t dh_pub_key; /* DH public key */ 127 dh942_pub_key_t dh942_pub_key; /* DH9.42 public key */ 128 ec_pub_key_t ec_pub_key; /* Elliptic Curve public key */ 129 } key_type_u; 130 } public_key_obj_t; 131 132 /* 133 * PKCS11: RSA Private Key Object Attributes 134 */ 135 typedef struct rsa_pri_key { 136 biginteger_t modulus; 137 biginteger_t pub_exponent; 138 biginteger_t pri_exponent; 139 biginteger_t prime_1; 140 biginteger_t prime_2; 141 biginteger_t exponent_1; 142 biginteger_t exponent_2; 143 biginteger_t coefficient; 144 } rsa_pri_key_t; 145 146 /* 147 * PKCS11: DSA Private Key Object Attributes 148 */ 149 typedef struct dsa_pri_key { 150 biginteger_t prime; 151 biginteger_t subprime; 152 biginteger_t base; 153 biginteger_t value; 154 } dsa_pri_key_t; 155 156 157 /* 158 * PKCS11: Diffie-Hellman Private Key Object Attributes 159 */ 160 typedef struct dh_pri_key { 161 biginteger_t prime; 162 biginteger_t base; 163 biginteger_t value; 164 CK_ULONG value_bits; 165 } dh_pri_key_t; 166 167 /* 168 * PKCS11: X9.42 Diffie-Hellman Private Key Object Attributes 169 */ 170 typedef struct dh942_pri_key { 171 biginteger_t prime; 172 biginteger_t base; 173 biginteger_t subprime; 174 biginteger_t value; 175 } dh942_pri_key_t; 176 177 /* 178 * PKCS11: Elliptic Curve Private Key Object Attributes 179 */ 180 typedef struct ec_pri_key { 181 biginteger_t param; 182 biginteger_t value; 183 } ec_pri_key_t; 184 185 186 /* 187 * Private Key Main Struct 188 */ 189 typedef struct private_key_obj { 190 union { 191 rsa_pri_key_t rsa_pri_key; /* RSA private key */ 192 dsa_pri_key_t dsa_pri_key; /* DSA private key */ 193 dh_pri_key_t dh_pri_key; /* DH private key */ 194 dh942_pri_key_t dh942_pri_key; /* DH9.42 private key */ 195 ec_pri_key_t ec_pri_key; /* Elliptic Curve private key */ 196 } key_type_u; 197 } private_key_obj_t; 198 199 /* 200 * PKCS11: DSA Domain Parameters Object Attributes 201 */ 202 typedef struct dsa_dom_key { 203 biginteger_t prime; 204 biginteger_t subprime; 205 biginteger_t base; 206 CK_ULONG prime_bits; 207 } dsa_dom_key_t; 208 209 210 /* 211 * PKCS11: Diffie-Hellman Domain Parameters Object Attributes 212 */ 213 typedef struct dh_dom_key { 214 biginteger_t prime; 215 biginteger_t base; 216 CK_ULONG prime_bits; 217 } dh_dom_key_t; 218 219 220 /* 221 * PKCS11: X9.42 Diffie-Hellman Domain Parameters Object Attributes 222 */ 223 typedef struct dh942_dom_key { 224 biginteger_t prime; 225 biginteger_t base; 226 biginteger_t subprime; 227 CK_ULONG prime_bits; 228 CK_ULONG subprime_bits; 229 } dh942_dom_key_t; 230 231 /* 232 * Domain Parameters Main Struct 233 */ 234 typedef struct domain_obj { 235 union { 236 dsa_dom_key_t dsa_dom_key; /* DSA domain parameters */ 237 dh_dom_key_t dh_dom_key; /* DH domain parameters */ 238 dh942_dom_key_t dh942_dom_key; /* DH9.42 domain parameters */ 239 } key_type_u; 240 } domain_obj_t; 241 242 typedef struct cert_attr_type { 243 CK_BYTE *value; 244 CK_ULONG length; 245 } cert_attr_t; 246 247 /* 248 * X.509 Public Key Certificate Structure. 249 * This structure contains only the attributes that are 250 * NOT modifiable after creation. 251 * ID, ISSUER, and SUBJECT attributes are kept in the extra_attrlistp 252 * record. 253 */ 254 typedef struct x509_cert { 255 cert_attr_t *subject; /* DER encoding of certificate subject name */ 256 cert_attr_t *value; /* BER encoding of the cert */ 257 } x509_cert_t; 258 259 /* 260 * X.509 Attribute Certificiate Structure 261 * This structure contains only the attributes that are 262 * NOT modifiable after creation. 263 * AC_ISSUER, SERIAL_NUMBER, and ATTR_TYPES are kept in the 264 * extra_attrlistp record so they may be modified. 265 */ 266 typedef struct x509_attr_cert { 267 cert_attr_t *owner; /* DER encoding of attr cert subject field */ 268 cert_attr_t *value; /* BER encoding of cert */ 269 } x509_attr_cert_t; 270 271 /* 272 * Certificate Object Main Struct 273 */ 274 typedef struct certificate_obj { 275 CK_CERTIFICATE_TYPE certificate_type; 276 union { 277 x509_cert_t x509; 278 x509_attr_cert_t x509_attr; 279 } cert_type_u; 280 } certificate_obj_t; 281 282 /* 283 * This structure is used to hold the attributes in the 284 * Extra Attribute List. 285 */ 286 typedef struct attribute_info { 287 CK_ATTRIBUTE attr; 288 struct attribute_info *next; 289 } attribute_info_t; 290 291 292 typedef attribute_info_t *CK_ATTRIBUTE_INFO_PTR; 293 294 /* 295 * This is the main structure of the Objects. 296 */ 297 typedef struct object { 298 /* Generic common fields. Always present */ 299 uint_t version; /* for token objects only */ 300 CK_OBJECT_CLASS class; 301 CK_KEY_TYPE key_type; 302 CK_CERTIFICATE_TYPE cert_type; 303 ulong_t magic_marker; 304 uint64_t bool_attr_mask; /* see below */ 305 CK_MECHANISM_TYPE mechanism; 306 uchar_t object_type; /* see below */ 307 struct ks_obj_handle ks_handle; /* keystore handle */ 308 309 /* Fields for access and arbitration */ 310 pthread_mutex_t object_mutex; 311 struct object *next; 312 struct object *prev; 313 314 /* Extra non-boolean attribute list */ 315 CK_ATTRIBUTE_INFO_PTR extra_attrlistp; 316 317 /* For each object, only one of these object classes is presented */ 318 union { 319 public_key_obj_t *public_key; 320 private_key_obj_t *private_key; 321 secret_key_obj_t *secret_key; 322 domain_obj_t *domain; 323 certificate_obj_t *certificate; 324 } object_class_u; 325 326 /* Session handle that the object belongs to */ 327 CK_SESSION_HANDLE session_handle; 328 uint32_t obj_refcnt; /* object reference count */ 329 pthread_cond_t obj_free_cond; /* cond variable for signal and wait */ 330 uint32_t obj_delete_sync; /* object delete sync flags */ 331 332 } soft_object_t; 333 334 typedef struct find_context { 335 soft_object_t **objs_found; 336 CK_ULONG num_results; 337 CK_ULONG next_result_index; /* next result object to return */ 338 } find_context_t; 339 340 /* 341 * The following structure is used to link the to-be-freed session 342 * objects into a linked list. The objects on this linked list have 343 * not yet been freed via free() after C_DestroyObject() call; instead 344 * they are added to this list. The actual free will take place when 345 * the number of objects queued reaches MAX_OBJ_TO_BE_FREED, at which 346 * time the first object in the list will be freed. 347 */ 348 #define MAX_OBJ_TO_BE_FREED 300 349 350 typedef struct obj_to_be_freed_list { 351 struct object *first; /* points to the first obj in the list */ 352 struct object *last; /* points to the last obj in the list */ 353 uint32_t count; /* current total objs in the list */ 354 pthread_mutex_t obj_to_be_free_mutex; 355 } obj_to_be_freed_list_t; 356 357 /* 358 * Object type 359 */ 360 #define SESSION_PUBLIC 0 /* CKA_TOKEN = 0, CKA_PRIVATE = 0 */ 361 #define SESSION_PRIVATE 1 /* CKA_TOKEN = 0, CKA_PRIVATE = 1 */ 362 #define TOKEN_PUBLIC 2 /* CKA_TOKEN = 1, CKA_PRIVATE = 0 */ 363 #define TOKEN_PRIVATE 3 /* CKA_TOKEN = 1, CKA_PRIVATE = 1 */ 364 365 #define TOKEN_OBJECT 2 366 #define PRIVATE_OBJECT 1 367 368 typedef enum { 369 ALL_TOKEN = 0, 370 PUBLIC_TOKEN = 1, 371 PRIVATE_TOKEN = 2 372 } token_obj_type_t; 373 374 #define IS_TOKEN_OBJECT(objp) \ 375 ((objp->object_type == TOKEN_PUBLIC) || \ 376 (objp->object_type == TOKEN_PRIVATE)) 377 378 /* 379 * Types associated with copying object's content 380 */ 381 #define SOFT_SET_ATTR_VALUE 1 /* for C_SetAttributeValue */ 382 #define SOFT_COPY_OBJECT 2 /* for C_CopyObject */ 383 #define SOFT_COPY_OBJ_ORIG_SH 3 /* for copying an object but keeps */ 384 /* the original session handle */ 385 386 /* 387 * The following definitions are the shortcuts 388 */ 389 390 /* 391 * RSA Public Key Object Attributes 392 */ 393 #define OBJ_PUB(o) \ 394 ((o)->object_class_u.public_key) 395 #define KEY_PUB_RSA(k) \ 396 &((k)->key_type_u.rsa_pub_key) 397 #define OBJ_PUB_RSA_MOD(o) \ 398 &((o)->object_class_u.public_key->key_type_u.rsa_pub_key.modulus) 399 #define KEY_PUB_RSA_MOD(k) \ 400 &((k)->key_type_u.rsa_pub_key.modulus) 401 #define OBJ_PUB_RSA_PUBEXPO(o) \ 402 &((o)->object_class_u.public_key->key_type_u.rsa_pub_key.pub_exponent) 403 #define KEY_PUB_RSA_PUBEXPO(k) \ 404 &((k)->key_type_u.rsa_pub_key.pub_exponent) 405 #define OBJ_PUB_RSA_MOD_BITS(o) \ 406 ((o)->object_class_u.public_key->key_type_u.rsa_pub_key.modulus_bits) 407 #define KEY_PUB_RSA_MOD_BITS(k) \ 408 ((k)->key_type_u.rsa_pub_key.modulus_bits) 409 410 /* 411 * DSA Public Key Object Attributes 412 */ 413 #define KEY_PUB_DSA(k) \ 414 &((k)->key_type_u.dsa_pub_key) 415 #define OBJ_PUB_DSA_PRIME(o) \ 416 &((o)->object_class_u.public_key->key_type_u.dsa_pub_key.prime) 417 #define KEY_PUB_DSA_PRIME(k) \ 418 &((k)->key_type_u.dsa_pub_key.prime) 419 #define OBJ_PUB_DSA_SUBPRIME(o) \ 420 &((o)->object_class_u.public_key->key_type_u.dsa_pub_key.subprime) 421 #define KEY_PUB_DSA_SUBPRIME(k) \ 422 &((k)->key_type_u.dsa_pub_key.subprime) 423 #define OBJ_PUB_DSA_BASE(o) \ 424 &((o)->object_class_u.public_key->key_type_u.dsa_pub_key.base) 425 #define KEY_PUB_DSA_BASE(k) \ 426 &((k)->key_type_u.dsa_pub_key.base) 427 #define OBJ_PUB_DSA_VALUE(o) \ 428 &((o)->object_class_u.public_key->key_type_u.dsa_pub_key.value) 429 #define KEY_PUB_DSA_VALUE(k) \ 430 &((k)->key_type_u.dsa_pub_key.value) 431 432 /* 433 * Diffie-Hellman Public Key Object Attributes 434 */ 435 #define KEY_PUB_DH(k) \ 436 &((k)->key_type_u.dh_pub_key) 437 #define OBJ_PUB_DH_PRIME(o) \ 438 &((o)->object_class_u.public_key->key_type_u.dh_pub_key.prime) 439 #define KEY_PUB_DH_PRIME(k) \ 440 &((k)->key_type_u.dh_pub_key.prime) 441 #define OBJ_PUB_DH_BASE(o) \ 442 &((o)->object_class_u.public_key->key_type_u.dh_pub_key.base) 443 #define KEY_PUB_DH_BASE(k) \ 444 &((k)->key_type_u.dh_pub_key.base) 445 #define OBJ_PUB_DH_VALUE(o) \ 446 &((o)->object_class_u.public_key->key_type_u.dh_pub_key.value) 447 #define KEY_PUB_DH_VALUE(k) \ 448 &((k)->key_type_u.dh_pub_key.value) 449 450 /* 451 * X9.42 Diffie-Hellman Public Key Object Attributes 452 */ 453 #define KEY_PUB_DH942(k) \ 454 &((k)->key_type_u.dh942_pub_key) 455 #define OBJ_PUB_DH942_PRIME(o) \ 456 &((o)->object_class_u.public_key->key_type_u.dh942_pub_key.prime) 457 #define KEY_PUB_DH942_PRIME(k) \ 458 &((k)->key_type_u.dh942_pub_key.prime) 459 #define OBJ_PUB_DH942_BASE(o) \ 460 &((o)->object_class_u.public_key->key_type_u.dh942_pub_key.base) 461 #define KEY_PUB_DH942_BASE(k) \ 462 &((k)->key_type_u.dh942_pub_key.base) 463 #define OBJ_PUB_DH942_SUBPRIME(o) \ 464 &((o)->object_class_u.public_key->key_type_u.dh942_pub_key.subprime) 465 #define KEY_PUB_DH942_SUBPRIME(k) \ 466 &((k)->key_type_u.dh942_pub_key.subprime) 467 #define OBJ_PUB_DH942_VALUE(o) \ 468 &((o)->object_class_u.public_key->key_type_u.dh942_pub_key.value) 469 #define KEY_PUB_DH942_VALUE(k) \ 470 &((k)->key_type_u.dh942_pub_key.value) 471 472 /* 473 * Elliptic Curve Public Key Object Attributes 474 */ 475 #define KEY_PUB_EC(k) \ 476 &((k)->key_type_u.ec_pub_key) 477 #define OBJ_PUB_EC_POINT(o) \ 478 &((o)->object_class_u.public_key->key_type_u.ec_pub_key.point) 479 #define KEY_PUB_EC_POINT(k) \ 480 &((k)->key_type_u.ec_pub_key.point) 481 482 483 /* 484 * RSA Private Key Object Attributes 485 */ 486 #define OBJ_PRI(o) \ 487 ((o)->object_class_u.private_key) 488 #define KEY_PRI_RSA(k) \ 489 &((k)->key_type_u.rsa_pri_key) 490 #define OBJ_PRI_RSA_MOD(o) \ 491 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.modulus) 492 #define KEY_PRI_RSA_MOD(k) \ 493 &((k)->key_type_u.rsa_pri_key.modulus) 494 #define OBJ_PRI_RSA_PUBEXPO(o) \ 495 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.pub_exponent) 496 #define KEY_PRI_RSA_PUBEXPO(k) \ 497 &((k)->key_type_u.rsa_pri_key.pub_exponent) 498 #define OBJ_PRI_RSA_PRIEXPO(o) \ 499 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.pri_exponent) 500 #define KEY_PRI_RSA_PRIEXPO(k) \ 501 &((k)->key_type_u.rsa_pri_key.pri_exponent) 502 #define OBJ_PRI_RSA_PRIME1(o) \ 503 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.prime_1) 504 #define KEY_PRI_RSA_PRIME1(k) \ 505 &((k)->key_type_u.rsa_pri_key.prime_1) 506 #define OBJ_PRI_RSA_PRIME2(o) \ 507 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.prime_2) 508 #define KEY_PRI_RSA_PRIME2(k) \ 509 &((k)->key_type_u.rsa_pri_key.prime_2) 510 #define OBJ_PRI_RSA_EXPO1(o) \ 511 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.exponent_1) 512 #define KEY_PRI_RSA_EXPO1(k) \ 513 &((k)->key_type_u.rsa_pri_key.exponent_1) 514 #define OBJ_PRI_RSA_EXPO2(o) \ 515 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.exponent_2) 516 #define KEY_PRI_RSA_EXPO2(k) \ 517 &((k)->key_type_u.rsa_pri_key.exponent_2) 518 #define OBJ_PRI_RSA_COEF(o) \ 519 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.coefficient) 520 #define KEY_PRI_RSA_COEF(k) \ 521 &((k)->key_type_u.rsa_pri_key.coefficient) 522 523 /* 524 * DSA Private Key Object Attributes 525 */ 526 #define KEY_PRI_DSA(k) \ 527 &((k)->key_type_u.dsa_pri_key) 528 #define OBJ_PRI_DSA_PRIME(o) \ 529 &((o)->object_class_u.private_key->key_type_u.dsa_pri_key.prime) 530 #define KEY_PRI_DSA_PRIME(k) \ 531 &((k)->key_type_u.dsa_pri_key.prime) 532 #define OBJ_PRI_DSA_SUBPRIME(o) \ 533 &((o)->object_class_u.private_key->key_type_u.dsa_pri_key.subprime) 534 #define KEY_PRI_DSA_SUBPRIME(k) \ 535 &((k)->key_type_u.dsa_pri_key.subprime) 536 #define OBJ_PRI_DSA_BASE(o) \ 537 &((o)->object_class_u.private_key->key_type_u.dsa_pri_key.base) 538 #define KEY_PRI_DSA_BASE(k) \ 539 &((k)->key_type_u.dsa_pri_key.base) 540 #define OBJ_PRI_DSA_VALUE(o) \ 541 &((o)->object_class_u.private_key->key_type_u.dsa_pri_key.value) 542 #define KEY_PRI_DSA_VALUE(k) \ 543 &((k)->key_type_u.dsa_pri_key.value) 544 545 /* 546 * Diffie-Hellman Private Key Object Attributes 547 */ 548 #define KEY_PRI_DH(k) \ 549 &((k)->key_type_u.dh_pri_key) 550 #define OBJ_PRI_DH_PRIME(o) \ 551 &((o)->object_class_u.private_key->key_type_u.dh_pri_key.prime) 552 #define KEY_PRI_DH_PRIME(k) \ 553 &((k)->key_type_u.dh_pri_key.prime) 554 #define OBJ_PRI_DH_BASE(o) \ 555 &((o)->object_class_u.private_key->key_type_u.dh_pri_key.base) 556 #define KEY_PRI_DH_BASE(k) \ 557 &((k)->key_type_u.dh_pri_key.base) 558 #define OBJ_PRI_DH_VALUE(o) \ 559 &((o)->object_class_u.private_key->key_type_u.dh_pri_key.value) 560 #define KEY_PRI_DH_VALUE(k) \ 561 &((k)->key_type_u.dh_pri_key.value) 562 #define OBJ_PRI_DH_VAL_BITS(o) \ 563 ((o)->object_class_u.private_key->key_type_u.dh_pri_key.value_bits) 564 #define KEY_PRI_DH_VAL_BITS(k) \ 565 ((k)->key_type_u.dh_pri_key.value_bits) 566 567 /* 568 * X9.42 Diffie-Hellman Private Key Object Attributes 569 */ 570 #define KEY_PRI_DH942(k) \ 571 &((k)->key_type_u.dh942_pri_key) 572 #define OBJ_PRI_DH942_PRIME(o) \ 573 &((o)->object_class_u.private_key->key_type_u.dh942_pri_key.prime) 574 #define KEY_PRI_DH942_PRIME(k) \ 575 &((k)->key_type_u.dh942_pri_key.prime) 576 #define OBJ_PRI_DH942_BASE(o) \ 577 &((o)->object_class_u.private_key->key_type_u.dh942_pri_key.base) 578 #define KEY_PRI_DH942_BASE(k) \ 579 &((k)->key_type_u.dh942_pri_key.base) 580 #define OBJ_PRI_DH942_SUBPRIME(o) \ 581 &((o)->object_class_u.private_key->key_type_u.dh942_pri_key.subprime) 582 #define KEY_PRI_DH942_SUBPRIME(k) \ 583 &((k)->key_type_u.dh942_pri_key.subprime) 584 #define OBJ_PRI_DH942_VALUE(o) \ 585 &((o)->object_class_u.private_key->key_type_u.dh942_pri_key.value) 586 #define KEY_PRI_DH942_VALUE(k) \ 587 &((k)->key_type_u.dh942_pri_key.value) 588 589 /* 590 * Elliptic Curve Private Key Object Attributes 591 */ 592 593 #define KEY_PRI_EC(k) \ 594 &((k)->key_type_u.ec_pri_key) 595 #define OBJ_PRI_EC_VALUE(o) \ 596 &((o)->object_class_u.private_key->key_type_u.ec_pri_key.value) 597 #define KEY_PRI_EC_VALUE(k) \ 598 &((k)->key_type_u.ec_pri_key.value) 599 600 /* 601 * DSA Domain Parameters Object Attributes 602 */ 603 #define OBJ_DOM(o) \ 604 ((o)->object_class_u.domain) 605 #define KEY_DOM_DSA(k) \ 606 &((k)->key_type_u.dsa_dom_key) 607 #define OBJ_DOM_DSA_PRIME(o) \ 608 &((o)->object_class_u.domain->key_type_u.dsa_dom_key.prime) 609 #define KEY_DOM_DSA_PRIME(k) \ 610 &((k)->key_type_u.dsa_dom_key.prime) 611 #define OBJ_DOM_DSA_SUBPRIME(o) \ 612 &((o)->object_class_u.domain->key_type_u.dsa_dom_key.subprime) 613 #define KEY_DOM_DSA_SUBPRIME(k) \ 614 &((k)->key_type_u.dsa_dom_key.subprime) 615 #define OBJ_DOM_DSA_BASE(o) \ 616 &((o)->object_class_u.domain->key_type_u.dsa_dom_key.base) 617 #define KEY_DOM_DSA_BASE(k) \ 618 &((k)->key_type_u.dsa_dom_key.base) 619 #define OBJ_DOM_DSA_PRIME_BITS(o) \ 620 ((o)->object_class_u.domain->key_type_u.dsa_dom_key.prime_bits) 621 622 /* 623 * Diffie-Hellman Domain Parameters Object Attributes 624 */ 625 #define KEY_DOM_DH(k) \ 626 &((k)->key_type_u.dh_dom_key) 627 #define OBJ_DOM_DH_PRIME(o) \ 628 &((o)->object_class_u.domain->key_type_u.dh_dom_key.prime) 629 #define KEY_DOM_DH_PRIME(k) \ 630 &((k)->key_type_u.dh_dom_key.prime) 631 #define OBJ_DOM_DH_BASE(o) \ 632 &((o)->object_class_u.domain->key_type_u.dh_dom_key.base) 633 #define KEY_DOM_DH_BASE(k) \ 634 &((k)->key_type_u.dh_dom_key.base) 635 #define OBJ_DOM_DH_PRIME_BITS(o) \ 636 ((o)->object_class_u.domain->key_type_u.dh_dom_key.prime_bits) 637 638 /* 639 * X9.42 Diffie-Hellman Domain Parameters Object Attributes 640 */ 641 #define KEY_DOM_DH942(k) \ 642 &((k)->key_type_u.dh942_dom_key) 643 #define OBJ_DOM_DH942_PRIME(o) \ 644 &((o)->object_class_u.domain->key_type_u.dh942_dom_key.prime) 645 #define KEY_DOM_DH942_PRIME(k) \ 646 &((k)->key_type_u.dh942_dom_key.prime) 647 #define OBJ_DOM_DH942_BASE(o) \ 648 &((o)->object_class_u.domain->key_type_u.dh942_dom_key.base) 649 #define KEY_DOM_DH942_BASE(k) \ 650 &((k)->key_type_u.dh942_dom_key.base) 651 #define OBJ_DOM_DH942_SUBPRIME(o) \ 652 &((o)->object_class_u.domain->key_type_u.dh942_dom_key.subprime) 653 #define KEY_DOM_DH942_SUBPRIME(k) \ 654 &((k)->key_type_u.dh942_dom_key.subprime) 655 #define OBJ_DOM_DH942_PRIME_BITS(o) \ 656 ((o)->object_class_u.domain->key_type_u.dh942_dom_key.prime_bits) 657 #define OBJ_DOM_DH942_SUBPRIME_BITS(o) \ 658 ((o)->object_class_u.domain->key_type_u.dh942_dom_key.subprime_bits) 659 660 /* 661 * Secret Key Object Attributes 662 */ 663 #define OBJ_SEC(o) \ 664 ((o)->object_class_u.secret_key) 665 #define OBJ_SEC_VALUE(o) \ 666 ((o)->object_class_u.secret_key->sk_value) 667 #define OBJ_SEC_VALUE_LEN(o) \ 668 ((o)->object_class_u.secret_key->sk_value_len) 669 #define OBJ_KEY_SCHED(o) \ 670 ((o)->object_class_u.secret_key->key_sched) 671 #define OBJ_KEY_SCHED_LEN(o) \ 672 ((o)->object_class_u.secret_key->keysched_len) 673 674 #define OBJ_CERT(o) \ 675 ((o)->object_class_u.certificate) 676 /* 677 * X.509 Key Certificate object attributes 678 */ 679 #define X509_CERT(o) \ 680 ((o)->object_class_u.certificate->cert_type_u.x509) 681 #define X509_CERT_SUBJECT(o) \ 682 ((o)->object_class_u.certificate->cert_type_u.x509.subject) 683 #define X509_CERT_VALUE(o) \ 684 ((o)->object_class_u.certificate->cert_type_u.x509.value) 685 686 /* 687 * X.509 Attribute Certificate object attributes 688 */ 689 #define X509_ATTR_CERT(o) \ 690 ((o)->object_class_u.certificate->cert_type_u.x509_attr) 691 #define X509_ATTR_CERT_OWNER(o) \ 692 ((o)->object_class_u.certificate->cert_type_u.x509_attr.owner) 693 #define X509_ATTR_CERT_VALUE(o) \ 694 ((o)->object_class_u.certificate->cert_type_u.x509_attr.value) 695 696 /* 697 * key related attributes with CK_BBOOL data type 698 */ 699 #define DERIVE_BOOL_ON 0x00000001 700 #define LOCAL_BOOL_ON 0x00000002 701 #define SENSITIVE_BOOL_ON 0x00000004 702 #define SECONDARY_AUTH_BOOL_ON 0x00000008 703 #define ENCRYPT_BOOL_ON 0x00000010 704 #define DECRYPT_BOOL_ON 0x00000020 705 #define SIGN_BOOL_ON 0x00000040 706 #define SIGN_RECOVER_BOOL_ON 0x00000080 707 #define VERIFY_BOOL_ON 0x00000100 708 #define VERIFY_RECOVER_BOOL_ON 0x00000200 709 #define WRAP_BOOL_ON 0x00000400 710 #define UNWRAP_BOOL_ON 0x00000800 711 #define TRUSTED_BOOL_ON 0x00001000 712 #define EXTRACTABLE_BOOL_ON 0x00002000 713 #define ALWAYS_SENSITIVE_BOOL_ON 0x00004000 714 #define NEVER_EXTRACTABLE_BOOL_ON 0x00008000 715 #define NOT_MODIFIABLE_BOOL_ON 0x00010000 716 717 #define PUBLIC_KEY_DEFAULT (ENCRYPT_BOOL_ON|\ 718 WRAP_BOOL_ON|\ 719 VERIFY_BOOL_ON|\ 720 VERIFY_RECOVER_BOOL_ON) 721 722 #define PRIVATE_KEY_DEFAULT (DECRYPT_BOOL_ON|\ 723 UNWRAP_BOOL_ON|\ 724 SIGN_BOOL_ON|\ 725 SIGN_RECOVER_BOOL_ON|\ 726 EXTRACTABLE_BOOL_ON) 727 728 #define SECRET_KEY_DEFAULT (ENCRYPT_BOOL_ON|\ 729 DECRYPT_BOOL_ON|\ 730 WRAP_BOOL_ON|\ 731 UNWRAP_BOOL_ON|\ 732 SIGN_BOOL_ON|\ 733 VERIFY_BOOL_ON|\ 734 EXTRACTABLE_BOOL_ON) 735 736 /* 737 * MAX_KEY_ATTR_BUFLEN 738 * The maximum buffer size needed for public or private key attributes 739 * should be 514 bytes. Just to be safe we give a little more space. 740 */ 741 #define MAX_KEY_ATTR_BUFLEN 1024 742 743 /* 744 * Flag definitions for obj_delete_sync 745 */ 746 #define OBJECT_IS_DELETING 1 /* Object is in a deleting state */ 747 #define OBJECT_REFCNT_WAITING 2 /* Waiting for object reference */ 748 /* count to become zero */ 749 750 /* 751 * This macro is used to type cast an object handle to a pointer to 752 * the object struct. Also, it checks to see if the object struct 753 * is tagged with an object magic number. This is to detect when an 754 * application passes a bogus object pointer. 755 * Also, it checks to see if the object is in the deleting state that 756 * another thread is performing. If not, increment the object reference 757 * count by one. This is to prevent this object from being deleted by 758 * other thread. 759 */ 760 #define HANDLE2OBJECT_COMMON(hObject, object_p, rv, REFCNT_CODE) { \ 761 object_p = (soft_object_t *)(hObject); \ 762 if ((object_p == NULL) || \ 763 (object_p->magic_marker != SOFTTOKEN_OBJECT_MAGIC)) {\ 764 rv = CKR_OBJECT_HANDLE_INVALID; \ 765 } else { \ 766 (void) pthread_mutex_lock(&object_p->object_mutex); \ 767 if (!(object_p->obj_delete_sync & OBJECT_IS_DELETING)) { \ 768 REFCNT_CODE; \ 769 rv = CKR_OK; \ 770 } else { \ 771 rv = CKR_OBJECT_HANDLE_INVALID; \ 772 } \ 773 (void) pthread_mutex_unlock(&object_p->object_mutex); \ 774 } \ 775 } 776 777 #define HANDLE2OBJECT(hObject, object_p, rv) \ 778 HANDLE2OBJECT_COMMON(hObject, object_p, rv, object_p->obj_refcnt++) 779 780 #define HANDLE2OBJECT_DESTROY(hObject, object_p, rv) \ 781 HANDLE2OBJECT_COMMON(hObject, object_p, rv, /* no refcnt increment */) 782 783 784 #define OBJ_REFRELE(object_p) { \ 785 (void) pthread_mutex_lock(&object_p->object_mutex); \ 786 if ((--object_p->obj_refcnt) == 0 && \ 787 (object_p->obj_delete_sync & OBJECT_REFCNT_WAITING)) { \ 788 (void) pthread_cond_signal(&object_p->obj_free_cond); \ 789 } \ 790 (void) pthread_mutex_unlock(&object_p->object_mutex); \ 791 } 792 793 /* 794 * Function Prototypes. 795 */ 796 void soft_cleanup_object(soft_object_t *objp); 797 798 CK_RV soft_add_object(CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, 799 CK_ULONG *objecthandle_p, soft_session_t *sp); 800 801 void soft_delete_object(soft_session_t *sp, soft_object_t *objp, 802 boolean_t lock_held); 803 804 void soft_cleanup_extra_attr(soft_object_t *object_p); 805 806 CK_RV soft_copy_extra_attr(CK_ATTRIBUTE_INFO_PTR old_attrp, 807 soft_object_t *object_p); 808 809 void soft_cleanup_object_bigint_attrs(soft_object_t *object_p); 810 811 CK_RV soft_build_object(CK_ATTRIBUTE_PTR template, 812 CK_ULONG ulAttrNum, soft_object_t *new_object); 813 814 CK_RV soft_build_secret_key_object(CK_ATTRIBUTE_PTR template, 815 CK_ULONG ulAttrNum, soft_object_t *new_object, CK_ULONG mode, 816 CK_ULONG key_len, CK_KEY_TYPE key_type); 817 818 CK_RV soft_copy_object(soft_object_t *old_object, soft_object_t **new_object, 819 CK_ULONG object_func, soft_session_t *sp); 820 821 void soft_merge_object(soft_object_t *old_object, soft_object_t *new_object); 822 823 CK_RV soft_get_attribute(soft_object_t *object_p, CK_ATTRIBUTE_PTR template); 824 825 CK_RV soft_set_attribute(soft_object_t *object_p, CK_ATTRIBUTE_PTR template, 826 boolean_t copy); 827 828 CK_RV soft_set_common_storage_attribute(soft_object_t *object_p, 829 CK_ATTRIBUTE_PTR template, boolean_t copy); 830 831 CK_RV soft_get_public_value(soft_object_t *, CK_ATTRIBUTE_TYPE, uchar_t *, 832 uint32_t *); 833 834 CK_RV soft_get_private_value(soft_object_t *, CK_ATTRIBUTE_TYPE, uchar_t *, 835 uint32_t *); 836 837 CK_RV get_ulong_attr_from_object(CK_ULONG value, CK_ATTRIBUTE_PTR template); 838 839 void copy_bigint_attr(biginteger_t *src, biginteger_t *dst); 840 841 void soft_add_object_to_session(soft_object_t *, soft_session_t *); 842 843 CK_RV soft_build_key(CK_ATTRIBUTE_PTR, CK_ULONG, soft_object_t *, 844 CK_OBJECT_CLASS, CK_KEY_TYPE, CK_ULONG, CK_ULONG); 845 846 CK_RV soft_copy_public_key_attr(public_key_obj_t *old_pub_key_obj_p, 847 public_key_obj_t **new_pub_key_obj_p, CK_KEY_TYPE key_type); 848 849 CK_RV soft_copy_private_key_attr(private_key_obj_t *old_pri_key_obj_p, 850 private_key_obj_t **new_pri_key_obj_p, CK_KEY_TYPE key_type); 851 852 CK_RV soft_copy_secret_key_attr(secret_key_obj_t *old_secret_key_obj_p, 853 secret_key_obj_t **new_secret_key_obj_p); 854 855 CK_RV soft_copy_domain_attr(domain_obj_t *old_domain_obj_p, 856 domain_obj_t **new_domain_obj_p, CK_KEY_TYPE key_type); 857 858 CK_RV soft_validate_attr(CK_ATTRIBUTE_PTR template, CK_ULONG ulAttrNum, 859 CK_OBJECT_CLASS *class); 860 861 CK_RV soft_find_objects_init(soft_session_t *sp, CK_ATTRIBUTE_PTR pTemplate, 862 CK_ULONG ulCount); 863 864 void soft_find_objects_final(soft_session_t *sp); 865 866 void soft_find_objects(soft_session_t *sp, CK_OBJECT_HANDLE *obj_found, 867 CK_ULONG max_obj_requested, CK_ULONG *found_obj_count); 868 869 void soft_process_find_attr(CK_OBJECT_CLASS *pclasses, 870 CK_ULONG *num_result_pclasses, CK_ATTRIBUTE_PTR pTemplate, 871 CK_ULONG ulCount); 872 873 boolean_t soft_find_match_attrs(soft_object_t *obj, CK_OBJECT_CLASS *pclasses, 874 CK_ULONG num_pclasses, CK_ATTRIBUTE *tmpl_attr, CK_ULONG num_attr); 875 876 CK_ATTRIBUTE_PTR get_extra_attr(CK_ATTRIBUTE_TYPE type, soft_object_t *obj); 877 878 CK_RV get_string_from_template(CK_ATTRIBUTE_PTR dest, CK_ATTRIBUTE_PTR src); 879 880 void string_attr_cleanup(CK_ATTRIBUTE_PTR template); 881 882 void soft_cleanup_cert_object(soft_object_t *object_p); 883 884 CK_RV soft_get_certificate_attribute(soft_object_t *object_p, 885 CK_ATTRIBUTE_PTR template); 886 887 CK_RV soft_set_certificate_attribute(soft_object_t *object_p, 888 CK_ATTRIBUTE_PTR template, boolean_t copy); 889 890 CK_RV soft_copy_certificate(certificate_obj_t *old, certificate_obj_t **new, 891 CK_CERTIFICATE_TYPE type); 892 893 CK_RV get_cert_attr_from_template(cert_attr_t **dest, 894 CK_ATTRIBUTE_PTR src); 895 896 /* Token object related function prototypes */ 897 898 void soft_add_token_object_to_slot(soft_object_t *objp); 899 900 void soft_remove_token_object_from_slot(soft_object_t *objp, 901 boolean_t lock_held); 902 903 void soft_delete_token_object(soft_object_t *objp, boolean_t persistent, 904 boolean_t lock_held); 905 906 void soft_delete_all_in_core_token_objects(token_obj_type_t type); 907 908 void soft_validate_token_objects(boolean_t validate); 909 910 CK_RV soft_object_write_access_check(soft_session_t *sp, soft_object_t *objp); 911 912 CK_RV soft_pin_expired_check(soft_object_t *objp); 913 914 CK_RV soft_copy_to_old_object(soft_object_t *new, soft_object_t *old); 915 916 CK_RV soft_keystore_load_latest_object(soft_object_t *old_obj); 917 918 CK_RV refresh_token_objects(); 919 920 void bigint_attr_cleanup(biginteger_t *big); 921 922 CK_RV soft_add_extra_attr(CK_ATTRIBUTE_PTR template, soft_object_t *object_p); 923 924 CK_RV get_bigint_attr_from_template(biginteger_t *big, 925 CK_ATTRIBUTE_PTR template); 926 927 #ifdef __cplusplus 928 } 929 #endif 930 931 #endif /* _SOFTOBJECT_H */ 932