1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. 24 * Copyright 2020 Joyent, Inc. 25 */ 26 27 #ifndef _SOFTOBJECT_H 28 #define _SOFTOBJECT_H 29 30 #ifdef __cplusplus 31 extern "C" { 32 #endif 33 34 #include <pthread.h> 35 #include <security/pkcs11t.h> 36 #include <sys/avl.h> 37 #include "softKeystoreUtil.h" 38 #include "softSession.h" 39 40 41 #define SOFTTOKEN_OBJECT_MAGIC 0xECF0B002 42 43 #define SOFT_CREATE_OBJ 1 44 #define SOFT_GEN_KEY 2 45 #define SOFT_DERIVE_KEY_DH 3 /* for CKM_DH_PKCS_DERIVE */ 46 #define SOFT_DERIVE_KEY_OTHER 4 /* for CKM_MD5_KEY_DERIVATION and */ 47 /* CKM_SHA1_KEY_DERIVATION */ 48 #define SOFT_UNWRAP_KEY 5 49 #define SOFT_CREATE_OBJ_INT 6 /* internal object creation */ 50 51 typedef struct biginteger { 52 CK_BYTE *big_value; 53 CK_ULONG big_value_len; 54 } biginteger_t; 55 56 57 /* 58 * Secret key Struct 59 */ 60 typedef struct secret_key_obj { 61 CK_BYTE *sk_value; 62 CK_ULONG sk_value_len; 63 void *key_sched; 64 size_t keysched_len; 65 } secret_key_obj_t; 66 67 68 /* 69 * PKCS11: RSA Public Key Object Attributes 70 */ 71 typedef struct rsa_pub_key { 72 biginteger_t modulus; 73 CK_ULONG modulus_bits; 74 biginteger_t pub_exponent; 75 } rsa_pub_key_t; 76 77 78 /* 79 * PKCS11: DSA Public Key Object Attributes 80 */ 81 typedef struct dsa_pub_key { 82 biginteger_t prime; 83 biginteger_t subprime; 84 biginteger_t base; 85 biginteger_t value; 86 } dsa_pub_key_t; 87 88 89 /* 90 * PKCS11: Diffie-Hellman Public Key Object Attributes 91 */ 92 typedef struct dh_pub_key { 93 biginteger_t prime; 94 biginteger_t base; 95 biginteger_t value; 96 } dh_pub_key_t; 97 98 99 /* 100 * PKCS11: X9.42 Diffie-Hellman Public Key Object Attributes 101 */ 102 typedef struct dh942_pub_key { 103 biginteger_t prime; 104 biginteger_t base; 105 biginteger_t subprime; 106 biginteger_t value; 107 } dh942_pub_key_t; 108 109 110 /* 111 * PKCS11: Elliptic Curve Public Key Object Attributes 112 */ 113 typedef struct ec_pub_key { 114 biginteger_t param; 115 biginteger_t point; 116 } ec_pub_key_t; 117 118 119 /* 120 * Public Key Main Struct 121 */ 122 typedef struct public_key_obj { 123 union { 124 rsa_pub_key_t rsa_pub_key; /* RSA public key */ 125 dsa_pub_key_t dsa_pub_key; /* DSA public key */ 126 dh_pub_key_t dh_pub_key; /* DH public key */ 127 dh942_pub_key_t dh942_pub_key; /* DH9.42 public key */ 128 ec_pub_key_t ec_pub_key; /* Elliptic Curve public key */ 129 } key_type_u; 130 } public_key_obj_t; 131 132 /* 133 * PKCS11: RSA Private Key Object Attributes 134 */ 135 typedef struct rsa_pri_key { 136 biginteger_t modulus; 137 biginteger_t pub_exponent; 138 biginteger_t pri_exponent; 139 biginteger_t prime_1; 140 biginteger_t prime_2; 141 biginteger_t exponent_1; 142 biginteger_t exponent_2; 143 biginteger_t coefficient; 144 } rsa_pri_key_t; 145 146 /* 147 * PKCS11: DSA Private Key Object Attributes 148 */ 149 typedef struct dsa_pri_key { 150 biginteger_t prime; 151 biginteger_t subprime; 152 biginteger_t base; 153 biginteger_t value; 154 } dsa_pri_key_t; 155 156 157 /* 158 * PKCS11: Diffie-Hellman Private Key Object Attributes 159 */ 160 typedef struct dh_pri_key { 161 biginteger_t prime; 162 biginteger_t base; 163 biginteger_t value; 164 CK_ULONG value_bits; 165 } dh_pri_key_t; 166 167 /* 168 * PKCS11: X9.42 Diffie-Hellman Private Key Object Attributes 169 */ 170 typedef struct dh942_pri_key { 171 biginteger_t prime; 172 biginteger_t base; 173 biginteger_t subprime; 174 biginteger_t value; 175 } dh942_pri_key_t; 176 177 /* 178 * PKCS11: Elliptic Curve Private Key Object Attributes 179 */ 180 typedef struct ec_pri_key { 181 biginteger_t param; 182 biginteger_t value; 183 } ec_pri_key_t; 184 185 186 /* 187 * Private Key Main Struct 188 */ 189 typedef struct private_key_obj { 190 union { 191 rsa_pri_key_t rsa_pri_key; /* RSA private key */ 192 dsa_pri_key_t dsa_pri_key; /* DSA private key */ 193 dh_pri_key_t dh_pri_key; /* DH private key */ 194 dh942_pri_key_t dh942_pri_key; /* DH9.42 private key */ 195 ec_pri_key_t ec_pri_key; /* Elliptic Curve private key */ 196 } key_type_u; 197 } private_key_obj_t; 198 199 /* 200 * PKCS11: DSA Domain Parameters Object Attributes 201 */ 202 typedef struct dsa_dom_key { 203 biginteger_t prime; 204 biginteger_t subprime; 205 biginteger_t base; 206 CK_ULONG prime_bits; 207 } dsa_dom_key_t; 208 209 210 /* 211 * PKCS11: Diffie-Hellman Domain Parameters Object Attributes 212 */ 213 typedef struct dh_dom_key { 214 biginteger_t prime; 215 biginteger_t base; 216 CK_ULONG prime_bits; 217 } dh_dom_key_t; 218 219 220 /* 221 * PKCS11: X9.42 Diffie-Hellman Domain Parameters Object Attributes 222 */ 223 typedef struct dh942_dom_key { 224 biginteger_t prime; 225 biginteger_t base; 226 biginteger_t subprime; 227 CK_ULONG prime_bits; 228 CK_ULONG subprime_bits; 229 } dh942_dom_key_t; 230 231 /* 232 * Domain Parameters Main Struct 233 */ 234 typedef struct domain_obj { 235 union { 236 dsa_dom_key_t dsa_dom_key; /* DSA domain parameters */ 237 dh_dom_key_t dh_dom_key; /* DH domain parameters */ 238 dh942_dom_key_t dh942_dom_key; /* DH9.42 domain parameters */ 239 } key_type_u; 240 } domain_obj_t; 241 242 typedef struct cert_attr_type { 243 CK_BYTE *value; 244 CK_ULONG length; 245 } cert_attr_t; 246 247 /* 248 * X.509 Public Key Certificate Structure. 249 * This structure contains only the attributes that are 250 * NOT modifiable after creation. 251 * ID, ISSUER, and SUBJECT attributes are kept in the extra_attrlistp 252 * record. 253 */ 254 typedef struct x509_cert { 255 cert_attr_t *subject; /* DER encoding of certificate subject name */ 256 cert_attr_t *value; /* BER encoding of the cert */ 257 } x509_cert_t; 258 259 /* 260 * X.509 Attribute Certificiate Structure 261 * This structure contains only the attributes that are 262 * NOT modifiable after creation. 263 * AC_ISSUER, SERIAL_NUMBER, and ATTR_TYPES are kept in the 264 * extra_attrlistp record so they may be modified. 265 */ 266 typedef struct x509_attr_cert { 267 cert_attr_t *owner; /* DER encoding of attr cert subject field */ 268 cert_attr_t *value; /* BER encoding of cert */ 269 } x509_attr_cert_t; 270 271 /* 272 * Certificate Object Main Struct 273 */ 274 typedef struct certificate_obj { 275 CK_CERTIFICATE_TYPE certificate_type; 276 union { 277 x509_cert_t x509; 278 x509_attr_cert_t x509_attr; 279 } cert_type_u; 280 } certificate_obj_t; 281 282 /* 283 * This structure is used to hold the attributes in the 284 * Extra Attribute List. 285 */ 286 typedef struct attribute_info { 287 CK_ATTRIBUTE attr; 288 struct attribute_info *next; 289 } attribute_info_t; 290 291 292 typedef attribute_info_t *CK_ATTRIBUTE_INFO_PTR; 293 294 /* 295 * This is the main structure of the Objects. 296 */ 297 typedef struct object { 298 avl_node_t node; 299 CK_OBJECT_HANDLE handle; 300 /* Generic common fields. Always present */ 301 uint_t version; /* for token objects only */ 302 CK_OBJECT_CLASS class; 303 CK_KEY_TYPE key_type; 304 CK_CERTIFICATE_TYPE cert_type; 305 ulong_t magic_marker; 306 uint64_t bool_attr_mask; /* see below */ 307 CK_MECHANISM_TYPE mechanism; 308 uchar_t object_type; /* see below */ 309 struct ks_obj_handle ks_handle; /* keystore handle */ 310 311 /* Fields for access and arbitration */ 312 pthread_mutex_t object_mutex; 313 struct object *next; 314 struct object *prev; 315 316 /* Extra non-boolean attribute list */ 317 CK_ATTRIBUTE_INFO_PTR extra_attrlistp; 318 319 /* For each object, only one of these object classes is presented */ 320 union { 321 public_key_obj_t *public_key; 322 private_key_obj_t *private_key; 323 secret_key_obj_t *secret_key; 324 domain_obj_t *domain; 325 certificate_obj_t *certificate; 326 } object_class_u; 327 328 /* Session handle that the object belongs to */ 329 CK_SESSION_HANDLE session_handle; 330 uint32_t obj_refcnt; /* object reference count */ 331 pthread_cond_t obj_free_cond; /* cond variable for signal and wait */ 332 uint32_t obj_delete_sync; /* object delete sync flags */ 333 334 } soft_object_t; 335 336 typedef struct find_context { 337 soft_object_t **objs_found; 338 CK_ULONG num_results; 339 CK_ULONG next_result_index; /* next result object to return */ 340 } find_context_t; 341 342 /* 343 * The following structure is used to link the to-be-freed session 344 * objects into a linked list. The objects on this linked list have 345 * not yet been freed via free() after C_DestroyObject() call; instead 346 * they are added to this list. The actual free will take place when 347 * the number of objects queued reaches MAX_OBJ_TO_BE_FREED, at which 348 * time the first object in the list will be freed. 349 */ 350 #define MAX_OBJ_TO_BE_FREED 300 351 352 typedef struct obj_to_be_freed_list { 353 struct object *first; /* points to the first obj in the list */ 354 struct object *last; /* points to the last obj in the list */ 355 uint32_t count; /* current total objs in the list */ 356 pthread_mutex_t obj_to_be_free_mutex; 357 } obj_to_be_freed_list_t; 358 359 /* 360 * Object type 361 */ 362 #define SESSION_PUBLIC 0 /* CKA_TOKEN = 0, CKA_PRIVATE = 0 */ 363 #define SESSION_PRIVATE 1 /* CKA_TOKEN = 0, CKA_PRIVATE = 1 */ 364 #define TOKEN_PUBLIC 2 /* CKA_TOKEN = 1, CKA_PRIVATE = 0 */ 365 #define TOKEN_PRIVATE 3 /* CKA_TOKEN = 1, CKA_PRIVATE = 1 */ 366 367 #define TOKEN_OBJECT 2 368 #define PRIVATE_OBJECT 1 369 370 typedef enum { 371 ALL_TOKEN = 0, 372 PUBLIC_TOKEN = 1, 373 PRIVATE_TOKEN = 2 374 } token_obj_type_t; 375 376 #define IS_TOKEN_OBJECT(objp) \ 377 ((objp->object_type == TOKEN_PUBLIC) || \ 378 (objp->object_type == TOKEN_PRIVATE)) 379 380 /* 381 * Types associated with copying object's content 382 */ 383 #define SOFT_SET_ATTR_VALUE 1 /* for C_SetAttributeValue */ 384 #define SOFT_COPY_OBJECT 2 /* for C_CopyObject */ 385 #define SOFT_COPY_OBJ_ORIG_SH 3 /* for copying an object but keeps */ 386 /* the original session handle */ 387 388 /* 389 * The following definitions are the shortcuts 390 */ 391 392 /* 393 * RSA Public Key Object Attributes 394 */ 395 #define OBJ_PUB(o) \ 396 ((o)->object_class_u.public_key) 397 #define KEY_PUB_RSA(k) \ 398 &((k)->key_type_u.rsa_pub_key) 399 #define OBJ_PUB_RSA_MOD(o) \ 400 &((o)->object_class_u.public_key->key_type_u.rsa_pub_key.modulus) 401 #define KEY_PUB_RSA_MOD(k) \ 402 &((k)->key_type_u.rsa_pub_key.modulus) 403 #define OBJ_PUB_RSA_PUBEXPO(o) \ 404 &((o)->object_class_u.public_key->key_type_u.rsa_pub_key.pub_exponent) 405 #define KEY_PUB_RSA_PUBEXPO(k) \ 406 &((k)->key_type_u.rsa_pub_key.pub_exponent) 407 #define OBJ_PUB_RSA_MOD_BITS(o) \ 408 ((o)->object_class_u.public_key->key_type_u.rsa_pub_key.modulus_bits) 409 #define KEY_PUB_RSA_MOD_BITS(k) \ 410 ((k)->key_type_u.rsa_pub_key.modulus_bits) 411 412 /* 413 * DSA Public Key Object Attributes 414 */ 415 #define KEY_PUB_DSA(k) \ 416 &((k)->key_type_u.dsa_pub_key) 417 #define OBJ_PUB_DSA_PRIME(o) \ 418 &((o)->object_class_u.public_key->key_type_u.dsa_pub_key.prime) 419 #define KEY_PUB_DSA_PRIME(k) \ 420 &((k)->key_type_u.dsa_pub_key.prime) 421 #define OBJ_PUB_DSA_SUBPRIME(o) \ 422 &((o)->object_class_u.public_key->key_type_u.dsa_pub_key.subprime) 423 #define KEY_PUB_DSA_SUBPRIME(k) \ 424 &((k)->key_type_u.dsa_pub_key.subprime) 425 #define OBJ_PUB_DSA_BASE(o) \ 426 &((o)->object_class_u.public_key->key_type_u.dsa_pub_key.base) 427 #define KEY_PUB_DSA_BASE(k) \ 428 &((k)->key_type_u.dsa_pub_key.base) 429 #define OBJ_PUB_DSA_VALUE(o) \ 430 &((o)->object_class_u.public_key->key_type_u.dsa_pub_key.value) 431 #define KEY_PUB_DSA_VALUE(k) \ 432 &((k)->key_type_u.dsa_pub_key.value) 433 434 /* 435 * Diffie-Hellman Public Key Object Attributes 436 */ 437 #define KEY_PUB_DH(k) \ 438 &((k)->key_type_u.dh_pub_key) 439 #define OBJ_PUB_DH_PRIME(o) \ 440 &((o)->object_class_u.public_key->key_type_u.dh_pub_key.prime) 441 #define KEY_PUB_DH_PRIME(k) \ 442 &((k)->key_type_u.dh_pub_key.prime) 443 #define OBJ_PUB_DH_BASE(o) \ 444 &((o)->object_class_u.public_key->key_type_u.dh_pub_key.base) 445 #define KEY_PUB_DH_BASE(k) \ 446 &((k)->key_type_u.dh_pub_key.base) 447 #define OBJ_PUB_DH_VALUE(o) \ 448 &((o)->object_class_u.public_key->key_type_u.dh_pub_key.value) 449 #define KEY_PUB_DH_VALUE(k) \ 450 &((k)->key_type_u.dh_pub_key.value) 451 452 /* 453 * X9.42 Diffie-Hellman Public Key Object Attributes 454 */ 455 #define KEY_PUB_DH942(k) \ 456 &((k)->key_type_u.dh942_pub_key) 457 #define OBJ_PUB_DH942_PRIME(o) \ 458 &((o)->object_class_u.public_key->key_type_u.dh942_pub_key.prime) 459 #define KEY_PUB_DH942_PRIME(k) \ 460 &((k)->key_type_u.dh942_pub_key.prime) 461 #define OBJ_PUB_DH942_BASE(o) \ 462 &((o)->object_class_u.public_key->key_type_u.dh942_pub_key.base) 463 #define KEY_PUB_DH942_BASE(k) \ 464 &((k)->key_type_u.dh942_pub_key.base) 465 #define OBJ_PUB_DH942_SUBPRIME(o) \ 466 &((o)->object_class_u.public_key->key_type_u.dh942_pub_key.subprime) 467 #define KEY_PUB_DH942_SUBPRIME(k) \ 468 &((k)->key_type_u.dh942_pub_key.subprime) 469 #define OBJ_PUB_DH942_VALUE(o) \ 470 &((o)->object_class_u.public_key->key_type_u.dh942_pub_key.value) 471 #define KEY_PUB_DH942_VALUE(k) \ 472 &((k)->key_type_u.dh942_pub_key.value) 473 474 /* 475 * Elliptic Curve Public Key Object Attributes 476 */ 477 #define KEY_PUB_EC(k) \ 478 &((k)->key_type_u.ec_pub_key) 479 #define OBJ_PUB_EC_POINT(o) \ 480 &((o)->object_class_u.public_key->key_type_u.ec_pub_key.point) 481 #define KEY_PUB_EC_POINT(k) \ 482 &((k)->key_type_u.ec_pub_key.point) 483 484 485 /* 486 * RSA Private Key Object Attributes 487 */ 488 #define OBJ_PRI(o) \ 489 ((o)->object_class_u.private_key) 490 #define KEY_PRI_RSA(k) \ 491 &((k)->key_type_u.rsa_pri_key) 492 #define OBJ_PRI_RSA_MOD(o) \ 493 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.modulus) 494 #define KEY_PRI_RSA_MOD(k) \ 495 &((k)->key_type_u.rsa_pri_key.modulus) 496 #define OBJ_PRI_RSA_PUBEXPO(o) \ 497 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.pub_exponent) 498 #define KEY_PRI_RSA_PUBEXPO(k) \ 499 &((k)->key_type_u.rsa_pri_key.pub_exponent) 500 #define OBJ_PRI_RSA_PRIEXPO(o) \ 501 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.pri_exponent) 502 #define KEY_PRI_RSA_PRIEXPO(k) \ 503 &((k)->key_type_u.rsa_pri_key.pri_exponent) 504 #define OBJ_PRI_RSA_PRIME1(o) \ 505 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.prime_1) 506 #define KEY_PRI_RSA_PRIME1(k) \ 507 &((k)->key_type_u.rsa_pri_key.prime_1) 508 #define OBJ_PRI_RSA_PRIME2(o) \ 509 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.prime_2) 510 #define KEY_PRI_RSA_PRIME2(k) \ 511 &((k)->key_type_u.rsa_pri_key.prime_2) 512 #define OBJ_PRI_RSA_EXPO1(o) \ 513 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.exponent_1) 514 #define KEY_PRI_RSA_EXPO1(k) \ 515 &((k)->key_type_u.rsa_pri_key.exponent_1) 516 #define OBJ_PRI_RSA_EXPO2(o) \ 517 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.exponent_2) 518 #define KEY_PRI_RSA_EXPO2(k) \ 519 &((k)->key_type_u.rsa_pri_key.exponent_2) 520 #define OBJ_PRI_RSA_COEF(o) \ 521 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.coefficient) 522 #define KEY_PRI_RSA_COEF(k) \ 523 &((k)->key_type_u.rsa_pri_key.coefficient) 524 525 /* 526 * DSA Private Key Object Attributes 527 */ 528 #define KEY_PRI_DSA(k) \ 529 &((k)->key_type_u.dsa_pri_key) 530 #define OBJ_PRI_DSA_PRIME(o) \ 531 &((o)->object_class_u.private_key->key_type_u.dsa_pri_key.prime) 532 #define KEY_PRI_DSA_PRIME(k) \ 533 &((k)->key_type_u.dsa_pri_key.prime) 534 #define OBJ_PRI_DSA_SUBPRIME(o) \ 535 &((o)->object_class_u.private_key->key_type_u.dsa_pri_key.subprime) 536 #define KEY_PRI_DSA_SUBPRIME(k) \ 537 &((k)->key_type_u.dsa_pri_key.subprime) 538 #define OBJ_PRI_DSA_BASE(o) \ 539 &((o)->object_class_u.private_key->key_type_u.dsa_pri_key.base) 540 #define KEY_PRI_DSA_BASE(k) \ 541 &((k)->key_type_u.dsa_pri_key.base) 542 #define OBJ_PRI_DSA_VALUE(o) \ 543 &((o)->object_class_u.private_key->key_type_u.dsa_pri_key.value) 544 #define KEY_PRI_DSA_VALUE(k) \ 545 &((k)->key_type_u.dsa_pri_key.value) 546 547 /* 548 * Diffie-Hellman Private Key Object Attributes 549 */ 550 #define KEY_PRI_DH(k) \ 551 &((k)->key_type_u.dh_pri_key) 552 #define OBJ_PRI_DH_PRIME(o) \ 553 &((o)->object_class_u.private_key->key_type_u.dh_pri_key.prime) 554 #define KEY_PRI_DH_PRIME(k) \ 555 &((k)->key_type_u.dh_pri_key.prime) 556 #define OBJ_PRI_DH_BASE(o) \ 557 &((o)->object_class_u.private_key->key_type_u.dh_pri_key.base) 558 #define KEY_PRI_DH_BASE(k) \ 559 &((k)->key_type_u.dh_pri_key.base) 560 #define OBJ_PRI_DH_VALUE(o) \ 561 &((o)->object_class_u.private_key->key_type_u.dh_pri_key.value) 562 #define KEY_PRI_DH_VALUE(k) \ 563 &((k)->key_type_u.dh_pri_key.value) 564 #define OBJ_PRI_DH_VAL_BITS(o) \ 565 ((o)->object_class_u.private_key->key_type_u.dh_pri_key.value_bits) 566 #define KEY_PRI_DH_VAL_BITS(k) \ 567 ((k)->key_type_u.dh_pri_key.value_bits) 568 569 /* 570 * X9.42 Diffie-Hellman Private Key Object Attributes 571 */ 572 #define KEY_PRI_DH942(k) \ 573 &((k)->key_type_u.dh942_pri_key) 574 #define OBJ_PRI_DH942_PRIME(o) \ 575 &((o)->object_class_u.private_key->key_type_u.dh942_pri_key.prime) 576 #define KEY_PRI_DH942_PRIME(k) \ 577 &((k)->key_type_u.dh942_pri_key.prime) 578 #define OBJ_PRI_DH942_BASE(o) \ 579 &((o)->object_class_u.private_key->key_type_u.dh942_pri_key.base) 580 #define KEY_PRI_DH942_BASE(k) \ 581 &((k)->key_type_u.dh942_pri_key.base) 582 #define OBJ_PRI_DH942_SUBPRIME(o) \ 583 &((o)->object_class_u.private_key->key_type_u.dh942_pri_key.subprime) 584 #define KEY_PRI_DH942_SUBPRIME(k) \ 585 &((k)->key_type_u.dh942_pri_key.subprime) 586 #define OBJ_PRI_DH942_VALUE(o) \ 587 &((o)->object_class_u.private_key->key_type_u.dh942_pri_key.value) 588 #define KEY_PRI_DH942_VALUE(k) \ 589 &((k)->key_type_u.dh942_pri_key.value) 590 591 /* 592 * Elliptic Curve Private Key Object Attributes 593 */ 594 595 #define KEY_PRI_EC(k) \ 596 &((k)->key_type_u.ec_pri_key) 597 #define OBJ_PRI_EC_VALUE(o) \ 598 &((o)->object_class_u.private_key->key_type_u.ec_pri_key.value) 599 #define KEY_PRI_EC_VALUE(k) \ 600 &((k)->key_type_u.ec_pri_key.value) 601 602 /* 603 * DSA Domain Parameters Object Attributes 604 */ 605 #define OBJ_DOM(o) \ 606 ((o)->object_class_u.domain) 607 #define KEY_DOM_DSA(k) \ 608 &((k)->key_type_u.dsa_dom_key) 609 #define OBJ_DOM_DSA_PRIME(o) \ 610 &((o)->object_class_u.domain->key_type_u.dsa_dom_key.prime) 611 #define KEY_DOM_DSA_PRIME(k) \ 612 &((k)->key_type_u.dsa_dom_key.prime) 613 #define OBJ_DOM_DSA_SUBPRIME(o) \ 614 &((o)->object_class_u.domain->key_type_u.dsa_dom_key.subprime) 615 #define KEY_DOM_DSA_SUBPRIME(k) \ 616 &((k)->key_type_u.dsa_dom_key.subprime) 617 #define OBJ_DOM_DSA_BASE(o) \ 618 &((o)->object_class_u.domain->key_type_u.dsa_dom_key.base) 619 #define KEY_DOM_DSA_BASE(k) \ 620 &((k)->key_type_u.dsa_dom_key.base) 621 #define OBJ_DOM_DSA_PRIME_BITS(o) \ 622 ((o)->object_class_u.domain->key_type_u.dsa_dom_key.prime_bits) 623 624 /* 625 * Diffie-Hellman Domain Parameters Object Attributes 626 */ 627 #define KEY_DOM_DH(k) \ 628 &((k)->key_type_u.dh_dom_key) 629 #define OBJ_DOM_DH_PRIME(o) \ 630 &((o)->object_class_u.domain->key_type_u.dh_dom_key.prime) 631 #define KEY_DOM_DH_PRIME(k) \ 632 &((k)->key_type_u.dh_dom_key.prime) 633 #define OBJ_DOM_DH_BASE(o) \ 634 &((o)->object_class_u.domain->key_type_u.dh_dom_key.base) 635 #define KEY_DOM_DH_BASE(k) \ 636 &((k)->key_type_u.dh_dom_key.base) 637 #define OBJ_DOM_DH_PRIME_BITS(o) \ 638 ((o)->object_class_u.domain->key_type_u.dh_dom_key.prime_bits) 639 640 /* 641 * X9.42 Diffie-Hellman Domain Parameters Object Attributes 642 */ 643 #define KEY_DOM_DH942(k) \ 644 &((k)->key_type_u.dh942_dom_key) 645 #define OBJ_DOM_DH942_PRIME(o) \ 646 &((o)->object_class_u.domain->key_type_u.dh942_dom_key.prime) 647 #define KEY_DOM_DH942_PRIME(k) \ 648 &((k)->key_type_u.dh942_dom_key.prime) 649 #define OBJ_DOM_DH942_BASE(o) \ 650 &((o)->object_class_u.domain->key_type_u.dh942_dom_key.base) 651 #define KEY_DOM_DH942_BASE(k) \ 652 &((k)->key_type_u.dh942_dom_key.base) 653 #define OBJ_DOM_DH942_SUBPRIME(o) \ 654 &((o)->object_class_u.domain->key_type_u.dh942_dom_key.subprime) 655 #define KEY_DOM_DH942_SUBPRIME(k) \ 656 &((k)->key_type_u.dh942_dom_key.subprime) 657 #define OBJ_DOM_DH942_PRIME_BITS(o) \ 658 ((o)->object_class_u.domain->key_type_u.dh942_dom_key.prime_bits) 659 #define OBJ_DOM_DH942_SUBPRIME_BITS(o) \ 660 ((o)->object_class_u.domain->key_type_u.dh942_dom_key.subprime_bits) 661 662 /* 663 * Secret Key Object Attributes 664 */ 665 #define OBJ_SEC(o) \ 666 ((o)->object_class_u.secret_key) 667 #define OBJ_SEC_VALUE(o) \ 668 ((o)->object_class_u.secret_key->sk_value) 669 #define OBJ_SEC_VALUE_LEN(o) \ 670 ((o)->object_class_u.secret_key->sk_value_len) 671 #define OBJ_KEY_SCHED(o) \ 672 ((o)->object_class_u.secret_key->key_sched) 673 #define OBJ_KEY_SCHED_LEN(o) \ 674 ((o)->object_class_u.secret_key->keysched_len) 675 676 #define OBJ_CERT(o) \ 677 ((o)->object_class_u.certificate) 678 /* 679 * X.509 Key Certificate object attributes 680 */ 681 #define X509_CERT(o) \ 682 ((o)->object_class_u.certificate->cert_type_u.x509) 683 #define X509_CERT_SUBJECT(o) \ 684 ((o)->object_class_u.certificate->cert_type_u.x509.subject) 685 #define X509_CERT_VALUE(o) \ 686 ((o)->object_class_u.certificate->cert_type_u.x509.value) 687 688 /* 689 * X.509 Attribute Certificate object attributes 690 */ 691 #define X509_ATTR_CERT(o) \ 692 ((o)->object_class_u.certificate->cert_type_u.x509_attr) 693 #define X509_ATTR_CERT_OWNER(o) \ 694 ((o)->object_class_u.certificate->cert_type_u.x509_attr.owner) 695 #define X509_ATTR_CERT_VALUE(o) \ 696 ((o)->object_class_u.certificate->cert_type_u.x509_attr.value) 697 698 /* 699 * key related attributes with CK_BBOOL data type 700 */ 701 #define DERIVE_BOOL_ON 0x00000001 702 #define LOCAL_BOOL_ON 0x00000002 703 #define SENSITIVE_BOOL_ON 0x00000004 704 #define SECONDARY_AUTH_BOOL_ON 0x00000008 705 #define ENCRYPT_BOOL_ON 0x00000010 706 #define DECRYPT_BOOL_ON 0x00000020 707 #define SIGN_BOOL_ON 0x00000040 708 #define SIGN_RECOVER_BOOL_ON 0x00000080 709 #define VERIFY_BOOL_ON 0x00000100 710 #define VERIFY_RECOVER_BOOL_ON 0x00000200 711 #define WRAP_BOOL_ON 0x00000400 712 #define UNWRAP_BOOL_ON 0x00000800 713 #define TRUSTED_BOOL_ON 0x00001000 714 #define EXTRACTABLE_BOOL_ON 0x00002000 715 #define ALWAYS_SENSITIVE_BOOL_ON 0x00004000 716 #define NEVER_EXTRACTABLE_BOOL_ON 0x00008000 717 #define NOT_MODIFIABLE_BOOL_ON 0x00010000 718 719 #define PUBLIC_KEY_DEFAULT (ENCRYPT_BOOL_ON|\ 720 WRAP_BOOL_ON|\ 721 VERIFY_BOOL_ON|\ 722 VERIFY_RECOVER_BOOL_ON) 723 724 #define PRIVATE_KEY_DEFAULT (DECRYPT_BOOL_ON|\ 725 UNWRAP_BOOL_ON|\ 726 SIGN_BOOL_ON|\ 727 SIGN_RECOVER_BOOL_ON|\ 728 EXTRACTABLE_BOOL_ON) 729 730 #define SECRET_KEY_DEFAULT (ENCRYPT_BOOL_ON|\ 731 DECRYPT_BOOL_ON|\ 732 WRAP_BOOL_ON|\ 733 UNWRAP_BOOL_ON|\ 734 SIGN_BOOL_ON|\ 735 VERIFY_BOOL_ON|\ 736 EXTRACTABLE_BOOL_ON) 737 738 /* 739 * MAX_KEY_ATTR_BUFLEN 740 * The maximum buffer size needed for public or private key attributes 741 * should be 514 bytes. Just to be safe we give a little more space. 742 */ 743 #define MAX_KEY_ATTR_BUFLEN 1024 744 745 /* 746 * Flag definitions for obj_delete_sync 747 */ 748 #define OBJECT_IS_DELETING 1 /* Object is in a deleting state */ 749 #define OBJECT_REFCNT_WAITING 2 /* Waiting for object reference */ 750 /* count to become zero */ 751 752 #define HANDLE2OBJECT(hObject, object_p, rv) \ 753 rv = handle2object(hObject, &(object_p), B_TRUE); 754 755 #define HANDLE2OBJECT_DESTROY(hObject, object_p, rv) \ 756 rv = handle2object(hObject, &(object_p), B_FALSE); 757 758 759 #define OBJ_REFRELE(object_p) { \ 760 (void) pthread_mutex_lock(&object_p->object_mutex); \ 761 if ((--object_p->obj_refcnt) == 0 && \ 762 (object_p->obj_delete_sync & OBJECT_REFCNT_WAITING)) { \ 763 (void) pthread_cond_signal(&object_p->obj_free_cond); \ 764 } \ 765 (void) pthread_mutex_unlock(&object_p->object_mutex); \ 766 } 767 768 extern pthread_mutex_t soft_object_mutex; 769 extern avl_tree_t soft_object_tree; 770 771 /* 772 * Function Prototypes. 773 */ 774 775 CK_RV handle2object(CK_OBJECT_HANDLE hObject, soft_object_t **object_p, 776 boolean_t refhold); 777 778 CK_ULONG set_objecthandle(soft_object_t *obj); 779 780 void soft_cleanup_object(soft_object_t *objp); 781 782 CK_RV soft_add_object(CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, 783 CK_OBJECT_HANDLE_PTR objecthandle_p, soft_session_t *sp); 784 785 void soft_delete_object(soft_session_t *sp, soft_object_t *objp, 786 boolean_t force, boolean_t lock_held); 787 788 void soft_cleanup_extra_attr(soft_object_t *object_p); 789 790 CK_RV soft_copy_extra_attr(CK_ATTRIBUTE_INFO_PTR old_attrp, 791 soft_object_t *object_p); 792 793 void soft_cleanup_object_bigint_attrs(soft_object_t *object_p); 794 795 CK_RV soft_build_object(CK_ATTRIBUTE_PTR template, 796 CK_ULONG ulAttrNum, soft_object_t *new_object); 797 798 CK_RV soft_build_secret_key_object(CK_ATTRIBUTE_PTR template, 799 CK_ULONG ulAttrNum, soft_object_t *new_object, CK_ULONG mode, 800 CK_ULONG key_len, CK_KEY_TYPE key_type); 801 802 CK_RV soft_copy_object(soft_object_t *old_object, soft_object_t **new_object, 803 CK_ULONG object_func, soft_session_t *sp); 804 805 void soft_merge_object(soft_object_t *old_object, soft_object_t *new_object); 806 807 CK_RV soft_get_attribute(soft_object_t *object_p, CK_ATTRIBUTE_PTR template); 808 809 CK_RV soft_set_attribute(soft_object_t *object_p, CK_ATTRIBUTE_PTR template, 810 boolean_t copy); 811 812 CK_RV soft_set_common_storage_attribute(soft_object_t *object_p, 813 CK_ATTRIBUTE_PTR template, boolean_t copy); 814 815 CK_RV soft_get_public_value(soft_object_t *, CK_ATTRIBUTE_TYPE, uchar_t *, 816 uint32_t *); 817 818 CK_RV soft_get_private_value(soft_object_t *, CK_ATTRIBUTE_TYPE, uchar_t *, 819 uint32_t *); 820 821 CK_RV get_ulong_attr_from_object(CK_ULONG value, CK_ATTRIBUTE_PTR template); 822 823 void copy_bigint_attr(biginteger_t *src, biginteger_t *dst); 824 825 void soft_add_object_to_session(soft_object_t *, soft_session_t *); 826 827 CK_RV soft_build_key(CK_ATTRIBUTE_PTR, CK_ULONG, soft_object_t *, 828 CK_OBJECT_CLASS, CK_KEY_TYPE, CK_ULONG, CK_ULONG); 829 830 CK_RV soft_copy_public_key_attr(public_key_obj_t *old_pub_key_obj_p, 831 public_key_obj_t **new_pub_key_obj_p, CK_KEY_TYPE key_type); 832 833 CK_RV soft_copy_private_key_attr(private_key_obj_t *old_pri_key_obj_p, 834 private_key_obj_t **new_pri_key_obj_p, CK_KEY_TYPE key_type); 835 836 CK_RV soft_copy_secret_key_attr(secret_key_obj_t *old_secret_key_obj_p, 837 secret_key_obj_t **new_secret_key_obj_p); 838 839 CK_RV soft_copy_domain_attr(domain_obj_t *old_domain_obj_p, 840 domain_obj_t **new_domain_obj_p, CK_KEY_TYPE key_type); 841 842 CK_RV soft_validate_attr(CK_ATTRIBUTE_PTR template, CK_ULONG ulAttrNum, 843 CK_OBJECT_CLASS *class); 844 845 CK_RV soft_find_objects_init(soft_session_t *sp, CK_ATTRIBUTE_PTR pTemplate, 846 CK_ULONG ulCount); 847 848 void soft_find_objects_final(soft_session_t *sp); 849 850 void soft_find_objects(soft_session_t *sp, CK_OBJECT_HANDLE *obj_found, 851 CK_ULONG max_obj_requested, CK_ULONG *found_obj_count); 852 853 void soft_process_find_attr(CK_OBJECT_CLASS *pclasses, 854 CK_ULONG *num_result_pclasses, CK_ATTRIBUTE_PTR pTemplate, 855 CK_ULONG ulCount); 856 857 boolean_t soft_find_match_attrs(soft_object_t *obj, CK_OBJECT_CLASS *pclasses, 858 CK_ULONG num_pclasses, CK_ATTRIBUTE *tmpl_attr, CK_ULONG num_attr); 859 860 CK_ATTRIBUTE_PTR get_extra_attr(CK_ATTRIBUTE_TYPE type, soft_object_t *obj); 861 862 CK_RV get_string_from_template(CK_ATTRIBUTE_PTR dest, CK_ATTRIBUTE_PTR src); 863 864 void string_attr_cleanup(CK_ATTRIBUTE_PTR template); 865 866 void soft_cleanup_cert_object(soft_object_t *object_p); 867 868 CK_RV soft_get_certificate_attribute(soft_object_t *object_p, 869 CK_ATTRIBUTE_PTR template); 870 871 CK_RV soft_set_certificate_attribute(soft_object_t *object_p, 872 CK_ATTRIBUTE_PTR template, boolean_t copy); 873 874 CK_RV soft_copy_certificate(certificate_obj_t *old, certificate_obj_t **new, 875 CK_CERTIFICATE_TYPE type); 876 877 CK_RV get_cert_attr_from_template(cert_attr_t **dest, 878 CK_ATTRIBUTE_PTR src); 879 880 /* Token object related function prototypes */ 881 882 void soft_add_token_object_to_slot(soft_object_t *objp); 883 884 void soft_remove_token_object_from_slot(soft_object_t *objp, 885 boolean_t lock_held); 886 887 void soft_delete_token_object(soft_object_t *objp, boolean_t persistent, 888 boolean_t lock_held); 889 890 void soft_delete_all_in_core_token_objects(token_obj_type_t type); 891 892 void soft_validate_token_objects(boolean_t validate); 893 894 CK_RV soft_object_write_access_check(soft_session_t *sp, soft_object_t *objp); 895 896 CK_RV soft_pin_expired_check(soft_object_t *objp); 897 898 CK_RV soft_copy_to_old_object(soft_object_t *new, soft_object_t *old); 899 900 CK_RV soft_keystore_load_latest_object(soft_object_t *old_obj); 901 902 CK_RV refresh_token_objects(); 903 904 void bigint_attr_cleanup(biginteger_t *big); 905 906 CK_RV soft_add_extra_attr(CK_ATTRIBUTE_PTR template, soft_object_t *object_p); 907 908 CK_RV get_bigint_attr_from_template(biginteger_t *big, 909 CK_ATTRIBUTE_PTR template); 910 911 CK_RV dup_bigint_attr(biginteger_t *bi, CK_BYTE *buf, CK_ULONG buflen); 912 913 #ifdef __cplusplus 914 } 915 #endif 916 917 #endif /* _SOFTOBJECT_H */ 918