1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #ifndef _KERNELOBJECT_H 28 #define _KERNELOBJECT_H 29 30 #pragma ident "%Z%%M% %I% %E% SMI" 31 32 #ifdef __cplusplus 33 extern "C" { 34 #endif 35 36 #include <security/pkcs11t.h> 37 #include "kernelSession.h" 38 #include "kernelSlot.h" 39 40 #define KERNELTOKEN_OBJECT_MAGIC 0xECF0B003 41 42 #define RSA_PRI_ATTR_COUNT 7 43 #define RSA_PUB_ATTR_COUNT 3 44 #define DSA_ATTR_COUNT 4 45 46 /* 47 * Secret key Struct 48 */ 49 typedef struct secret_key_obj { 50 CK_BYTE *sk_value; 51 CK_ULONG sk_value_len; 52 } secret_key_obj_t; 53 54 55 /* 56 * This structure is used to hold the attributes in the 57 * Extra Attribute List. 58 */ 59 typedef struct attribute_info { 60 CK_ATTRIBUTE attr; 61 struct attribute_info *next; 62 } attribute_info_t; 63 64 typedef attribute_info_t *CK_ATTRIBUTE_INFO_PTR; 65 66 67 /* 68 * biginteger Struct 69 */ 70 typedef struct biginteger { 71 CK_BYTE *big_value; 72 CK_ULONG big_value_len; 73 } biginteger_t; 74 75 76 /* 77 * PKCS11: RSA Public Key Object Attributes 78 */ 79 typedef struct rsa_pub_key { 80 biginteger_t modulus; 81 CK_ULONG modulus_bits; 82 biginteger_t pub_exponent; 83 } rsa_pub_key_t; 84 85 86 /* 87 * PKCS11: DSA Public Key Object Attributes 88 */ 89 typedef struct dsa_pub_key { 90 biginteger_t prime; 91 biginteger_t subprime; 92 biginteger_t base; 93 biginteger_t value; 94 } dsa_pub_key_t; 95 96 97 /* 98 * Public Key Main Struct 99 */ 100 typedef struct public_key_obj { 101 union { 102 rsa_pub_key_t rsa_pub_key; /* RSA public key */ 103 dsa_pub_key_t dsa_pub_key; /* DSA public key */ 104 } key_type_u; 105 } public_key_obj_t; 106 107 108 /* 109 * PKCS11: RSA Private Key Object Attributes 110 */ 111 typedef struct rsa_pri_key { 112 biginteger_t modulus; 113 biginteger_t pub_exponent; 114 biginteger_t pri_exponent; 115 biginteger_t prime_1; 116 biginteger_t prime_2; 117 biginteger_t exponent_1; 118 biginteger_t exponent_2; 119 biginteger_t coefficient; 120 } rsa_pri_key_t; 121 122 123 /* 124 * PKCS11: DSA Private Key Object Attributes 125 */ 126 typedef struct dsa_pri_key { 127 biginteger_t prime; 128 biginteger_t subprime; 129 biginteger_t base; 130 biginteger_t value; 131 } dsa_pri_key_t; 132 133 134 /* 135 * Private Key Main Struct 136 */ 137 typedef struct private_key_obj { 138 union { 139 rsa_pri_key_t rsa_pri_key; /* RSA private key */ 140 dsa_pri_key_t dsa_pri_key; /* DSA private key */ 141 } key_type_u; 142 } private_key_obj_t; 143 144 145 /* 146 * This is the main structure of the Objects. 147 */ 148 typedef struct object { 149 boolean_t is_lib_obj; /* default is TRUE */ 150 crypto_object_id_t k_handle; 151 152 /* Generic common fields. Always present */ 153 CK_OBJECT_CLASS class; 154 CK_KEY_TYPE key_type; 155 CK_ULONG magic_marker; 156 uint64_t bool_attr_mask; 157 CK_MECHANISM_TYPE mechanism; 158 159 /* Fields for access and arbitration */ 160 pthread_mutex_t object_mutex; 161 struct object *next; 162 struct object *prev; 163 164 /* Extra non-boolean attribute list */ 165 CK_ATTRIBUTE_INFO_PTR extra_attrlistp; 166 CK_ULONG extra_attrcount; 167 168 /* For each object, only one object class is presented */ 169 union { 170 secret_key_obj_t *secret_key; 171 public_key_obj_t *public_key; 172 private_key_obj_t *private_key; 173 } object_class_u; 174 175 /* Session handle that the object belongs to */ 176 CK_SESSION_HANDLE session_handle; 177 uint32_t obj_refcnt; /* object reference count */ 178 pthread_cond_t obj_free_cond; /* cond variable for signal and wait */ 179 uint32_t obj_delete_sync; /* object delete sync flags */ 180 181 } kernel_object_t; 182 183 184 typedef struct find_context { 185 kernel_object_t **objs_found; 186 CK_ULONG num_results; 187 CK_ULONG next_result_index; /* next result object to return */ 188 } find_context_t; 189 190 /* 191 * The following structure is used to link the to-be-freed session 192 * objects into a linked list. The objects on this linked list have 193 * not yet been freed via free() after C_DestroyObject() call; instead 194 * they are added to this list. The actual free will take place when 195 * the number of objects queued reaches MAX_OBJ_TO_BE_FREED, at which 196 * time the first object in the list will be freed. 197 */ 198 #define MAX_OBJ_TO_BE_FREED 300 199 200 typedef struct obj_to_be_freed_list { 201 kernel_object_t *first; /* points to first obj in the list */ 202 kernel_object_t *last; /* points to last obj in the list */ 203 uint32_t count; /* current total objs in the list */ 204 pthread_mutex_t obj_to_be_free_mutex; 205 } object_to_be_freed_list_t; 206 207 extern object_to_be_freed_list_t obj_delay_freed; 208 209 210 /* 211 * The following definitions are the shortcuts 212 */ 213 214 /* 215 * Secret Key Object Attributes 216 */ 217 #define OBJ_SEC(o) \ 218 (o->object_class_u.secret_key) 219 #define OBJ_SEC_VALUE(o) \ 220 (o->object_class_u.secret_key->sk_value) 221 #define OBJ_SEC_VALUE_LEN(o) \ 222 (o->object_class_u.secret_key->sk_value_len) 223 224 /* 225 * RSA Public Key Object Attributes 226 */ 227 #define OBJ_PUB(o) \ 228 ((o)->object_class_u.public_key) 229 #define KEY_PUB_RSA(k) \ 230 &((k)->key_type_u.rsa_pub_key) 231 #define OBJ_PUB_RSA_MOD(o) \ 232 &((o)->object_class_u.public_key->key_type_u.rsa_pub_key.modulus) 233 #define KEY_PUB_RSA_MOD(k) \ 234 &((k)->key_type_u.rsa_pub_key.modulus) 235 #define OBJ_PUB_RSA_PUBEXPO(o) \ 236 &((o)->object_class_u.public_key->key_type_u.rsa_pub_key.pub_exponent) 237 #define KEY_PUB_RSA_PUBEXPO(k) \ 238 &((k)->key_type_u.rsa_pub_key.pub_exponent) 239 #define OBJ_PUB_RSA_MOD_BITS(o) \ 240 ((o)->object_class_u.public_key->key_type_u.rsa_pub_key.modulus_bits) 241 #define KEY_PUB_RSA_MOD_BITS(k) \ 242 ((k)->key_type_u.rsa_pub_key.modulus_bits) 243 244 245 /* 246 * DSA Public Key Object Attributes 247 */ 248 #define KEY_PUB_DSA(k) \ 249 &((k)->key_type_u.dsa_pub_key) 250 #define OBJ_PUB_DSA_PRIME(o) \ 251 &((o)->object_class_u.public_key->key_type_u.dsa_pub_key.prime) 252 #define KEY_PUB_DSA_PRIME(k) \ 253 &((k)->key_type_u.dsa_pub_key.prime) 254 #define OBJ_PUB_DSA_SUBPRIME(o) \ 255 &((o)->object_class_u.public_key->key_type_u.dsa_pub_key.subprime) 256 #define KEY_PUB_DSA_SUBPRIME(k) \ 257 &((k)->key_type_u.dsa_pub_key.subprime) 258 #define OBJ_PUB_DSA_BASE(o) \ 259 &((o)->object_class_u.public_key->key_type_u.dsa_pub_key.base) 260 #define KEY_PUB_DSA_BASE(k) \ 261 &((k)->key_type_u.dsa_pub_key.base) 262 #define OBJ_PUB_DSA_VALUE(o) \ 263 &((o)->object_class_u.public_key->key_type_u.dsa_pub_key.value) 264 #define KEY_PUB_DSA_VALUE(k) \ 265 &((k)->key_type_u.dsa_pub_key.value) 266 267 268 /* 269 * RSA Private Key Object Attributes 270 */ 271 #define OBJ_PRI(o) \ 272 ((o)->object_class_u.private_key) 273 #define KEY_PRI_RSA(k) \ 274 &((k)->key_type_u.rsa_pri_key) 275 #define OBJ_PRI_RSA_MOD(o) \ 276 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.modulus) 277 #define KEY_PRI_RSA_MOD(k) \ 278 &((k)->key_type_u.rsa_pri_key.modulus) 279 #define OBJ_PRI_RSA_PUBEXPO(o) \ 280 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.pub_exponent) 281 #define KEY_PRI_RSA_PUBEXPO(k) \ 282 &((k)->key_type_u.rsa_pri_key.pub_exponent) 283 #define OBJ_PRI_RSA_PRIEXPO(o) \ 284 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.pri_exponent) 285 #define KEY_PRI_RSA_PRIEXPO(k) \ 286 &((k)->key_type_u.rsa_pri_key.pri_exponent) 287 #define OBJ_PRI_RSA_PRIME1(o) \ 288 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.prime_1) 289 #define KEY_PRI_RSA_PRIME1(k) \ 290 &((k)->key_type_u.rsa_pri_key.prime_1) 291 #define OBJ_PRI_RSA_PRIME2(o) \ 292 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.prime_2) 293 #define KEY_PRI_RSA_PRIME2(k) \ 294 &((k)->key_type_u.rsa_pri_key.prime_2) 295 #define OBJ_PRI_RSA_EXPO1(o) \ 296 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.exponent_1) 297 #define KEY_PRI_RSA_EXPO1(k) \ 298 &((k)->key_type_u.rsa_pri_key.exponent_1) 299 #define OBJ_PRI_RSA_EXPO2(o) \ 300 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.exponent_2) 301 #define KEY_PRI_RSA_EXPO2(k) \ 302 &((k)->key_type_u.rsa_pri_key.exponent_2) 303 #define OBJ_PRI_RSA_COEF(o) \ 304 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.coefficient) 305 #define KEY_PRI_RSA_COEF(k) \ 306 &((k)->key_type_u.rsa_pri_key.coefficient) 307 308 /* 309 * DSA Private Key Object Attributes 310 */ 311 #define KEY_PRI_DSA(k) \ 312 &((k)->key_type_u.dsa_pri_key) 313 #define OBJ_PRI_DSA_PRIME(o) \ 314 &((o)->object_class_u.private_key->key_type_u.dsa_pri_key.prime) 315 #define KEY_PRI_DSA_PRIME(k) \ 316 &((k)->key_type_u.dsa_pri_key.prime) 317 #define OBJ_PRI_DSA_SUBPRIME(o) \ 318 &((o)->object_class_u.private_key->key_type_u.dsa_pri_key.subprime) 319 #define KEY_PRI_DSA_SUBPRIME(k) \ 320 &((k)->key_type_u.dsa_pri_key.subprime) 321 #define OBJ_PRI_DSA_BASE(o) \ 322 &((o)->object_class_u.private_key->key_type_u.dsa_pri_key.base) 323 #define KEY_PRI_DSA_BASE(k) \ 324 &((k)->key_type_u.dsa_pri_key.base) 325 #define OBJ_PRI_DSA_VALUE(o) \ 326 &((o)->object_class_u.private_key->key_type_u.dsa_pri_key.value) 327 #define KEY_PRI_DSA_VALUE(k) \ 328 &((k)->key_type_u.dsa_pri_key.value) 329 330 /* 331 * key related attributes with CK_BBOOL data type 332 */ 333 #define DERIVE_BOOL_ON 0x00000001 334 #define LOCAL_BOOL_ON 0x00000002 335 #define SENSITIVE_BOOL_ON 0x00000004 336 #define SECONDARY_AUTH_BOOL_ON 0x00000008 337 #define ENCRYPT_BOOL_ON 0x00000010 338 #define DECRYPT_BOOL_ON 0x00000020 339 #define SIGN_BOOL_ON 0x00000040 340 #define SIGN_RECOVER_BOOL_ON 0x00000080 341 #define VERIFY_BOOL_ON 0x00000100 342 #define VERIFY_RECOVER_BOOL_ON 0x00000200 343 #define WRAP_BOOL_ON 0x00000400 344 #define UNWRAP_BOOL_ON 0x00000800 345 #define TRUSTED_BOOL_ON 0x00001000 346 #define EXTRACTABLE_BOOL_ON 0x00002000 347 #define ALWAYS_SENSITIVE_BOOL_ON 0x00004000 348 #define NEVER_EXTRACTABLE_BOOL_ON 0x00008000 349 #define PRIVATE_BOOL_ON 0x00010000 350 #define TOKEN_BOOL_ON 0x00020000 351 #define MODIFIABLE_BOOL_ON 0x00040000 352 353 #define SECRET_KEY_DEFAULT (ENCRYPT_BOOL_ON|\ 354 DECRYPT_BOOL_ON|\ 355 SIGN_BOOL_ON|\ 356 VERIFY_BOOL_ON|\ 357 EXTRACTABLE_BOOL_ON|\ 358 MODIFIABLE_BOOL_ON) 359 360 #define PUBLIC_KEY_DEFAULT (ENCRYPT_BOOL_ON|\ 361 VERIFY_BOOL_ON|\ 362 VERIFY_RECOVER_BOOL_ON|\ 363 MODIFIABLE_BOOL_ON) 364 365 #define PRIVATE_KEY_DEFAULT (DECRYPT_BOOL_ON|\ 366 SIGN_BOOL_ON|\ 367 SIGN_RECOVER_BOOL_ON|\ 368 EXTRACTABLE_BOOL_ON|\ 369 MODIFIABLE_BOOL_ON) 370 371 /* 372 * Flag definitions for obj_delete_sync 373 */ 374 #define OBJECT_IS_DELETING 1 /* Object is in a deleting state */ 375 #define OBJECT_REFCNT_WAITING 2 /* Waiting for object reference */ 376 /* count to become zero */ 377 378 /* 379 * This macro is used to type cast an object handle to a pointer to 380 * the object struct. Also, it checks to see if the object struct 381 * is tagged with an object magic number. This is to detect when an 382 * application passes a bogus object pointer. 383 * Also, it checks to see if the object is in the deleting state that 384 * another thread is performing. If not, increment the object reference 385 * count by one. This is to prevent this object from being deleted by 386 * other thread. 387 */ 388 #define HANDLE2OBJECT_COMMON(hObject, object_p, rv, REFCNT_CODE) { \ 389 object_p = (kernel_object_t *)(hObject); \ 390 if ((object_p == NULL) || \ 391 (object_p->magic_marker != KERNELTOKEN_OBJECT_MAGIC)) {\ 392 rv = CKR_OBJECT_HANDLE_INVALID; \ 393 } else { \ 394 (void) pthread_mutex_lock(&object_p->object_mutex); \ 395 if (!(object_p->obj_delete_sync & OBJECT_IS_DELETING)) { \ 396 REFCNT_CODE; \ 397 rv = CKR_OK; \ 398 } else { \ 399 rv = CKR_OBJECT_HANDLE_INVALID; \ 400 } \ 401 (void) pthread_mutex_unlock(&object_p->object_mutex); \ 402 } \ 403 } 404 405 #define HANDLE2OBJECT(hObject, object_p, rv) \ 406 HANDLE2OBJECT_COMMON(hObject, object_p, rv, object_p->obj_refcnt++) 407 408 #define HANDLE2OBJECT_DESTROY(hObject, object_p, rv) \ 409 HANDLE2OBJECT_COMMON(hObject, object_p, rv, /* no refcnt increment */) 410 411 412 #define OBJ_REFRELE(object_p) { \ 413 (void) pthread_mutex_lock(&object_p->object_mutex); \ 414 if ((--object_p->obj_refcnt) == 0 && \ 415 (object_p->obj_delete_sync & OBJECT_REFCNT_WAITING)) { \ 416 (void) pthread_cond_signal(&object_p->obj_free_cond); \ 417 } \ 418 (void) pthread_mutex_unlock(&object_p->object_mutex); \ 419 } 420 421 422 /* 423 * Function Prototypes. 424 */ 425 void kernel_cleanup_object(kernel_object_t *objp); 426 427 CK_RV kernel_add_object(CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, 428 CK_ULONG *objecthandle_p, kernel_session_t *sp); 429 430 CK_RV kernel_delete_session_object(kernel_session_t *sp, kernel_object_t *objp, 431 boolean_t lock_held, boolean_t wrapper_only); 432 433 void kernel_cleanup_extra_attr(kernel_object_t *object_p); 434 435 CK_RV kernel_copy_extra_attr(CK_ATTRIBUTE_INFO_PTR old_attrp, 436 kernel_object_t *object_p); 437 438 void kernel_cleanup_object_bigint_attrs(kernel_object_t *object_p); 439 440 CK_RV kernel_build_object(CK_ATTRIBUTE_PTR template, 441 CK_ULONG ulAttrNum, kernel_object_t *new_object, kernel_session_t *sp); 442 443 CK_RV kernel_copy_object(kernel_object_t *old_object, 444 kernel_object_t **new_object, boolean_t copy_everything, 445 kernel_session_t *sp); 446 447 void kernel_merge_object(kernel_object_t *old_object, 448 kernel_object_t *new_object); 449 450 CK_RV kernel_get_attribute(kernel_object_t *object_p, 451 CK_ATTRIBUTE_PTR template); 452 453 CK_RV kernel_set_attribute(kernel_object_t *object_p, 454 CK_ATTRIBUTE_PTR template, boolean_t copy, kernel_session_t *sp); 455 456 void copy_bigint_attr(biginteger_t *src, biginteger_t *dst); 457 458 void kernel_add_object_to_session(kernel_object_t *objp, kernel_session_t *sp); 459 460 CK_RV kernel_copy_public_key_attr(public_key_obj_t *old_pub_key_obj_p, 461 public_key_obj_t **new_pub_key_obj_p, CK_KEY_TYPE key_type); 462 463 CK_RV kernel_copy_private_key_attr(private_key_obj_t *old_pri_key_obj_p, 464 private_key_obj_t **new_pri_key_obj_p, CK_KEY_TYPE key_type); 465 466 CK_RV kernel_copy_secret_key_attr(secret_key_obj_t *old_secret_key_obj_p, 467 secret_key_obj_t **new_secret_key_obj_p); 468 469 CK_RV kernel_validate_attr(CK_ATTRIBUTE_PTR template, CK_ULONG ulAttrNum, 470 CK_OBJECT_CLASS *class); 471 472 CK_RV kernel_find_objects_init(kernel_session_t *sp, 473 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount); 474 475 void kernel_find_objects_final(kernel_session_t *sp); 476 477 void kernel_find_objects(kernel_session_t *sp, 478 CK_OBJECT_HANDLE *obj_found, CK_ULONG max_obj_requested, 479 CK_ULONG *found_obj_count); 480 481 void kernel_process_find_attr(CK_OBJECT_CLASS *pclasses, 482 CK_ULONG *num_result_pclasses, CK_ATTRIBUTE_PTR pTemplate, 483 CK_ULONG ulCount); 484 485 boolean_t kernel_find_match_attrs(kernel_object_t *obj, 486 CK_OBJECT_CLASS *pclasses, CK_ULONG num_pclasses, 487 CK_ATTRIBUTE *tmpl_attr, CK_ULONG num_attr); 488 489 CK_ATTRIBUTE_PTR get_extra_attr(CK_ATTRIBUTE_TYPE type, kernel_object_t *obj); 490 491 CK_RV get_string_from_template(CK_ATTRIBUTE_PTR dest, CK_ATTRIBUTE_PTR src); 492 493 void string_attr_cleanup(CK_ATTRIBUTE_PTR template); 494 495 void kernel_add_token_object_to_slot(kernel_object_t *objp, 496 kernel_slot_t *pslot); 497 498 void kernel_remove_token_object_from_slot(kernel_slot_t *pslot, 499 kernel_object_t *objp); 500 501 CK_RV kernel_delete_token_object(kernel_slot_t *pslot, kernel_session_t *sp, 502 kernel_object_t *obj, boolean_t lock_held, boolean_t wrapper_only); 503 504 void kernel_cleanup_pri_objects_in_slot(kernel_slot_t *pslot, 505 kernel_session_t *sp); 506 507 CK_RV kernel_get_object_size(kernel_object_t *objp, CK_ULONG_PTR pulSize); 508 509 void kernel_object_delay_free(kernel_object_t *objp); 510 511 #ifdef __cplusplus 512 } 513 #endif 514 515 #endif /* _KERNELOBJECT_H */ 516