1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #ifndef _SOFTOBJECT_H 27 #define _SOFTOBJECT_H 28 29 #ifdef __cplusplus 30 extern "C" { 31 #endif 32 33 #include <pthread.h> 34 #include <security/pkcs11t.h> 35 #include "softKeystoreUtil.h" 36 #include "softSession.h" 37 38 39 #define SOFTTOKEN_OBJECT_MAGIC 0xECF0B002 40 41 #define SOFT_CREATE_OBJ 1 42 #define SOFT_GEN_KEY 2 43 #define SOFT_DERIVE_KEY_DH 3 /* for CKM_DH_PKCS_DERIVE */ 44 #define SOFT_DERIVE_KEY_OTHER 4 /* for CKM_MD5_KEY_DERIVATION and */ 45 /* CKM_SHA1_KEY_DERIVATION */ 46 #define SOFT_UNWRAP_KEY 5 47 #define SOFT_CREATE_OBJ_INT 6 /* internal object creation */ 48 49 typedef struct biginteger { 50 CK_BYTE *big_value; 51 CK_ULONG big_value_len; 52 } biginteger_t; 53 54 55 /* 56 * Secret key Struct 57 */ 58 typedef struct secret_key_obj { 59 CK_BYTE *sk_value; 60 CK_ULONG sk_value_len; 61 void *key_sched; 62 size_t keysched_len; 63 } secret_key_obj_t; 64 65 66 /* 67 * PKCS11: RSA Public Key Object Attributes 68 */ 69 typedef struct rsa_pub_key { 70 biginteger_t modulus; 71 CK_ULONG modulus_bits; 72 biginteger_t pub_exponent; 73 } rsa_pub_key_t; 74 75 76 /* 77 * PKCS11: DSA Public Key Object Attributes 78 */ 79 typedef struct dsa_pub_key { 80 biginteger_t prime; 81 biginteger_t subprime; 82 biginteger_t base; 83 biginteger_t value; 84 } dsa_pub_key_t; 85 86 87 /* 88 * PKCS11: Diffie-Hellman Public Key Object Attributes 89 */ 90 typedef struct dh_pub_key { 91 biginteger_t prime; 92 biginteger_t base; 93 biginteger_t value; 94 } dh_pub_key_t; 95 96 97 /* 98 * PKCS11: X9.42 Diffie-Hellman Public Key Object Attributes 99 */ 100 typedef struct dh942_pub_key { 101 biginteger_t prime; 102 biginteger_t base; 103 biginteger_t subprime; 104 biginteger_t value; 105 } dh942_pub_key_t; 106 107 108 /* 109 * PKCS11: Elliptic Curve Public Key Object Attributes 110 */ 111 typedef struct ec_pub_key { 112 biginteger_t param; 113 biginteger_t point; 114 } ec_pub_key_t; 115 116 117 /* 118 * Public Key Main Struct 119 */ 120 typedef struct public_key_obj { 121 union { 122 rsa_pub_key_t rsa_pub_key; /* RSA public key */ 123 dsa_pub_key_t dsa_pub_key; /* DSA public key */ 124 dh_pub_key_t dh_pub_key; /* DH public key */ 125 dh942_pub_key_t dh942_pub_key; /* DH9.42 public key */ 126 ec_pub_key_t ec_pub_key; /* Elliptic Curve public key */ 127 } key_type_u; 128 } public_key_obj_t; 129 130 /* 131 * PKCS11: RSA Private Key Object Attributes 132 */ 133 typedef struct rsa_pri_key { 134 biginteger_t modulus; 135 biginteger_t pub_exponent; 136 biginteger_t pri_exponent; 137 biginteger_t prime_1; 138 biginteger_t prime_2; 139 biginteger_t exponent_1; 140 biginteger_t exponent_2; 141 biginteger_t coefficient; 142 } rsa_pri_key_t; 143 144 /* 145 * PKCS11: DSA Private Key Object Attributes 146 */ 147 typedef struct dsa_pri_key { 148 biginteger_t prime; 149 biginteger_t subprime; 150 biginteger_t base; 151 biginteger_t value; 152 } dsa_pri_key_t; 153 154 155 /* 156 * PKCS11: Diffie-Hellman Private Key Object Attributes 157 */ 158 typedef struct dh_pri_key { 159 biginteger_t prime; 160 biginteger_t base; 161 biginteger_t value; 162 CK_ULONG value_bits; 163 } dh_pri_key_t; 164 165 /* 166 * PKCS11: X9.42 Diffie-Hellman Private Key Object Attributes 167 */ 168 typedef struct dh942_pri_key { 169 biginteger_t prime; 170 biginteger_t base; 171 biginteger_t subprime; 172 biginteger_t value; 173 } dh942_pri_key_t; 174 175 /* 176 * PKCS11: Elliptic Curve Private Key Object Attributes 177 */ 178 typedef struct ec_pri_key { 179 biginteger_t param; 180 biginteger_t value; 181 } ec_pri_key_t; 182 183 184 /* 185 * Private Key Main Struct 186 */ 187 typedef struct private_key_obj { 188 union { 189 rsa_pri_key_t rsa_pri_key; /* RSA private key */ 190 dsa_pri_key_t dsa_pri_key; /* DSA private key */ 191 dh_pri_key_t dh_pri_key; /* DH private key */ 192 dh942_pri_key_t dh942_pri_key; /* DH9.42 private key */ 193 ec_pri_key_t ec_pri_key; /* Elliptic Curve private key */ 194 } key_type_u; 195 } private_key_obj_t; 196 197 /* 198 * PKCS11: DSA Domain Parameters Object Attributes 199 */ 200 typedef struct dsa_dom_key { 201 biginteger_t prime; 202 biginteger_t subprime; 203 biginteger_t base; 204 CK_ULONG prime_bits; 205 } dsa_dom_key_t; 206 207 208 /* 209 * PKCS11: Diffie-Hellman Domain Parameters Object Attributes 210 */ 211 typedef struct dh_dom_key { 212 biginteger_t prime; 213 biginteger_t base; 214 CK_ULONG prime_bits; 215 } dh_dom_key_t; 216 217 218 /* 219 * PKCS11: X9.42 Diffie-Hellman Domain Parameters Object Attributes 220 */ 221 typedef struct dh942_dom_key { 222 biginteger_t prime; 223 biginteger_t base; 224 biginteger_t subprime; 225 CK_ULONG prime_bits; 226 CK_ULONG subprime_bits; 227 } dh942_dom_key_t; 228 229 /* 230 * Domain Parameters Main Struct 231 */ 232 typedef struct domain_obj { 233 union { 234 dsa_dom_key_t dsa_dom_key; /* DSA domain parameters */ 235 dh_dom_key_t dh_dom_key; /* DH domain parameters */ 236 dh942_dom_key_t dh942_dom_key; /* DH9.42 domain parameters */ 237 } key_type_u; 238 } domain_obj_t; 239 240 typedef struct cert_attr_type { 241 CK_BYTE *value; 242 CK_ULONG length; 243 } cert_attr_t; 244 245 /* 246 * X.509 Public Key Certificate Structure. 247 * This structure contains only the attributes that are 248 * NOT modifiable after creation. 249 * ID, ISSUER, and SUBJECT attributes are kept in the extra_attrlistp 250 * record. 251 */ 252 typedef struct x509_cert { 253 cert_attr_t *subject; /* DER encoding of certificate subject name */ 254 cert_attr_t *value; /* BER encoding of the cert */ 255 } x509_cert_t; 256 257 /* 258 * X.509 Attribute Certificiate Structure 259 * This structure contains only the attributes that are 260 * NOT modifiable after creation. 261 * AC_ISSUER, SERIAL_NUMBER, and ATTR_TYPES are kept in the 262 * extra_attrlistp record so they may be modified. 263 */ 264 typedef struct x509_attr_cert { 265 cert_attr_t *owner; /* DER encoding of attr cert subject field */ 266 cert_attr_t *value; /* BER encoding of cert */ 267 } x509_attr_cert_t; 268 269 /* 270 * Certificate Object Main Struct 271 */ 272 typedef struct certificate_obj { 273 CK_CERTIFICATE_TYPE certificate_type; 274 union { 275 x509_cert_t x509; 276 x509_attr_cert_t x509_attr; 277 } cert_type_u; 278 } certificate_obj_t; 279 280 /* 281 * This structure is used to hold the attributes in the 282 * Extra Attribute List. 283 */ 284 typedef struct attribute_info { 285 CK_ATTRIBUTE attr; 286 struct attribute_info *next; 287 } attribute_info_t; 288 289 290 typedef attribute_info_t *CK_ATTRIBUTE_INFO_PTR; 291 292 /* 293 * This is the main structure of the Objects. 294 */ 295 typedef struct object { 296 /* Generic common fields. Always present */ 297 uint_t version; /* for token objects only */ 298 CK_OBJECT_CLASS class; 299 CK_KEY_TYPE key_type; 300 CK_CERTIFICATE_TYPE cert_type; 301 ulong_t magic_marker; 302 uint64_t bool_attr_mask; /* see below */ 303 CK_MECHANISM_TYPE mechanism; 304 uchar_t object_type; /* see below */ 305 struct ks_obj_handle ks_handle; /* keystore handle */ 306 307 /* Fields for access and arbitration */ 308 pthread_mutex_t object_mutex; 309 struct object *next; 310 struct object *prev; 311 312 /* Extra non-boolean attribute list */ 313 CK_ATTRIBUTE_INFO_PTR extra_attrlistp; 314 315 /* For each object, only one of these object classes is presented */ 316 union { 317 public_key_obj_t *public_key; 318 private_key_obj_t *private_key; 319 secret_key_obj_t *secret_key; 320 domain_obj_t *domain; 321 certificate_obj_t *certificate; 322 } object_class_u; 323 324 /* Session handle that the object belongs to */ 325 CK_SESSION_HANDLE session_handle; 326 uint32_t obj_refcnt; /* object reference count */ 327 pthread_cond_t obj_free_cond; /* cond variable for signal and wait */ 328 uint32_t obj_delete_sync; /* object delete sync flags */ 329 330 } soft_object_t; 331 332 typedef struct find_context { 333 soft_object_t **objs_found; 334 CK_ULONG num_results; 335 CK_ULONG next_result_index; /* next result object to return */ 336 } find_context_t; 337 338 /* 339 * The following structure is used to link the to-be-freed session 340 * objects into a linked list. The objects on this linked list have 341 * not yet been freed via free() after C_DestroyObject() call; instead 342 * they are added to this list. The actual free will take place when 343 * the number of objects queued reaches MAX_OBJ_TO_BE_FREED, at which 344 * time the first object in the list will be freed. 345 */ 346 #define MAX_OBJ_TO_BE_FREED 300 347 348 typedef struct obj_to_be_freed_list { 349 struct object *first; /* points to the first obj in the list */ 350 struct object *last; /* points to the last obj in the list */ 351 uint32_t count; /* current total objs in the list */ 352 pthread_mutex_t obj_to_be_free_mutex; 353 } obj_to_be_freed_list_t; 354 355 /* 356 * Object type 357 */ 358 #define SESSION_PUBLIC 0 /* CKA_TOKEN = 0, CKA_PRIVATE = 0 */ 359 #define SESSION_PRIVATE 1 /* CKA_TOKEN = 0, CKA_PRIVATE = 1 */ 360 #define TOKEN_PUBLIC 2 /* CKA_TOKEN = 1, CKA_PRIVATE = 0 */ 361 #define TOKEN_PRIVATE 3 /* CKA_TOKEN = 1, CKA_PRIVATE = 1 */ 362 363 #define TOKEN_OBJECT 2 364 #define PRIVATE_OBJECT 1 365 366 typedef enum { 367 ALL_TOKEN = 0, 368 PUBLIC_TOKEN = 1, 369 PRIVATE_TOKEN = 2 370 } token_obj_type_t; 371 372 #define IS_TOKEN_OBJECT(objp) \ 373 ((objp->object_type == TOKEN_PUBLIC) || \ 374 (objp->object_type == TOKEN_PRIVATE)) 375 376 /* 377 * Types associated with copying object's content 378 */ 379 #define SOFT_SET_ATTR_VALUE 1 /* for C_SetAttributeValue */ 380 #define SOFT_COPY_OBJECT 2 /* for C_CopyObject */ 381 #define SOFT_COPY_OBJ_ORIG_SH 3 /* for copying an object but keeps */ 382 /* the original session handle */ 383 384 /* 385 * The following definitions are the shortcuts 386 */ 387 388 /* 389 * RSA Public Key Object Attributes 390 */ 391 #define OBJ_PUB(o) \ 392 ((o)->object_class_u.public_key) 393 #define KEY_PUB_RSA(k) \ 394 &((k)->key_type_u.rsa_pub_key) 395 #define OBJ_PUB_RSA_MOD(o) \ 396 &((o)->object_class_u.public_key->key_type_u.rsa_pub_key.modulus) 397 #define KEY_PUB_RSA_MOD(k) \ 398 &((k)->key_type_u.rsa_pub_key.modulus) 399 #define OBJ_PUB_RSA_PUBEXPO(o) \ 400 &((o)->object_class_u.public_key->key_type_u.rsa_pub_key.pub_exponent) 401 #define KEY_PUB_RSA_PUBEXPO(k) \ 402 &((k)->key_type_u.rsa_pub_key.pub_exponent) 403 #define OBJ_PUB_RSA_MOD_BITS(o) \ 404 ((o)->object_class_u.public_key->key_type_u.rsa_pub_key.modulus_bits) 405 #define KEY_PUB_RSA_MOD_BITS(k) \ 406 ((k)->key_type_u.rsa_pub_key.modulus_bits) 407 408 /* 409 * DSA Public Key Object Attributes 410 */ 411 #define KEY_PUB_DSA(k) \ 412 &((k)->key_type_u.dsa_pub_key) 413 #define OBJ_PUB_DSA_PRIME(o) \ 414 &((o)->object_class_u.public_key->key_type_u.dsa_pub_key.prime) 415 #define KEY_PUB_DSA_PRIME(k) \ 416 &((k)->key_type_u.dsa_pub_key.prime) 417 #define OBJ_PUB_DSA_SUBPRIME(o) \ 418 &((o)->object_class_u.public_key->key_type_u.dsa_pub_key.subprime) 419 #define KEY_PUB_DSA_SUBPRIME(k) \ 420 &((k)->key_type_u.dsa_pub_key.subprime) 421 #define OBJ_PUB_DSA_BASE(o) \ 422 &((o)->object_class_u.public_key->key_type_u.dsa_pub_key.base) 423 #define KEY_PUB_DSA_BASE(k) \ 424 &((k)->key_type_u.dsa_pub_key.base) 425 #define OBJ_PUB_DSA_VALUE(o) \ 426 &((o)->object_class_u.public_key->key_type_u.dsa_pub_key.value) 427 #define KEY_PUB_DSA_VALUE(k) \ 428 &((k)->key_type_u.dsa_pub_key.value) 429 430 /* 431 * Diffie-Hellman Public Key Object Attributes 432 */ 433 #define KEY_PUB_DH(k) \ 434 &((k)->key_type_u.dh_pub_key) 435 #define OBJ_PUB_DH_PRIME(o) \ 436 &((o)->object_class_u.public_key->key_type_u.dh_pub_key.prime) 437 #define KEY_PUB_DH_PRIME(k) \ 438 &((k)->key_type_u.dh_pub_key.prime) 439 #define OBJ_PUB_DH_BASE(o) \ 440 &((o)->object_class_u.public_key->key_type_u.dh_pub_key.base) 441 #define KEY_PUB_DH_BASE(k) \ 442 &((k)->key_type_u.dh_pub_key.base) 443 #define OBJ_PUB_DH_VALUE(o) \ 444 &((o)->object_class_u.public_key->key_type_u.dh_pub_key.value) 445 #define KEY_PUB_DH_VALUE(k) \ 446 &((k)->key_type_u.dh_pub_key.value) 447 448 /* 449 * X9.42 Diffie-Hellman Public Key Object Attributes 450 */ 451 #define KEY_PUB_DH942(k) \ 452 &((k)->key_type_u.dh942_pub_key) 453 #define OBJ_PUB_DH942_PRIME(o) \ 454 &((o)->object_class_u.public_key->key_type_u.dh942_pub_key.prime) 455 #define KEY_PUB_DH942_PRIME(k) \ 456 &((k)->key_type_u.dh942_pub_key.prime) 457 #define OBJ_PUB_DH942_BASE(o) \ 458 &((o)->object_class_u.public_key->key_type_u.dh942_pub_key.base) 459 #define KEY_PUB_DH942_BASE(k) \ 460 &((k)->key_type_u.dh942_pub_key.base) 461 #define OBJ_PUB_DH942_SUBPRIME(o) \ 462 &((o)->object_class_u.public_key->key_type_u.dh942_pub_key.subprime) 463 #define KEY_PUB_DH942_SUBPRIME(k) \ 464 &((k)->key_type_u.dh942_pub_key.subprime) 465 #define OBJ_PUB_DH942_VALUE(o) \ 466 &((o)->object_class_u.public_key->key_type_u.dh942_pub_key.value) 467 #define KEY_PUB_DH942_VALUE(k) \ 468 &((k)->key_type_u.dh942_pub_key.value) 469 470 /* 471 * Elliptic Curve Public Key Object Attributes 472 */ 473 #define KEY_PUB_EC(k) \ 474 &((k)->key_type_u.ec_pub_key) 475 #define OBJ_PUB_EC_POINT(o) \ 476 &((o)->object_class_u.public_key->key_type_u.ec_pub_key.point) 477 #define KEY_PUB_EC_POINT(k) \ 478 &((k)->key_type_u.ec_pub_key.point) 479 480 481 /* 482 * RSA Private Key Object Attributes 483 */ 484 #define OBJ_PRI(o) \ 485 ((o)->object_class_u.private_key) 486 #define KEY_PRI_RSA(k) \ 487 &((k)->key_type_u.rsa_pri_key) 488 #define OBJ_PRI_RSA_MOD(o) \ 489 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.modulus) 490 #define KEY_PRI_RSA_MOD(k) \ 491 &((k)->key_type_u.rsa_pri_key.modulus) 492 #define OBJ_PRI_RSA_PUBEXPO(o) \ 493 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.pub_exponent) 494 #define KEY_PRI_RSA_PUBEXPO(k) \ 495 &((k)->key_type_u.rsa_pri_key.pub_exponent) 496 #define OBJ_PRI_RSA_PRIEXPO(o) \ 497 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.pri_exponent) 498 #define KEY_PRI_RSA_PRIEXPO(k) \ 499 &((k)->key_type_u.rsa_pri_key.pri_exponent) 500 #define OBJ_PRI_RSA_PRIME1(o) \ 501 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.prime_1) 502 #define KEY_PRI_RSA_PRIME1(k) \ 503 &((k)->key_type_u.rsa_pri_key.prime_1) 504 #define OBJ_PRI_RSA_PRIME2(o) \ 505 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.prime_2) 506 #define KEY_PRI_RSA_PRIME2(k) \ 507 &((k)->key_type_u.rsa_pri_key.prime_2) 508 #define OBJ_PRI_RSA_EXPO1(o) \ 509 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.exponent_1) 510 #define KEY_PRI_RSA_EXPO1(k) \ 511 &((k)->key_type_u.rsa_pri_key.exponent_1) 512 #define OBJ_PRI_RSA_EXPO2(o) \ 513 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.exponent_2) 514 #define KEY_PRI_RSA_EXPO2(k) \ 515 &((k)->key_type_u.rsa_pri_key.exponent_2) 516 #define OBJ_PRI_RSA_COEF(o) \ 517 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.coefficient) 518 #define KEY_PRI_RSA_COEF(k) \ 519 &((k)->key_type_u.rsa_pri_key.coefficient) 520 521 /* 522 * DSA Private Key Object Attributes 523 */ 524 #define KEY_PRI_DSA(k) \ 525 &((k)->key_type_u.dsa_pri_key) 526 #define OBJ_PRI_DSA_PRIME(o) \ 527 &((o)->object_class_u.private_key->key_type_u.dsa_pri_key.prime) 528 #define KEY_PRI_DSA_PRIME(k) \ 529 &((k)->key_type_u.dsa_pri_key.prime) 530 #define OBJ_PRI_DSA_SUBPRIME(o) \ 531 &((o)->object_class_u.private_key->key_type_u.dsa_pri_key.subprime) 532 #define KEY_PRI_DSA_SUBPRIME(k) \ 533 &((k)->key_type_u.dsa_pri_key.subprime) 534 #define OBJ_PRI_DSA_BASE(o) \ 535 &((o)->object_class_u.private_key->key_type_u.dsa_pri_key.base) 536 #define KEY_PRI_DSA_BASE(k) \ 537 &((k)->key_type_u.dsa_pri_key.base) 538 #define OBJ_PRI_DSA_VALUE(o) \ 539 &((o)->object_class_u.private_key->key_type_u.dsa_pri_key.value) 540 #define KEY_PRI_DSA_VALUE(k) \ 541 &((k)->key_type_u.dsa_pri_key.value) 542 543 /* 544 * Diffie-Hellman Private Key Object Attributes 545 */ 546 #define KEY_PRI_DH(k) \ 547 &((k)->key_type_u.dh_pri_key) 548 #define OBJ_PRI_DH_PRIME(o) \ 549 &((o)->object_class_u.private_key->key_type_u.dh_pri_key.prime) 550 #define KEY_PRI_DH_PRIME(k) \ 551 &((k)->key_type_u.dh_pri_key.prime) 552 #define OBJ_PRI_DH_BASE(o) \ 553 &((o)->object_class_u.private_key->key_type_u.dh_pri_key.base) 554 #define KEY_PRI_DH_BASE(k) \ 555 &((k)->key_type_u.dh_pri_key.base) 556 #define OBJ_PRI_DH_VALUE(o) \ 557 &((o)->object_class_u.private_key->key_type_u.dh_pri_key.value) 558 #define KEY_PRI_DH_VALUE(k) \ 559 &((k)->key_type_u.dh_pri_key.value) 560 #define OBJ_PRI_DH_VAL_BITS(o) \ 561 ((o)->object_class_u.private_key->key_type_u.dh_pri_key.value_bits) 562 #define KEY_PRI_DH_VAL_BITS(k) \ 563 ((k)->key_type_u.dh_pri_key.value_bits) 564 565 /* 566 * X9.42 Diffie-Hellman Private Key Object Attributes 567 */ 568 #define KEY_PRI_DH942(k) \ 569 &((k)->key_type_u.dh942_pri_key) 570 #define OBJ_PRI_DH942_PRIME(o) \ 571 &((o)->object_class_u.private_key->key_type_u.dh942_pri_key.prime) 572 #define KEY_PRI_DH942_PRIME(k) \ 573 &((k)->key_type_u.dh942_pri_key.prime) 574 #define OBJ_PRI_DH942_BASE(o) \ 575 &((o)->object_class_u.private_key->key_type_u.dh942_pri_key.base) 576 #define KEY_PRI_DH942_BASE(k) \ 577 &((k)->key_type_u.dh942_pri_key.base) 578 #define OBJ_PRI_DH942_SUBPRIME(o) \ 579 &((o)->object_class_u.private_key->key_type_u.dh942_pri_key.subprime) 580 #define KEY_PRI_DH942_SUBPRIME(k) \ 581 &((k)->key_type_u.dh942_pri_key.subprime) 582 #define OBJ_PRI_DH942_VALUE(o) \ 583 &((o)->object_class_u.private_key->key_type_u.dh942_pri_key.value) 584 #define KEY_PRI_DH942_VALUE(k) \ 585 &((k)->key_type_u.dh942_pri_key.value) 586 587 /* 588 * Elliptic Curve Private Key Object Attributes 589 */ 590 591 #define KEY_PRI_EC(k) \ 592 &((k)->key_type_u.ec_pri_key) 593 #define OBJ_PRI_EC_VALUE(o) \ 594 &((o)->object_class_u.private_key->key_type_u.ec_pri_key.value) 595 #define KEY_PRI_EC_VALUE(k) \ 596 &((k)->key_type_u.ec_pri_key.value) 597 598 /* 599 * DSA Domain Parameters Object Attributes 600 */ 601 #define OBJ_DOM(o) \ 602 ((o)->object_class_u.domain) 603 #define KEY_DOM_DSA(k) \ 604 &((k)->key_type_u.dsa_dom_key) 605 #define OBJ_DOM_DSA_PRIME(o) \ 606 &((o)->object_class_u.domain->key_type_u.dsa_dom_key.prime) 607 #define KEY_DOM_DSA_PRIME(k) \ 608 &((k)->key_type_u.dsa_dom_key.prime) 609 #define OBJ_DOM_DSA_SUBPRIME(o) \ 610 &((o)->object_class_u.domain->key_type_u.dsa_dom_key.subprime) 611 #define KEY_DOM_DSA_SUBPRIME(k) \ 612 &((k)->key_type_u.dsa_dom_key.subprime) 613 #define OBJ_DOM_DSA_BASE(o) \ 614 &((o)->object_class_u.domain->key_type_u.dsa_dom_key.base) 615 #define KEY_DOM_DSA_BASE(k) \ 616 &((k)->key_type_u.dsa_dom_key.base) 617 #define OBJ_DOM_DSA_PRIME_BITS(o) \ 618 ((o)->object_class_u.domain->key_type_u.dsa_dom_key.prime_bits) 619 620 /* 621 * Diffie-Hellman Domain Parameters Object Attributes 622 */ 623 #define KEY_DOM_DH(k) \ 624 &((k)->key_type_u.dh_dom_key) 625 #define OBJ_DOM_DH_PRIME(o) \ 626 &((o)->object_class_u.domain->key_type_u.dh_dom_key.prime) 627 #define KEY_DOM_DH_PRIME(k) \ 628 &((k)->key_type_u.dh_dom_key.prime) 629 #define OBJ_DOM_DH_BASE(o) \ 630 &((o)->object_class_u.domain->key_type_u.dh_dom_key.base) 631 #define KEY_DOM_DH_BASE(k) \ 632 &((k)->key_type_u.dh_dom_key.base) 633 #define OBJ_DOM_DH_PRIME_BITS(o) \ 634 ((o)->object_class_u.domain->key_type_u.dh_dom_key.prime_bits) 635 636 /* 637 * X9.42 Diffie-Hellman Domain Parameters Object Attributes 638 */ 639 #define KEY_DOM_DH942(k) \ 640 &((k)->key_type_u.dh942_dom_key) 641 #define OBJ_DOM_DH942_PRIME(o) \ 642 &((o)->object_class_u.domain->key_type_u.dh942_dom_key.prime) 643 #define KEY_DOM_DH942_PRIME(k) \ 644 &((k)->key_type_u.dh942_dom_key.prime) 645 #define OBJ_DOM_DH942_BASE(o) \ 646 &((o)->object_class_u.domain->key_type_u.dh942_dom_key.base) 647 #define KEY_DOM_DH942_BASE(k) \ 648 &((k)->key_type_u.dh942_dom_key.base) 649 #define OBJ_DOM_DH942_SUBPRIME(o) \ 650 &((o)->object_class_u.domain->key_type_u.dh942_dom_key.subprime) 651 #define KEY_DOM_DH942_SUBPRIME(k) \ 652 &((k)->key_type_u.dh942_dom_key.subprime) 653 #define OBJ_DOM_DH942_PRIME_BITS(o) \ 654 ((o)->object_class_u.domain->key_type_u.dh942_dom_key.prime_bits) 655 #define OBJ_DOM_DH942_SUBPRIME_BITS(o) \ 656 ((o)->object_class_u.domain->key_type_u.dh942_dom_key.subprime_bits) 657 658 /* 659 * Secret Key Object Attributes 660 */ 661 #define OBJ_SEC(o) \ 662 ((o)->object_class_u.secret_key) 663 #define OBJ_SEC_VALUE(o) \ 664 ((o)->object_class_u.secret_key->sk_value) 665 #define OBJ_SEC_VALUE_LEN(o) \ 666 ((o)->object_class_u.secret_key->sk_value_len) 667 #define OBJ_KEY_SCHED(o) \ 668 ((o)->object_class_u.secret_key->key_sched) 669 #define OBJ_KEY_SCHED_LEN(o) \ 670 ((o)->object_class_u.secret_key->keysched_len) 671 672 #define OBJ_CERT(o) \ 673 ((o)->object_class_u.certificate) 674 /* 675 * X.509 Key Certificate object attributes 676 */ 677 #define X509_CERT(o) \ 678 ((o)->object_class_u.certificate->cert_type_u.x509) 679 #define X509_CERT_SUBJECT(o) \ 680 ((o)->object_class_u.certificate->cert_type_u.x509.subject) 681 #define X509_CERT_VALUE(o) \ 682 ((o)->object_class_u.certificate->cert_type_u.x509.value) 683 684 /* 685 * X.509 Attribute Certificate object attributes 686 */ 687 #define X509_ATTR_CERT(o) \ 688 ((o)->object_class_u.certificate->cert_type_u.x509_attr) 689 #define X509_ATTR_CERT_OWNER(o) \ 690 ((o)->object_class_u.certificate->cert_type_u.x509_attr.owner) 691 #define X509_ATTR_CERT_VALUE(o) \ 692 ((o)->object_class_u.certificate->cert_type_u.x509_attr.value) 693 694 /* 695 * key related attributes with CK_BBOOL data type 696 */ 697 #define DERIVE_BOOL_ON 0x00000001 698 #define LOCAL_BOOL_ON 0x00000002 699 #define SENSITIVE_BOOL_ON 0x00000004 700 #define SECONDARY_AUTH_BOOL_ON 0x00000008 701 #define ENCRYPT_BOOL_ON 0x00000010 702 #define DECRYPT_BOOL_ON 0x00000020 703 #define SIGN_BOOL_ON 0x00000040 704 #define SIGN_RECOVER_BOOL_ON 0x00000080 705 #define VERIFY_BOOL_ON 0x00000100 706 #define VERIFY_RECOVER_BOOL_ON 0x00000200 707 #define WRAP_BOOL_ON 0x00000400 708 #define UNWRAP_BOOL_ON 0x00000800 709 #define TRUSTED_BOOL_ON 0x00001000 710 #define EXTRACTABLE_BOOL_ON 0x00002000 711 #define ALWAYS_SENSITIVE_BOOL_ON 0x00004000 712 #define NEVER_EXTRACTABLE_BOOL_ON 0x00008000 713 #define NOT_MODIFIABLE_BOOL_ON 0x00010000 714 715 #define PUBLIC_KEY_DEFAULT (ENCRYPT_BOOL_ON|\ 716 WRAP_BOOL_ON|\ 717 VERIFY_BOOL_ON|\ 718 VERIFY_RECOVER_BOOL_ON) 719 720 #define PRIVATE_KEY_DEFAULT (DECRYPT_BOOL_ON|\ 721 UNWRAP_BOOL_ON|\ 722 SIGN_BOOL_ON|\ 723 SIGN_RECOVER_BOOL_ON|\ 724 EXTRACTABLE_BOOL_ON) 725 726 #define SECRET_KEY_DEFAULT (ENCRYPT_BOOL_ON|\ 727 DECRYPT_BOOL_ON|\ 728 WRAP_BOOL_ON|\ 729 UNWRAP_BOOL_ON|\ 730 SIGN_BOOL_ON|\ 731 VERIFY_BOOL_ON|\ 732 EXTRACTABLE_BOOL_ON) 733 734 /* 735 * MAX_KEY_ATTR_BUFLEN 736 * The maximum buffer size needed for public or private key attributes 737 * should be 514 bytes. Just to be safe we give a little more space. 738 */ 739 #define MAX_KEY_ATTR_BUFLEN 1024 740 741 /* 742 * Flag definitions for obj_delete_sync 743 */ 744 #define OBJECT_IS_DELETING 1 /* Object is in a deleting state */ 745 #define OBJECT_REFCNT_WAITING 2 /* Waiting for object reference */ 746 /* count to become zero */ 747 748 /* 749 * This macro is used to type cast an object handle to a pointer to 750 * the object struct. Also, it checks to see if the object struct 751 * is tagged with an object magic number. This is to detect when an 752 * application passes a bogus object pointer. 753 * Also, it checks to see if the object is in the deleting state that 754 * another thread is performing. If not, increment the object reference 755 * count by one. This is to prevent this object from being deleted by 756 * other thread. 757 */ 758 #define HANDLE2OBJECT_COMMON(hObject, object_p, rv, REFCNT_CODE) { \ 759 object_p = (soft_object_t *)(hObject); \ 760 if ((object_p == NULL) || \ 761 (object_p->magic_marker != SOFTTOKEN_OBJECT_MAGIC)) {\ 762 rv = CKR_OBJECT_HANDLE_INVALID; \ 763 } else { \ 764 (void) pthread_mutex_lock(&object_p->object_mutex); \ 765 if (!(object_p->obj_delete_sync & OBJECT_IS_DELETING)) { \ 766 REFCNT_CODE; \ 767 rv = CKR_OK; \ 768 } else { \ 769 rv = CKR_OBJECT_HANDLE_INVALID; \ 770 } \ 771 (void) pthread_mutex_unlock(&object_p->object_mutex); \ 772 } \ 773 } 774 775 #define HANDLE2OBJECT(hObject, object_p, rv) \ 776 HANDLE2OBJECT_COMMON(hObject, object_p, rv, object_p->obj_refcnt++) 777 778 #define HANDLE2OBJECT_DESTROY(hObject, object_p, rv) \ 779 HANDLE2OBJECT_COMMON(hObject, object_p, rv, /* no refcnt increment */) 780 781 782 #define OBJ_REFRELE(object_p) { \ 783 (void) pthread_mutex_lock(&object_p->object_mutex); \ 784 if ((--object_p->obj_refcnt) == 0 && \ 785 (object_p->obj_delete_sync & OBJECT_REFCNT_WAITING)) { \ 786 (void) pthread_cond_signal(&object_p->obj_free_cond); \ 787 } \ 788 (void) pthread_mutex_unlock(&object_p->object_mutex); \ 789 } 790 791 /* 792 * Function Prototypes. 793 */ 794 void soft_cleanup_object(soft_object_t *objp); 795 796 CK_RV soft_add_object(CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, 797 CK_ULONG *objecthandle_p, soft_session_t *sp); 798 799 void soft_delete_object(soft_session_t *sp, soft_object_t *objp, 800 boolean_t force, boolean_t lock_held); 801 802 void soft_cleanup_extra_attr(soft_object_t *object_p); 803 804 CK_RV soft_copy_extra_attr(CK_ATTRIBUTE_INFO_PTR old_attrp, 805 soft_object_t *object_p); 806 807 void soft_cleanup_object_bigint_attrs(soft_object_t *object_p); 808 809 CK_RV soft_build_object(CK_ATTRIBUTE_PTR template, 810 CK_ULONG ulAttrNum, soft_object_t *new_object); 811 812 CK_RV soft_build_secret_key_object(CK_ATTRIBUTE_PTR template, 813 CK_ULONG ulAttrNum, soft_object_t *new_object, CK_ULONG mode, 814 CK_ULONG key_len, CK_KEY_TYPE key_type); 815 816 CK_RV soft_copy_object(soft_object_t *old_object, soft_object_t **new_object, 817 CK_ULONG object_func, soft_session_t *sp); 818 819 void soft_merge_object(soft_object_t *old_object, soft_object_t *new_object); 820 821 CK_RV soft_get_attribute(soft_object_t *object_p, CK_ATTRIBUTE_PTR template); 822 823 CK_RV soft_set_attribute(soft_object_t *object_p, CK_ATTRIBUTE_PTR template, 824 boolean_t copy); 825 826 CK_RV soft_set_common_storage_attribute(soft_object_t *object_p, 827 CK_ATTRIBUTE_PTR template, boolean_t copy); 828 829 CK_RV soft_get_public_value(soft_object_t *, CK_ATTRIBUTE_TYPE, uchar_t *, 830 uint32_t *); 831 832 CK_RV soft_get_private_value(soft_object_t *, CK_ATTRIBUTE_TYPE, uchar_t *, 833 uint32_t *); 834 835 CK_RV get_ulong_attr_from_object(CK_ULONG value, CK_ATTRIBUTE_PTR template); 836 837 void copy_bigint_attr(biginteger_t *src, biginteger_t *dst); 838 839 void soft_add_object_to_session(soft_object_t *, soft_session_t *); 840 841 CK_RV soft_build_key(CK_ATTRIBUTE_PTR, CK_ULONG, soft_object_t *, 842 CK_OBJECT_CLASS, CK_KEY_TYPE, CK_ULONG, CK_ULONG); 843 844 CK_RV soft_copy_public_key_attr(public_key_obj_t *old_pub_key_obj_p, 845 public_key_obj_t **new_pub_key_obj_p, CK_KEY_TYPE key_type); 846 847 CK_RV soft_copy_private_key_attr(private_key_obj_t *old_pri_key_obj_p, 848 private_key_obj_t **new_pri_key_obj_p, CK_KEY_TYPE key_type); 849 850 CK_RV soft_copy_secret_key_attr(secret_key_obj_t *old_secret_key_obj_p, 851 secret_key_obj_t **new_secret_key_obj_p); 852 853 CK_RV soft_copy_domain_attr(domain_obj_t *old_domain_obj_p, 854 domain_obj_t **new_domain_obj_p, CK_KEY_TYPE key_type); 855 856 CK_RV soft_validate_attr(CK_ATTRIBUTE_PTR template, CK_ULONG ulAttrNum, 857 CK_OBJECT_CLASS *class); 858 859 CK_RV soft_find_objects_init(soft_session_t *sp, CK_ATTRIBUTE_PTR pTemplate, 860 CK_ULONG ulCount); 861 862 void soft_find_objects_final(soft_session_t *sp); 863 864 void soft_find_objects(soft_session_t *sp, CK_OBJECT_HANDLE *obj_found, 865 CK_ULONG max_obj_requested, CK_ULONG *found_obj_count); 866 867 void soft_process_find_attr(CK_OBJECT_CLASS *pclasses, 868 CK_ULONG *num_result_pclasses, CK_ATTRIBUTE_PTR pTemplate, 869 CK_ULONG ulCount); 870 871 boolean_t soft_find_match_attrs(soft_object_t *obj, CK_OBJECT_CLASS *pclasses, 872 CK_ULONG num_pclasses, CK_ATTRIBUTE *tmpl_attr, CK_ULONG num_attr); 873 874 CK_ATTRIBUTE_PTR get_extra_attr(CK_ATTRIBUTE_TYPE type, soft_object_t *obj); 875 876 CK_RV get_string_from_template(CK_ATTRIBUTE_PTR dest, CK_ATTRIBUTE_PTR src); 877 878 void string_attr_cleanup(CK_ATTRIBUTE_PTR template); 879 880 void soft_cleanup_cert_object(soft_object_t *object_p); 881 882 CK_RV soft_get_certificate_attribute(soft_object_t *object_p, 883 CK_ATTRIBUTE_PTR template); 884 885 CK_RV soft_set_certificate_attribute(soft_object_t *object_p, 886 CK_ATTRIBUTE_PTR template, boolean_t copy); 887 888 CK_RV soft_copy_certificate(certificate_obj_t *old, certificate_obj_t **new, 889 CK_CERTIFICATE_TYPE type); 890 891 CK_RV get_cert_attr_from_template(cert_attr_t **dest, 892 CK_ATTRIBUTE_PTR src); 893 894 /* Token object related function prototypes */ 895 896 void soft_add_token_object_to_slot(soft_object_t *objp); 897 898 void soft_remove_token_object_from_slot(soft_object_t *objp, 899 boolean_t lock_held); 900 901 void soft_delete_token_object(soft_object_t *objp, boolean_t persistent, 902 boolean_t lock_held); 903 904 void soft_delete_all_in_core_token_objects(token_obj_type_t type); 905 906 void soft_validate_token_objects(boolean_t validate); 907 908 CK_RV soft_object_write_access_check(soft_session_t *sp, soft_object_t *objp); 909 910 CK_RV soft_pin_expired_check(soft_object_t *objp); 911 912 CK_RV soft_copy_to_old_object(soft_object_t *new, soft_object_t *old); 913 914 CK_RV soft_keystore_load_latest_object(soft_object_t *old_obj); 915 916 CK_RV refresh_token_objects(); 917 918 void bigint_attr_cleanup(biginteger_t *big); 919 920 CK_RV soft_add_extra_attr(CK_ATTRIBUTE_PTR template, soft_object_t *object_p); 921 922 CK_RV get_bigint_attr_from_template(biginteger_t *big, 923 CK_ATTRIBUTE_PTR template); 924 925 #ifdef __cplusplus 926 } 927 #endif 928 929 #endif /* _SOFTOBJECT_H */ 930