1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #ifndef _SOFTOBJECT_H 28 #define _SOFTOBJECT_H 29 30 #pragma ident "%Z%%M% %I% %E% SMI" 31 32 #ifdef __cplusplus 33 extern "C" { 34 #endif 35 36 #include <pthread.h> 37 #include <security/pkcs11t.h> 38 #include "softKeystoreUtil.h" 39 #include "softSession.h" 40 41 42 #define SOFTTOKEN_OBJECT_MAGIC 0xECF0B002 43 44 #define SOFT_CREATE_OBJ 1 45 #define SOFT_GEN_KEY 2 46 #define SOFT_DERIVE_KEY_DH 3 /* for CKM_DH_PKCS_DERIVE */ 47 #define SOFT_DERIVE_KEY_OTHER 4 /* for CKM_MD5_KEY_DERIVATION and */ 48 /* CKM_SHA1_KEY_DERIVATION */ 49 #define SOFT_UNWRAP_KEY 5 50 #define SOFT_CREATE_OBJ_INT 6 /* internal object creation */ 51 52 typedef struct biginteger { 53 CK_BYTE *big_value; 54 CK_ULONG big_value_len; 55 } biginteger_t; 56 57 58 /* 59 * Secret key Struct 60 */ 61 typedef struct secret_key_obj { 62 CK_BYTE *sk_value; 63 CK_ULONG sk_value_len; 64 void *key_sched; 65 size_t keysched_len; 66 } secret_key_obj_t; 67 68 69 /* 70 * PKCS11: RSA Public Key Object Attributes 71 */ 72 typedef struct rsa_pub_key { 73 biginteger_t modulus; 74 CK_ULONG modulus_bits; 75 biginteger_t pub_exponent; 76 } rsa_pub_key_t; 77 78 79 /* 80 * PKCS11: DSA Public Key Object Attributes 81 */ 82 typedef struct dsa_pub_key { 83 biginteger_t prime; 84 biginteger_t subprime; 85 biginteger_t base; 86 biginteger_t value; 87 } dsa_pub_key_t; 88 89 90 /* 91 * PKCS11: Diffie-Hellman Public Key Object Attributes 92 */ 93 typedef struct dh_pub_key { 94 biginteger_t prime; 95 biginteger_t base; 96 biginteger_t value; 97 } dh_pub_key_t; 98 99 100 /* 101 * PKCS11: X9.42 Diffie-Hellman Public Key Object Attributes 102 */ 103 typedef struct dh942_pub_key { 104 biginteger_t prime; 105 biginteger_t base; 106 biginteger_t subprime; 107 biginteger_t value; 108 } dh942_pub_key_t; 109 110 111 /* 112 * Public Key Main Struct 113 */ 114 typedef struct public_key_obj { 115 union { 116 rsa_pub_key_t rsa_pub_key; /* RSA public key */ 117 dsa_pub_key_t dsa_pub_key; /* DSA public key */ 118 dh_pub_key_t dh_pub_key; /* DH public key */ 119 dh942_pub_key_t dh942_pub_key; /* DH9.42 public key */ 120 } key_type_u; 121 } public_key_obj_t; 122 123 /* 124 * PKCS11: RSA Private Key Object Attributes 125 */ 126 typedef struct rsa_pri_key { 127 biginteger_t modulus; 128 biginteger_t pub_exponent; 129 biginteger_t pri_exponent; 130 biginteger_t prime_1; 131 biginteger_t prime_2; 132 biginteger_t exponent_1; 133 biginteger_t exponent_2; 134 biginteger_t coefficient; 135 } rsa_pri_key_t; 136 137 /* 138 * PKCS11: DSA Private Key Object Attributes 139 */ 140 typedef struct dsa_pri_key { 141 biginteger_t prime; 142 biginteger_t subprime; 143 biginteger_t base; 144 biginteger_t value; 145 } dsa_pri_key_t; 146 147 148 /* 149 * PKCS11: Diffie-Hellman Private Key Object Attributes 150 */ 151 typedef struct dh_pri_key { 152 biginteger_t prime; 153 biginteger_t base; 154 biginteger_t value; 155 CK_ULONG value_bits; 156 } dh_pri_key_t; 157 158 /* 159 * PKCS11: X9.42 Diffie-Hellman Private Key Object Attributes 160 */ 161 typedef struct dh942_pri_key { 162 biginteger_t prime; 163 biginteger_t base; 164 biginteger_t subprime; 165 biginteger_t value; 166 } dh942_pri_key_t; 167 168 169 /* 170 * Private Key Main Struct 171 */ 172 typedef struct private_key_obj { 173 union { 174 rsa_pri_key_t rsa_pri_key; /* RSA private key */ 175 dsa_pri_key_t dsa_pri_key; /* DSA private key */ 176 dh_pri_key_t dh_pri_key; /* DH private key */ 177 dh942_pri_key_t dh942_pri_key; /* DH9.42 private key */ 178 } key_type_u; 179 } private_key_obj_t; 180 181 /* 182 * PKCS11: DSA Domain Parameters Object Attributes 183 */ 184 typedef struct dsa_dom_key { 185 biginteger_t prime; 186 biginteger_t subprime; 187 biginteger_t base; 188 CK_ULONG prime_bits; 189 } dsa_dom_key_t; 190 191 192 /* 193 * PKCS11: Diffie-Hellman Domain Parameters Object Attributes 194 */ 195 typedef struct dh_dom_key { 196 biginteger_t prime; 197 biginteger_t base; 198 CK_ULONG prime_bits; 199 } dh_dom_key_t; 200 201 202 /* 203 * PKCS11: X9.42 Diffie-Hellman Domain Parameters Object Attributes 204 */ 205 typedef struct dh942_dom_key { 206 biginteger_t prime; 207 biginteger_t base; 208 biginteger_t subprime; 209 CK_ULONG prime_bits; 210 CK_ULONG subprime_bits; 211 } dh942_dom_key_t; 212 213 /* 214 * Domain Parameters Main Struct 215 */ 216 typedef struct domain_obj { 217 union { 218 dsa_dom_key_t dsa_dom_key; /* DSA domain parameters */ 219 dh_dom_key_t dh_dom_key; /* DH domain parameters */ 220 dh942_dom_key_t dh942_dom_key; /* DH9.42 domain parameters */ 221 } key_type_u; 222 } domain_obj_t; 223 224 typedef struct cert_attr_type { 225 CK_BYTE *value; 226 CK_ULONG length; 227 } cert_attr_t; 228 229 /* 230 * X.509 Public Key Certificate Structure. 231 * This structure contains only the attributes that are 232 * NOT modifiable after creation. 233 * ID, ISSUER, and SUBJECT attributes are kept in the extra_attrlistp 234 * record. 235 */ 236 typedef struct x509_cert { 237 cert_attr_t *subject; /* DER encoding of certificate subject name */ 238 cert_attr_t *value; /* BER encoding of the cert */ 239 } x509_cert_t; 240 241 /* 242 * X.509 Attribute Certificiate Structure 243 * This structure contains only the attributes that are 244 * NOT modifiable after creation. 245 * AC_ISSUER, SERIAL_NUMBER, and ATTR_TYPES are kept in the 246 * extra_attrlistp record so they may be modified. 247 */ 248 typedef struct x509_attr_cert { 249 cert_attr_t *owner; /* DER encoding of attr cert subject field */ 250 cert_attr_t *value; /* BER encoding of cert */ 251 } x509_attr_cert_t; 252 253 /* 254 * Certificate Object Main Struct 255 */ 256 typedef struct certificate_obj { 257 CK_CERTIFICATE_TYPE certificate_type; 258 union { 259 x509_cert_t x509; 260 x509_attr_cert_t x509_attr; 261 } cert_type_u; 262 } certificate_obj_t; 263 264 /* 265 * This structure is used to hold the attributes in the 266 * Extra Attribute List. 267 */ 268 typedef struct attribute_info { 269 CK_ATTRIBUTE attr; 270 struct attribute_info *next; 271 } attribute_info_t; 272 273 274 typedef attribute_info_t *CK_ATTRIBUTE_INFO_PTR; 275 276 /* 277 * This is the main structure of the Objects. 278 */ 279 typedef struct object { 280 /* Generic common fields. Always present */ 281 uint_t version; /* for token objects only */ 282 CK_OBJECT_CLASS class; 283 CK_KEY_TYPE key_type; 284 CK_CERTIFICATE_TYPE cert_type; 285 ulong_t magic_marker; 286 uint64_t bool_attr_mask; /* see below */ 287 CK_MECHANISM_TYPE mechanism; 288 uchar_t object_type; /* see below */ 289 struct ks_obj_handle ks_handle; /* keystore handle */ 290 291 /* Fields for access and arbitration */ 292 pthread_mutex_t object_mutex; 293 struct object *next; 294 struct object *prev; 295 296 /* Extra non-boolean attribute list */ 297 CK_ATTRIBUTE_INFO_PTR extra_attrlistp; 298 299 /* For each object, only one of these object classes is presented */ 300 union { 301 public_key_obj_t *public_key; 302 private_key_obj_t *private_key; 303 secret_key_obj_t *secret_key; 304 domain_obj_t *domain; 305 certificate_obj_t *certificate; 306 } object_class_u; 307 308 /* Session handle that the object belongs to */ 309 CK_SESSION_HANDLE session_handle; 310 uint32_t obj_refcnt; /* object reference count */ 311 pthread_cond_t obj_free_cond; /* cond variable for signal and wait */ 312 uint32_t obj_delete_sync; /* object delete sync flags */ 313 314 } soft_object_t; 315 316 typedef struct find_context { 317 soft_object_t **objs_found; 318 CK_ULONG num_results; 319 CK_ULONG next_result_index; /* next result object to return */ 320 } find_context_t; 321 322 /* 323 * The following structure is used to link the to-be-freed session 324 * objects into a linked list. The objects on this linked list have 325 * not yet been freed via free() after C_DestroyObject() call; instead 326 * they are added to this list. The actual free will take place when 327 * the number of objects queued reaches MAX_OBJ_TO_BE_FREED, at which 328 * time the first object in the list will be freed. 329 */ 330 #define MAX_OBJ_TO_BE_FREED 300 331 332 typedef struct obj_to_be_freed_list { 333 struct object *first; /* points to the first obj in the list */ 334 struct object *last; /* points to the last obj in the list */ 335 uint32_t count; /* current total objs in the list */ 336 pthread_mutex_t obj_to_be_free_mutex; 337 } obj_to_be_freed_list_t; 338 339 /* 340 * Object type 341 */ 342 #define SESSION_PUBLIC 0 /* CKA_TOKEN = 0, CKA_PRIVATE = 0 */ 343 #define SESSION_PRIVATE 1 /* CKA_TOKEN = 0, CKA_PRIVATE = 1 */ 344 #define TOKEN_PUBLIC 2 /* CKA_TOKEN = 1, CKA_PRIVATE = 0 */ 345 #define TOKEN_PRIVATE 3 /* CKA_TOKEN = 1, CKA_PRIVATE = 1 */ 346 347 #define TOKEN_OBJECT 2 348 #define PRIVATE_OBJECT 1 349 350 typedef enum { 351 ALL_TOKEN = 0, 352 PUBLIC_TOKEN = 1, 353 PRIVATE_TOKEN = 2 354 } token_obj_type_t; 355 356 #define IS_TOKEN_OBJECT(objp) \ 357 ((objp->object_type == TOKEN_PUBLIC) || \ 358 (objp->object_type == TOKEN_PRIVATE)) 359 360 /* 361 * Types associated with copying object's content 362 */ 363 #define SOFT_SET_ATTR_VALUE 1 /* for C_SetAttributeValue */ 364 #define SOFT_COPY_OBJECT 2 /* for C_CopyObject */ 365 #define SOFT_COPY_OBJ_ORIG_SH 3 /* for copying an object but keeps */ 366 /* the original session handle */ 367 368 /* 369 * The following definitions are the shortcuts 370 */ 371 372 /* 373 * RSA Public Key Object Attributes 374 */ 375 #define OBJ_PUB(o) \ 376 ((o)->object_class_u.public_key) 377 #define KEY_PUB_RSA(k) \ 378 &((k)->key_type_u.rsa_pub_key) 379 #define OBJ_PUB_RSA_MOD(o) \ 380 &((o)->object_class_u.public_key->key_type_u.rsa_pub_key.modulus) 381 #define KEY_PUB_RSA_MOD(k) \ 382 &((k)->key_type_u.rsa_pub_key.modulus) 383 #define OBJ_PUB_RSA_PUBEXPO(o) \ 384 &((o)->object_class_u.public_key->key_type_u.rsa_pub_key.pub_exponent) 385 #define KEY_PUB_RSA_PUBEXPO(k) \ 386 &((k)->key_type_u.rsa_pub_key.pub_exponent) 387 #define OBJ_PUB_RSA_MOD_BITS(o) \ 388 ((o)->object_class_u.public_key->key_type_u.rsa_pub_key.modulus_bits) 389 #define KEY_PUB_RSA_MOD_BITS(k) \ 390 ((k)->key_type_u.rsa_pub_key.modulus_bits) 391 392 /* 393 * DSA Public Key Object Attributes 394 */ 395 #define KEY_PUB_DSA(k) \ 396 &((k)->key_type_u.dsa_pub_key) 397 #define OBJ_PUB_DSA_PRIME(o) \ 398 &((o)->object_class_u.public_key->key_type_u.dsa_pub_key.prime) 399 #define KEY_PUB_DSA_PRIME(k) \ 400 &((k)->key_type_u.dsa_pub_key.prime) 401 #define OBJ_PUB_DSA_SUBPRIME(o) \ 402 &((o)->object_class_u.public_key->key_type_u.dsa_pub_key.subprime) 403 #define KEY_PUB_DSA_SUBPRIME(k) \ 404 &((k)->key_type_u.dsa_pub_key.subprime) 405 #define OBJ_PUB_DSA_BASE(o) \ 406 &((o)->object_class_u.public_key->key_type_u.dsa_pub_key.base) 407 #define KEY_PUB_DSA_BASE(k) \ 408 &((k)->key_type_u.dsa_pub_key.base) 409 #define OBJ_PUB_DSA_VALUE(o) \ 410 &((o)->object_class_u.public_key->key_type_u.dsa_pub_key.value) 411 #define KEY_PUB_DSA_VALUE(k) \ 412 &((k)->key_type_u.dsa_pub_key.value) 413 414 /* 415 * Diffie-Hellman Public Key Object Attributes 416 */ 417 #define KEY_PUB_DH(k) \ 418 &((k)->key_type_u.dh_pub_key) 419 #define OBJ_PUB_DH_PRIME(o) \ 420 &((o)->object_class_u.public_key->key_type_u.dh_pub_key.prime) 421 #define KEY_PUB_DH_PRIME(k) \ 422 &((k)->key_type_u.dh_pub_key.prime) 423 #define OBJ_PUB_DH_BASE(o) \ 424 &((o)->object_class_u.public_key->key_type_u.dh_pub_key.base) 425 #define KEY_PUB_DH_BASE(k) \ 426 &((k)->key_type_u.dh_pub_key.base) 427 #define OBJ_PUB_DH_VALUE(o) \ 428 &((o)->object_class_u.public_key->key_type_u.dh_pub_key.value) 429 #define KEY_PUB_DH_VALUE(k) \ 430 &((k)->key_type_u.dh_pub_key.value) 431 432 /* 433 * X9.42 Diffie-Hellman Public Key Object Attributes 434 */ 435 #define KEY_PUB_DH942(k) \ 436 &((k)->key_type_u.dh942_pub_key) 437 #define OBJ_PUB_DH942_PRIME(o) \ 438 &((o)->object_class_u.public_key->key_type_u.dh942_pub_key.prime) 439 #define KEY_PUB_DH942_PRIME(k) \ 440 &((k)->key_type_u.dh942_pub_key.prime) 441 #define OBJ_PUB_DH942_BASE(o) \ 442 &((o)->object_class_u.public_key->key_type_u.dh942_pub_key.base) 443 #define KEY_PUB_DH942_BASE(k) \ 444 &((k)->key_type_u.dh942_pub_key.base) 445 #define OBJ_PUB_DH942_SUBPRIME(o) \ 446 &((o)->object_class_u.public_key->key_type_u.dh942_pub_key.subprime) 447 #define KEY_PUB_DH942_SUBPRIME(k) \ 448 &((k)->key_type_u.dh942_pub_key.subprime) 449 #define OBJ_PUB_DH942_VALUE(o) \ 450 &((o)->object_class_u.public_key->key_type_u.dh942_pub_key.value) 451 #define KEY_PUB_DH942_VALUE(k) \ 452 &((k)->key_type_u.dh942_pub_key.value) 453 454 /* 455 * RSA Private Key Object Attributes 456 */ 457 #define OBJ_PRI(o) \ 458 ((o)->object_class_u.private_key) 459 #define KEY_PRI_RSA(k) \ 460 &((k)->key_type_u.rsa_pri_key) 461 #define OBJ_PRI_RSA_MOD(o) \ 462 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.modulus) 463 #define KEY_PRI_RSA_MOD(k) \ 464 &((k)->key_type_u.rsa_pri_key.modulus) 465 #define OBJ_PRI_RSA_PUBEXPO(o) \ 466 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.pub_exponent) 467 #define KEY_PRI_RSA_PUBEXPO(k) \ 468 &((k)->key_type_u.rsa_pri_key.pub_exponent) 469 #define OBJ_PRI_RSA_PRIEXPO(o) \ 470 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.pri_exponent) 471 #define KEY_PRI_RSA_PRIEXPO(k) \ 472 &((k)->key_type_u.rsa_pri_key.pri_exponent) 473 #define OBJ_PRI_RSA_PRIME1(o) \ 474 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.prime_1) 475 #define KEY_PRI_RSA_PRIME1(k) \ 476 &((k)->key_type_u.rsa_pri_key.prime_1) 477 #define OBJ_PRI_RSA_PRIME2(o) \ 478 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.prime_2) 479 #define KEY_PRI_RSA_PRIME2(k) \ 480 &((k)->key_type_u.rsa_pri_key.prime_2) 481 #define OBJ_PRI_RSA_EXPO1(o) \ 482 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.exponent_1) 483 #define KEY_PRI_RSA_EXPO1(k) \ 484 &((k)->key_type_u.rsa_pri_key.exponent_1) 485 #define OBJ_PRI_RSA_EXPO2(o) \ 486 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.exponent_2) 487 #define KEY_PRI_RSA_EXPO2(k) \ 488 &((k)->key_type_u.rsa_pri_key.exponent_2) 489 #define OBJ_PRI_RSA_COEF(o) \ 490 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.coefficient) 491 #define KEY_PRI_RSA_COEF(k) \ 492 &((k)->key_type_u.rsa_pri_key.coefficient) 493 494 /* 495 * DSA Private Key Object Attributes 496 */ 497 #define KEY_PRI_DSA(k) \ 498 &((k)->key_type_u.dsa_pri_key) 499 #define OBJ_PRI_DSA_PRIME(o) \ 500 &((o)->object_class_u.private_key->key_type_u.dsa_pri_key.prime) 501 #define KEY_PRI_DSA_PRIME(k) \ 502 &((k)->key_type_u.dsa_pri_key.prime) 503 #define OBJ_PRI_DSA_SUBPRIME(o) \ 504 &((o)->object_class_u.private_key->key_type_u.dsa_pri_key.subprime) 505 #define KEY_PRI_DSA_SUBPRIME(k) \ 506 &((k)->key_type_u.dsa_pri_key.subprime) 507 #define OBJ_PRI_DSA_BASE(o) \ 508 &((o)->object_class_u.private_key->key_type_u.dsa_pri_key.base) 509 #define KEY_PRI_DSA_BASE(k) \ 510 &((k)->key_type_u.dsa_pri_key.base) 511 #define OBJ_PRI_DSA_VALUE(o) \ 512 &((o)->object_class_u.private_key->key_type_u.dsa_pri_key.value) 513 #define KEY_PRI_DSA_VALUE(k) \ 514 &((k)->key_type_u.dsa_pri_key.value) 515 516 /* 517 * Diffie-Hellman Private Key Object Attributes 518 */ 519 #define KEY_PRI_DH(k) \ 520 &((k)->key_type_u.dh_pri_key) 521 #define OBJ_PRI_DH_PRIME(o) \ 522 &((o)->object_class_u.private_key->key_type_u.dh_pri_key.prime) 523 #define KEY_PRI_DH_PRIME(k) \ 524 &((k)->key_type_u.dh_pri_key.prime) 525 #define OBJ_PRI_DH_BASE(o) \ 526 &((o)->object_class_u.private_key->key_type_u.dh_pri_key.base) 527 #define KEY_PRI_DH_BASE(k) \ 528 &((k)->key_type_u.dh_pri_key.base) 529 #define OBJ_PRI_DH_VALUE(o) \ 530 &((o)->object_class_u.private_key->key_type_u.dh_pri_key.value) 531 #define KEY_PRI_DH_VALUE(k) \ 532 &((k)->key_type_u.dh_pri_key.value) 533 #define OBJ_PRI_DH_VAL_BITS(o) \ 534 ((o)->object_class_u.private_key->key_type_u.dh_pri_key.value_bits) 535 #define KEY_PRI_DH_VAL_BITS(k) \ 536 ((k)->key_type_u.dh_pri_key.value_bits) 537 538 /* 539 * X9.42 Diffie-Hellman Private Key Object Attributes 540 */ 541 #define KEY_PRI_DH942(k) \ 542 &((k)->key_type_u.dh942_pri_key) 543 #define OBJ_PRI_DH942_PRIME(o) \ 544 &((o)->object_class_u.private_key->key_type_u.dh942_pri_key.prime) 545 #define KEY_PRI_DH942_PRIME(k) \ 546 &((k)->key_type_u.dh942_pri_key.prime) 547 #define OBJ_PRI_DH942_BASE(o) \ 548 &((o)->object_class_u.private_key->key_type_u.dh942_pri_key.base) 549 #define KEY_PRI_DH942_BASE(k) \ 550 &((k)->key_type_u.dh942_pri_key.base) 551 #define OBJ_PRI_DH942_SUBPRIME(o) \ 552 &((o)->object_class_u.private_key->key_type_u.dh942_pri_key.subprime) 553 #define KEY_PRI_DH942_SUBPRIME(k) \ 554 &((k)->key_type_u.dh942_pri_key.subprime) 555 #define OBJ_PRI_DH942_VALUE(o) \ 556 &((o)->object_class_u.private_key->key_type_u.dh942_pri_key.value) 557 #define KEY_PRI_DH942_VALUE(k) \ 558 &((k)->key_type_u.dh942_pri_key.value) 559 560 /* 561 * DSA Domain Parameters Object Attributes 562 */ 563 #define OBJ_DOM(o) \ 564 ((o)->object_class_u.domain) 565 #define KEY_DOM_DSA(k) \ 566 &((k)->key_type_u.dsa_dom_key) 567 #define OBJ_DOM_DSA_PRIME(o) \ 568 &((o)->object_class_u.domain->key_type_u.dsa_dom_key.prime) 569 #define KEY_DOM_DSA_PRIME(k) \ 570 &((k)->key_type_u.dsa_dom_key.prime) 571 #define OBJ_DOM_DSA_SUBPRIME(o) \ 572 &((o)->object_class_u.domain->key_type_u.dsa_dom_key.subprime) 573 #define KEY_DOM_DSA_SUBPRIME(k) \ 574 &((k)->key_type_u.dsa_dom_key.subprime) 575 #define OBJ_DOM_DSA_BASE(o) \ 576 &((o)->object_class_u.domain->key_type_u.dsa_dom_key.base) 577 #define KEY_DOM_DSA_BASE(k) \ 578 &((k)->key_type_u.dsa_dom_key.base) 579 #define OBJ_DOM_DSA_PRIME_BITS(o) \ 580 ((o)->object_class_u.domain->key_type_u.dsa_dom_key.prime_bits) 581 582 /* 583 * Diffie-Hellman Domain Parameters Object Attributes 584 */ 585 #define KEY_DOM_DH(k) \ 586 &((k)->key_type_u.dh_dom_key) 587 #define OBJ_DOM_DH_PRIME(o) \ 588 &((o)->object_class_u.domain->key_type_u.dh_dom_key.prime) 589 #define KEY_DOM_DH_PRIME(k) \ 590 &((k)->key_type_u.dh_dom_key.prime) 591 #define OBJ_DOM_DH_BASE(o) \ 592 &((o)->object_class_u.domain->key_type_u.dh_dom_key.base) 593 #define KEY_DOM_DH_BASE(k) \ 594 &((k)->key_type_u.dh_dom_key.base) 595 #define OBJ_DOM_DH_PRIME_BITS(o) \ 596 ((o)->object_class_u.domain->key_type_u.dh_dom_key.prime_bits) 597 598 /* 599 * X9.42 Diffie-Hellman Domain Parameters Object Attributes 600 */ 601 #define KEY_DOM_DH942(k) \ 602 &((k)->key_type_u.dh942_dom_key) 603 #define OBJ_DOM_DH942_PRIME(o) \ 604 &((o)->object_class_u.domain->key_type_u.dh942_dom_key.prime) 605 #define KEY_DOM_DH942_PRIME(k) \ 606 &((k)->key_type_u.dh942_dom_key.prime) 607 #define OBJ_DOM_DH942_BASE(o) \ 608 &((o)->object_class_u.domain->key_type_u.dh942_dom_key.base) 609 #define KEY_DOM_DH942_BASE(k) \ 610 &((k)->key_type_u.dh942_dom_key.base) 611 #define OBJ_DOM_DH942_SUBPRIME(o) \ 612 &((o)->object_class_u.domain->key_type_u.dh942_dom_key.subprime) 613 #define KEY_DOM_DH942_SUBPRIME(k) \ 614 &((k)->key_type_u.dh942_dom_key.subprime) 615 #define OBJ_DOM_DH942_PRIME_BITS(o) \ 616 ((o)->object_class_u.domain->key_type_u.dh942_dom_key.prime_bits) 617 #define OBJ_DOM_DH942_SUBPRIME_BITS(o) \ 618 ((o)->object_class_u.domain->key_type_u.dh942_dom_key.subprime_bits) 619 620 /* 621 * Secret Key Object Attributes 622 */ 623 #define OBJ_SEC(o) \ 624 ((o)->object_class_u.secret_key) 625 #define OBJ_SEC_VALUE(o) \ 626 ((o)->object_class_u.secret_key->sk_value) 627 #define OBJ_SEC_VALUE_LEN(o) \ 628 ((o)->object_class_u.secret_key->sk_value_len) 629 #define OBJ_KEY_SCHED(o) \ 630 ((o)->object_class_u.secret_key->key_sched) 631 #define OBJ_KEY_SCHED_LEN(o) \ 632 ((o)->object_class_u.secret_key->keysched_len) 633 634 #define OBJ_CERT(o) \ 635 ((o)->object_class_u.certificate) 636 /* 637 * X.509 Key Certificate object attributes 638 */ 639 #define X509_CERT(o) \ 640 ((o)->object_class_u.certificate->cert_type_u.x509) 641 #define X509_CERT_SUBJECT(o) \ 642 ((o)->object_class_u.certificate->cert_type_u.x509.subject) 643 #define X509_CERT_VALUE(o) \ 644 ((o)->object_class_u.certificate->cert_type_u.x509.value) 645 646 /* 647 * X.509 Attribute Certificate object attributes 648 */ 649 #define X509_ATTR_CERT(o) \ 650 ((o)->object_class_u.certificate->cert_type_u.x509_attr) 651 #define X509_ATTR_CERT_OWNER(o) \ 652 ((o)->object_class_u.certificate->cert_type_u.x509_attr.owner) 653 #define X509_ATTR_CERT_VALUE(o) \ 654 ((o)->object_class_u.certificate->cert_type_u.x509_attr.value) 655 656 /* 657 * key related attributes with CK_BBOOL data type 658 */ 659 #define DERIVE_BOOL_ON 0x00000001 660 #define LOCAL_BOOL_ON 0x00000002 661 #define SENSITIVE_BOOL_ON 0x00000004 662 #define SECONDARY_AUTH_BOOL_ON 0x00000008 663 #define ENCRYPT_BOOL_ON 0x00000010 664 #define DECRYPT_BOOL_ON 0x00000020 665 #define SIGN_BOOL_ON 0x00000040 666 #define SIGN_RECOVER_BOOL_ON 0x00000080 667 #define VERIFY_BOOL_ON 0x00000100 668 #define VERIFY_RECOVER_BOOL_ON 0x00000200 669 #define WRAP_BOOL_ON 0x00000400 670 #define UNWRAP_BOOL_ON 0x00000800 671 #define TRUSTED_BOOL_ON 0x00001000 672 #define EXTRACTABLE_BOOL_ON 0x00002000 673 #define ALWAYS_SENSITIVE_BOOL_ON 0x00004000 674 #define NEVER_EXTRACTABLE_BOOL_ON 0x00008000 675 #define NOT_MODIFIABLE_BOOL_ON 0x00010000 676 677 #define PUBLIC_KEY_DEFAULT (ENCRYPT_BOOL_ON|\ 678 WRAP_BOOL_ON|\ 679 VERIFY_BOOL_ON|\ 680 VERIFY_RECOVER_BOOL_ON) 681 682 #define PRIVATE_KEY_DEFAULT (DECRYPT_BOOL_ON|\ 683 UNWRAP_BOOL_ON|\ 684 SIGN_BOOL_ON|\ 685 SIGN_RECOVER_BOOL_ON|\ 686 EXTRACTABLE_BOOL_ON) 687 688 #define SECRET_KEY_DEFAULT (ENCRYPT_BOOL_ON|\ 689 DECRYPT_BOOL_ON|\ 690 WRAP_BOOL_ON|\ 691 UNWRAP_BOOL_ON|\ 692 SIGN_BOOL_ON|\ 693 VERIFY_BOOL_ON|\ 694 EXTRACTABLE_BOOL_ON) 695 696 /* 697 * MAX_KEY_ATTR_BUFLEN 698 * The maximum buffer size needed for public or private key attributes 699 * should be 514 bytes. Just to be safe we give a little more space. 700 */ 701 #define MAX_KEY_ATTR_BUFLEN 1024 702 703 /* 704 * Flag definitions for obj_delete_sync 705 */ 706 #define OBJECT_IS_DELETING 1 /* Object is in a deleting state */ 707 #define OBJECT_REFCNT_WAITING 2 /* Waiting for object reference */ 708 /* count to become zero */ 709 710 /* 711 * This macro is used to type cast an object handle to a pointer to 712 * the object struct. Also, it checks to see if the object struct 713 * is tagged with an object magic number. This is to detect when an 714 * application passes a bogus object pointer. 715 * Also, it checks to see if the object is in the deleting state that 716 * another thread is performing. If not, increment the object reference 717 * count by one. This is to prevent this object from being deleted by 718 * other thread. 719 */ 720 #define HANDLE2OBJECT_COMMON(hObject, object_p, rv, REFCNT_CODE) { \ 721 object_p = (soft_object_t *)(hObject); \ 722 if ((object_p == NULL) || \ 723 (object_p->magic_marker != SOFTTOKEN_OBJECT_MAGIC)) {\ 724 rv = CKR_OBJECT_HANDLE_INVALID; \ 725 } else { \ 726 (void) pthread_mutex_lock(&object_p->object_mutex); \ 727 if (!(object_p->obj_delete_sync & OBJECT_IS_DELETING)) { \ 728 REFCNT_CODE; \ 729 rv = CKR_OK; \ 730 } else { \ 731 rv = CKR_OBJECT_HANDLE_INVALID; \ 732 } \ 733 (void) pthread_mutex_unlock(&object_p->object_mutex); \ 734 } \ 735 } 736 737 #define HANDLE2OBJECT(hObject, object_p, rv) \ 738 HANDLE2OBJECT_COMMON(hObject, object_p, rv, object_p->obj_refcnt++) 739 740 #define HANDLE2OBJECT_DESTROY(hObject, object_p, rv) \ 741 HANDLE2OBJECT_COMMON(hObject, object_p, rv, /* no refcnt increment */) 742 743 744 #define OBJ_REFRELE(object_p) { \ 745 (void) pthread_mutex_lock(&object_p->object_mutex); \ 746 if ((--object_p->obj_refcnt) == 0 && \ 747 (object_p->obj_delete_sync & OBJECT_REFCNT_WAITING)) { \ 748 (void) pthread_cond_signal(&object_p->obj_free_cond); \ 749 } \ 750 (void) pthread_mutex_unlock(&object_p->object_mutex); \ 751 } 752 753 /* 754 * Function Prototypes. 755 */ 756 void soft_cleanup_object(soft_object_t *objp); 757 758 CK_RV soft_add_object(CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, 759 CK_ULONG *objecthandle_p, soft_session_t *sp); 760 761 void soft_delete_object(soft_session_t *sp, soft_object_t *objp, 762 boolean_t lock_held); 763 764 void soft_cleanup_extra_attr(soft_object_t *object_p); 765 766 CK_RV soft_copy_extra_attr(CK_ATTRIBUTE_INFO_PTR old_attrp, 767 soft_object_t *object_p); 768 769 void soft_cleanup_object_bigint_attrs(soft_object_t *object_p); 770 771 CK_RV soft_build_object(CK_ATTRIBUTE_PTR template, 772 CK_ULONG ulAttrNum, soft_object_t *new_object); 773 774 CK_RV soft_build_secret_key_object(CK_ATTRIBUTE_PTR template, 775 CK_ULONG ulAttrNum, soft_object_t *new_object, CK_ULONG mode, 776 CK_ULONG key_len, CK_KEY_TYPE key_type); 777 778 CK_RV soft_copy_object(soft_object_t *old_object, soft_object_t **new_object, 779 CK_ULONG object_func, soft_session_t *sp); 780 781 void soft_merge_object(soft_object_t *old_object, soft_object_t *new_object); 782 783 CK_RV soft_get_attribute(soft_object_t *object_p, CK_ATTRIBUTE_PTR template); 784 785 CK_RV soft_set_attribute(soft_object_t *object_p, CK_ATTRIBUTE_PTR template, 786 boolean_t copy); 787 788 CK_RV soft_set_common_storage_attribute(soft_object_t *object_p, 789 CK_ATTRIBUTE_PTR template, boolean_t copy); 790 791 CK_RV soft_get_public_attr(soft_object_t *, CK_ATTRIBUTE_TYPE, uchar_t *, 792 uint32_t *); 793 794 CK_RV soft_get_private_attr(soft_object_t *, CK_ATTRIBUTE_TYPE, uchar_t *, 795 uint32_t *); 796 797 CK_RV get_ulong_attr_from_object(CK_ULONG value, CK_ATTRIBUTE_PTR template); 798 799 void copy_bigint_attr(biginteger_t *src, biginteger_t *dst); 800 801 void soft_add_object_to_session(soft_object_t *, soft_session_t *); 802 803 CK_RV soft_build_key(CK_ATTRIBUTE_PTR, CK_ULONG, soft_object_t *, 804 CK_OBJECT_CLASS, CK_KEY_TYPE, CK_ULONG, CK_ULONG); 805 806 CK_RV soft_copy_public_key_attr(public_key_obj_t *old_pub_key_obj_p, 807 public_key_obj_t **new_pub_key_obj_p, CK_KEY_TYPE key_type); 808 809 CK_RV soft_copy_private_key_attr(private_key_obj_t *old_pri_key_obj_p, 810 private_key_obj_t **new_pri_key_obj_p, CK_KEY_TYPE key_type); 811 812 CK_RV soft_copy_secret_key_attr(secret_key_obj_t *old_secret_key_obj_p, 813 secret_key_obj_t **new_secret_key_obj_p); 814 815 CK_RV soft_copy_domain_attr(domain_obj_t *old_domain_obj_p, 816 domain_obj_t **new_domain_obj_p, CK_KEY_TYPE key_type); 817 818 CK_RV soft_validate_attr(CK_ATTRIBUTE_PTR template, CK_ULONG ulAttrNum, 819 CK_OBJECT_CLASS *class); 820 821 CK_RV soft_find_objects_init(soft_session_t *sp, CK_ATTRIBUTE_PTR pTemplate, 822 CK_ULONG ulCount); 823 824 void soft_find_objects_final(soft_session_t *sp); 825 826 void soft_find_objects(soft_session_t *sp, CK_OBJECT_HANDLE *obj_found, 827 CK_ULONG max_obj_requested, CK_ULONG *found_obj_count); 828 829 void soft_process_find_attr(CK_OBJECT_CLASS *pclasses, 830 CK_ULONG *num_result_pclasses, CK_ATTRIBUTE_PTR pTemplate, 831 CK_ULONG ulCount); 832 833 boolean_t soft_find_match_attrs(soft_object_t *obj, CK_OBJECT_CLASS *pclasses, 834 CK_ULONG num_pclasses, CK_ATTRIBUTE *tmpl_attr, CK_ULONG num_attr); 835 836 CK_ATTRIBUTE_PTR get_extra_attr(CK_ATTRIBUTE_TYPE type, soft_object_t *obj); 837 838 CK_RV get_string_from_template(CK_ATTRIBUTE_PTR dest, CK_ATTRIBUTE_PTR src); 839 840 void string_attr_cleanup(CK_ATTRIBUTE_PTR template); 841 842 void soft_cleanup_cert_object(soft_object_t *object_p); 843 844 CK_RV soft_get_certificate_attribute(soft_object_t *object_p, 845 CK_ATTRIBUTE_PTR template); 846 847 CK_RV soft_set_certificate_attribute(soft_object_t *object_p, 848 CK_ATTRIBUTE_PTR template, boolean_t copy); 849 850 CK_RV soft_copy_certificate(certificate_obj_t *old, certificate_obj_t **new, 851 CK_CERTIFICATE_TYPE type); 852 853 CK_RV get_cert_attr_from_template(cert_attr_t **dest, 854 CK_ATTRIBUTE_PTR src); 855 856 /* Token object related function prototypes */ 857 858 void soft_add_token_object_to_slot(soft_object_t *objp); 859 860 void soft_remove_token_object_from_slot(soft_object_t *objp, 861 boolean_t lock_held); 862 863 void soft_delete_token_object(soft_object_t *objp, boolean_t persistent, 864 boolean_t lock_held); 865 866 void soft_delete_all_in_core_token_objects(token_obj_type_t type); 867 868 void soft_validate_token_objects(boolean_t validate); 869 870 CK_RV soft_object_write_access_check(soft_session_t *sp, soft_object_t *objp); 871 872 CK_RV soft_pin_expired_check(soft_object_t *objp); 873 874 CK_RV soft_copy_to_old_object(soft_object_t *new, soft_object_t *old); 875 876 CK_RV soft_keystore_load_latest_object(soft_object_t *old_obj); 877 878 CK_RV refresh_token_objects(); 879 880 void bigint_attr_cleanup(biginteger_t *big); 881 882 CK_RV soft_add_extra_attr(CK_ATTRIBUTE_PTR template, soft_object_t *object_p); 883 884 CK_RV get_bigint_attr_from_template(biginteger_t *big, 885 CK_ATTRIBUTE_PTR template); 886 887 #ifdef __cplusplus 888 } 889 #endif 890 891 #endif /* _SOFTOBJECT_H */ 892