xref: /titanic_44/usr/src/lib/pkcs11/libpkcs11/common/metaObjectManager.c (revision 5893fa693b6b67559d0bfdbcab5e1cf0307e6133)

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
 */


#include <stdlib.h>
#include <string.h>
#include <strings.h>
#include <errno.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/stat.h>
#include "metaGlobal.h"

/* Size of the template for creating key used for wrap/unwrap */
#define	WRAP_KEY_TEMPLATE_SIZE	7

/*
 * Information necessary to create keys for C_WrapKey/C_UnwrapKey
 */
typedef struct _wrap_info {
	CK_OBJECT_CLASS		class; /* class of the key for wrap/unwrap */
	CK_KEY_TYPE		key_type; /* key type of key for wrap/unwrap */
	CK_ULONG		key_length; /* length of key */
	CK_MECHANISM_TYPE	mech_type; /* mech used for wrap/unwrap */
	CK_ULONG		iv_length; /* length of iv for mech */

	boolean_t		src_supports;
	boolean_t		dst_supports;
} wrap_info_t;

extern pthread_rwlock_t meta_sessionlist_lock;
extern meta_session_t *meta_sessionlist_head;

static wrap_info_t common_wrap_info[] = {
	{CKO_SECRET_KEY, CKK_AES, 16, CKM_AES_CBC_PAD, 16, B_FALSE, B_FALSE},
	{CKO_SECRET_KEY, CKK_DES3, 24, CKM_DES3_CBC_PAD, 8, B_FALSE, B_FALSE},
	{CKO_SECRET_KEY, CKK_DES, 8, CKM_DES_CBC_PAD, 8, B_FALSE, B_FALSE},
};

static unsigned int num_common_wrap_info =
    sizeof (common_wrap_info) / sizeof (wrap_info_t);

static wrap_info_t special_wrap_info[] = {
	{CKO_SECRET_KEY, CKK_SKIPJACK, 12,  CKM_SKIPJACK_WRAP, 0,
	    B_FALSE, B_FALSE},
	{CKO_SECRET_KEY, CKK_BATON, 40, CKM_BATON_WRAP, 0,
	    B_FALSE, B_FALSE},
	{CKO_SECRET_KEY, CKK_JUNIPER, 40, CKM_JUNIPER_WRAP, 0,
	    B_FALSE, B_FALSE},
};
static unsigned int num_special_wrap_info =
    sizeof (special_wrap_info) / sizeof (wrap_info_t);

static wrap_info_t rsa_wrap_info[] = {
	{CKO_PUBLIC_KEY, CKK_RSA, 0,  CKM_RSA_PKCS, 0,
	    B_FALSE, B_FALSE},
	{CKO_PUBLIC_KEY, CKK_RSA, 0, CKM_RSA_X_509, 0,
	    B_FALSE, B_FALSE},
};
static unsigned int num_rsa_wrap_info =
    sizeof (rsa_wrap_info) / sizeof (wrap_info_t);


static pthread_rwlock_t meta_objectclose_lock;
static pthread_rwlock_t tokenobject_list_lock;
static meta_object_t *tokenobject_list_head;

CK_BBOOL falsevalue = FALSE;
CK_BBOOL truevalue = TRUE;

/*
 * Public and private exponent, and Module value for
 * creating the RSA public/private key.
 *
 */
static CK_BYTE PubExpo[3] = {0x01, 0x00, 0x01};
CK_BYTE PriExpo[128] = {
	0x8e, 0xc9, 0x70, 0x57, 0x6b, 0xcd, 0xfb, 0xa9,
	0x19, 0xad, 0xcd, 0x91, 0x69, 0xd5, 0x52, 0xec,
	0x72, 0x1e, 0x45, 0x15, 0x06, 0xdc, 0x65, 0x2d,
	0x98, 0xc4, 0xce, 0x33, 0x54, 0x15, 0x70, 0x8d,
	0xfa, 0x65, 0xea, 0x53, 0x44, 0xf3, 0x3e, 0x3f,
	0xb4, 0x4c, 0x60, 0xd5, 0x01, 0x2d, 0xa4, 0x12,
	0x99, 0xbf, 0x3f, 0x0b, 0xcd, 0xbb, 0x24, 0x10,
	0x60, 0x30, 0x5e, 0x58, 0xf8, 0x59, 0xaa, 0xd1,
	0x63, 0x3b, 0xbc, 0xcb, 0x94, 0x58, 0x38, 0x24,
	0xfc, 0x65, 0x25, 0xc5, 0xa6, 0x51, 0xa2, 0x2e,
	0xf1, 0x5e, 0xf5, 0xc1, 0xf5, 0x46, 0xf7, 0xbd,
	0xc7, 0x62, 0xa8, 0xe2, 0x27, 0xd6, 0x94, 0x5b,
	0xd3, 0xa2, 0xb5, 0x76, 0x42, 0x67, 0x6b, 0x86,
	0x91, 0x97, 0x4d, 0x07, 0x92, 0x00, 0x4a, 0xdf,
	0x0b, 0x65, 0x64, 0x05, 0x03, 0x48, 0x27, 0xeb,
	0xce, 0x9a, 0x49, 0x7f, 0x3e, 0x10, 0xe0, 0x01};

static CK_BYTE Modulus[128] = {
	0x94, 0x32, 0xb9, 0x12, 0x1d, 0x68, 0x2c, 0xda,
	0x2b, 0xe0, 0xe4, 0x97, 0x1b, 0x4d, 0xdc, 0x43,
	0xdf, 0x38, 0x6e, 0x7b, 0x9f, 0x07, 0x58, 0xae,
	0x9d, 0x82, 0x1e, 0xc7, 0xbc, 0x92, 0xbf, 0xd3,
	0xce, 0x00, 0xbb, 0x91, 0xc9, 0x79, 0x06, 0x03,
	0x1f, 0xbc, 0x9f, 0x94, 0x75, 0x29, 0x5f, 0xd7,
	0xc5, 0xf3, 0x73, 0x8a, 0xa4, 0x35, 0x43, 0x7a,
	0x00, 0x32, 0x97, 0x3e, 0x86, 0xef, 0x70, 0x6f,
	0x18, 0x56, 0x15, 0xaa, 0x6a, 0x87, 0xe7, 0x8d,
	0x7d, 0xdd, 0x1f, 0xa4, 0xe4, 0x31, 0xd4, 0x7a,
	0x8c, 0x0e, 0x20, 0xd2, 0x23, 0xf5, 0x57, 0x3c,
	0x1b, 0xa8, 0x44, 0xa4, 0x57, 0x8f, 0x33, 0x52,
	0xad, 0x83, 0xae, 0x4a, 0x97, 0xa6, 0x1e, 0xa6,
	0x2b, 0xfa, 0xea, 0xeb, 0x6e, 0x71, 0xb8, 0xb6,
	0x0a, 0x36, 0xed, 0x83, 0xce, 0xb0, 0xdf, 0xc1,
	0xd4, 0x3a, 0xe9, 0x99, 0x6f, 0xf3, 0x96, 0xb7};

static CK_RV
meta_clone_template_setup(meta_object_t *object,
    const generic_attr_t *attributes, size_t num_attributes);

/*
 * meta_objectManager_initialize
 *
 * Called from meta_Initialize.  Initializes all the variables used
 * by the object manager.
 */
CK_RV
meta_objectManager_initialize()
{
	if (pthread_rwlock_init(&meta_objectclose_lock, NULL) != 0) {
		return (CKR_FUNCTION_FAILED);
	}

	if (pthread_rwlock_init(&tokenobject_list_lock, NULL) != 0) {
		(void) pthread_rwlock_destroy(&meta_objectclose_lock);
		return (CKR_FUNCTION_FAILED);
	}

	tokenobject_list_head = NULL;

	return (CKR_OK);
}

void
meta_objectManager_finalize()
{
	/*
	 * If there are still any token object in the list, need to
	 * deactivate all of them.
	 */
	(void) meta_token_object_deactivate(ALL_TOKEN);

	(void) pthread_rwlock_destroy(&meta_objectclose_lock);
	(void) pthread_rwlock_destroy(&tokenobject_list_lock);
}



/*
 * meta_handle2object
 *
 * Convert a CK_OBJECT_HANDLE to the corresponding metaobject. If
 * successful, a reader-lock on the object will be held to indicate
 * that it's in use. Call OBJRELEASE() when finished.
 *
 */
CK_RV
meta_handle2object(CK_OBJECT_HANDLE hObject, meta_object_t **object)
{
	meta_object_t *tmp_object = (meta_object_t *)(hObject);

	/* Check for bad args (eg CK_INVALID_HANDLE, which is 0/NULL). */
	if (tmp_object == NULL) {
		*object = NULL;
		return (CKR_OBJECT_HANDLE_INVALID);
	}


	/* Lock to ensure the magic-check + read-lock is atomic. */
	(void) pthread_rwlock_rdlock(&meta_objectclose_lock);

	if (tmp_object->magic_marker != METASLOT_OBJECT_MAGIC) {
		(void) pthread_rwlock_unlock(&meta_objectclose_lock);
		*object = NULL;
		return (CKR_OBJECT_HANDLE_INVALID);
	}
	(void) pthread_rwlock_rdlock(&tmp_object->object_lock);
	(void) pthread_rwlock_unlock(&meta_objectclose_lock);

	*object = tmp_object;
	return (CKR_OK);
}


/*
 * meta_object_alloc
 *
 * Creates a new metaobject, but does not yet add it to the object list.
 * Once the caller has finished initializing the object (by setting
 * object attributes), meta_object_add should be called. This two-step
 * process prevents others from seeing the object until fully intitialized.
 *
 */
CK_RV
meta_object_alloc(meta_session_t *session, meta_object_t **object)
{
	meta_object_t *new_object;
	CK_ULONG num_slots;

	/* Allocate memory for the object. */
	new_object = calloc(1, sizeof (meta_object_t));
	if (new_object == NULL)
		return (CKR_HOST_MEMORY);

	num_slots = meta_slotManager_get_slotcount();

	new_object->clones = calloc(num_slots, sizeof (slot_object_t *));
	if (new_object->clones == NULL) {
		free(new_object);
		return (CKR_HOST_MEMORY);
	}

	new_object->tried_create_clone = calloc(num_slots, sizeof (boolean_t));
	if (new_object->tried_create_clone == NULL) {
		free(new_object->clones);
		free(new_object);
		return (CKR_HOST_MEMORY);
	}

	/* Initialize the object fields. */
	new_object->magic_marker = METASLOT_OBJECT_MAGIC;
	(void) pthread_rwlock_init(&new_object->object_lock, NULL);
	(void) pthread_rwlock_init(&new_object->attribute_lock, NULL);
	(void) pthread_mutex_init(&new_object->clone_create_lock, NULL);
	(void) pthread_mutex_init(&new_object->isClosingObject_lock, NULL);
	new_object->creator_session = session;

	*object = new_object;

	return (CKR_OK);
}


/*
 * meta_object_get_attr
 *
 * Get attribute values to fill in attribute values
 * being kept in the metaslot object.  The following 4 attributes
 * in the meta_object_t structure will be filled in:
 * isToken, isPrivate, isSensitive, isExtractable
 *
 * It's basically an easy way to do a C_GetAttributeValue.
 * So, the hSession argument is assumed
 * to be valid, and the pointer to meta_object_t is also assumed
 * to be valid.
 */
CK_RV
meta_object_get_attr(slot_session_t *slot_session, CK_OBJECT_HANDLE hObject,
    meta_object_t *object)
{
	CK_BBOOL is_sensitive = object->isSensitive;
	CK_BBOOL is_extractable = object->isExtractable;
	CK_BBOOL is_token = B_FALSE, is_private = B_FALSE;
	CK_KEY_TYPE keytype;
	CK_OBJECT_CLASS class;
	CK_ATTRIBUTE attrs[3];
	CK_RV rv;
	CK_SESSION_HANDLE hSession = slot_session->hSession;
	CK_SLOT_ID fw_st_id = slot_session->fw_st_id;
	int count = 1;

	attrs[0].type = CKA_CLASS;
	attrs[0].pValue = &class;
	attrs[0].ulValueLen = sizeof (class);

	if (object->isFreeObject != FREE_ENABLED) {
		attrs[1].type = CKA_TOKEN;
		attrs[1].pValue = &is_token;
		attrs[1].ulValueLen = sizeof (is_token);
		count++;
	}

	/*
	 * If this is a freeobject, we already know the Private value
	 * and we don't want to overwrite it with the wrong value
	 */
	if (object->isFreeObject <= FREE_DISABLED) {
		attrs[count].type = CKA_PRIVATE;
		attrs[count].pValue = &is_private;
		attrs[count].ulValueLen = sizeof (is_private);
		count++;
	} else
		is_private = object->isPrivate;

	rv = FUNCLIST(fw_st_id)->C_GetAttributeValue(hSession, hObject,
	    attrs, count);
	if (rv != CKR_OK) {
		return (rv);
	}

	count = 0;
	switch (class) {
	case CKO_PRIVATE_KEY:
	case CKO_SECRET_KEY:
		/* Only need to check these for private & secret keys */
		attrs[0].type = CKA_EXTRACTABLE;
		attrs[0].pValue = &is_extractable;
		attrs[0].ulValueLen = sizeof (is_extractable);
		count = 1;

		/*
		 * If this is a freeobject, we already know the Sensitive
		 * value and we don't want to overwrite it with the wrong
		 * value.
		 */

		if (object->isFreeObject <= FREE_DISABLED) {
			attrs[1].type = CKA_SENSITIVE;
			attrs[1].pValue = &is_sensitive;
			attrs[1].ulValueLen = sizeof (is_sensitive);
			count = 2;

			/*
			 * We only need the key type if this is the first
			 * time we've looked at the object
			 */
			if (object->isFreeObject == FREE_UNCHECKED) {
				attrs[2].type = CKA_KEY_TYPE;
				attrs[2].pValue = &keytype;
				attrs[2].ulValueLen = sizeof (keytype);
				count = 3;
			}
		}

		break;

	case CKO_PUBLIC_KEY:
		if (object->isFreeObject == FREE_UNCHECKED) {
			attrs[count].type = CKA_KEY_TYPE;
			attrs[count].pValue = &keytype;
			attrs[count].ulValueLen = sizeof (keytype);
			count++;
		}
		is_sensitive = CK_FALSE;
		is_extractable = CK_TRUE;
		break;

	default:
		object->isFreeObject = FREE_DISABLED;
		is_sensitive = CK_FALSE;
		is_extractable = CK_TRUE;
	};

	if (count > 0) {
		rv = FUNCLIST(fw_st_id)->C_GetAttributeValue(hSession, hObject,
		    attrs, count);
		if (rv != CKR_OK) {
			return (rv);
		}

		if (object->isFreeObject == FREE_UNCHECKED) {
			if (keytype == CKK_EC || keytype == CKK_RSA ||
			    keytype == CKK_DH) {
				if (metaslot_config.auto_key_migrate) {
					object->isFreeObject = FREE_DISABLED;
					object->isFreeToken = FREE_DISABLED;
				}

				object->isFreeObject = FREE_ENABLED;
				if (is_token)
					object->isFreeToken = FREE_ENABLED;
			} else
				object->isFreeObject = FREE_DISABLED;

		}

	}

	object->isToken = is_token;
	object->isPrivate = is_private;
	object->isSensitive = is_sensitive;
	object->isExtractable = is_extractable;

	return (CKR_OK);
}


/*
 * meta_object_activate
 *
 * Add a new metaobject to the list of objects. See also meta_object_create,
 * which would be called to create an object before it is added.
 */
void
meta_object_activate(meta_object_t *new_object)
{
	pthread_rwlock_t *list_lock;
	meta_object_t **list_head;

	/*
	 * For session objects, we keep the list in the session that created
	 * this object, because this object will be destroyed when that session
	 * is closed.
	 *
	 * For token objects, the list is global (ie, not associated with any
	 * particular session).
	 */
	if (new_object->isToken) {
		list_lock = &tokenobject_list_lock;
		list_head = &tokenobject_list_head;
	} else {
		list_lock = &new_object->creator_session->object_list_lock;
		list_head = &new_object->creator_session->object_list_head;
	}

	/* Add object to the list of objects. */
	(void) pthread_rwlock_wrlock(list_lock);
	INSERT_INTO_LIST(*list_head, new_object);
	(void) pthread_rwlock_unlock(list_lock);
}


/*
 * meta_object_deactivate
 *
 * Removes the object from the list of valid meta objects.  Note
 * that this function does not clean up any allocated
 * resources (memory, object clones, etc).   Cleaning up of
 * allocated resources is done by calling the meta_object_dealloc()
 *
 */
CK_RV
meta_object_deactivate(meta_object_t *object, boolean_t have_list_lock,
    boolean_t have_object_lock)
{
	pthread_rwlock_t *list_lock;
	meta_object_t **list_head;

	if (!have_object_lock) {
		(void) pthread_rwlock_rdlock(&object->object_lock);
	}

	(void) pthread_mutex_lock(&object->isClosingObject_lock);
	if (object->isClosingObject) {
		/* Lost a delete race. */
		(void) pthread_mutex_unlock(&object->isClosingObject_lock);
		OBJRELEASE(object);
		return (CKR_OBJECT_HANDLE_INVALID);
	}
	object->isClosingObject = B_TRUE;
	(void) pthread_mutex_unlock(&object->isClosingObject_lock);

	if (object->isToken || (object->isFreeToken == FREE_ENABLED)) {
		list_lock = &tokenobject_list_lock;
		list_head = &tokenobject_list_head;
	} else {
		list_lock = &object->creator_session->object_list_lock;
		list_head = &object->creator_session->object_list_head;
	}

	/*
	 * Remove object from the object list. Once removed, it will not
	 * be possible for another thread to begin using the object.
	 */
	(void) pthread_rwlock_wrlock(&meta_objectclose_lock);
	if (!have_list_lock) {
		(void) pthread_rwlock_wrlock(list_lock);
	}


	object->magic_marker = METASLOT_OBJECT_BADMAGIC;
	/*
	 * Can't use the regular REMOVE_FROM_LIST() function because
	 * that will miss the "error cleanup" situation where object is not yet
	 * in the list (object->next == NULL && object->prev == NULL)
	 */
	if (*list_head == object) {
		/* Object is the first one in the list */
		if (object->next) {
			*list_head = object->next;
			object->next->prev = NULL;
		} else {
			/* Object is the only one in the list */
			*list_head = NULL;
		}
	} else if (object->next != NULL || object->prev != NULL) {
		if (object->next) {
			object->prev->next = object->next;
			object->next->prev = object->prev;
		} else {
			/* Object is the last one in the list */
			object->prev->next = NULL;
		}
	}

	if (!have_list_lock) {
		(void) pthread_rwlock_unlock(list_lock);
	}
	(void) pthread_rwlock_unlock(&meta_objectclose_lock);

	/*
	 * Wait for anyone already using object to finish, by obtaining
	 * a writer-lock (need to release our reader-lock first). Once we
	 * get the write lock, we can just release it and finish cleaning
	 * up the object.
	 */
	(void) pthread_rwlock_unlock(&object->object_lock); /* rdlock */
	(void) pthread_rwlock_wrlock(&object->object_lock);
	(void) pthread_rwlock_unlock(&object->object_lock); /* wrlock */


	return (CKR_OK);
}


/*
 * meta_object_dealloc
 *
 * Performs final object cleanup, releasing any allocated memory and
 * destroying any clones on other slots. Caller is assumed to have
 * called meta_object_deactivate() before this function.
 *
 * Caller is assumed to have only reference to object, but should have
 * released any lock.
 *
 * If "nukeSourceObj" argument is true, we will actually delete the
 * object from the underlying slot.
 */
CK_RV
meta_object_dealloc(meta_session_t *session, meta_object_t *object,
    boolean_t nukeSourceObj)
{
	CK_RV rv, save_rv = CKR_OK;
	CK_ULONG slotnum, num_slots;
	CK_ULONG i;

	/* First, delete all the clones of this object on other slots. */
	num_slots = meta_slotManager_get_slotcount();
	for (slotnum = 0; slotnum < num_slots; slotnum++) {
		slot_session_t *obj_session;
		slot_object_t *clone;

		clone = object->clones[slotnum];
		if (clone == NULL)
			continue;
		if (nukeSourceObj || (!object->isToken &&
		    !(object->isFreeToken == FREE_ENABLED &&
		    get_keystore_slotnum() == slotnum))) {

			rv = meta_get_slot_session(slotnum, &obj_session,
			    (session == NULL) ?
			    object->creator_session->session_flags :
			    session->session_flags);

			if (rv == CKR_OK) {
				rv = FUNCLIST(obj_session->fw_st_id)->\
				    C_DestroyObject(obj_session->hSession,
				    clone->hObject);

				meta_release_slot_session(obj_session);
				if ((rv != CKR_OK) && (save_rv == CKR_OK)) {
					save_rv = rv;
				}
			}

		}

		meta_slot_object_deactivate(clone);
		meta_slot_object_dealloc(clone);

		object->clones[slotnum] = NULL;
	}

	/* Now erase and delete any attributes in the metaobject. */
	dealloc_attributes(object->attributes, object->num_attributes);

	free(object->clones);
	free(object->tried_create_clone);

	if (object->clone_template) {
		for (i = 0; i < object->clone_template_size; i++) {
			free(((object->clone_template)[i]).pValue);
		}
		free(object->clone_template);
	}

	/* Cleanup remaining object fields. */
	(void) pthread_rwlock_destroy(&object->object_lock);
	(void) pthread_rwlock_destroy(&object->attribute_lock);
	(void) pthread_mutex_destroy(&object->isClosingObject_lock);
	(void) pthread_mutex_destroy(&object->clone_create_lock);

	meta_object_delay_free(object);

	return (save_rv);
}


/*
 * meta_slot_object_alloc
 */
CK_RV
meta_slot_object_alloc(slot_object_t **object) {
	slot_object_t *new_object;

	new_object = calloc(1, sizeof (slot_object_t));
	if (new_object == NULL)
		return (CKR_HOST_MEMORY);

	*object = new_object;
	return (CKR_OK);
}


/*
 * meta_slot_object_activate
 */
void
meta_slot_object_activate(slot_object_t *object,
	slot_session_t *creator_session, boolean_t isToken)
{
	object->creator_session = creator_session;

	if (isToken) {
		extern slot_data_t *slots;
		slot_data_t *slot;

		slot = &(slots[object->creator_session->slotnum]);

		(void) pthread_rwlock_wrlock(&slot->tokenobject_list_lock);
		INSERT_INTO_LIST(slot->tokenobject_list_head, object);
		(void) pthread_rwlock_unlock(&slot->tokenobject_list_lock);
	} else {
		slot_session_t *session = object->creator_session;

		/* Add to session's list of session objects. */
		(void) pthread_rwlock_wrlock(&session->object_list_lock);
		INSERT_INTO_LIST(session->object_list_head, object);
		(void) pthread_rwlock_unlock(&session->object_list_lock);
	}

	/*
	 * This set tells the slot object that we are in the token list,
	 * but does not cause harm with the metaobject knowing the object
	 * isn't a token, but a freetoken
	 */

	object->isToken = isToken;
}


/*
 * meta_slot_object_deactivate
 *
 * Remove the specified slot object from the appropriate object list.
 */
void
meta_slot_object_deactivate(slot_object_t *object)
{
	slot_object_t **list_head;
	pthread_rwlock_t *list_lock;

	if (object->isToken) {
		extern slot_data_t *slots;
		slot_data_t *slot;

		slot = &(slots[object->creator_session->slotnum]);

		list_head = &slot->tokenobject_list_head;
		list_lock = &slot->tokenobject_list_lock;
	} else {
		list_head = &object->creator_session->object_list_head;
		list_lock = &object->creator_session->object_list_lock;
	}

	(void) pthread_rwlock_wrlock(list_lock);
	REMOVE_FROM_LIST(*list_head, object);
	(void) pthread_rwlock_unlock(list_lock);
}


/*
 * meta_slot_object_dealloc
 */
void
meta_slot_object_dealloc(slot_object_t *object)
{
	/* Not much cleanup for slot objects, unlike meta objects... */
	free(object);
}


/*
 * meta_object_copyin
 *
 * When a key is generated/derived/unwrapped, the attribute values
 * created by the token are not immediately read into our copy of the
 * attributes. We defer this work until we actually need to know.
 */
CK_RV
meta_object_copyin(meta_object_t *object)
{
	CK_RV rv = CKR_OK;
	slot_session_t *session = NULL;
	CK_ATTRIBUTE *attrs = NULL, *attrs_with_val = NULL;
	slot_object_t *slot_object = NULL;
	CK_ULONG num_attrs = 0, i, num_attrs_with_val;
	CK_SESSION_HANDLE hSession;
	CK_SLOT_ID fw_st_id;

	/* Make sure no one else is looking at attributes. */
	(void) pthread_rwlock_wrlock(&object->attribute_lock);

	/* Did we just lose a copyin race with another thread */
	if (object->attributes != NULL) {
		goto finish;
	}

	slot_object = object->clones[object->master_clone_slotnum];

	rv = meta_get_slot_session(object->master_clone_slotnum, &session,
	    object->creator_session->session_flags);
	if (rv != CKR_OK) {
		goto finish;
	}

	/*
	 * first, get the master template of all the attributes
	 * for this object
	 */
	rv = get_master_attributes_by_object(session, slot_object,
	    &(object->attributes), &(object->num_attributes));
	if (rv != CKR_OK) {
		goto finish;
	}

	/*
	 * Get value for each attribute items.
	 *
	 * Some attributes are required by the given object type.
	 * Some are optional.  Get all the values first, and then
	 * make sure we have value for all required values,
	 */
	attrs = calloc(object->num_attributes, sizeof (CK_ATTRIBUTE));
	if (attrs == NULL) {
		rv = CKR_HOST_MEMORY;
		goto finish;
	}


	for (i = 0; i < object->num_attributes; i++) {
		attrs[i].type =
		    ((object->attributes[i]).attribute).type;
	}
	num_attrs = object->num_attributes;

	hSession = session->hSession;
	fw_st_id = session->fw_st_id;

	/* first, call C_GetAttributeValue() to get size for each attribute */
	rv = FUNCLIST(fw_st_id)->C_GetAttributeValue(hSession,
	    slot_object->hObject, attrs, num_attrs);
	/*
	 * If the return value is not CKR_OK, allow it to be
	 * CKR_ATTRIBUTE_TYPE_INVALID for now.
	 * Some attributes defined in PKCS#11 version 2.11
	 * might not be defined in earlier versions.  We will
	 * TRY to work with those providers if the attribute
	 * is optional.
	 */
	if ((rv != CKR_OK) && (rv != CKR_ATTRIBUTE_TYPE_INVALID)) {
		rv = CKR_FUNCTION_FAILED; /* make sure rv is appropriate */
		goto finish;
	}

	/*
	 * allocate space.
	 * Since we don't know how many attributes have
	 * values at this time, just assume all of them
	 * have values so we save one loop to count the number
	 * of attributes that have value.
	 */
	attrs_with_val = calloc(num_attrs, sizeof (CK_ATTRIBUTE));
	if (attrs_with_val == NULL) {
		rv = CKR_HOST_MEMORY;
		goto finish;
	}


	num_attrs_with_val = 0;
	for (i = 0; i < num_attrs; i++) {
		if (!(((CK_LONG)(attrs[i].ulValueLen)) > 0)) {
			/* if it isn't an optional attr, len should be > 0 */
			if (!object->attributes[i].canBeEmptyValue) {
				rv = CKR_FUNCTION_FAILED;
				goto finish;
			}
		} else {
			attrs_with_val[num_attrs_with_val].type = attrs[i].type;
			attrs_with_val[num_attrs_with_val].ulValueLen =
			    attrs[i].ulValueLen;
			attrs_with_val[num_attrs_with_val].pValue =
			    malloc(attrs[i].ulValueLen);
			if (attrs_with_val[num_attrs_with_val].pValue == NULL) {
				rv = CKR_HOST_MEMORY;
				goto finish;
			}
			num_attrs_with_val++;
		}
	}

	rv = FUNCLIST(fw_st_id)->C_GetAttributeValue(hSession,
	    slot_object->hObject, attrs_with_val, num_attrs_with_val);
	if (rv != CKR_OK) {
		goto finish;
	}

	/* store these values into the meta object */
	for (i = 0; i < num_attrs_with_val; i++) {
		rv = attribute_set_value(&(attrs_with_val[i]),
		    object->attributes, object->num_attributes);
		if (rv != CKR_OK) {
			goto finish;
		}
	}

finish:
	(void) pthread_rwlock_unlock(&object->attribute_lock);

	if (session)
		meta_release_slot_session(session);

	if (attrs) {
		for (i = 0; i < num_attrs; i++) {
			if (attrs[i].pValue != NULL) {
				free(attrs[i].pValue);
			}
		}
		free(attrs);
	}

	if (attrs_with_val) {
		for (i = 0; i < num_attrs; i++) {
			if (attrs_with_val[i].pValue != NULL) {
				free(attrs_with_val[i].pValue);
			}
		}
		free(attrs_with_val);
	}
	return (rv);
}

/*
 * Create an object to be used for wrapping and unwrapping.
 * The same template will be used for all wrapping/unwrapping keys all
 * the time
 */

static CK_RV
create_wrap_unwrap_key(slot_session_t *slot_session, CK_OBJECT_HANDLE *hObject,
    wrap_info_t *wrap_info, char *key_data, CK_ULONG key_len)
{

	CK_OBJECT_CLASS objclass;
	CK_KEY_TYPE keytype;
	CK_RV rv = CKR_OK;
	int i;
	CK_ATTRIBUTE template[WRAP_KEY_TEMPLATE_SIZE];

	i = 0;
	objclass = wrap_info->class;
	template[i].type = CKA_CLASS;
	template[i].pValue = &objclass;
	template[i].ulValueLen = sizeof (objclass);

	i++;
	keytype = wrap_info->key_type;
	template[i].type = CKA_KEY_TYPE;
	template[i].pValue = &keytype;
	template[i].ulValueLen = sizeof (keytype);

	i++;
	template[i].type = CKA_TOKEN;
	template[i].pValue = &falsevalue;
	template[i].ulValueLen = sizeof (falsevalue);


	if (objclass == CKO_SECRET_KEY) {
		i++;
		template[i].type = CKA_VALUE;
		template[i].pValue = key_data;
		template[i].ulValueLen = key_len;

		i++;
		template[i].type = CKA_WRAP;
		template[i].pValue = &truevalue;
		template[i].ulValueLen = sizeof (truevalue);

		i++;
		template[i].type = CKA_UNWRAP;
		template[i].pValue = &truevalue;
		template[i].ulValueLen = sizeof (truevalue);
	} else {
		/* Modulus is the same for rsa public and private key */
		i++;
		template[i].type = CKA_MODULUS;
		template[i].pValue = Modulus;
		template[i].ulValueLen = sizeof (Modulus);

		if (objclass == CKO_PUBLIC_KEY) {
			/* RSA public key */
			i++;
			template[i].type = CKA_PUBLIC_EXPONENT;
			template[i].pValue = PubExpo;
			template[i].ulValueLen = sizeof (PubExpo);

			i++;
			template[i].type = CKA_WRAP;
			template[i].pValue = &truevalue;
			template[i].ulValueLen = sizeof (truevalue);
		} else {
			/* RSA private key */
			i++;
			template[i].type = CKA_PRIVATE_EXPONENT;
			template[i].pValue = PriExpo;
			template[i].ulValueLen = sizeof (PriExpo);

			i++;
			template[i].type = CKA_UNWRAP;
			template[i].pValue = &truevalue;
			template[i].ulValueLen = sizeof (truevalue);
		}
	}

	rv = FUNCLIST(slot_session->fw_st_id)->C_CreateObject(
	    slot_session->hSession, template, i + 1, hObject);

	return (rv);
}


/*
 * Create a clone of a non-sensitive and extractable object.
 * If the template required for creating the clone doesn't exist,
 * it will be retrieved from the master clone.
 */
static CK_RV
clone_by_create(meta_object_t *object, slot_object_t *new_clone,
    slot_session_t *dst_slot_session)
{
	CK_RV rv;
	int free_token_index = -1;

	if (object->attributes == NULL) {
		rv = meta_object_copyin(object);
		if (rv != CKR_OK) {
			return (rv);
		}
	}

	if (object->clone_template == NULL) {
		rv = meta_clone_template_setup(object, object->attributes,
		    object->num_attributes);
		if (rv != CKR_OK) {
			return (rv);
		}
	}

	if (object->isFreeToken == FREE_ENABLED) {
		if (dst_slot_session->slotnum == get_keystore_slotnum())
			free_token_index = set_template_boolean(CKA_TOKEN,
			    object->clone_template,
			    object->clone_template_size, B_FALSE, &truevalue);
		else
			free_token_index = set_template_boolean(CKA_TOKEN,
			    object->clone_template,
			    object->clone_template_size, B_FALSE, &falsevalue);
	}

	/* Create the clone... */
	rv = FUNCLIST(dst_slot_session->fw_st_id)->C_CreateObject(
	    dst_slot_session->hSession, object->clone_template,
	    object->clone_template_size, &(new_clone->hObject));

	if (free_token_index != -1) {
			free_token_index = set_template_boolean(CKA_TOKEN,
			    object->clone_template, object->clone_template_size,
			    B_FALSE, &falsevalue);
	}

	if (rv != CKR_OK) {
		return (rv);
	}

	return (CKR_OK);
}

/*
 * Goes through the list of wraping mechanisms, and returns the first
 * one that is supported by both the source and the destination slot.
 * If none of the mechanisms are supported by both slot, return the
 * first mechanism that's supported by the source slot
 */
static CK_RV
find_best_match_wrap_mech(wrap_info_t *wrap_info, int num_info,
	CK_ULONG src_slotnum, CK_ULONG dst_slotnum, int *first_both_mech,
	int *first_src_mech)
{

	int i;
	boolean_t src_supports, dst_supports;
	CK_RV rv;
	CK_MECHANISM_INFO mech_info;

	mech_info.flags = CKF_WRAP;

	for (i = 0; i < num_info; i++) {
		src_supports = B_FALSE;
		dst_supports = B_FALSE;

		rv = meta_mechManager_slot_supports_mech(
		    (wrap_info[i]).mech_type, src_slotnum,
		    &src_supports, NULL, B_FALSE, &mech_info);
		if (rv != CKR_OK) {
			return (rv);
		}

		rv = meta_mechManager_slot_supports_mech(
		    (wrap_info[i]).mech_type, dst_slotnum,
		    &dst_supports, NULL, B_FALSE, &mech_info);
		if (rv != CKR_OK) {
			return (rv);
		}

		/* both source and destination supports the mech */
		if ((src_supports) && (dst_supports)) {
			*first_both_mech = i;
			return (CKR_OK);
		}

		if ((src_supports) && (*first_src_mech == -1)) {
			*first_src_mech = i;
		}
	}
	return (CKR_OK);
}

/*
 * Determine the wrapping/unwrapping mechanism to be used
 *
 * If possible, select a mechanism that's supported by both source
 * and destination slot.  If none of the mechanisms are supported
 * by both slot, then, select the first one supported by
 * the source slot.
 */

static CK_RV
get_wrap_mechanism(CK_OBJECT_CLASS obj_class, CK_KEY_TYPE key_type,
    CK_ULONG src_slotnum, CK_ULONG dst_slotnum, wrap_info_t *wrap_info)
{
	wrap_info_t *wrap_info_to_search = NULL;
	unsigned int num_wrap_info;
	CK_RV rv;
	int i;
	boolean_t src_supports = B_FALSE, dst_supports = B_FALSE;
	int first_src_mech, rsa_first_src_mech, first_both_mech;
	CK_MECHANISM_INFO mech_info;

	mech_info.flags = CKF_WRAP;

	if ((obj_class == CKO_PRIVATE_KEY) && (key_type == CKK_KEA)) {
		/*
		 * only SKIPJACK keys can be used for wrapping
		 * KEA private keys
		 */

		for (i = 0; i < num_special_wrap_info; i++) {
			if ((special_wrap_info[i]).mech_type
			    != CKM_SKIPJACK_WRAP) {
				continue;
			}

			src_supports = B_FALSE;
			dst_supports = B_FALSE;

			rv = meta_mechManager_slot_supports_mech(
			    (special_wrap_info[i]).mech_type, src_slotnum,
			    &src_supports, NULL, B_FALSE, &mech_info);
			if (rv != CKR_OK) {
				goto finish;
			}

			rv = meta_mechManager_slot_supports_mech(
			    (special_wrap_info[i]).mech_type, dst_slotnum,
			    &dst_supports, NULL, B_FALSE, &mech_info);
			if (rv != CKR_OK) {
				goto finish;
			}

			if (src_supports) {
				/*
				 * both src and dst supports the mech or
				 * only the src supports the mech
				 */
				(void) memcpy(wrap_info,
				    &(special_wrap_info[i]),
				    sizeof (wrap_info_t));

				wrap_info->src_supports = src_supports;
				wrap_info->dst_supports = dst_supports;
				rv = CKR_OK;
				goto finish;
			}

		}

		/*
		 * if we are here, that means neither the source slot
		 * nor the destination slots supports CKM_SKIPJACK_WRAP.
		 */
		rv = CKR_FUNCTION_FAILED;
		goto finish;
	}

	if ((key_type == CKK_SKIPJACK) || (key_type == CKK_BATON) ||
	    (key_type == CKK_JUNIPER)) {
		/* special key types */
		wrap_info_to_search = special_wrap_info;
		num_wrap_info = num_special_wrap_info;
	} else {
		/* use the regular wrapping mechanisms */
		wrap_info_to_search = common_wrap_info;
		num_wrap_info = num_common_wrap_info;
	}

	first_both_mech = -1;
	first_src_mech = -1;

	rv = find_best_match_wrap_mech(wrap_info_to_search, num_wrap_info,
	    src_slotnum, dst_slotnum, &first_both_mech, &first_src_mech);
	if (rv != CKR_OK) {
		goto finish;
	}

	if (first_both_mech != -1) {
		(void) memcpy(wrap_info,
		    &(wrap_info_to_search[first_both_mech]),
		    sizeof (wrap_info_t));

		wrap_info->src_supports = B_TRUE;
		wrap_info->dst_supports = B_TRUE;
		rv = CKR_OK;
		goto finish;
	}

	/*
	 * If we are here, we did not find a mechanism that's supported
	 * by both source and destination slot.
	 *
	 * If it is a secret key, can also try to wrap it with
	 * a RSA public key
	 */
	if (obj_class == CKO_SECRET_KEY) {
		first_both_mech = -1;
		rsa_first_src_mech = -1;

		rv = find_best_match_wrap_mech(rsa_wrap_info,
		    num_rsa_wrap_info, src_slotnum, dst_slotnum,
		    &first_both_mech, &rsa_first_src_mech);

		if (rv != CKR_OK) {
			goto finish;
		}

		if (first_both_mech > -1) {
			(void) memcpy(wrap_info,
			    &(rsa_wrap_info[first_both_mech]),
			    sizeof (wrap_info_t));

			wrap_info->src_supports = B_TRUE;
			wrap_info->dst_supports = B_TRUE;
			rv = CKR_OK;
			goto finish;
		}
	}

	/*
	 * if we are here, that means none of the mechanisms are supported
	 * by both the source and the destination
	 */
	if (first_src_mech > -1) {
		/* source slot support one of the secret key mechs */
		(void) memcpy(wrap_info,
		    &(wrap_info_to_search[first_src_mech]),
		    sizeof (wrap_info_t));
		wrap_info->src_supports = B_TRUE;
		wrap_info->dst_supports = B_FALSE;
		rv = CKR_OK;
	} else if (rsa_first_src_mech > -1) {
		/* source slot support one of the RSA mechs */
		(void) memcpy(wrap_info, &(rsa_wrap_info[rsa_first_src_mech]),
		    sizeof (wrap_info_t));

		wrap_info->src_supports = B_TRUE;
		wrap_info->dst_supports = B_FALSE;
		rv = CKR_OK;
	} else {
		/* neither source nor destination support any wrap mechs */
		rv = CKR_FUNCTION_FAILED;
	}

finish:
	return (rv);
}


/*
 * This is called if the object to be cloned is a sensitive object
 */
static CK_RV
clone_by_wrap(meta_object_t *object, slot_object_t *new_clone,
    slot_session_t *dst_slot_session)
{
	slot_session_t *src_slot_session = NULL;
	CK_OBJECT_HANDLE wrappingKey = NULL, unwrappingKey = NULL;
	CK_MECHANISM wrappingMech;
	CK_BYTE *wrappedKey = NULL;
	CK_ULONG wrappedKeyLen = 0;
	slot_object_t *slot_object = NULL;
	CK_RV rv = CKR_OK;
	CK_OBJECT_HANDLE unwrapped_obj;
	meta_object_t *tmp_meta_obj = NULL;
	slot_object_t *tmp_slot_obj = NULL;
	CK_OBJECT_CLASS obj_class;
	CK_KEY_TYPE key_type;
	meta_session_t *tmp_meta_session = NULL;
	CK_ATTRIBUTE unwrap_template[4];
	char key_data[1024]; /* should be big enough for any key size */
	char ivbuf[1024]; /* should be big enough for any mech */
	wrap_info_t wrap_info;
	CK_ULONG key_len, unwrap_template_size;

	slot_object = object->clones[object->master_clone_slotnum];

	rv = meta_get_slot_session(object->master_clone_slotnum,
	    &src_slot_session, object->creator_session->session_flags);
	if (rv != CKR_OK) {
		return (rv);
	}

	/*
	 * get the object class and key type for unwrap template
	 * This information will also be used for determining
	 * which wrap mechanism and which key to use for
	 * doing the wrapping
	 */
	unwrap_template[0].type = CKA_CLASS;
	unwrap_template[0].pValue = &obj_class;
	unwrap_template[0].ulValueLen = sizeof (obj_class);

	unwrap_template[1].type = CKA_KEY_TYPE;
	unwrap_template[1].pValue = &key_type;
	unwrap_template[1].ulValueLen = sizeof (key_type);

	rv = FUNCLIST(src_slot_session->fw_st_id)->C_GetAttributeValue(
	    src_slot_session->hSession, slot_object->hObject,
	    unwrap_template, 2);
	if (rv != CKR_OK) {
		goto finish;
	}

	rv = get_wrap_mechanism(obj_class, key_type, src_slot_session->slotnum,
	    dst_slot_session->slotnum, &wrap_info);
	if (rv != CKR_OK) {
		goto finish;
	}

	/*
	 * read number of bytes required from random device for
	 * creating a secret key for wrapping and unwrapping
	 */
	if (wrap_info.class == CKO_SECRET_KEY) {

		/*
		 * /dev/urandom will be used for generating the key used
		 * for doing the wrap/unwrap.  It's should be ok to
		 * use /dev/urandom because this key is used for this
		 * one time operation only.  It doesn't need to be stored.
		 */
		key_len = wrap_info.key_length;
		if (pkcs11_get_urandom(key_data, key_len) < 0) {
			rv = CKR_FUNCTION_FAILED;
			goto finish;
		}

		if (wrap_info.iv_length > 0) {
			if (pkcs11_get_urandom(
			    ivbuf, wrap_info.iv_length) < 0) {
				rv = CKR_FUNCTION_FAILED;
				goto finish;
			}
		}
	}

	/* create the wrapping key */
	rv = create_wrap_unwrap_key(src_slot_session, &wrappingKey,
	    &wrap_info, key_data, key_len);
	if (rv != CKR_OK) {
		goto finish;
	}

	wrappingMech.mechanism = wrap_info.mech_type;
	wrappingMech.pParameter = ((wrap_info.iv_length > 0) ? ivbuf : NULL);
	wrappingMech.ulParameterLen = wrap_info.iv_length;

	/* get the size of the wrapped key */
	rv = FUNCLIST(src_slot_session->fw_st_id)->C_WrapKey(
	    src_slot_session->hSession, &wrappingMech,
	    wrappingKey, slot_object->hObject, NULL, &wrappedKeyLen);

	if (rv != CKR_OK) {
		goto finish;
	}

	wrappedKey = malloc(wrappedKeyLen * sizeof (CK_BYTE));
	if (wrappedKey == NULL) {
		rv = CKR_HOST_MEMORY;
		goto finish;
	}

	/* do the actual key wrapping */
	rv = FUNCLIST(src_slot_session->fw_st_id)->C_WrapKey(
	    src_slot_session->hSession, &wrappingMech,
	    wrappingKey, slot_object->hObject, wrappedKey, &wrappedKeyLen);

	if (rv != CKR_OK) {
		goto finish;
	}

	/* explicitly force the unwrapped object to be not sensitive */
	unwrap_template[2].type = CKA_SENSITIVE;
	unwrap_template[2].pValue = &falsevalue;
	unwrap_template[2].ulValueLen = sizeof (falsevalue);

	unwrap_template[3].type = CKA_TOKEN;
	unwrap_template[3].pValue = &falsevalue;
	unwrap_template[3].ulValueLen = sizeof (falsevalue);

	unwrap_template_size =
	    sizeof (unwrap_template) / sizeof (CK_ATTRIBUTE);

	if (!wrap_info.dst_supports) {
		/*
		 * if we know for sure that the destination slot doesn't
		 * support the wrapping mechanism, no point in trying.
		 * go directly to unwrap in source slot, and create key
		 * in destination
		 */
		goto unwrap_in_source;
	}

	/* create the unwrapping key in destination slot */
	if (wrap_info.key_type == CKK_RSA) {
		/* for RSA key, the unwrapping key need to be private key */
		wrap_info.class = CKO_PRIVATE_KEY;
	}
	rv = create_wrap_unwrap_key(dst_slot_session,
	    &unwrappingKey, &wrap_info, key_data, key_len);
	if (rv != CKR_OK) {
		goto finish;
	}

	rv = FUNCLIST(dst_slot_session->fw_st_id)->C_UnwrapKey(
	    dst_slot_session->hSession, &wrappingMech,
	    unwrappingKey, wrappedKey, wrappedKeyLen, unwrap_template,
	    unwrap_template_size, &(new_clone->hObject));

	if (rv != CKR_OK) {
unwrap_in_source:

		/*
		 * There seemed to be a problem with unwrapping in the
		 * destination slot.
		 * Try to do the unwrap in the src slot so it becomes
		 * a non-sensitive object, then, get all the attributes
		 * and create the object in the destination slot
		 */


		if (wrap_info.class == CKO_SECRET_KEY) {
			/* unwrap with same key used for wrapping */
			rv = FUNCLIST(src_slot_session->fw_st_id)->C_UnwrapKey(
			    src_slot_session->hSession,
			    &wrappingMech, wrappingKey, wrappedKey,
			    wrappedKeyLen, unwrap_template,
			    unwrap_template_size, &(unwrapped_obj));
		} else {
			/*
			 * If the object is wrapping with RSA public key, need
			 * need to create RSA private key for unwrapping
			 */
			wrap_info.class = CKO_PRIVATE_KEY;
			rv = create_wrap_unwrap_key(src_slot_session,
			    &unwrappingKey, &wrap_info, key_data, key_len);
			if (rv != CKR_OK) {
				goto finish;
			}
			rv = FUNCLIST(src_slot_session->fw_st_id)->C_UnwrapKey(
			    src_slot_session->hSession,
			    &wrappingMech, unwrappingKey, wrappedKey,
			    wrappedKeyLen, unwrap_template,
			    unwrap_template_size, &(unwrapped_obj));
		}


		if (rv != CKR_OK) {
			goto finish;
		}

		rv = meta_session_alloc(&tmp_meta_session);
		if (rv != CKR_OK) {
			goto finish;
		}

		tmp_meta_session->session_flags = CKF_SERIAL_SESSION;

		rv = meta_object_alloc(tmp_meta_session, &tmp_meta_obj);
		if (rv != CKR_OK) {
			goto finish;
		}

		rv = meta_slot_object_alloc(&tmp_slot_obj);
		if (rv != CKR_OK) {
			goto finish;
		}

		tmp_meta_obj->master_clone_slotnum = src_slot_session->slotnum;
		tmp_slot_obj->hObject = unwrapped_obj;
		tmp_meta_obj->clones[tmp_meta_obj->master_clone_slotnum]
		    = tmp_slot_obj;
		meta_slot_object_activate(tmp_slot_obj, src_slot_session,
		    B_FALSE);
		tmp_slot_obj = NULL;

		rv = clone_by_create(tmp_meta_obj, new_clone,
		    dst_slot_session);
		if (rv != CKR_OK) {
			goto finish;
		}
	}

finish:
	if (unwrappingKey) {
		(void) FUNCLIST(dst_slot_session->fw_st_id)->C_DestroyObject(
		    dst_slot_session->hSession, unwrappingKey);
	}

	if (wrappingKey) {
		(void) FUNCLIST(src_slot_session->fw_st_id)->C_DestroyObject(
		    src_slot_session->hSession, wrappingKey);
	}

	if (tmp_slot_obj) {
		(void) meta_slot_object_dealloc(tmp_slot_obj);
	}

	if (tmp_meta_obj) {
		(void) meta_object_dealloc(tmp_meta_session, tmp_meta_obj,
		    B_TRUE);
	}

	if (tmp_meta_session) {
		(void) meta_session_dealloc(tmp_meta_session);
	}

	if (wrappedKey) {
		free(wrappedKey);
	}

	if (src_slot_session) {
		meta_release_slot_session(src_slot_session);
	}

	return (rv);

}


/*
 * meta_object_get_clone
 *
 * Creates a "clone" of a metaobject on the specified slot. A clone is a
 * copy of the object.
 *
 * Clones are cached, so that they can be reused with subsequent operations.
 */
CK_RV
meta_object_get_clone(meta_object_t *object,
	CK_ULONG slot_num, slot_session_t *slot_session,
	slot_object_t **clone)
{
	CK_RV rv = CKR_OK;
	slot_object_t *newclone = NULL;

	/* Does a clone already exist? */
	if (object->clones[slot_num] != NULL) {
		*clone = object->clones[slot_num];
		return (CKR_OK);
	}

	if ((object->isSensitive) && (object->isToken) &&
	    (!metaslot_auto_key_migrate)) {
		/*
		 * if the object is a sensitive token object, and auto
		 * key migrate is not allowed, will not create the clone
		 * in another slot
		 */
		return (CKR_FUNCTION_FAILED);
	}

	/* object attributes can't be extracted and attributes are not known */
	if ((!object->isExtractable) && (object->attributes == NULL)) {
		return (CKR_FUNCTION_FAILED);
	}

	(void) pthread_mutex_lock(&object->clone_create_lock);

	/* Maybe someone just created one? */
	if (object->clones[slot_num] != NULL) {
		*clone = object->clones[slot_num];
		goto finish;
	}

	/*
	 * has an attempt already been made to create this object in
	 * slot?  If yes, and there's no clone, as indicated above,
	 * that means this object can't be created in this slot.
	 */
	if (object->tried_create_clone[slot_num]) {
		(void) pthread_mutex_unlock(&object->clone_create_lock);
		return (CKR_FUNCTION_FAILED);
	}

	rv = meta_slot_object_alloc(&newclone);
	if (rv != CKR_OK)
		goto finish;

	object->tried_create_clone[slot_num] = B_TRUE;

	/*
	 * If this object is sensitive and we do not have not copied in the
	 * attributes via FreeObject functionality, then we need to wrap it off
	 * the provider.  If we do have attributes, we can just create the
	 * clone
	 */

	if (object->isSensitive && object->attributes == NULL) {
		rv = clone_by_wrap(object, newclone, slot_session);
	} else {
		rv = clone_by_create(object, newclone, slot_session);
	}

	if (rv != CKR_OK) {
		goto finish;
	}

	object->clones[slot_num] = newclone;
	meta_slot_object_activate(newclone, slot_session, object->isToken);

	*clone = newclone;
	newclone = NULL;
finish:
	(void) pthread_mutex_unlock(&object->clone_create_lock);

	if (newclone)
		meta_slot_object_dealloc(newclone);

	return (rv);
}


/*
 * meta_setup_clone_template
 *
 * Create a clone template for the specified object.
 */
static CK_RV
meta_clone_template_setup(meta_object_t *object,
    const generic_attr_t *attributes, size_t num_attributes)
{
	CK_RV rv = CKR_OK;
	CK_ATTRIBUTE *clone_template;
	size_t i, c = 0;

	clone_template = malloc(num_attributes * sizeof (CK_ATTRIBUTE));
	if (clone_template == NULL) {
		rv = CKR_HOST_MEMORY;
		goto finish;
	}

	/* Don't allow attributes to change while we look at them. */
	(void) pthread_rwlock_rdlock(&object->attribute_lock);

	for (i = 0; i < num_attributes; i++) {
		if (!attributes[i].isCloneAttr ||
		    (attributes[i].attribute.type == CKA_TOKEN &&
		    object->isFreeToken == FREE_DISABLED)) {
			continue;
		}
		if ((!(attributes[i].hasValueForClone)) &&
		    (attributes[i].canBeEmptyValue)) {
			continue;
		}

		clone_template[c].type = attributes[i].attribute.type;
		clone_template[c].ulValueLen =
		    attributes[i].attribute.ulValueLen;
		/* Allocate space to store the attribute value. */
		clone_template[c].pValue = malloc(clone_template[c].ulValueLen);
		if (clone_template[c].pValue == NULL) {
			free(clone_template);
			rv = CKR_HOST_MEMORY;
			(void) pthread_rwlock_unlock(&object->attribute_lock);
			goto finish;
		}

		(void) memcpy(clone_template[c].pValue,
		    object->attributes[i].attribute.pValue,
		    clone_template[c].ulValueLen);
		c++;
	}

	(void) pthread_rwlock_unlock(&object->attribute_lock);

	object->clone_template = clone_template;
	object->clone_template_size = c;

finish:
	return (rv);
}


/*
 * meta_object_find_by_handle
 *
 * Search for an existing metaobject, using the object handle of a clone
 * on a particular slot.
 *
 * Returns a matching metaobject, or NULL if no match was found.
 */
meta_object_t *
meta_object_find_by_handle(CK_OBJECT_HANDLE hObject, CK_ULONG slotnum,
    boolean_t token_only)
{
	meta_object_t *object = NULL, *tmp_obj;
	meta_session_t *session;

	if (!token_only) {
		(void) pthread_rwlock_rdlock(&meta_sessionlist_lock);
		session = meta_sessionlist_head;
		while (session != NULL) {
			/* lock the objects list while we look at it */
			(void) pthread_rwlock_rdlock(
			    &(session->object_list_lock));
			tmp_obj = session->object_list_head;
			while (tmp_obj != NULL) {
				slot_object_t *slot_object;

				(void) pthread_rwlock_rdlock(
				    &(tmp_obj->object_lock));
				slot_object = tmp_obj->clones[slotnum];
				if (slot_object != NULL) {
					if (slot_object->hObject == hObject) {
						object = tmp_obj;
					}
				}
				(void) pthread_rwlock_unlock(
				    &(tmp_obj->object_lock));
				if (object != NULL) {
					break;
				}
				tmp_obj = tmp_obj->next;
			}
			(void) pthread_rwlock_unlock(
			    &(session->object_list_lock));
			if (object != NULL) {
				break;
			}
			session = session->next;
		}
		(void) pthread_rwlock_unlock(&meta_sessionlist_lock);
	}

	if (object != NULL) {
		/* found the object, no need to look further */
		return (object);
	}

	/*
	 * Look at list of token objects
	 */
	(void) pthread_rwlock_rdlock(&tokenobject_list_lock);
	tmp_obj = tokenobject_list_head;

	while (tmp_obj != NULL) {
		slot_object_t *slot_object;

		(void) pthread_rwlock_rdlock(&(tmp_obj->object_lock));
		slot_object = tmp_obj->clones[slotnum];
		if (slot_object != NULL) {
			if (slot_object->hObject == hObject)
				object = tmp_obj;
		}
		(void) pthread_rwlock_unlock(&(tmp_obj->object_lock));
		if (object != NULL) {
			break;
		}
		tmp_obj = tmp_obj->next;
	}
	(void) pthread_rwlock_unlock(&tokenobject_list_lock);

	return (object);
}

CK_RV
meta_token_object_deactivate(token_obj_type_t token_type)
{
	meta_object_t *object, *tmp_object;
	CK_RV save_rv = CKR_OK, rv;

	/* get a write lock on the token object list */
	(void) pthread_rwlock_wrlock(&tokenobject_list_lock);

	object = tokenobject_list_head;

	/* go through each object and delete the one with matching type */
	while (object != NULL) {
		tmp_object = object->next;

		if ((token_type == ALL_TOKEN) ||
		    ((object->isPrivate) && (token_type == PRIVATE_TOKEN)) ||
		    ((!object->isPrivate) && (token_type == PUBLIC_TOKEN))) {
			rv = meta_object_deactivate(object, B_TRUE, B_FALSE);
			if ((rv != CKR_OK) && (save_rv == CKR_OK)) {
				save_rv = rv;
				goto finish;
			}
			rv = meta_object_dealloc(NULL, object, B_FALSE);
			if ((rv != CKR_OK) && (save_rv == CKR_OK)) {
				save_rv = rv;
				goto finish;
			}
		}
		object = tmp_object;
	}
finish:
	(void) pthread_rwlock_unlock(&tokenobject_list_lock);
	return (save_rv);
}

/*
 * This function adds the to-be-freed meta object to a linked list.
 * When the number of objects queued in the linked list reaches the
 * maximum threshold MAX_OBJ_TO_BE_FREED, it will free the first
 * object (FIFO) in the list.
 */
void
meta_object_delay_free(meta_object_t *objp)
{
	meta_object_t *tmp;

	(void) pthread_mutex_lock(&obj_delay_freed.obj_to_be_free_mutex);

	/* Add the newly deleted object at the end of the list */
	objp->next = NULL;
	if (obj_delay_freed.first == NULL) {
		obj_delay_freed.last = objp;
		obj_delay_freed.first = objp;
	} else {
		obj_delay_freed.last->next = objp;
		obj_delay_freed.last = objp;
	}

	if (++obj_delay_freed.count >= MAX_OBJ_TO_BE_FREED) {
		/*
		 * Free the first object in the list only if
		 * the total count reaches maximum threshold.
		 */
		obj_delay_freed.count--;
		tmp = obj_delay_freed.first->next;
		free(obj_delay_freed.first);
		obj_delay_freed.first = tmp;
	}
	(void) pthread_mutex_unlock(&obj_delay_freed.obj_to_be_free_mutex);
}


/*
 * This function checks if the object passed can be a freeobject.
 *
 * If there is more than one provider that supports the supported freeobject
 * mechanisms then allow freeobjects to be an option.
 */

boolean_t
meta_freeobject_check(meta_session_t *session, meta_object_t *object,
    CK_MECHANISM *pMech, CK_ATTRIBUTE *tmpl, CK_ULONG tmpl_len,
    CK_KEY_TYPE keytype)
{
	mech_support_info_t *info = &(session->mech_support_info);

	/*
	 * If key migration is turned off, or the object does not has any of
	 * the required flags and there is only one slot, then we don't need
	 * FreeObjects.
	 */
	if (!metaslot_auto_key_migrate ||
	    (!object->isToken && !object->isSensitive &&
	    meta_slotManager_get_slotcount() < 2))
		goto failure;

	/*
	 * If this call is for key generation, check pMech for supported
	 * FreeObject mechs
	 */
	if (pMech != NULL) {
		if (pMech->mechanism == CKM_RSA_PKCS_KEY_PAIR_GEN ||
		    pMech->mechanism == CKM_EC_KEY_PAIR_GEN ||
		    pMech->mechanism == CKM_DH_PKCS_KEY_PAIR_GEN ||
		    pMech->mechanism == CKM_DH_PKCS_DERIVE)
			info->mech = pMech->mechanism;
		else
			goto failure;

	/*
	 * If this call is for an object creation, look inside the template
	 * for supported FreeObject mechs
	 */
	} else if (tmpl_len > 0) {
		if (!get_template_ulong(CKA_KEY_TYPE, tmpl, tmpl_len, &keytype))
			goto failure;

		switch (keytype) {
		case CKK_RSA:
			info->mech = CKM_RSA_PKCS_KEY_PAIR_GEN;
			break;
		case CKK_EC:
			info->mech = CKM_EC_KEY_PAIR_GEN;
			break;
		case CKK_DH:
			info->mech = CKM_DH_PKCS_KEY_PAIR_GEN;
			break;
		default:
			goto failure;
		}
	} else
		goto failure;

	/* Get the slot that support this mech... */
	if (meta_mechManager_get_slots(info, B_FALSE, NULL) != CKR_OK)
		goto failure;

	/*
	 * If there is only one slot with the mech or the first slot in
	 * the list is the keystore slot, we should bail.
	 */
	if (info->num_supporting_slots < 2 &&
	    info->supporting_slots[0]->slotnum == get_keystore_slotnum())
		goto failure;

	if (object->isToken)
		object->isFreeToken = FREE_ALLOWED_KEY;
	else
		object->isFreeToken = FREE_DISABLED;

	object->isFreeObject = FREE_ALLOWED_KEY;

	return (B_TRUE);

failure:
	object->isFreeToken = FREE_DISABLED;
	object->isFreeObject = FREE_DISABLED;
	return (B_FALSE);
}

/*
 * This function assumes meta_freeobject_check() has just been called and set
 * the isFreeObject and/or isFreeToken vars to FREE_ALLOWED_KEY.
 *
 * If the template value for CKA_PRIVATE, CKA_SENSITIVE and/or CKA_TOKEN are
 * true, then isFreeObject is fully enabled.  In addition isFreeToken is
 * enabled if is CKA_TOKEN true.
 *
 * If create is true, we are doing a C_CreateObject operation and don't
 * handle CKA_PRIVATE & CKA_SENSITIVE flags, we only care about CKA_TOKEN.
 */

boolean_t
meta_freeobject_set(meta_object_t *object, CK_ATTRIBUTE *tmpl,
    CK_ULONG tmpl_len, boolean_t create)
{

	/* This check should never be true, if it is, it's a bug */
	if (object->isFreeObject < FREE_ALLOWED_KEY)
		return (B_FALSE);

	if (!create) {
		/* Turn off the Sensitive flag */
		if (object->isSensitive) {
			if (set_template_boolean(CKA_SENSITIVE, tmpl, tmpl_len,
			    B_TRUE, &falsevalue) == -1)
				goto failure;

			object->isFreeObject = FREE_ENABLED;
		}

		/* Turn off the Private flag */
		if (object->isPrivate) {
			if (set_template_boolean(CKA_PRIVATE, tmpl, tmpl_len,
			    B_TRUE, &falsevalue) == -1)
				goto failure;

			object->isFreeObject = FREE_ENABLED;
		}
	}

	if (object->isToken) {
		object->isToken = B_FALSE;
		object->isFreeToken = FREE_ENABLED;
		object->isFreeObject = FREE_ENABLED;
	} else
		object->isFreeToken = FREE_DISABLED;

	/*
	 *  If isFreeObject is not in the FREE_ENABLED state yet, it can be
	 *  turned off because the object doesn't not need to be a FreeObject.
	 */
	if (object->isFreeObject == FREE_ALLOWED_KEY)
		object->isFreeObject = FREE_DISABLED;

	return (B_TRUE);

failure:
	object->isFreeToken = FREE_DISABLED;
	object->isFreeObject = FREE_DISABLED;
	return (B_FALSE);
}

/*
 * This function sets the CKA_TOKEN flag on a given object template depending
 * if the slot being used is a keystore.
 *
 * If the object is a token, but the slot is not the system keystore or has
 * no keystore, then set the template to token = false; otherwise it's true.
 * In addition we know ahead of time what the value is, so if the value is
 * already correct, bypass the setting function
 */
CK_RV
meta_freetoken_set(CK_ULONG slot_num, CK_BBOOL *current_value,
    CK_ATTRIBUTE *tmpl, CK_ULONG tmpl_len)
{

	if (slot_num == get_keystore_slotnum()) {
		if (*current_value == TRUE)
			return (CKR_OK);

		if (set_template_boolean(CKA_TOKEN, tmpl, tmpl_len, B_TRUE,
		    &truevalue) == -1)
			return (CKR_FUNCTION_FAILED);

	} else {

		if (*current_value == FALSE)
			return (CKR_OK);

		if (set_template_boolean(CKA_TOKEN, tmpl, tmpl_len, B_TRUE,
		    &falsevalue) == -1)
			return (CKR_FUNCTION_FAILED);

		*current_value = FALSE;
	}

	return (CKR_OK);
}

/*
 * Cloning function for meta_freeobject_clone() to use.  This function
 * is streamlined because we know what the object is and this should
 * not be called as a generic cloner.
 */

static CK_RV
meta_freeobject_clone_maker(meta_session_t *session, meta_object_t *object,
    CK_ULONG slotnum)
{

	slot_object_t *slot_object = NULL;
	slot_session_t *slot_session = NULL;
	CK_RV rv;

	rv = meta_slot_object_alloc(&slot_object);
	if (rv != CKR_OK)
		goto cleanup;

	rv = meta_get_slot_session(slotnum, &slot_session,
	    session->session_flags);
	if (rv != CKR_OK)
		goto cleanup;

	rv = clone_by_create(object, slot_object, slot_session);
	if (rv == CKR_OK) {
		object->clones[slotnum] = slot_object;
		meta_slot_object_activate(slot_object, slot_session, B_TRUE);
	}

cleanup:
	meta_release_slot_session(slot_session);
	return (rv);

}

/*
 * This function is called when a object is a FreeObject.
 *
 * What we are given is an object that has been generated on a provider
 * that is not its final usage place. That maybe because:
 * 1) it's a token and needs to be stored in keystore.
 * 2) it was to be a private/sensitive object that we modified so we could know
 *    the important attributes for cloning before we make it private/sensitive.
 */

boolean_t
meta_freeobject_clone(meta_session_t *session, meta_object_t *object)
{
	CK_RV rv;
	CK_ULONG keystore_slotnum;
	CK_ATTRIBUTE attr[2];
	boolean_t failover = B_FALSE;

	if (object->attributes == NULL) {
		rv = meta_object_copyin(object);
		if (rv != CKR_OK)
			return (rv);
	}

	if (object->isPrivate) {
		CK_OBJECT_HANDLE new_clone;
		CK_ULONG slotnum = object->master_clone_slotnum;
		slot_session_t *slot_session;

		attr[0].type = CKA_PRIVATE;
		attr[0].pValue = &truevalue;
		attr[0].ulValueLen = sizeof (truevalue);

		/* Set the master attribute list */
		rv = attribute_set_value(attr, object->attributes,
		    object->num_attributes);
		if (rv > 0)
			return (CKR_FUNCTION_FAILED);

		/* Get a slot session */
		rv = meta_get_slot_session(slotnum, &slot_session,
		    session->session_flags);
		if (rv > 0)
			return (rv);

		/* Create the new CKA_PRIVATE one */
		rv = FUNCLIST(slot_session->fw_st_id)->\
		    C_CopyObject(slot_session->hSession,
		    object->clones[slotnum]->hObject, attr, 1, &new_clone);

		if (rv == CKR_USER_NOT_LOGGED_IN) {
			/*
			 * If the CopyObject fails, we may be using a provider
			 * that has a keystore that is not the default
			 * keystore set in metaslot or has object management
			 * abilities. In which case we should write this
			 * object to metaslot's keystore and let the failover.
			 * rest of the function know we've changed providers.
			 */
			failover = B_TRUE;
			keystore_slotnum = get_keystore_slotnum();
			if (object->clones[keystore_slotnum] == NULL) {
				rv = meta_freeobject_clone_maker(session,
				    object, keystore_slotnum);
				if (rv != CKR_OK) {
					goto failure;
				}
			}
			object->master_clone_slotnum = keystore_slotnum;

		} else if (rv != CKR_OK) {
			meta_release_slot_session(slot_session);
			goto failure;
		}
		/* Remove the old object */
		rv = FUNCLIST(slot_session->fw_st_id)->	\
		    C_DestroyObject(slot_session->hSession,
		    object->clones[slotnum]->hObject);
		if (rv != CKR_OK) {
			meta_release_slot_session(slot_session);
			goto failure;
		}

		if (!failover)
			object->clones[slotnum]->hObject = new_clone;
		else
			object->clones[slotnum] = NULL;

		meta_release_slot_session(slot_session);

	}

	if (object->isSensitive) {
		slot_session_t *slot_session;
		CK_ULONG slotnum = object->master_clone_slotnum;

		attr[0].type = CKA_SENSITIVE;
		attr[0].pValue = &truevalue;
		attr[0].ulValueLen = sizeof (truevalue);
		rv = attribute_set_value(attr, object->attributes,
		    object->num_attributes);
		if (rv != CKR_OK)
			goto failure;

		rv = meta_get_slot_session(slotnum, &slot_session,
		    session->session_flags);
		if (rv == CKR_OK) {
			rv = FUNCLIST(slot_session->fw_st_id)->		\
			    C_SetAttributeValue(slot_session->hSession,
			    object->clones[slotnum]->hObject, attr, 1);

			meta_release_slot_session(slot_session);
		}
	}

	if (object->isFreeToken == FREE_ENABLED || failover) {
		keystore_slotnum = get_keystore_slotnum();
		if (object->clones[keystore_slotnum] == NULL) {
			rv = meta_freeobject_clone_maker(session, object,
			    keystore_slotnum);
			if (rv != CKR_OK)
				goto failure;

			object->master_clone_slotnum = keystore_slotnum;
		}
		object->isFreeToken = FREE_ENABLED;
	}

	object->isFreeObject = FREE_ENABLED;
	return (CKR_OK);

failure:
	object->isFreeToken = FREE_DISABLED;
	object->isFreeObject = FREE_DISABLED;
	return (rv);

}