xref: /titanic_50/usr/src/lib/pkcs11/pkcs11_softtoken/common/softObject.h (revision fa9e4066f08beec538e775443c5be79dd423fcab)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #ifndef	_SOFTOBJECT_H
28 #define	_SOFTOBJECT_H
29 
30 #pragma ident	"%Z%%M%	%I%	%E% SMI"
31 
32 #ifdef __cplusplus
33 extern "C" {
34 #endif
35 
36 #include <pthread.h>
37 #include <security/pkcs11t.h>
38 #include "softKeystoreUtil.h"
39 #include "softSession.h"
40 
41 
42 #define	SOFTTOKEN_OBJECT_MAGIC	0xECF0B002
43 
44 #define	SOFT_CREATE_OBJ		1
45 #define	SOFT_GEN_KEY		2
46 #define	SOFT_DERIVE_KEY_DH	3	/* for CKM_DH_PKCS_DERIVE */
47 #define	SOFT_DERIVE_KEY_OTHER	4	/* for CKM_MD5_KEY_DERIVATION and */
48 					/* CKM_SHA1_KEY_DERIVATION */
49 #define	SOFT_UNWRAP_KEY		5
50 #define	SOFT_CREATE_OBJ_INT	6	/* internal object creation */
51 
52 typedef struct biginteger {
53 	CK_BYTE *big_value;
54 	CK_ULONG big_value_len;
55 } biginteger_t;
56 
57 
58 /*
59  * Secret key Struct
60  */
61 typedef struct secret_key_obj {
62 	CK_BYTE *sk_value;
63 	CK_ULONG sk_value_len;
64 	void *key_sched;
65 	size_t keysched_len;
66 } secret_key_obj_t;
67 
68 
69 /*
70  * PKCS11: RSA Public Key Object Attributes
71  */
72 typedef struct rsa_pub_key {
73 	biginteger_t modulus;
74 	CK_ULONG modulus_bits;
75 	biginteger_t pub_exponent;
76 } rsa_pub_key_t;
77 
78 
79 /*
80  * PKCS11: DSA Public Key Object Attributes
81  */
82 typedef struct dsa_pub_key {
83 	biginteger_t prime;
84 	biginteger_t subprime;
85 	biginteger_t base;
86 	biginteger_t value;
87 } dsa_pub_key_t;
88 
89 
90 /*
91  * PKCS11: Diffie-Hellman Public Key Object Attributes
92  */
93 typedef struct dh_pub_key {
94 	biginteger_t prime;
95 	biginteger_t base;
96 	biginteger_t value;
97 } dh_pub_key_t;
98 
99 
100 /*
101  * PKCS11: X9.42 Diffie-Hellman Public Key Object Attributes
102  */
103 typedef struct dh942_pub_key {
104 	biginteger_t prime;
105 	biginteger_t base;
106 	biginteger_t subprime;
107 	biginteger_t value;
108 } dh942_pub_key_t;
109 
110 
111 /*
112  * Public Key Main Struct
113  */
114 typedef struct public_key_obj {
115 	union {
116 		rsa_pub_key_t rsa_pub_key; /* RSA public key */
117 		dsa_pub_key_t dsa_pub_key; /* DSA public key */
118 		dh_pub_key_t  dh_pub_key;  /* DH public key */
119 		dh942_pub_key_t dh942_pub_key;	/* DH9.42 public key */
120 	} key_type_u;
121 } public_key_obj_t;
122 
123 /*
124  * PKCS11: RSA Private Key Object Attributes
125  */
126 typedef struct rsa_pri_key {
127 	biginteger_t modulus;
128 	biginteger_t pub_exponent;
129 	biginteger_t pri_exponent;
130 	biginteger_t prime_1;
131 	biginteger_t prime_2;
132 	biginteger_t exponent_1;
133 	biginteger_t exponent_2;
134 	biginteger_t coefficient;
135 } rsa_pri_key_t;
136 
137 /*
138  * PKCS11: DSA Private Key Object Attributes
139  */
140 typedef struct dsa_pri_key {
141 	biginteger_t prime;
142 	biginteger_t subprime;
143 	biginteger_t base;
144 	biginteger_t value;
145 } dsa_pri_key_t;
146 
147 
148 /*
149  * PKCS11: Diffie-Hellman Private Key Object Attributes
150  */
151 typedef struct dh_pri_key {
152 	biginteger_t prime;
153 	biginteger_t base;
154 	biginteger_t value;
155 	CK_ULONG value_bits;
156 } dh_pri_key_t;
157 
158 /*
159  * PKCS11: X9.42 Diffie-Hellman Private Key Object Attributes
160  */
161 typedef struct dh942_pri_key {
162 	biginteger_t prime;
163 	biginteger_t base;
164 	biginteger_t subprime;
165 	biginteger_t value;
166 } dh942_pri_key_t;
167 
168 
169 /*
170  * Private Key Main Struct
171  */
172 typedef struct private_key_obj {
173 	union {
174 		rsa_pri_key_t rsa_pri_key; /* RSA private key */
175 		dsa_pri_key_t dsa_pri_key; /* DSA private key */
176 		dh_pri_key_t  dh_pri_key;  /* DH private key */
177 		dh942_pri_key_t dh942_pri_key;	/* DH9.42 private key */
178 	} key_type_u;
179 } private_key_obj_t;
180 
181 /*
182  * PKCS11: DSA Domain Parameters Object Attributes
183  */
184 typedef struct dsa_dom_key {
185 	biginteger_t prime;
186 	biginteger_t subprime;
187 	biginteger_t base;
188 	CK_ULONG prime_bits;
189 } dsa_dom_key_t;
190 
191 
192 /*
193  * PKCS11: Diffie-Hellman Domain Parameters Object Attributes
194  */
195 typedef struct dh_dom_key {
196 	biginteger_t prime;
197 	biginteger_t base;
198 	CK_ULONG prime_bits;
199 } dh_dom_key_t;
200 
201 
202 /*
203  * PKCS11: X9.42 Diffie-Hellman Domain Parameters Object Attributes
204  */
205 typedef struct dh942_dom_key {
206 	biginteger_t prime;
207 	biginteger_t base;
208 	biginteger_t subprime;
209 	CK_ULONG prime_bits;
210 	CK_ULONG subprime_bits;
211 } dh942_dom_key_t;
212 
213 /*
214  * Domain Parameters Main Struct
215  */
216 typedef struct domain_obj {
217 	union {
218 		dsa_dom_key_t dsa_dom_key; /* DSA domain parameters */
219 		dh_dom_key_t  dh_dom_key;  /* DH domain parameters */
220 		dh942_dom_key_t dh942_dom_key;  /* DH9.42 domain parameters */
221 	} key_type_u;
222 } domain_obj_t;
223 
224 typedef struct cert_attr_type {
225 	CK_BYTE *value;
226 	CK_ULONG length;
227 } cert_attr_t;
228 
229 /*
230  * X.509 Public Key Certificate Structure.
231  * This structure contains only the attributes that are
232  * NOT modifiable after creation.
233  * ID, ISSUER, and SUBJECT attributes are kept in the extra_attrlistp
234  * record.
235  */
236 typedef struct x509_cert {
237 	cert_attr_t *subject; /* DER encoding of certificate subject name */
238 	cert_attr_t *value;	/* BER encoding of the cert */
239 } x509_cert_t;
240 
241 /*
242  * X.509 Attribute Certificiate Structure
243  * This structure contains only the attributes that are
244  * NOT modifiable after creation.
245  * AC_ISSUER, SERIAL_NUMBER, and ATTR_TYPES are kept in the
246  * extra_attrlistp record so they may be modified.
247  */
248 typedef struct x509_attr_cert {
249 	cert_attr_t *owner;	 /* DER encoding of attr cert subject field */
250 	cert_attr_t *value;	/* BER encoding of cert */
251 } x509_attr_cert_t;
252 
253 /*
254  * Certificate Object Main Struct
255  */
256 typedef struct certificate_obj {
257 	CK_CERTIFICATE_TYPE certificate_type;
258 	union {
259 		x509_cert_t  	x509;
260 		x509_attr_cert_t x509_attr;
261 	} cert_type_u;
262 } certificate_obj_t;
263 
264 /*
265  * This structure is used to hold the attributes in the
266  * Extra Attribute List.
267  */
268 typedef struct attribute_info {
269 	CK_ATTRIBUTE	attr;
270 	struct attribute_info *next;
271 } attribute_info_t;
272 
273 
274 typedef attribute_info_t *CK_ATTRIBUTE_INFO_PTR;
275 
276 /*
277  * This is the main structure of the Objects.
278  */
279 typedef struct object {
280 	/* Generic common fields. Always present */
281 	uint_t			version;	/* for token objects only */
282 	CK_OBJECT_CLASS 	class;
283 	CK_KEY_TYPE		key_type;
284 	CK_CERTIFICATE_TYPE	cert_type;
285 	ulong_t			magic_marker;
286 	uint64_t		bool_attr_mask;	/* see below */
287 	CK_MECHANISM_TYPE	mechanism;
288 	uchar_t object_type;		/* see below */
289 	struct ks_obj_handle ks_handle;	/* keystore handle */
290 
291 	/* Fields for access and arbitration */
292 	pthread_mutex_t	object_mutex;
293 	struct object *next;
294 	struct object *prev;
295 
296 	/* Extra non-boolean attribute list */
297 	CK_ATTRIBUTE_INFO_PTR extra_attrlistp;
298 
299 	/* For each object, only one of these object classes is presented */
300 	union {
301 		public_key_obj_t  *public_key;
302 		private_key_obj_t *private_key;
303 		secret_key_obj_t  *secret_key;
304 		domain_obj_t	  *domain;
305 		certificate_obj_t *certificate;
306 	} object_class_u;
307 
308 	/* Session handle that the object belongs to */
309 	CK_SESSION_HANDLE	session_handle;
310 	uint32_t	obj_refcnt;	/* object reference count */
311 	pthread_cond_t	obj_free_cond;	/* cond variable for signal and wait */
312 	uint32_t	obj_delete_sync;	/* object delete sync flags */
313 
314 } soft_object_t;
315 
316 typedef struct find_context {
317 	soft_object_t **objs_found;
318 	CK_ULONG num_results;
319 	CK_ULONG next_result_index;	/* next result object to return */
320 } find_context_t;
321 
322 /*
323  * The following structure is used to link the to-be-freed session
324  * objects into a linked list. The objects on this linked list have
325  * not yet been freed via free() after C_DestroyObject() call; instead
326  * they are added to this list. The actual free will take place when
327  * the number of objects queued reaches MAX_OBJ_TO_BE_FREED, at which
328  * time the first object in the list will be freed.
329  */
330 #define	MAX_OBJ_TO_BE_FREED		300
331 
332 typedef struct obj_to_be_freed_list {
333 	struct object	*first;	/* points to the first obj in the list */
334 	struct object	*last;	/* points to the last obj in the list */
335 	uint32_t	count;	/* current total objs in the list */
336 	pthread_mutex_t	obj_to_be_free_mutex;
337 } obj_to_be_freed_list_t;
338 
339 /*
340  * Object type
341  */
342 #define	SESSION_PUBLIC		0	/* CKA_TOKEN = 0, CKA_PRIVATE = 0 */
343 #define	SESSION_PRIVATE		1	/* CKA_TOKEN = 0, CKA_PRIVATE = 1 */
344 #define	TOKEN_PUBLIC		2	/* CKA_TOKEN = 1, CKA_PRIVATE = 0 */
345 #define	TOKEN_PRIVATE		3	/* CKA_TOKEN = 1, CKA_PRIVATE = 1 */
346 
347 #define	TOKEN_OBJECT		2
348 #define	PRIVATE_OBJECT		1
349 
350 typedef enum {
351 		ALL_TOKEN = 0,
352 		PUBLIC_TOKEN = 1,
353 		PRIVATE_TOKEN = 2
354 } token_obj_type_t;
355 
356 #define	IS_TOKEN_OBJECT(objp)	\
357 	((objp->object_type == TOKEN_PUBLIC) || \
358 	(objp->object_type == TOKEN_PRIVATE))
359 
360 /*
361  * Types associated with copying object's content
362  */
363 #define	SOFT_SET_ATTR_VALUE	1	/* for C_SetAttributeValue */
364 #define	SOFT_COPY_OBJECT	2	/* for C_CopyObject */
365 #define	SOFT_COPY_OBJ_ORIG_SH	3	/* for copying an object but keeps */
366 					/* the original session handle */
367 
368 /*
369  * The following definitions are the shortcuts
370  */
371 
372 /*
373  * RSA Public Key Object Attributes
374  */
375 #define	OBJ_PUB(o) \
376 	((o)->object_class_u.public_key)
377 #define	KEY_PUB_RSA(k) \
378 	&((k)->key_type_u.rsa_pub_key)
379 #define	OBJ_PUB_RSA_MOD(o) \
380 	&((o)->object_class_u.public_key->key_type_u.rsa_pub_key.modulus)
381 #define	KEY_PUB_RSA_MOD(k) \
382 	&((k)->key_type_u.rsa_pub_key.modulus)
383 #define	OBJ_PUB_RSA_PUBEXPO(o) \
384 	&((o)->object_class_u.public_key->key_type_u.rsa_pub_key.pub_exponent)
385 #define	KEY_PUB_RSA_PUBEXPO(k) \
386 	&((k)->key_type_u.rsa_pub_key.pub_exponent)
387 #define	OBJ_PUB_RSA_MOD_BITS(o) \
388 	((o)->object_class_u.public_key->key_type_u.rsa_pub_key.modulus_bits)
389 #define	KEY_PUB_RSA_MOD_BITS(k) \
390 	((k)->key_type_u.rsa_pub_key.modulus_bits)
391 
392 /*
393  * DSA Public Key Object Attributes
394  */
395 #define	KEY_PUB_DSA(k) \
396 	&((k)->key_type_u.dsa_pub_key)
397 #define	OBJ_PUB_DSA_PRIME(o) \
398 	&((o)->object_class_u.public_key->key_type_u.dsa_pub_key.prime)
399 #define	KEY_PUB_DSA_PRIME(k) \
400 	&((k)->key_type_u.dsa_pub_key.prime)
401 #define	OBJ_PUB_DSA_SUBPRIME(o) \
402 	&((o)->object_class_u.public_key->key_type_u.dsa_pub_key.subprime)
403 #define	KEY_PUB_DSA_SUBPRIME(k) \
404 	&((k)->key_type_u.dsa_pub_key.subprime)
405 #define	OBJ_PUB_DSA_BASE(o) \
406 	&((o)->object_class_u.public_key->key_type_u.dsa_pub_key.base)
407 #define	KEY_PUB_DSA_BASE(k) \
408 	&((k)->key_type_u.dsa_pub_key.base)
409 #define	OBJ_PUB_DSA_VALUE(o) \
410 	&((o)->object_class_u.public_key->key_type_u.dsa_pub_key.value)
411 #define	KEY_PUB_DSA_VALUE(k) \
412 	&((k)->key_type_u.dsa_pub_key.value)
413 
414 /*
415  * Diffie-Hellman Public Key Object Attributes
416  */
417 #define	KEY_PUB_DH(k) \
418 	&((k)->key_type_u.dh_pub_key)
419 #define	OBJ_PUB_DH_PRIME(o) \
420 	&((o)->object_class_u.public_key->key_type_u.dh_pub_key.prime)
421 #define	KEY_PUB_DH_PRIME(k) \
422 	&((k)->key_type_u.dh_pub_key.prime)
423 #define	OBJ_PUB_DH_BASE(o) \
424 	&((o)->object_class_u.public_key->key_type_u.dh_pub_key.base)
425 #define	KEY_PUB_DH_BASE(k) \
426 	&((k)->key_type_u.dh_pub_key.base)
427 #define	OBJ_PUB_DH_VALUE(o) \
428 	&((o)->object_class_u.public_key->key_type_u.dh_pub_key.value)
429 #define	KEY_PUB_DH_VALUE(k) \
430 	&((k)->key_type_u.dh_pub_key.value)
431 
432 /*
433  * X9.42 Diffie-Hellman Public Key Object Attributes
434  */
435 #define	KEY_PUB_DH942(k) \
436 	&((k)->key_type_u.dh942_pub_key)
437 #define	OBJ_PUB_DH942_PRIME(o) \
438 	&((o)->object_class_u.public_key->key_type_u.dh942_pub_key.prime)
439 #define	KEY_PUB_DH942_PRIME(k) \
440 	&((k)->key_type_u.dh942_pub_key.prime)
441 #define	OBJ_PUB_DH942_BASE(o) \
442 	&((o)->object_class_u.public_key->key_type_u.dh942_pub_key.base)
443 #define	KEY_PUB_DH942_BASE(k) \
444 	&((k)->key_type_u.dh942_pub_key.base)
445 #define	OBJ_PUB_DH942_SUBPRIME(o) \
446 	&((o)->object_class_u.public_key->key_type_u.dh942_pub_key.subprime)
447 #define	KEY_PUB_DH942_SUBPRIME(k) \
448 	&((k)->key_type_u.dh942_pub_key.subprime)
449 #define	OBJ_PUB_DH942_VALUE(o) \
450 	&((o)->object_class_u.public_key->key_type_u.dh942_pub_key.value)
451 #define	KEY_PUB_DH942_VALUE(k) \
452 	&((k)->key_type_u.dh942_pub_key.value)
453 
454 /*
455  * RSA Private Key Object Attributes
456  */
457 #define	OBJ_PRI(o) \
458 	((o)->object_class_u.private_key)
459 #define	KEY_PRI_RSA(k) \
460 	&((k)->key_type_u.rsa_pri_key)
461 #define	OBJ_PRI_RSA_MOD(o) \
462 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.modulus)
463 #define	KEY_PRI_RSA_MOD(k) \
464 	&((k)->key_type_u.rsa_pri_key.modulus)
465 #define	OBJ_PRI_RSA_PUBEXPO(o) \
466 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.pub_exponent)
467 #define	KEY_PRI_RSA_PUBEXPO(k) \
468 	&((k)->key_type_u.rsa_pri_key.pub_exponent)
469 #define	OBJ_PRI_RSA_PRIEXPO(o) \
470 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.pri_exponent)
471 #define	KEY_PRI_RSA_PRIEXPO(k) \
472 	&((k)->key_type_u.rsa_pri_key.pri_exponent)
473 #define	OBJ_PRI_RSA_PRIME1(o) \
474 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.prime_1)
475 #define	KEY_PRI_RSA_PRIME1(k) \
476 	&((k)->key_type_u.rsa_pri_key.prime_1)
477 #define	OBJ_PRI_RSA_PRIME2(o) \
478 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.prime_2)
479 #define	KEY_PRI_RSA_PRIME2(k) \
480 	&((k)->key_type_u.rsa_pri_key.prime_2)
481 #define	OBJ_PRI_RSA_EXPO1(o) \
482 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.exponent_1)
483 #define	KEY_PRI_RSA_EXPO1(k) \
484 	&((k)->key_type_u.rsa_pri_key.exponent_1)
485 #define	OBJ_PRI_RSA_EXPO2(o) \
486 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.exponent_2)
487 #define	KEY_PRI_RSA_EXPO2(k) \
488 	&((k)->key_type_u.rsa_pri_key.exponent_2)
489 #define	OBJ_PRI_RSA_COEF(o) \
490 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.coefficient)
491 #define	KEY_PRI_RSA_COEF(k) \
492 	&((k)->key_type_u.rsa_pri_key.coefficient)
493 
494 /*
495  * DSA Private Key Object Attributes
496  */
497 #define	KEY_PRI_DSA(k) \
498 	&((k)->key_type_u.dsa_pri_key)
499 #define	OBJ_PRI_DSA_PRIME(o) \
500 	&((o)->object_class_u.private_key->key_type_u.dsa_pri_key.prime)
501 #define	KEY_PRI_DSA_PRIME(k) \
502 	&((k)->key_type_u.dsa_pri_key.prime)
503 #define	OBJ_PRI_DSA_SUBPRIME(o) \
504 	&((o)->object_class_u.private_key->key_type_u.dsa_pri_key.subprime)
505 #define	KEY_PRI_DSA_SUBPRIME(k) \
506 	&((k)->key_type_u.dsa_pri_key.subprime)
507 #define	OBJ_PRI_DSA_BASE(o) \
508 	&((o)->object_class_u.private_key->key_type_u.dsa_pri_key.base)
509 #define	KEY_PRI_DSA_BASE(k) \
510 	&((k)->key_type_u.dsa_pri_key.base)
511 #define	OBJ_PRI_DSA_VALUE(o) \
512 	&((o)->object_class_u.private_key->key_type_u.dsa_pri_key.value)
513 #define	KEY_PRI_DSA_VALUE(k) \
514 	&((k)->key_type_u.dsa_pri_key.value)
515 
516 /*
517  * Diffie-Hellman Private Key Object Attributes
518  */
519 #define	KEY_PRI_DH(k) \
520 	&((k)->key_type_u.dh_pri_key)
521 #define	OBJ_PRI_DH_PRIME(o) \
522 	&((o)->object_class_u.private_key->key_type_u.dh_pri_key.prime)
523 #define	KEY_PRI_DH_PRIME(k) \
524 	&((k)->key_type_u.dh_pri_key.prime)
525 #define	OBJ_PRI_DH_BASE(o) \
526 	&((o)->object_class_u.private_key->key_type_u.dh_pri_key.base)
527 #define	KEY_PRI_DH_BASE(k) \
528 	&((k)->key_type_u.dh_pri_key.base)
529 #define	OBJ_PRI_DH_VALUE(o) \
530 	&((o)->object_class_u.private_key->key_type_u.dh_pri_key.value)
531 #define	KEY_PRI_DH_VALUE(k) \
532 	&((k)->key_type_u.dh_pri_key.value)
533 #define	OBJ_PRI_DH_VAL_BITS(o) \
534 	((o)->object_class_u.private_key->key_type_u.dh_pri_key.value_bits)
535 #define	KEY_PRI_DH_VAL_BITS(k) \
536 	((k)->key_type_u.dh_pri_key.value_bits)
537 
538 /*
539  * X9.42 Diffie-Hellman Private Key Object Attributes
540  */
541 #define	KEY_PRI_DH942(k) \
542 	&((k)->key_type_u.dh942_pri_key)
543 #define	OBJ_PRI_DH942_PRIME(o) \
544 	&((o)->object_class_u.private_key->key_type_u.dh942_pri_key.prime)
545 #define	KEY_PRI_DH942_PRIME(k) \
546 	&((k)->key_type_u.dh942_pri_key.prime)
547 #define	OBJ_PRI_DH942_BASE(o) \
548 	&((o)->object_class_u.private_key->key_type_u.dh942_pri_key.base)
549 #define	KEY_PRI_DH942_BASE(k) \
550 	&((k)->key_type_u.dh942_pri_key.base)
551 #define	OBJ_PRI_DH942_SUBPRIME(o) \
552 	&((o)->object_class_u.private_key->key_type_u.dh942_pri_key.subprime)
553 #define	KEY_PRI_DH942_SUBPRIME(k) \
554 	&((k)->key_type_u.dh942_pri_key.subprime)
555 #define	OBJ_PRI_DH942_VALUE(o) \
556 	&((o)->object_class_u.private_key->key_type_u.dh942_pri_key.value)
557 #define	KEY_PRI_DH942_VALUE(k) \
558 	&((k)->key_type_u.dh942_pri_key.value)
559 
560 /*
561  * DSA Domain Parameters Object Attributes
562  */
563 #define	OBJ_DOM(o) \
564 	((o)->object_class_u.domain)
565 #define	KEY_DOM_DSA(k) \
566 	&((k)->key_type_u.dsa_dom_key)
567 #define	OBJ_DOM_DSA_PRIME(o) \
568 	&((o)->object_class_u.domain->key_type_u.dsa_dom_key.prime)
569 #define	KEY_DOM_DSA_PRIME(k) \
570 	&((k)->key_type_u.dsa_dom_key.prime)
571 #define	OBJ_DOM_DSA_SUBPRIME(o) \
572 	&((o)->object_class_u.domain->key_type_u.dsa_dom_key.subprime)
573 #define	KEY_DOM_DSA_SUBPRIME(k) \
574 	&((k)->key_type_u.dsa_dom_key.subprime)
575 #define	OBJ_DOM_DSA_BASE(o) \
576 	&((o)->object_class_u.domain->key_type_u.dsa_dom_key.base)
577 #define	KEY_DOM_DSA_BASE(k) \
578 	&((k)->key_type_u.dsa_dom_key.base)
579 #define	OBJ_DOM_DSA_PRIME_BITS(o) \
580 	((o)->object_class_u.domain->key_type_u.dsa_dom_key.prime_bits)
581 
582 /*
583  * Diffie-Hellman Domain Parameters Object Attributes
584  */
585 #define	KEY_DOM_DH(k) \
586 	&((k)->key_type_u.dh_dom_key)
587 #define	OBJ_DOM_DH_PRIME(o) \
588 	&((o)->object_class_u.domain->key_type_u.dh_dom_key.prime)
589 #define	KEY_DOM_DH_PRIME(k) \
590 	&((k)->key_type_u.dh_dom_key.prime)
591 #define	OBJ_DOM_DH_BASE(o) \
592 	&((o)->object_class_u.domain->key_type_u.dh_dom_key.base)
593 #define	KEY_DOM_DH_BASE(k) \
594 	&((k)->key_type_u.dh_dom_key.base)
595 #define	OBJ_DOM_DH_PRIME_BITS(o) \
596 	((o)->object_class_u.domain->key_type_u.dh_dom_key.prime_bits)
597 
598 /*
599  * X9.42 Diffie-Hellman Domain Parameters Object Attributes
600  */
601 #define	KEY_DOM_DH942(k) \
602 	&((k)->key_type_u.dh942_dom_key)
603 #define	OBJ_DOM_DH942_PRIME(o) \
604 	&((o)->object_class_u.domain->key_type_u.dh942_dom_key.prime)
605 #define	KEY_DOM_DH942_PRIME(k) \
606 	&((k)->key_type_u.dh942_dom_key.prime)
607 #define	OBJ_DOM_DH942_BASE(o) \
608 	&((o)->object_class_u.domain->key_type_u.dh942_dom_key.base)
609 #define	KEY_DOM_DH942_BASE(k) \
610 	&((k)->key_type_u.dh942_dom_key.base)
611 #define	OBJ_DOM_DH942_SUBPRIME(o) \
612 	&((o)->object_class_u.domain->key_type_u.dh942_dom_key.subprime)
613 #define	KEY_DOM_DH942_SUBPRIME(k) \
614 	&((k)->key_type_u.dh942_dom_key.subprime)
615 #define	OBJ_DOM_DH942_PRIME_BITS(o) \
616 	((o)->object_class_u.domain->key_type_u.dh942_dom_key.prime_bits)
617 #define	OBJ_DOM_DH942_SUBPRIME_BITS(o) \
618 	((o)->object_class_u.domain->key_type_u.dh942_dom_key.subprime_bits)
619 
620 /*
621  * Secret Key Object Attributes
622  */
623 #define	OBJ_SEC(o) \
624 	((o)->object_class_u.secret_key)
625 #define	OBJ_SEC_VALUE(o) \
626 	((o)->object_class_u.secret_key->sk_value)
627 #define	OBJ_SEC_VALUE_LEN(o) \
628 	((o)->object_class_u.secret_key->sk_value_len)
629 #define	OBJ_KEY_SCHED(o) \
630 	((o)->object_class_u.secret_key->key_sched)
631 #define	OBJ_KEY_SCHED_LEN(o) \
632 	((o)->object_class_u.secret_key->keysched_len)
633 
634 #define	OBJ_CERT(o) \
635 	((o)->object_class_u.certificate)
636 /*
637  * X.509 Key Certificate object attributes
638  */
639 #define	X509_CERT(o) \
640 	((o)->object_class_u.certificate->cert_type_u.x509)
641 #define	X509_CERT_SUBJECT(o) \
642 	((o)->object_class_u.certificate->cert_type_u.x509.subject)
643 #define	X509_CERT_VALUE(o) \
644 	((o)->object_class_u.certificate->cert_type_u.x509.value)
645 
646 /*
647  * X.509 Attribute Certificate object attributes
648  */
649 #define	X509_ATTR_CERT(o) \
650 	((o)->object_class_u.certificate->cert_type_u.x509_attr)
651 #define	X509_ATTR_CERT_OWNER(o) \
652 	((o)->object_class_u.certificate->cert_type_u.x509_attr.owner)
653 #define	X509_ATTR_CERT_VALUE(o) \
654 	((o)->object_class_u.certificate->cert_type_u.x509_attr.value)
655 
656 /*
657  * key related attributes with CK_BBOOL data type
658  */
659 #define	DERIVE_BOOL_ON			0x00000001
660 #define	LOCAL_BOOL_ON			0x00000002
661 #define	SENSITIVE_BOOL_ON		0x00000004
662 #define	SECONDARY_AUTH_BOOL_ON		0x00000008
663 #define	ENCRYPT_BOOL_ON			0x00000010
664 #define	DECRYPT_BOOL_ON			0x00000020
665 #define	SIGN_BOOL_ON			0x00000040
666 #define	SIGN_RECOVER_BOOL_ON		0x00000080
667 #define	VERIFY_BOOL_ON			0x00000100
668 #define	VERIFY_RECOVER_BOOL_ON		0x00000200
669 #define	WRAP_BOOL_ON			0x00000400
670 #define	UNWRAP_BOOL_ON			0x00000800
671 #define	TRUSTED_BOOL_ON			0x00001000
672 #define	EXTRACTABLE_BOOL_ON		0x00002000
673 #define	ALWAYS_SENSITIVE_BOOL_ON	0x00004000
674 #define	NEVER_EXTRACTABLE_BOOL_ON	0x00008000
675 #define	NOT_MODIFIABLE_BOOL_ON		0x00010000
676 
677 #define	PUBLIC_KEY_DEFAULT	(ENCRYPT_BOOL_ON|\
678 				WRAP_BOOL_ON|\
679 				VERIFY_BOOL_ON|\
680 				VERIFY_RECOVER_BOOL_ON)
681 
682 #define	PRIVATE_KEY_DEFAULT	(DECRYPT_BOOL_ON|\
683 				UNWRAP_BOOL_ON|\
684 				SIGN_BOOL_ON|\
685 				SIGN_RECOVER_BOOL_ON|\
686 				EXTRACTABLE_BOOL_ON)
687 
688 #define	SECRET_KEY_DEFAULT	(ENCRYPT_BOOL_ON|\
689 				DECRYPT_BOOL_ON|\
690 				WRAP_BOOL_ON|\
691 				UNWRAP_BOOL_ON|\
692 				SIGN_BOOL_ON|\
693 				VERIFY_BOOL_ON|\
694 				EXTRACTABLE_BOOL_ON)
695 
696 /*
697  * MAX_KEY_ATTR_BUFLEN
698  * The maximum buffer size needed for public or private key attributes
699  * should be 514 bytes.  Just to be safe we give a little more space.
700  */
701 #define	MAX_KEY_ATTR_BUFLEN 1024
702 
703 /*
704  * Flag definitions for obj_delete_sync
705  */
706 #define	OBJECT_IS_DELETING	1	/* Object is in a deleting state */
707 #define	OBJECT_REFCNT_WAITING	2	/* Waiting for object reference */
708 					/* count to become zero */
709 
710 /*
711  * This macro is used to type cast an object handle to a pointer to
712  * the object struct. Also, it checks to see if the object struct
713  * is tagged with an object magic number. This is to detect when an
714  * application passes a bogus object pointer.
715  * Also, it checks to see if the object is in the deleting state that
716  * another thread is performing. If not, increment the object reference
717  * count by one. This is to prevent this object from being deleted by
718  * other thread.
719  */
720 #define	HANDLE2OBJECT_COMMON(hObject, object_p, rv, REFCNT_CODE) { \
721 	object_p = (soft_object_t *)(hObject); \
722 	if ((object_p == NULL) || \
723 		(object_p->magic_marker != SOFTTOKEN_OBJECT_MAGIC)) {\
724 			rv = CKR_OBJECT_HANDLE_INVALID; \
725 	} else { \
726 		(void) pthread_mutex_lock(&object_p->object_mutex); \
727 		if (!(object_p->obj_delete_sync & OBJECT_IS_DELETING)) { \
728 			REFCNT_CODE; \
729 			rv = CKR_OK; \
730 		} else { \
731 			rv = CKR_OBJECT_HANDLE_INVALID; \
732 		} \
733 		(void) pthread_mutex_unlock(&object_p->object_mutex); \
734 	} \
735 }
736 
737 #define	HANDLE2OBJECT(hObject, object_p, rv) \
738 	HANDLE2OBJECT_COMMON(hObject, object_p, rv, object_p->obj_refcnt++)
739 
740 #define	HANDLE2OBJECT_DESTROY(hObject, object_p, rv) \
741 	HANDLE2OBJECT_COMMON(hObject, object_p, rv, /* no refcnt increment */)
742 
743 
744 #define	OBJ_REFRELE(object_p) { \
745 	(void) pthread_mutex_lock(&object_p->object_mutex); \
746 	if ((--object_p->obj_refcnt) == 0 && \
747 	    (object_p->obj_delete_sync & OBJECT_REFCNT_WAITING)) { \
748 		(void) pthread_cond_signal(&object_p->obj_free_cond); \
749 	} \
750 	(void) pthread_mutex_unlock(&object_p->object_mutex); \
751 }
752 
753 /*
754  * Function Prototypes.
755  */
756 void soft_cleanup_object(soft_object_t *objp);
757 
758 CK_RV soft_add_object(CK_ATTRIBUTE_PTR pTemplate,  CK_ULONG ulCount,
759 	CK_ULONG *objecthandle_p, soft_session_t *sp);
760 
761 void soft_delete_object(soft_session_t *sp, soft_object_t *objp,
762 	boolean_t lock_held);
763 
764 void soft_cleanup_extra_attr(soft_object_t *object_p);
765 
766 CK_RV soft_copy_extra_attr(CK_ATTRIBUTE_INFO_PTR old_attrp,
767 	soft_object_t *object_p);
768 
769 void soft_cleanup_object_bigint_attrs(soft_object_t *object_p);
770 
771 CK_RV soft_build_object(CK_ATTRIBUTE_PTR template,
772 	CK_ULONG ulAttrNum, soft_object_t *new_object);
773 
774 CK_RV soft_build_secret_key_object(CK_ATTRIBUTE_PTR template,
775 	CK_ULONG ulAttrNum, soft_object_t *new_object, CK_ULONG mode,
776 	CK_ULONG key_len, CK_KEY_TYPE key_type);
777 
778 CK_RV soft_copy_object(soft_object_t *old_object, soft_object_t **new_object,
779 	CK_ULONG object_func, soft_session_t *sp);
780 
781 void soft_merge_object(soft_object_t *old_object, soft_object_t *new_object);
782 
783 CK_RV soft_get_attribute(soft_object_t *object_p, CK_ATTRIBUTE_PTR template);
784 
785 CK_RV soft_set_attribute(soft_object_t *object_p, CK_ATTRIBUTE_PTR template,
786 	boolean_t copy);
787 
788 CK_RV soft_set_common_storage_attribute(soft_object_t *object_p,
789 	CK_ATTRIBUTE_PTR template, boolean_t copy);
790 
791 CK_RV soft_get_public_attr(soft_object_t *, CK_ATTRIBUTE_TYPE, uchar_t *,
792 	uint32_t *);
793 
794 CK_RV soft_get_private_attr(soft_object_t *, CK_ATTRIBUTE_TYPE, uchar_t *,
795 	uint32_t *);
796 
797 CK_RV get_ulong_attr_from_object(CK_ULONG value, CK_ATTRIBUTE_PTR template);
798 
799 void copy_bigint_attr(biginteger_t *src, biginteger_t *dst);
800 
801 void soft_add_object_to_session(soft_object_t *, soft_session_t *);
802 
803 CK_RV soft_build_key(CK_ATTRIBUTE_PTR, CK_ULONG, soft_object_t *,
804 	CK_OBJECT_CLASS, CK_KEY_TYPE, CK_ULONG, CK_ULONG);
805 
806 CK_RV soft_copy_public_key_attr(public_key_obj_t *old_pub_key_obj_p,
807 	public_key_obj_t **new_pub_key_obj_p, CK_KEY_TYPE key_type);
808 
809 CK_RV soft_copy_private_key_attr(private_key_obj_t *old_pri_key_obj_p,
810 	private_key_obj_t **new_pri_key_obj_p, CK_KEY_TYPE key_type);
811 
812 CK_RV soft_copy_secret_key_attr(secret_key_obj_t *old_secret_key_obj_p,
813 	secret_key_obj_t **new_secret_key_obj_p);
814 
815 CK_RV soft_copy_domain_attr(domain_obj_t *old_domain_obj_p,
816 	domain_obj_t **new_domain_obj_p, CK_KEY_TYPE key_type);
817 
818 CK_RV soft_validate_attr(CK_ATTRIBUTE_PTR template, CK_ULONG ulAttrNum,
819 	CK_OBJECT_CLASS *class);
820 
821 CK_RV soft_find_objects_init(soft_session_t *sp, CK_ATTRIBUTE_PTR pTemplate,
822 	CK_ULONG ulCount);
823 
824 void soft_find_objects_final(soft_session_t *sp);
825 
826 void soft_find_objects(soft_session_t *sp, CK_OBJECT_HANDLE *obj_found,
827 	CK_ULONG max_obj_requested, CK_ULONG *found_obj_count);
828 
829 void soft_process_find_attr(CK_OBJECT_CLASS *pclasses,
830 	CK_ULONG *num_result_pclasses, CK_ATTRIBUTE_PTR pTemplate,
831 	CK_ULONG ulCount);
832 
833 boolean_t soft_find_match_attrs(soft_object_t *obj, CK_OBJECT_CLASS *pclasses,
834 	CK_ULONG num_pclasses, CK_ATTRIBUTE *tmpl_attr, CK_ULONG num_attr);
835 
836 CK_ATTRIBUTE_PTR get_extra_attr(CK_ATTRIBUTE_TYPE type, soft_object_t *obj);
837 
838 CK_RV get_string_from_template(CK_ATTRIBUTE_PTR dest, CK_ATTRIBUTE_PTR src);
839 
840 void string_attr_cleanup(CK_ATTRIBUTE_PTR template);
841 
842 void soft_cleanup_cert_object(soft_object_t *object_p);
843 
844 CK_RV soft_get_certificate_attribute(soft_object_t *object_p,
845 	CK_ATTRIBUTE_PTR template);
846 
847 CK_RV soft_set_certificate_attribute(soft_object_t *object_p,
848 	CK_ATTRIBUTE_PTR template, boolean_t copy);
849 
850 CK_RV soft_copy_certificate(certificate_obj_t *old, certificate_obj_t **new,
851 	CK_CERTIFICATE_TYPE type);
852 
853 CK_RV get_cert_attr_from_template(cert_attr_t **dest,
854 	CK_ATTRIBUTE_PTR src);
855 
856 /* Token object related function prototypes */
857 
858 void soft_add_token_object_to_slot(soft_object_t *objp);
859 
860 void soft_remove_token_object_from_slot(soft_object_t *objp,
861 	boolean_t lock_held);
862 
863 void soft_delete_token_object(soft_object_t *objp, boolean_t persistent,
864 	boolean_t lock_held);
865 
866 void soft_delete_all_in_core_token_objects(token_obj_type_t type);
867 
868 void soft_validate_token_objects(boolean_t validate);
869 
870 CK_RV soft_object_write_access_check(soft_session_t *sp, soft_object_t *objp);
871 
872 CK_RV soft_pin_expired_check(soft_object_t *objp);
873 
874 CK_RV soft_copy_to_old_object(soft_object_t *new, soft_object_t *old);
875 
876 CK_RV soft_keystore_load_latest_object(soft_object_t *old_obj);
877 
878 CK_RV refresh_token_objects();
879 
880 void bigint_attr_cleanup(biginteger_t *big);
881 
882 CK_RV soft_add_extra_attr(CK_ATTRIBUTE_PTR template, soft_object_t *object_p);
883 
884 CK_RV get_bigint_attr_from_template(biginteger_t *big,
885 	CK_ATTRIBUTE_PTR template);
886 
887 #ifdef	__cplusplus
888 }
889 #endif
890 
891 #endif /* _SOFTOBJECT_H */
892