xref: /titanic_52/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelObject.h (revision ba4e3c84e6b9390bbf7df80b5f1d11dec34cc525)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #ifndef	_KERNELOBJECT_H
28 #define	_KERNELOBJECT_H
29 
30 #pragma ident	"%Z%%M%	%I%	%E% SMI"
31 
32 #ifdef __cplusplus
33 extern "C" {
34 #endif
35 
36 #include <security/pkcs11t.h>
37 #include "kernelSession.h"
38 #include "kernelSlot.h"
39 
40 #define	KERNELTOKEN_OBJECT_MAGIC	0xECF0B003
41 
42 #define	RSA_PRI_ATTR_COUNT		7
43 #define	RSA_PUB_ATTR_COUNT		3
44 #define	DSA_ATTR_COUNT			4
45 
46 /*
47  * Secret key Struct
48  */
49 typedef struct secret_key_obj {
50 	CK_BYTE *sk_value;
51 	CK_ULONG sk_value_len;
52 } secret_key_obj_t;
53 
54 
55 /*
56  * This structure is used to hold the attributes in the
57  * Extra Attribute List.
58  */
59 typedef struct attribute_info {
60 	CK_ATTRIBUTE	attr;
61 	struct attribute_info *next;
62 } attribute_info_t;
63 
64 typedef attribute_info_t *CK_ATTRIBUTE_INFO_PTR;
65 
66 
67 /*
68  * biginteger Struct
69  */
70 typedef struct biginteger {
71 	CK_BYTE *big_value;
72 	CK_ULONG big_value_len;
73 } biginteger_t;
74 
75 
76 /*
77  * PKCS11: RSA Public Key Object Attributes
78  */
79 typedef struct rsa_pub_key {
80 	biginteger_t modulus;
81 	CK_ULONG modulus_bits;
82 	biginteger_t pub_exponent;
83 } rsa_pub_key_t;
84 
85 
86 /*
87  * PKCS11: DSA Public Key Object Attributes
88  */
89 typedef struct dsa_pub_key {
90 	biginteger_t prime;
91 	biginteger_t subprime;
92 	biginteger_t base;
93 	biginteger_t value;
94 } dsa_pub_key_t;
95 
96 
97 /*
98  * Public Key Main Struct
99  */
100 typedef struct public_key_obj {
101 	union {
102 		rsa_pub_key_t rsa_pub_key; /* RSA public key */
103 		dsa_pub_key_t dsa_pub_key; /* DSA public key */
104 	} key_type_u;
105 } public_key_obj_t;
106 
107 
108 /*
109  * PKCS11: RSA Private Key Object Attributes
110  */
111 typedef struct rsa_pri_key {
112 	biginteger_t modulus;
113 	biginteger_t pub_exponent;
114 	biginteger_t pri_exponent;
115 	biginteger_t prime_1;
116 	biginteger_t prime_2;
117 	biginteger_t exponent_1;
118 	biginteger_t exponent_2;
119 	biginteger_t coefficient;
120 } rsa_pri_key_t;
121 
122 
123 /*
124  * PKCS11: DSA Private Key Object Attributes
125  */
126 typedef struct dsa_pri_key {
127 	biginteger_t prime;
128 	biginteger_t subprime;
129 	biginteger_t base;
130 	biginteger_t value;
131 } dsa_pri_key_t;
132 
133 
134 /*
135  * Private Key Main Struct
136  */
137 typedef struct private_key_obj {
138 	union {
139 		rsa_pri_key_t rsa_pri_key; /* RSA private key */
140 		dsa_pri_key_t dsa_pri_key; /* DSA private key */
141 	} key_type_u;
142 } private_key_obj_t;
143 
144 
145 /*
146  * This is the main structure of the Objects.
147  */
148 typedef struct object {
149 	boolean_t	is_lib_obj; /* default is TRUE */
150 	crypto_object_id_t	k_handle;
151 
152 	/* Generic common fields. Always present */
153 	CK_OBJECT_CLASS class;
154 	CK_KEY_TYPE key_type;
155 	CK_ULONG magic_marker;
156 	uint64_t bool_attr_mask;
157 	CK_MECHANISM_TYPE mechanism;
158 
159 	/* Fields for access and arbitration */
160 	pthread_mutex_t object_mutex;
161 	struct object *next;
162 	struct object *prev;
163 
164 	/* Extra non-boolean attribute list */
165 	CK_ATTRIBUTE_INFO_PTR extra_attrlistp;
166 	CK_ULONG extra_attrcount;
167 
168 	/* For each object, only one object class is presented */
169 	union {
170 		secret_key_obj_t  *secret_key;
171 		public_key_obj_t  *public_key;
172 		private_key_obj_t *private_key;
173 	} object_class_u;
174 
175 	/* Session handle that the object belongs to */
176 	CK_SESSION_HANDLE	session_handle;
177 	uint32_t	obj_refcnt;	/* object reference count */
178 	pthread_cond_t	obj_free_cond;	/* cond variable for signal and wait */
179 	uint32_t	obj_delete_sync;	/* object delete sync flags */
180 
181 } kernel_object_t;
182 
183 
184 typedef struct find_context {
185 	kernel_object_t **objs_found;
186 	CK_ULONG num_results;
187 	CK_ULONG next_result_index; /* next result object to return */
188 } find_context_t;
189 
190 /*
191  * The following structure is used to link the to-be-freed session
192  * objects into a linked list. The objects on this linked list have
193  * not yet been freed via free() after C_DestroyObject() call; instead
194  * they are added to this list. The actual free will take place when
195  * the number of objects queued reaches MAX_OBJ_TO_BE_FREED, at which
196  * time the first object in the list will be freed.
197  */
198 #define	MAX_OBJ_TO_BE_FREED		300
199 
200 typedef struct obj_to_be_freed_list {
201 	kernel_object_t	*first;	/* points to first obj in the list */
202 	kernel_object_t	*last;	/* points to last obj in the list */
203 	uint32_t	count;	/* current total objs in the list */
204 	pthread_mutex_t obj_to_be_free_mutex;
205 } object_to_be_freed_list_t;
206 
207 extern object_to_be_freed_list_t obj_delay_freed;
208 
209 
210 /*
211  * The following definitions are the shortcuts
212  */
213 
214 /*
215  * Secret Key Object Attributes
216  */
217 #define	OBJ_SEC(o) \
218 	(o->object_class_u.secret_key)
219 #define	OBJ_SEC_VALUE(o) \
220 	(o->object_class_u.secret_key->sk_value)
221 #define	OBJ_SEC_VALUE_LEN(o) \
222 	(o->object_class_u.secret_key->sk_value_len)
223 
224 /*
225  * RSA Public Key Object Attributes
226  */
227 #define	OBJ_PUB(o) \
228 	((o)->object_class_u.public_key)
229 #define	KEY_PUB_RSA(k) \
230 	&((k)->key_type_u.rsa_pub_key)
231 #define	OBJ_PUB_RSA_MOD(o) \
232 	&((o)->object_class_u.public_key->key_type_u.rsa_pub_key.modulus)
233 #define	KEY_PUB_RSA_MOD(k) \
234 	&((k)->key_type_u.rsa_pub_key.modulus)
235 #define	OBJ_PUB_RSA_PUBEXPO(o) \
236 	&((o)->object_class_u.public_key->key_type_u.rsa_pub_key.pub_exponent)
237 #define	KEY_PUB_RSA_PUBEXPO(k) \
238 	&((k)->key_type_u.rsa_pub_key.pub_exponent)
239 #define	OBJ_PUB_RSA_MOD_BITS(o) \
240 	((o)->object_class_u.public_key->key_type_u.rsa_pub_key.modulus_bits)
241 #define	KEY_PUB_RSA_MOD_BITS(k) \
242 	((k)->key_type_u.rsa_pub_key.modulus_bits)
243 
244 
245 /*
246  * DSA Public Key Object Attributes
247  */
248 #define	KEY_PUB_DSA(k) \
249 	&((k)->key_type_u.dsa_pub_key)
250 #define	OBJ_PUB_DSA_PRIME(o) \
251 	&((o)->object_class_u.public_key->key_type_u.dsa_pub_key.prime)
252 #define	KEY_PUB_DSA_PRIME(k) \
253 	&((k)->key_type_u.dsa_pub_key.prime)
254 #define	OBJ_PUB_DSA_SUBPRIME(o) \
255 	&((o)->object_class_u.public_key->key_type_u.dsa_pub_key.subprime)
256 #define	KEY_PUB_DSA_SUBPRIME(k) \
257 	&((k)->key_type_u.dsa_pub_key.subprime)
258 #define	OBJ_PUB_DSA_BASE(o) \
259 	&((o)->object_class_u.public_key->key_type_u.dsa_pub_key.base)
260 #define	KEY_PUB_DSA_BASE(k) \
261 	&((k)->key_type_u.dsa_pub_key.base)
262 #define	OBJ_PUB_DSA_VALUE(o) \
263 	&((o)->object_class_u.public_key->key_type_u.dsa_pub_key.value)
264 #define	KEY_PUB_DSA_VALUE(k) \
265 	&((k)->key_type_u.dsa_pub_key.value)
266 
267 
268 /*
269  * RSA Private Key Object Attributes
270  */
271 #define	OBJ_PRI(o) \
272 	((o)->object_class_u.private_key)
273 #define	KEY_PRI_RSA(k) \
274 	&((k)->key_type_u.rsa_pri_key)
275 #define	OBJ_PRI_RSA_MOD(o) \
276 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.modulus)
277 #define	KEY_PRI_RSA_MOD(k) \
278 	&((k)->key_type_u.rsa_pri_key.modulus)
279 #define	OBJ_PRI_RSA_PUBEXPO(o) \
280 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.pub_exponent)
281 #define	KEY_PRI_RSA_PUBEXPO(k) \
282 	&((k)->key_type_u.rsa_pri_key.pub_exponent)
283 #define	OBJ_PRI_RSA_PRIEXPO(o) \
284 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.pri_exponent)
285 #define	KEY_PRI_RSA_PRIEXPO(k) \
286 	&((k)->key_type_u.rsa_pri_key.pri_exponent)
287 #define	OBJ_PRI_RSA_PRIME1(o) \
288 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.prime_1)
289 #define	KEY_PRI_RSA_PRIME1(k) \
290 	&((k)->key_type_u.rsa_pri_key.prime_1)
291 #define	OBJ_PRI_RSA_PRIME2(o) \
292 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.prime_2)
293 #define	KEY_PRI_RSA_PRIME2(k) \
294 	&((k)->key_type_u.rsa_pri_key.prime_2)
295 #define	OBJ_PRI_RSA_EXPO1(o) \
296 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.exponent_1)
297 #define	KEY_PRI_RSA_EXPO1(k) \
298 	&((k)->key_type_u.rsa_pri_key.exponent_1)
299 #define	OBJ_PRI_RSA_EXPO2(o) \
300 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.exponent_2)
301 #define	KEY_PRI_RSA_EXPO2(k) \
302 	&((k)->key_type_u.rsa_pri_key.exponent_2)
303 #define	OBJ_PRI_RSA_COEF(o) \
304 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.coefficient)
305 #define	KEY_PRI_RSA_COEF(k) \
306 	&((k)->key_type_u.rsa_pri_key.coefficient)
307 
308 /*
309  * DSA Private Key Object Attributes
310  */
311 #define	KEY_PRI_DSA(k) \
312 	&((k)->key_type_u.dsa_pri_key)
313 #define	OBJ_PRI_DSA_PRIME(o) \
314 	&((o)->object_class_u.private_key->key_type_u.dsa_pri_key.prime)
315 #define	KEY_PRI_DSA_PRIME(k) \
316 	&((k)->key_type_u.dsa_pri_key.prime)
317 #define	OBJ_PRI_DSA_SUBPRIME(o) \
318 	&((o)->object_class_u.private_key->key_type_u.dsa_pri_key.subprime)
319 #define	KEY_PRI_DSA_SUBPRIME(k) \
320 	&((k)->key_type_u.dsa_pri_key.subprime)
321 #define	OBJ_PRI_DSA_BASE(o) \
322 	&((o)->object_class_u.private_key->key_type_u.dsa_pri_key.base)
323 #define	KEY_PRI_DSA_BASE(k) \
324 	&((k)->key_type_u.dsa_pri_key.base)
325 #define	OBJ_PRI_DSA_VALUE(o) \
326 	&((o)->object_class_u.private_key->key_type_u.dsa_pri_key.value)
327 #define	KEY_PRI_DSA_VALUE(k) \
328 	&((k)->key_type_u.dsa_pri_key.value)
329 
330 /*
331  * key related attributes with CK_BBOOL data type
332  */
333 #define	DERIVE_BOOL_ON			0x00000001
334 #define	LOCAL_BOOL_ON			0x00000002
335 #define	SENSITIVE_BOOL_ON		0x00000004
336 #define	SECONDARY_AUTH_BOOL_ON		0x00000008
337 #define	ENCRYPT_BOOL_ON			0x00000010
338 #define	DECRYPT_BOOL_ON			0x00000020
339 #define	SIGN_BOOL_ON			0x00000040
340 #define	SIGN_RECOVER_BOOL_ON		0x00000080
341 #define	VERIFY_BOOL_ON			0x00000100
342 #define	VERIFY_RECOVER_BOOL_ON		0x00000200
343 #define	WRAP_BOOL_ON			0x00000400
344 #define	UNWRAP_BOOL_ON			0x00000800
345 #define	TRUSTED_BOOL_ON			0x00001000
346 #define	EXTRACTABLE_BOOL_ON		0x00002000
347 #define	ALWAYS_SENSITIVE_BOOL_ON	0x00004000
348 #define	NEVER_EXTRACTABLE_BOOL_ON	0x00008000
349 #define	PRIVATE_BOOL_ON			0x00010000
350 #define	TOKEN_BOOL_ON			0x00020000
351 #define	MODIFIABLE_BOOL_ON		0x00040000
352 
353 #define	SECRET_KEY_DEFAULT	(ENCRYPT_BOOL_ON|\
354 				DECRYPT_BOOL_ON|\
355 				SIGN_BOOL_ON|\
356 				VERIFY_BOOL_ON|\
357 				EXTRACTABLE_BOOL_ON|\
358 				MODIFIABLE_BOOL_ON)
359 
360 #define	PUBLIC_KEY_DEFAULT	(ENCRYPT_BOOL_ON|\
361 				VERIFY_BOOL_ON|\
362 				VERIFY_RECOVER_BOOL_ON|\
363 				MODIFIABLE_BOOL_ON)
364 
365 #define	PRIVATE_KEY_DEFAULT	(DECRYPT_BOOL_ON|\
366 				SIGN_BOOL_ON|\
367 				SIGN_RECOVER_BOOL_ON|\
368 				EXTRACTABLE_BOOL_ON|\
369 				MODIFIABLE_BOOL_ON)
370 
371 /*
372  * Flag definitions for obj_delete_sync
373  */
374 #define	OBJECT_IS_DELETING	1	/* Object is in a deleting state */
375 #define	OBJECT_REFCNT_WAITING	2	/* Waiting for object reference */
376 					/* count to become zero */
377 
378 /*
379  * This macro is used to type cast an object handle to a pointer to
380  * the object struct. Also, it checks to see if the object struct
381  * is tagged with an object magic number. This is to detect when an
382  * application passes a bogus object pointer.
383  * Also, it checks to see if the object is in the deleting state that
384  * another thread is performing. If not, increment the object reference
385  * count by one. This is to prevent this object from being deleted by
386  * other thread.
387  */
388 #define	HANDLE2OBJECT_COMMON(hObject, object_p, rv, REFCNT_CODE) { \
389 	object_p = (kernel_object_t *)(hObject); \
390 	if ((object_p == NULL) || \
391 		(object_p->magic_marker != KERNELTOKEN_OBJECT_MAGIC)) {\
392 			rv = CKR_OBJECT_HANDLE_INVALID; \
393 	} else { \
394 		(void) pthread_mutex_lock(&object_p->object_mutex); \
395 		if (!(object_p->obj_delete_sync & OBJECT_IS_DELETING)) { \
396 			REFCNT_CODE; \
397 			rv = CKR_OK; \
398 		} else { \
399 			rv = CKR_OBJECT_HANDLE_INVALID; \
400 		} \
401 		(void) pthread_mutex_unlock(&object_p->object_mutex); \
402 	} \
403 }
404 
405 #define	HANDLE2OBJECT(hObject, object_p, rv) \
406 	HANDLE2OBJECT_COMMON(hObject, object_p, rv, object_p->obj_refcnt++)
407 
408 #define	HANDLE2OBJECT_DESTROY(hObject, object_p, rv) \
409 	HANDLE2OBJECT_COMMON(hObject, object_p, rv, /* no refcnt increment */)
410 
411 
412 #define	OBJ_REFRELE(object_p) { \
413 	(void) pthread_mutex_lock(&object_p->object_mutex); \
414 	if ((--object_p->obj_refcnt) == 0 && \
415 	    (object_p->obj_delete_sync & OBJECT_REFCNT_WAITING)) { \
416 		(void) pthread_cond_signal(&object_p->obj_free_cond); \
417 	} \
418 	(void) pthread_mutex_unlock(&object_p->object_mutex); \
419 }
420 
421 
422 /*
423  * Function Prototypes.
424  */
425 void kernel_cleanup_object(kernel_object_t *objp);
426 
427 CK_RV kernel_add_object(CK_ATTRIBUTE_PTR pTemplate,  CK_ULONG ulCount,
428     CK_ULONG *objecthandle_p, kernel_session_t *sp);
429 
430 CK_RV kernel_delete_session_object(kernel_session_t *sp, kernel_object_t *objp,
431     boolean_t lock_held, boolean_t wrapper_only);
432 
433 void kernel_cleanup_extra_attr(kernel_object_t *object_p);
434 
435 CK_RV kernel_copy_extra_attr(CK_ATTRIBUTE_INFO_PTR old_attrp,
436     kernel_object_t *object_p);
437 
438 void kernel_cleanup_object_bigint_attrs(kernel_object_t *object_p);
439 
440 CK_RV kernel_build_object(CK_ATTRIBUTE_PTR template,
441     CK_ULONG ulAttrNum, kernel_object_t *new_object, kernel_session_t *sp);
442 
443 CK_RV kernel_copy_object(kernel_object_t *old_object,
444     kernel_object_t **new_object, boolean_t copy_everything,
445     kernel_session_t *sp);
446 
447 void kernel_merge_object(kernel_object_t *old_object,
448     kernel_object_t *new_object);
449 
450 CK_RV kernel_get_attribute(kernel_object_t *object_p,
451     CK_ATTRIBUTE_PTR template);
452 
453 CK_RV kernel_set_attribute(kernel_object_t *object_p,
454     CK_ATTRIBUTE_PTR template, boolean_t copy, kernel_session_t *sp);
455 
456 void copy_bigint_attr(biginteger_t *src, biginteger_t *dst);
457 
458 void kernel_add_object_to_session(kernel_object_t *objp, kernel_session_t *sp);
459 
460 CK_RV kernel_copy_public_key_attr(public_key_obj_t *old_pub_key_obj_p,
461     public_key_obj_t **new_pub_key_obj_p, CK_KEY_TYPE key_type);
462 
463 CK_RV kernel_copy_private_key_attr(private_key_obj_t *old_pri_key_obj_p,
464     private_key_obj_t **new_pri_key_obj_p, CK_KEY_TYPE key_type);
465 
466 CK_RV kernel_copy_secret_key_attr(secret_key_obj_t *old_secret_key_obj_p,
467     secret_key_obj_t **new_secret_key_obj_p);
468 
469 CK_RV kernel_validate_attr(CK_ATTRIBUTE_PTR template, CK_ULONG ulAttrNum,
470     CK_OBJECT_CLASS *class);
471 
472 CK_RV kernel_find_objects_init(kernel_session_t *sp,
473     CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount);
474 
475 void kernel_find_objects_final(kernel_session_t *sp);
476 
477 void kernel_find_objects(kernel_session_t *sp,
478     CK_OBJECT_HANDLE *obj_found, CK_ULONG max_obj_requested,
479     CK_ULONG *found_obj_count);
480 
481 void kernel_process_find_attr(CK_OBJECT_CLASS *pclasses,
482     CK_ULONG *num_result_pclasses, CK_ATTRIBUTE_PTR pTemplate,
483     CK_ULONG ulCount);
484 
485 boolean_t kernel_find_match_attrs(kernel_object_t *obj,
486     CK_OBJECT_CLASS *pclasses, CK_ULONG num_pclasses,
487     CK_ATTRIBUTE *tmpl_attr, CK_ULONG num_attr);
488 
489 CK_ATTRIBUTE_PTR get_extra_attr(CK_ATTRIBUTE_TYPE type, kernel_object_t *obj);
490 
491 CK_RV get_string_from_template(CK_ATTRIBUTE_PTR dest, CK_ATTRIBUTE_PTR src);
492 
493 void string_attr_cleanup(CK_ATTRIBUTE_PTR template);
494 
495 void kernel_add_token_object_to_slot(kernel_object_t *objp,
496     kernel_slot_t *pslot);
497 
498 void kernel_remove_token_object_from_slot(kernel_slot_t *pslot,
499     kernel_object_t *objp);
500 
501 CK_RV kernel_delete_token_object(kernel_slot_t *pslot, kernel_session_t *sp,
502     kernel_object_t *obj, boolean_t lock_held, boolean_t wrapper_only);
503 
504 void kernel_cleanup_pri_objects_in_slot(kernel_slot_t *pslot,
505     kernel_session_t *sp);
506 
507 CK_RV kernel_get_object_size(kernel_object_t *objp, CK_ULONG_PTR pulSize);
508 
509 void kernel_object_delay_free(kernel_object_t *objp);
510 
511 #ifdef	__cplusplus
512 }
513 #endif
514 
515 #endif /* _KERNELOBJECT_H */
516