xref: /titanic_52/usr/src/lib/pkcs11/pkcs11_softtoken/common/softObject.h (revision 8c754b1b0941ce71249cc956888b3470525b995f)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #ifndef	_SOFTOBJECT_H
27 #define	_SOFTOBJECT_H
28 
29 #pragma ident	"%Z%%M%	%I%	%E% SMI"
30 
31 #ifdef __cplusplus
32 extern "C" {
33 #endif
34 
35 #include <pthread.h>
36 #include <security/pkcs11t.h>
37 #include "softKeystoreUtil.h"
38 #include "softSession.h"
39 
40 
41 #define	SOFTTOKEN_OBJECT_MAGIC	0xECF0B002
42 
43 #define	SOFT_CREATE_OBJ		1
44 #define	SOFT_GEN_KEY		2
45 #define	SOFT_DERIVE_KEY_DH	3	/* for CKM_DH_PKCS_DERIVE */
46 #define	SOFT_DERIVE_KEY_OTHER	4	/* for CKM_MD5_KEY_DERIVATION and */
47 					/* CKM_SHA1_KEY_DERIVATION */
48 #define	SOFT_UNWRAP_KEY		5
49 #define	SOFT_CREATE_OBJ_INT	6	/* internal object creation */
50 
51 typedef struct biginteger {
52 	CK_BYTE *big_value;
53 	CK_ULONG big_value_len;
54 } biginteger_t;
55 
56 
57 /*
58  * Secret key Struct
59  */
60 typedef struct secret_key_obj {
61 	CK_BYTE *sk_value;
62 	CK_ULONG sk_value_len;
63 	void *key_sched;
64 	size_t keysched_len;
65 } secret_key_obj_t;
66 
67 
68 /*
69  * PKCS11: RSA Public Key Object Attributes
70  */
71 typedef struct rsa_pub_key {
72 	biginteger_t modulus;
73 	CK_ULONG modulus_bits;
74 	biginteger_t pub_exponent;
75 } rsa_pub_key_t;
76 
77 
78 /*
79  * PKCS11: DSA Public Key Object Attributes
80  */
81 typedef struct dsa_pub_key {
82 	biginteger_t prime;
83 	biginteger_t subprime;
84 	biginteger_t base;
85 	biginteger_t value;
86 } dsa_pub_key_t;
87 
88 
89 /*
90  * PKCS11: Diffie-Hellman Public Key Object Attributes
91  */
92 typedef struct dh_pub_key {
93 	biginteger_t prime;
94 	biginteger_t base;
95 	biginteger_t value;
96 } dh_pub_key_t;
97 
98 
99 /*
100  * PKCS11: X9.42 Diffie-Hellman Public Key Object Attributes
101  */
102 typedef struct dh942_pub_key {
103 	biginteger_t prime;
104 	biginteger_t base;
105 	biginteger_t subprime;
106 	biginteger_t value;
107 } dh942_pub_key_t;
108 
109 
110 /*
111  * PKCS11: Elliptic Curve Public Key Object Attributes
112  */
113 typedef struct ec_pub_key {
114 	biginteger_t param;
115 	biginteger_t point;
116 } ec_pub_key_t;
117 
118 
119 /*
120  * Public Key Main Struct
121  */
122 typedef struct public_key_obj {
123 	union {
124 		rsa_pub_key_t rsa_pub_key; /* RSA public key */
125 		dsa_pub_key_t dsa_pub_key; /* DSA public key */
126 		dh_pub_key_t  dh_pub_key;  /* DH public key */
127 		dh942_pub_key_t dh942_pub_key;	/* DH9.42 public key */
128 		ec_pub_key_t ec_pub_key; /* Elliptic Curve public key */
129 	} key_type_u;
130 } public_key_obj_t;
131 
132 /*
133  * PKCS11: RSA Private Key Object Attributes
134  */
135 typedef struct rsa_pri_key {
136 	biginteger_t modulus;
137 	biginteger_t pub_exponent;
138 	biginteger_t pri_exponent;
139 	biginteger_t prime_1;
140 	biginteger_t prime_2;
141 	biginteger_t exponent_1;
142 	biginteger_t exponent_2;
143 	biginteger_t coefficient;
144 } rsa_pri_key_t;
145 
146 /*
147  * PKCS11: DSA Private Key Object Attributes
148  */
149 typedef struct dsa_pri_key {
150 	biginteger_t prime;
151 	biginteger_t subprime;
152 	biginteger_t base;
153 	biginteger_t value;
154 } dsa_pri_key_t;
155 
156 
157 /*
158  * PKCS11: Diffie-Hellman Private Key Object Attributes
159  */
160 typedef struct dh_pri_key {
161 	biginteger_t prime;
162 	biginteger_t base;
163 	biginteger_t value;
164 	CK_ULONG value_bits;
165 } dh_pri_key_t;
166 
167 /*
168  * PKCS11: X9.42 Diffie-Hellman Private Key Object Attributes
169  */
170 typedef struct dh942_pri_key {
171 	biginteger_t prime;
172 	biginteger_t base;
173 	biginteger_t subprime;
174 	biginteger_t value;
175 } dh942_pri_key_t;
176 
177 /*
178  * PKCS11: Elliptic Curve Private Key Object Attributes
179  */
180 typedef struct ec_pri_key {
181 	biginteger_t param;
182 	biginteger_t value;
183 } ec_pri_key_t;
184 
185 
186 /*
187  * Private Key Main Struct
188  */
189 typedef struct private_key_obj {
190 	union {
191 		rsa_pri_key_t rsa_pri_key; /* RSA private key */
192 		dsa_pri_key_t dsa_pri_key; /* DSA private key */
193 		dh_pri_key_t  dh_pri_key;  /* DH private key */
194 		dh942_pri_key_t dh942_pri_key;	/* DH9.42 private key */
195 		ec_pri_key_t ec_pri_key; /* Elliptic Curve private key */
196 	} key_type_u;
197 } private_key_obj_t;
198 
199 /*
200  * PKCS11: DSA Domain Parameters Object Attributes
201  */
202 typedef struct dsa_dom_key {
203 	biginteger_t prime;
204 	biginteger_t subprime;
205 	biginteger_t base;
206 	CK_ULONG prime_bits;
207 } dsa_dom_key_t;
208 
209 
210 /*
211  * PKCS11: Diffie-Hellman Domain Parameters Object Attributes
212  */
213 typedef struct dh_dom_key {
214 	biginteger_t prime;
215 	biginteger_t base;
216 	CK_ULONG prime_bits;
217 } dh_dom_key_t;
218 
219 
220 /*
221  * PKCS11: X9.42 Diffie-Hellman Domain Parameters Object Attributes
222  */
223 typedef struct dh942_dom_key {
224 	biginteger_t prime;
225 	biginteger_t base;
226 	biginteger_t subprime;
227 	CK_ULONG prime_bits;
228 	CK_ULONG subprime_bits;
229 } dh942_dom_key_t;
230 
231 /*
232  * Domain Parameters Main Struct
233  */
234 typedef struct domain_obj {
235 	union {
236 		dsa_dom_key_t dsa_dom_key; /* DSA domain parameters */
237 		dh_dom_key_t  dh_dom_key;  /* DH domain parameters */
238 		dh942_dom_key_t dh942_dom_key;  /* DH9.42 domain parameters */
239 	} key_type_u;
240 } domain_obj_t;
241 
242 typedef struct cert_attr_type {
243 	CK_BYTE *value;
244 	CK_ULONG length;
245 } cert_attr_t;
246 
247 /*
248  * X.509 Public Key Certificate Structure.
249  * This structure contains only the attributes that are
250  * NOT modifiable after creation.
251  * ID, ISSUER, and SUBJECT attributes are kept in the extra_attrlistp
252  * record.
253  */
254 typedef struct x509_cert {
255 	cert_attr_t *subject; /* DER encoding of certificate subject name */
256 	cert_attr_t *value;	/* BER encoding of the cert */
257 } x509_cert_t;
258 
259 /*
260  * X.509 Attribute Certificiate Structure
261  * This structure contains only the attributes that are
262  * NOT modifiable after creation.
263  * AC_ISSUER, SERIAL_NUMBER, and ATTR_TYPES are kept in the
264  * extra_attrlistp record so they may be modified.
265  */
266 typedef struct x509_attr_cert {
267 	cert_attr_t *owner;	 /* DER encoding of attr cert subject field */
268 	cert_attr_t *value;	/* BER encoding of cert */
269 } x509_attr_cert_t;
270 
271 /*
272  * Certificate Object Main Struct
273  */
274 typedef struct certificate_obj {
275 	CK_CERTIFICATE_TYPE certificate_type;
276 	union {
277 		x509_cert_t  	x509;
278 		x509_attr_cert_t x509_attr;
279 	} cert_type_u;
280 } certificate_obj_t;
281 
282 /*
283  * This structure is used to hold the attributes in the
284  * Extra Attribute List.
285  */
286 typedef struct attribute_info {
287 	CK_ATTRIBUTE	attr;
288 	struct attribute_info *next;
289 } attribute_info_t;
290 
291 
292 typedef attribute_info_t *CK_ATTRIBUTE_INFO_PTR;
293 
294 /*
295  * This is the main structure of the Objects.
296  */
297 typedef struct object {
298 	/* Generic common fields. Always present */
299 	uint_t			version;	/* for token objects only */
300 	CK_OBJECT_CLASS 	class;
301 	CK_KEY_TYPE		key_type;
302 	CK_CERTIFICATE_TYPE	cert_type;
303 	ulong_t			magic_marker;
304 	uint64_t		bool_attr_mask;	/* see below */
305 	CK_MECHANISM_TYPE	mechanism;
306 	uchar_t object_type;		/* see below */
307 	struct ks_obj_handle ks_handle;	/* keystore handle */
308 
309 	/* Fields for access and arbitration */
310 	pthread_mutex_t	object_mutex;
311 	struct object *next;
312 	struct object *prev;
313 
314 	/* Extra non-boolean attribute list */
315 	CK_ATTRIBUTE_INFO_PTR extra_attrlistp;
316 
317 	/* For each object, only one of these object classes is presented */
318 	union {
319 		public_key_obj_t  *public_key;
320 		private_key_obj_t *private_key;
321 		secret_key_obj_t  *secret_key;
322 		domain_obj_t	  *domain;
323 		certificate_obj_t *certificate;
324 	} object_class_u;
325 
326 	/* Session handle that the object belongs to */
327 	CK_SESSION_HANDLE	session_handle;
328 	uint32_t	obj_refcnt;	/* object reference count */
329 	pthread_cond_t	obj_free_cond;	/* cond variable for signal and wait */
330 	uint32_t	obj_delete_sync;	/* object delete sync flags */
331 
332 } soft_object_t;
333 
334 typedef struct find_context {
335 	soft_object_t **objs_found;
336 	CK_ULONG num_results;
337 	CK_ULONG next_result_index;	/* next result object to return */
338 } find_context_t;
339 
340 /*
341  * The following structure is used to link the to-be-freed session
342  * objects into a linked list. The objects on this linked list have
343  * not yet been freed via free() after C_DestroyObject() call; instead
344  * they are added to this list. The actual free will take place when
345  * the number of objects queued reaches MAX_OBJ_TO_BE_FREED, at which
346  * time the first object in the list will be freed.
347  */
348 #define	MAX_OBJ_TO_BE_FREED		300
349 
350 typedef struct obj_to_be_freed_list {
351 	struct object	*first;	/* points to the first obj in the list */
352 	struct object	*last;	/* points to the last obj in the list */
353 	uint32_t	count;	/* current total objs in the list */
354 	pthread_mutex_t	obj_to_be_free_mutex;
355 } obj_to_be_freed_list_t;
356 
357 /*
358  * Object type
359  */
360 #define	SESSION_PUBLIC		0	/* CKA_TOKEN = 0, CKA_PRIVATE = 0 */
361 #define	SESSION_PRIVATE		1	/* CKA_TOKEN = 0, CKA_PRIVATE = 1 */
362 #define	TOKEN_PUBLIC		2	/* CKA_TOKEN = 1, CKA_PRIVATE = 0 */
363 #define	TOKEN_PRIVATE		3	/* CKA_TOKEN = 1, CKA_PRIVATE = 1 */
364 
365 #define	TOKEN_OBJECT		2
366 #define	PRIVATE_OBJECT		1
367 
368 typedef enum {
369 		ALL_TOKEN = 0,
370 		PUBLIC_TOKEN = 1,
371 		PRIVATE_TOKEN = 2
372 } token_obj_type_t;
373 
374 #define	IS_TOKEN_OBJECT(objp)	\
375 	((objp->object_type == TOKEN_PUBLIC) || \
376 	(objp->object_type == TOKEN_PRIVATE))
377 
378 /*
379  * Types associated with copying object's content
380  */
381 #define	SOFT_SET_ATTR_VALUE	1	/* for C_SetAttributeValue */
382 #define	SOFT_COPY_OBJECT	2	/* for C_CopyObject */
383 #define	SOFT_COPY_OBJ_ORIG_SH	3	/* for copying an object but keeps */
384 					/* the original session handle */
385 
386 /*
387  * The following definitions are the shortcuts
388  */
389 
390 /*
391  * RSA Public Key Object Attributes
392  */
393 #define	OBJ_PUB(o) \
394 	((o)->object_class_u.public_key)
395 #define	KEY_PUB_RSA(k) \
396 	&((k)->key_type_u.rsa_pub_key)
397 #define	OBJ_PUB_RSA_MOD(o) \
398 	&((o)->object_class_u.public_key->key_type_u.rsa_pub_key.modulus)
399 #define	KEY_PUB_RSA_MOD(k) \
400 	&((k)->key_type_u.rsa_pub_key.modulus)
401 #define	OBJ_PUB_RSA_PUBEXPO(o) \
402 	&((o)->object_class_u.public_key->key_type_u.rsa_pub_key.pub_exponent)
403 #define	KEY_PUB_RSA_PUBEXPO(k) \
404 	&((k)->key_type_u.rsa_pub_key.pub_exponent)
405 #define	OBJ_PUB_RSA_MOD_BITS(o) \
406 	((o)->object_class_u.public_key->key_type_u.rsa_pub_key.modulus_bits)
407 #define	KEY_PUB_RSA_MOD_BITS(k) \
408 	((k)->key_type_u.rsa_pub_key.modulus_bits)
409 
410 /*
411  * DSA Public Key Object Attributes
412  */
413 #define	KEY_PUB_DSA(k) \
414 	&((k)->key_type_u.dsa_pub_key)
415 #define	OBJ_PUB_DSA_PRIME(o) \
416 	&((o)->object_class_u.public_key->key_type_u.dsa_pub_key.prime)
417 #define	KEY_PUB_DSA_PRIME(k) \
418 	&((k)->key_type_u.dsa_pub_key.prime)
419 #define	OBJ_PUB_DSA_SUBPRIME(o) \
420 	&((o)->object_class_u.public_key->key_type_u.dsa_pub_key.subprime)
421 #define	KEY_PUB_DSA_SUBPRIME(k) \
422 	&((k)->key_type_u.dsa_pub_key.subprime)
423 #define	OBJ_PUB_DSA_BASE(o) \
424 	&((o)->object_class_u.public_key->key_type_u.dsa_pub_key.base)
425 #define	KEY_PUB_DSA_BASE(k) \
426 	&((k)->key_type_u.dsa_pub_key.base)
427 #define	OBJ_PUB_DSA_VALUE(o) \
428 	&((o)->object_class_u.public_key->key_type_u.dsa_pub_key.value)
429 #define	KEY_PUB_DSA_VALUE(k) \
430 	&((k)->key_type_u.dsa_pub_key.value)
431 
432 /*
433  * Diffie-Hellman Public Key Object Attributes
434  */
435 #define	KEY_PUB_DH(k) \
436 	&((k)->key_type_u.dh_pub_key)
437 #define	OBJ_PUB_DH_PRIME(o) \
438 	&((o)->object_class_u.public_key->key_type_u.dh_pub_key.prime)
439 #define	KEY_PUB_DH_PRIME(k) \
440 	&((k)->key_type_u.dh_pub_key.prime)
441 #define	OBJ_PUB_DH_BASE(o) \
442 	&((o)->object_class_u.public_key->key_type_u.dh_pub_key.base)
443 #define	KEY_PUB_DH_BASE(k) \
444 	&((k)->key_type_u.dh_pub_key.base)
445 #define	OBJ_PUB_DH_VALUE(o) \
446 	&((o)->object_class_u.public_key->key_type_u.dh_pub_key.value)
447 #define	KEY_PUB_DH_VALUE(k) \
448 	&((k)->key_type_u.dh_pub_key.value)
449 
450 /*
451  * X9.42 Diffie-Hellman Public Key Object Attributes
452  */
453 #define	KEY_PUB_DH942(k) \
454 	&((k)->key_type_u.dh942_pub_key)
455 #define	OBJ_PUB_DH942_PRIME(o) \
456 	&((o)->object_class_u.public_key->key_type_u.dh942_pub_key.prime)
457 #define	KEY_PUB_DH942_PRIME(k) \
458 	&((k)->key_type_u.dh942_pub_key.prime)
459 #define	OBJ_PUB_DH942_BASE(o) \
460 	&((o)->object_class_u.public_key->key_type_u.dh942_pub_key.base)
461 #define	KEY_PUB_DH942_BASE(k) \
462 	&((k)->key_type_u.dh942_pub_key.base)
463 #define	OBJ_PUB_DH942_SUBPRIME(o) \
464 	&((o)->object_class_u.public_key->key_type_u.dh942_pub_key.subprime)
465 #define	KEY_PUB_DH942_SUBPRIME(k) \
466 	&((k)->key_type_u.dh942_pub_key.subprime)
467 #define	OBJ_PUB_DH942_VALUE(o) \
468 	&((o)->object_class_u.public_key->key_type_u.dh942_pub_key.value)
469 #define	KEY_PUB_DH942_VALUE(k) \
470 	&((k)->key_type_u.dh942_pub_key.value)
471 
472 /*
473  * Elliptic Curve Public Key Object Attributes
474  */
475 #define	KEY_PUB_EC(k) \
476 	&((k)->key_type_u.ec_pub_key)
477 #define	OBJ_PUB_EC_PARAM(o) \
478 	&((o)->object_class_u.public_key->key_type_u.ec_pub_key.param)
479 #define	KEY_PUB_EC_PARAM(k) \
480 	&((k)->key_type_u.ec_pub_key.param)
481 #define	OBJ_PUB_EC_POINT(o) \
482 	&((o)->object_class_u.public_key->key_type_u.ec_pub_key.point)
483 #define	KEY_PUB_EC_POINT(k) \
484 	&((k)->key_type_u.ec_pub_key.point)
485 
486 
487 /*
488  * RSA Private Key Object Attributes
489  */
490 #define	OBJ_PRI(o) \
491 	((o)->object_class_u.private_key)
492 #define	KEY_PRI_RSA(k) \
493 	&((k)->key_type_u.rsa_pri_key)
494 #define	OBJ_PRI_RSA_MOD(o) \
495 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.modulus)
496 #define	KEY_PRI_RSA_MOD(k) \
497 	&((k)->key_type_u.rsa_pri_key.modulus)
498 #define	OBJ_PRI_RSA_PUBEXPO(o) \
499 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.pub_exponent)
500 #define	KEY_PRI_RSA_PUBEXPO(k) \
501 	&((k)->key_type_u.rsa_pri_key.pub_exponent)
502 #define	OBJ_PRI_RSA_PRIEXPO(o) \
503 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.pri_exponent)
504 #define	KEY_PRI_RSA_PRIEXPO(k) \
505 	&((k)->key_type_u.rsa_pri_key.pri_exponent)
506 #define	OBJ_PRI_RSA_PRIME1(o) \
507 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.prime_1)
508 #define	KEY_PRI_RSA_PRIME1(k) \
509 	&((k)->key_type_u.rsa_pri_key.prime_1)
510 #define	OBJ_PRI_RSA_PRIME2(o) \
511 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.prime_2)
512 #define	KEY_PRI_RSA_PRIME2(k) \
513 	&((k)->key_type_u.rsa_pri_key.prime_2)
514 #define	OBJ_PRI_RSA_EXPO1(o) \
515 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.exponent_1)
516 #define	KEY_PRI_RSA_EXPO1(k) \
517 	&((k)->key_type_u.rsa_pri_key.exponent_1)
518 #define	OBJ_PRI_RSA_EXPO2(o) \
519 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.exponent_2)
520 #define	KEY_PRI_RSA_EXPO2(k) \
521 	&((k)->key_type_u.rsa_pri_key.exponent_2)
522 #define	OBJ_PRI_RSA_COEF(o) \
523 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.coefficient)
524 #define	KEY_PRI_RSA_COEF(k) \
525 	&((k)->key_type_u.rsa_pri_key.coefficient)
526 
527 /*
528  * DSA Private Key Object Attributes
529  */
530 #define	KEY_PRI_DSA(k) \
531 	&((k)->key_type_u.dsa_pri_key)
532 #define	OBJ_PRI_DSA_PRIME(o) \
533 	&((o)->object_class_u.private_key->key_type_u.dsa_pri_key.prime)
534 #define	KEY_PRI_DSA_PRIME(k) \
535 	&((k)->key_type_u.dsa_pri_key.prime)
536 #define	OBJ_PRI_DSA_SUBPRIME(o) \
537 	&((o)->object_class_u.private_key->key_type_u.dsa_pri_key.subprime)
538 #define	KEY_PRI_DSA_SUBPRIME(k) \
539 	&((k)->key_type_u.dsa_pri_key.subprime)
540 #define	OBJ_PRI_DSA_BASE(o) \
541 	&((o)->object_class_u.private_key->key_type_u.dsa_pri_key.base)
542 #define	KEY_PRI_DSA_BASE(k) \
543 	&((k)->key_type_u.dsa_pri_key.base)
544 #define	OBJ_PRI_DSA_VALUE(o) \
545 	&((o)->object_class_u.private_key->key_type_u.dsa_pri_key.value)
546 #define	KEY_PRI_DSA_VALUE(k) \
547 	&((k)->key_type_u.dsa_pri_key.value)
548 
549 /*
550  * Diffie-Hellman Private Key Object Attributes
551  */
552 #define	KEY_PRI_DH(k) \
553 	&((k)->key_type_u.dh_pri_key)
554 #define	OBJ_PRI_DH_PRIME(o) \
555 	&((o)->object_class_u.private_key->key_type_u.dh_pri_key.prime)
556 #define	KEY_PRI_DH_PRIME(k) \
557 	&((k)->key_type_u.dh_pri_key.prime)
558 #define	OBJ_PRI_DH_BASE(o) \
559 	&((o)->object_class_u.private_key->key_type_u.dh_pri_key.base)
560 #define	KEY_PRI_DH_BASE(k) \
561 	&((k)->key_type_u.dh_pri_key.base)
562 #define	OBJ_PRI_DH_VALUE(o) \
563 	&((o)->object_class_u.private_key->key_type_u.dh_pri_key.value)
564 #define	KEY_PRI_DH_VALUE(k) \
565 	&((k)->key_type_u.dh_pri_key.value)
566 #define	OBJ_PRI_DH_VAL_BITS(o) \
567 	((o)->object_class_u.private_key->key_type_u.dh_pri_key.value_bits)
568 #define	KEY_PRI_DH_VAL_BITS(k) \
569 	((k)->key_type_u.dh_pri_key.value_bits)
570 
571 /*
572  * X9.42 Diffie-Hellman Private Key Object Attributes
573  */
574 #define	KEY_PRI_DH942(k) \
575 	&((k)->key_type_u.dh942_pri_key)
576 #define	OBJ_PRI_DH942_PRIME(o) \
577 	&((o)->object_class_u.private_key->key_type_u.dh942_pri_key.prime)
578 #define	KEY_PRI_DH942_PRIME(k) \
579 	&((k)->key_type_u.dh942_pri_key.prime)
580 #define	OBJ_PRI_DH942_BASE(o) \
581 	&((o)->object_class_u.private_key->key_type_u.dh942_pri_key.base)
582 #define	KEY_PRI_DH942_BASE(k) \
583 	&((k)->key_type_u.dh942_pri_key.base)
584 #define	OBJ_PRI_DH942_SUBPRIME(o) \
585 	&((o)->object_class_u.private_key->key_type_u.dh942_pri_key.subprime)
586 #define	KEY_PRI_DH942_SUBPRIME(k) \
587 	&((k)->key_type_u.dh942_pri_key.subprime)
588 #define	OBJ_PRI_DH942_VALUE(o) \
589 	&((o)->object_class_u.private_key->key_type_u.dh942_pri_key.value)
590 #define	KEY_PRI_DH942_VALUE(k) \
591 	&((k)->key_type_u.dh942_pri_key.value)
592 
593 /*
594  * Elliptic Curve Private Key Object Attributes
595  */
596 
597 #define	KEY_PRI_EC(k) \
598 	&((k)->key_type_u.ec_pri_key)
599 #define	OBJ_PRI_EC_PARAM(o) \
600 	&((o)->object_class_u.private_key->key_type_u.ec_pri_key.param)
601 #define	KEY_PRI_EC_PARAM(k) \
602 	&((k)->key_type_u.ec_pri_key.param)
603 #define	OBJ_PRI_EC_VALUE(o) \
604 	&((o)->object_class_u.private_key->key_type_u.ec_pri_key.value)
605 #define	KEY_PRI_EC_VALUE(k) \
606 	&((k)->key_type_u.ec_pri_key.value)
607 
608 /*
609  * DSA Domain Parameters Object Attributes
610  */
611 #define	OBJ_DOM(o) \
612 	((o)->object_class_u.domain)
613 #define	KEY_DOM_DSA(k) \
614 	&((k)->key_type_u.dsa_dom_key)
615 #define	OBJ_DOM_DSA_PRIME(o) \
616 	&((o)->object_class_u.domain->key_type_u.dsa_dom_key.prime)
617 #define	KEY_DOM_DSA_PRIME(k) \
618 	&((k)->key_type_u.dsa_dom_key.prime)
619 #define	OBJ_DOM_DSA_SUBPRIME(o) \
620 	&((o)->object_class_u.domain->key_type_u.dsa_dom_key.subprime)
621 #define	KEY_DOM_DSA_SUBPRIME(k) \
622 	&((k)->key_type_u.dsa_dom_key.subprime)
623 #define	OBJ_DOM_DSA_BASE(o) \
624 	&((o)->object_class_u.domain->key_type_u.dsa_dom_key.base)
625 #define	KEY_DOM_DSA_BASE(k) \
626 	&((k)->key_type_u.dsa_dom_key.base)
627 #define	OBJ_DOM_DSA_PRIME_BITS(o) \
628 	((o)->object_class_u.domain->key_type_u.dsa_dom_key.prime_bits)
629 
630 /*
631  * Diffie-Hellman Domain Parameters Object Attributes
632  */
633 #define	KEY_DOM_DH(k) \
634 	&((k)->key_type_u.dh_dom_key)
635 #define	OBJ_DOM_DH_PRIME(o) \
636 	&((o)->object_class_u.domain->key_type_u.dh_dom_key.prime)
637 #define	KEY_DOM_DH_PRIME(k) \
638 	&((k)->key_type_u.dh_dom_key.prime)
639 #define	OBJ_DOM_DH_BASE(o) \
640 	&((o)->object_class_u.domain->key_type_u.dh_dom_key.base)
641 #define	KEY_DOM_DH_BASE(k) \
642 	&((k)->key_type_u.dh_dom_key.base)
643 #define	OBJ_DOM_DH_PRIME_BITS(o) \
644 	((o)->object_class_u.domain->key_type_u.dh_dom_key.prime_bits)
645 
646 /*
647  * X9.42 Diffie-Hellman Domain Parameters Object Attributes
648  */
649 #define	KEY_DOM_DH942(k) \
650 	&((k)->key_type_u.dh942_dom_key)
651 #define	OBJ_DOM_DH942_PRIME(o) \
652 	&((o)->object_class_u.domain->key_type_u.dh942_dom_key.prime)
653 #define	KEY_DOM_DH942_PRIME(k) \
654 	&((k)->key_type_u.dh942_dom_key.prime)
655 #define	OBJ_DOM_DH942_BASE(o) \
656 	&((o)->object_class_u.domain->key_type_u.dh942_dom_key.base)
657 #define	KEY_DOM_DH942_BASE(k) \
658 	&((k)->key_type_u.dh942_dom_key.base)
659 #define	OBJ_DOM_DH942_SUBPRIME(o) \
660 	&((o)->object_class_u.domain->key_type_u.dh942_dom_key.subprime)
661 #define	KEY_DOM_DH942_SUBPRIME(k) \
662 	&((k)->key_type_u.dh942_dom_key.subprime)
663 #define	OBJ_DOM_DH942_PRIME_BITS(o) \
664 	((o)->object_class_u.domain->key_type_u.dh942_dom_key.prime_bits)
665 #define	OBJ_DOM_DH942_SUBPRIME_BITS(o) \
666 	((o)->object_class_u.domain->key_type_u.dh942_dom_key.subprime_bits)
667 
668 /*
669  * Secret Key Object Attributes
670  */
671 #define	OBJ_SEC(o) \
672 	((o)->object_class_u.secret_key)
673 #define	OBJ_SEC_VALUE(o) \
674 	((o)->object_class_u.secret_key->sk_value)
675 #define	OBJ_SEC_VALUE_LEN(o) \
676 	((o)->object_class_u.secret_key->sk_value_len)
677 #define	OBJ_KEY_SCHED(o) \
678 	((o)->object_class_u.secret_key->key_sched)
679 #define	OBJ_KEY_SCHED_LEN(o) \
680 	((o)->object_class_u.secret_key->keysched_len)
681 
682 #define	OBJ_CERT(o) \
683 	((o)->object_class_u.certificate)
684 /*
685  * X.509 Key Certificate object attributes
686  */
687 #define	X509_CERT(o) \
688 	((o)->object_class_u.certificate->cert_type_u.x509)
689 #define	X509_CERT_SUBJECT(o) \
690 	((o)->object_class_u.certificate->cert_type_u.x509.subject)
691 #define	X509_CERT_VALUE(o) \
692 	((o)->object_class_u.certificate->cert_type_u.x509.value)
693 
694 /*
695  * X.509 Attribute Certificate object attributes
696  */
697 #define	X509_ATTR_CERT(o) \
698 	((o)->object_class_u.certificate->cert_type_u.x509_attr)
699 #define	X509_ATTR_CERT_OWNER(o) \
700 	((o)->object_class_u.certificate->cert_type_u.x509_attr.owner)
701 #define	X509_ATTR_CERT_VALUE(o) \
702 	((o)->object_class_u.certificate->cert_type_u.x509_attr.value)
703 
704 /*
705  * key related attributes with CK_BBOOL data type
706  */
707 #define	DERIVE_BOOL_ON			0x00000001
708 #define	LOCAL_BOOL_ON			0x00000002
709 #define	SENSITIVE_BOOL_ON		0x00000004
710 #define	SECONDARY_AUTH_BOOL_ON		0x00000008
711 #define	ENCRYPT_BOOL_ON			0x00000010
712 #define	DECRYPT_BOOL_ON			0x00000020
713 #define	SIGN_BOOL_ON			0x00000040
714 #define	SIGN_RECOVER_BOOL_ON		0x00000080
715 #define	VERIFY_BOOL_ON			0x00000100
716 #define	VERIFY_RECOVER_BOOL_ON		0x00000200
717 #define	WRAP_BOOL_ON			0x00000400
718 #define	UNWRAP_BOOL_ON			0x00000800
719 #define	TRUSTED_BOOL_ON			0x00001000
720 #define	EXTRACTABLE_BOOL_ON		0x00002000
721 #define	ALWAYS_SENSITIVE_BOOL_ON	0x00004000
722 #define	NEVER_EXTRACTABLE_BOOL_ON	0x00008000
723 #define	NOT_MODIFIABLE_BOOL_ON		0x00010000
724 
725 #define	PUBLIC_KEY_DEFAULT	(ENCRYPT_BOOL_ON|\
726 				WRAP_BOOL_ON|\
727 				VERIFY_BOOL_ON|\
728 				VERIFY_RECOVER_BOOL_ON)
729 
730 #define	PRIVATE_KEY_DEFAULT	(DECRYPT_BOOL_ON|\
731 				UNWRAP_BOOL_ON|\
732 				SIGN_BOOL_ON|\
733 				SIGN_RECOVER_BOOL_ON|\
734 				EXTRACTABLE_BOOL_ON)
735 
736 #define	SECRET_KEY_DEFAULT	(ENCRYPT_BOOL_ON|\
737 				DECRYPT_BOOL_ON|\
738 				WRAP_BOOL_ON|\
739 				UNWRAP_BOOL_ON|\
740 				SIGN_BOOL_ON|\
741 				VERIFY_BOOL_ON|\
742 				EXTRACTABLE_BOOL_ON)
743 
744 /*
745  * MAX_KEY_ATTR_BUFLEN
746  * The maximum buffer size needed for public or private key attributes
747  * should be 514 bytes.  Just to be safe we give a little more space.
748  */
749 #define	MAX_KEY_ATTR_BUFLEN 1024
750 
751 /*
752  * Flag definitions for obj_delete_sync
753  */
754 #define	OBJECT_IS_DELETING	1	/* Object is in a deleting state */
755 #define	OBJECT_REFCNT_WAITING	2	/* Waiting for object reference */
756 					/* count to become zero */
757 
758 /*
759  * This macro is used to type cast an object handle to a pointer to
760  * the object struct. Also, it checks to see if the object struct
761  * is tagged with an object magic number. This is to detect when an
762  * application passes a bogus object pointer.
763  * Also, it checks to see if the object is in the deleting state that
764  * another thread is performing. If not, increment the object reference
765  * count by one. This is to prevent this object from being deleted by
766  * other thread.
767  */
768 #define	HANDLE2OBJECT_COMMON(hObject, object_p, rv, REFCNT_CODE) { \
769 	object_p = (soft_object_t *)(hObject); \
770 	if ((object_p == NULL) || \
771 		(object_p->magic_marker != SOFTTOKEN_OBJECT_MAGIC)) {\
772 			rv = CKR_OBJECT_HANDLE_INVALID; \
773 	} else { \
774 		(void) pthread_mutex_lock(&object_p->object_mutex); \
775 		if (!(object_p->obj_delete_sync & OBJECT_IS_DELETING)) { \
776 			REFCNT_CODE; \
777 			rv = CKR_OK; \
778 		} else { \
779 			rv = CKR_OBJECT_HANDLE_INVALID; \
780 		} \
781 		(void) pthread_mutex_unlock(&object_p->object_mutex); \
782 	} \
783 }
784 
785 #define	HANDLE2OBJECT(hObject, object_p, rv) \
786 	HANDLE2OBJECT_COMMON(hObject, object_p, rv, object_p->obj_refcnt++)
787 
788 #define	HANDLE2OBJECT_DESTROY(hObject, object_p, rv) \
789 	HANDLE2OBJECT_COMMON(hObject, object_p, rv, /* no refcnt increment */)
790 
791 
792 #define	OBJ_REFRELE(object_p) { \
793 	(void) pthread_mutex_lock(&object_p->object_mutex); \
794 	if ((--object_p->obj_refcnt) == 0 && \
795 	    (object_p->obj_delete_sync & OBJECT_REFCNT_WAITING)) { \
796 		(void) pthread_cond_signal(&object_p->obj_free_cond); \
797 	} \
798 	(void) pthread_mutex_unlock(&object_p->object_mutex); \
799 }
800 
801 /*
802  * Function Prototypes.
803  */
804 void soft_cleanup_object(soft_object_t *objp);
805 
806 CK_RV soft_add_object(CK_ATTRIBUTE_PTR pTemplate,  CK_ULONG ulCount,
807 	CK_ULONG *objecthandle_p, soft_session_t *sp);
808 
809 void soft_delete_object(soft_session_t *sp, soft_object_t *objp,
810 	boolean_t lock_held);
811 
812 void soft_cleanup_extra_attr(soft_object_t *object_p);
813 
814 CK_RV soft_copy_extra_attr(CK_ATTRIBUTE_INFO_PTR old_attrp,
815 	soft_object_t *object_p);
816 
817 void soft_cleanup_object_bigint_attrs(soft_object_t *object_p);
818 
819 CK_RV soft_build_object(CK_ATTRIBUTE_PTR template,
820 	CK_ULONG ulAttrNum, soft_object_t *new_object);
821 
822 CK_RV soft_build_secret_key_object(CK_ATTRIBUTE_PTR template,
823 	CK_ULONG ulAttrNum, soft_object_t *new_object, CK_ULONG mode,
824 	CK_ULONG key_len, CK_KEY_TYPE key_type);
825 
826 CK_RV soft_copy_object(soft_object_t *old_object, soft_object_t **new_object,
827 	CK_ULONG object_func, soft_session_t *sp);
828 
829 void soft_merge_object(soft_object_t *old_object, soft_object_t *new_object);
830 
831 CK_RV soft_get_attribute(soft_object_t *object_p, CK_ATTRIBUTE_PTR template);
832 
833 CK_RV soft_set_attribute(soft_object_t *object_p, CK_ATTRIBUTE_PTR template,
834 	boolean_t copy);
835 
836 CK_RV soft_set_common_storage_attribute(soft_object_t *object_p,
837 	CK_ATTRIBUTE_PTR template, boolean_t copy);
838 
839 CK_RV soft_get_public_attr(soft_object_t *, CK_ATTRIBUTE_TYPE, uchar_t *,
840 	uint32_t *);
841 
842 CK_RV soft_get_private_attr(soft_object_t *, CK_ATTRIBUTE_TYPE, uchar_t *,
843 	uint32_t *);
844 
845 CK_RV get_ulong_attr_from_object(CK_ULONG value, CK_ATTRIBUTE_PTR template);
846 
847 void copy_bigint_attr(biginteger_t *src, biginteger_t *dst);
848 
849 void soft_add_object_to_session(soft_object_t *, soft_session_t *);
850 
851 CK_RV soft_build_key(CK_ATTRIBUTE_PTR, CK_ULONG, soft_object_t *,
852 	CK_OBJECT_CLASS, CK_KEY_TYPE, CK_ULONG, CK_ULONG);
853 
854 CK_RV soft_copy_public_key_attr(public_key_obj_t *old_pub_key_obj_p,
855 	public_key_obj_t **new_pub_key_obj_p, CK_KEY_TYPE key_type);
856 
857 CK_RV soft_copy_private_key_attr(private_key_obj_t *old_pri_key_obj_p,
858 	private_key_obj_t **new_pri_key_obj_p, CK_KEY_TYPE key_type);
859 
860 CK_RV soft_copy_secret_key_attr(secret_key_obj_t *old_secret_key_obj_p,
861 	secret_key_obj_t **new_secret_key_obj_p);
862 
863 CK_RV soft_copy_domain_attr(domain_obj_t *old_domain_obj_p,
864 	domain_obj_t **new_domain_obj_p, CK_KEY_TYPE key_type);
865 
866 CK_RV soft_validate_attr(CK_ATTRIBUTE_PTR template, CK_ULONG ulAttrNum,
867 	CK_OBJECT_CLASS *class);
868 
869 CK_RV soft_find_objects_init(soft_session_t *sp, CK_ATTRIBUTE_PTR pTemplate,
870 	CK_ULONG ulCount);
871 
872 void soft_find_objects_final(soft_session_t *sp);
873 
874 void soft_find_objects(soft_session_t *sp, CK_OBJECT_HANDLE *obj_found,
875 	CK_ULONG max_obj_requested, CK_ULONG *found_obj_count);
876 
877 void soft_process_find_attr(CK_OBJECT_CLASS *pclasses,
878 	CK_ULONG *num_result_pclasses, CK_ATTRIBUTE_PTR pTemplate,
879 	CK_ULONG ulCount);
880 
881 boolean_t soft_find_match_attrs(soft_object_t *obj, CK_OBJECT_CLASS *pclasses,
882 	CK_ULONG num_pclasses, CK_ATTRIBUTE *tmpl_attr, CK_ULONG num_attr);
883 
884 CK_ATTRIBUTE_PTR get_extra_attr(CK_ATTRIBUTE_TYPE type, soft_object_t *obj);
885 
886 CK_RV get_string_from_template(CK_ATTRIBUTE_PTR dest, CK_ATTRIBUTE_PTR src);
887 
888 void string_attr_cleanup(CK_ATTRIBUTE_PTR template);
889 
890 void soft_cleanup_cert_object(soft_object_t *object_p);
891 
892 CK_RV soft_get_certificate_attribute(soft_object_t *object_p,
893 	CK_ATTRIBUTE_PTR template);
894 
895 CK_RV soft_set_certificate_attribute(soft_object_t *object_p,
896 	CK_ATTRIBUTE_PTR template, boolean_t copy);
897 
898 CK_RV soft_copy_certificate(certificate_obj_t *old, certificate_obj_t **new,
899 	CK_CERTIFICATE_TYPE type);
900 
901 CK_RV get_cert_attr_from_template(cert_attr_t **dest,
902 	CK_ATTRIBUTE_PTR src);
903 
904 /* Token object related function prototypes */
905 
906 void soft_add_token_object_to_slot(soft_object_t *objp);
907 
908 void soft_remove_token_object_from_slot(soft_object_t *objp,
909 	boolean_t lock_held);
910 
911 void soft_delete_token_object(soft_object_t *objp, boolean_t persistent,
912 	boolean_t lock_held);
913 
914 void soft_delete_all_in_core_token_objects(token_obj_type_t type);
915 
916 void soft_validate_token_objects(boolean_t validate);
917 
918 CK_RV soft_object_write_access_check(soft_session_t *sp, soft_object_t *objp);
919 
920 CK_RV soft_pin_expired_check(soft_object_t *objp);
921 
922 CK_RV soft_copy_to_old_object(soft_object_t *new, soft_object_t *old);
923 
924 CK_RV soft_keystore_load_latest_object(soft_object_t *old_obj);
925 
926 CK_RV refresh_token_objects();
927 
928 void bigint_attr_cleanup(biginteger_t *big);
929 
930 CK_RV soft_add_extra_attr(CK_ATTRIBUTE_PTR template, soft_object_t *object_p);
931 
932 CK_RV get_bigint_attr_from_template(biginteger_t *big,
933 	CK_ATTRIBUTE_PTR template);
934 
935 #ifdef	__cplusplus
936 }
937 #endif
938 
939 #endif /* _SOFTOBJECT_H */
940