import less(1)
[unleashed/tickless.git] / usr / src / lib / pkcs11 / pkcs11_softtoken / common / softObject.h
blobea73e1a58d0cd73b480df0034d50750c191fcb8f
1 /*
2 * CDDL HEADER START
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
19 * CDDL HEADER END
23 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
26 #ifndef _SOFTOBJECT_H
27 #define _SOFTOBJECT_H
29 #ifdef __cplusplus
30 extern "C" {
31 #endif
33 #include <pthread.h>
34 #include <security/pkcs11t.h>
35 #include "softKeystoreUtil.h"
36 #include "softSession.h"
39 #define SOFTTOKEN_OBJECT_MAGIC 0xECF0B002
41 #define SOFT_CREATE_OBJ 1
42 #define SOFT_GEN_KEY 2
43 #define SOFT_DERIVE_KEY_DH 3 /* for CKM_DH_PKCS_DERIVE */
44 #define SOFT_DERIVE_KEY_OTHER 4 /* for CKM_MD5_KEY_DERIVATION and */
45 /* CKM_SHA1_KEY_DERIVATION */
46 #define SOFT_UNWRAP_KEY 5
47 #define SOFT_CREATE_OBJ_INT 6 /* internal object creation */
49 typedef struct biginteger {
50 CK_BYTE *big_value;
51 CK_ULONG big_value_len;
52 } biginteger_t;
56 * Secret key Struct
58 typedef struct secret_key_obj {
59 CK_BYTE *sk_value;
60 CK_ULONG sk_value_len;
61 void *key_sched;
62 size_t keysched_len;
63 } secret_key_obj_t;
67 * PKCS11: RSA Public Key Object Attributes
69 typedef struct rsa_pub_key {
70 biginteger_t modulus;
71 CK_ULONG modulus_bits;
72 biginteger_t pub_exponent;
73 } rsa_pub_key_t;
77 * PKCS11: DSA Public Key Object Attributes
79 typedef struct dsa_pub_key {
80 biginteger_t prime;
81 biginteger_t subprime;
82 biginteger_t base;
83 biginteger_t value;
84 } dsa_pub_key_t;
88 * PKCS11: Diffie-Hellman Public Key Object Attributes
90 typedef struct dh_pub_key {
91 biginteger_t prime;
92 biginteger_t base;
93 biginteger_t value;
94 } dh_pub_key_t;
98 * PKCS11: X9.42 Diffie-Hellman Public Key Object Attributes
100 typedef struct dh942_pub_key {
101 biginteger_t prime;
102 biginteger_t base;
103 biginteger_t subprime;
104 biginteger_t value;
105 } dh942_pub_key_t;
109 * PKCS11: Elliptic Curve Public Key Object Attributes
111 typedef struct ec_pub_key {
112 biginteger_t param;
113 biginteger_t point;
114 } ec_pub_key_t;
118 * Public Key Main Struct
120 typedef struct public_key_obj {
121 union {
122 rsa_pub_key_t rsa_pub_key; /* RSA public key */
123 dsa_pub_key_t dsa_pub_key; /* DSA public key */
124 dh_pub_key_t dh_pub_key; /* DH public key */
125 dh942_pub_key_t dh942_pub_key; /* DH9.42 public key */
126 ec_pub_key_t ec_pub_key; /* Elliptic Curve public key */
127 } key_type_u;
128 } public_key_obj_t;
131 * PKCS11: RSA Private Key Object Attributes
133 typedef struct rsa_pri_key {
134 biginteger_t modulus;
135 biginteger_t pub_exponent;
136 biginteger_t pri_exponent;
137 biginteger_t prime_1;
138 biginteger_t prime_2;
139 biginteger_t exponent_1;
140 biginteger_t exponent_2;
141 biginteger_t coefficient;
142 } rsa_pri_key_t;
145 * PKCS11: DSA Private Key Object Attributes
147 typedef struct dsa_pri_key {
148 biginteger_t prime;
149 biginteger_t subprime;
150 biginteger_t base;
151 biginteger_t value;
152 } dsa_pri_key_t;
156 * PKCS11: Diffie-Hellman Private Key Object Attributes
158 typedef struct dh_pri_key {
159 biginteger_t prime;
160 biginteger_t base;
161 biginteger_t value;
162 CK_ULONG value_bits;
163 } dh_pri_key_t;
166 * PKCS11: X9.42 Diffie-Hellman Private Key Object Attributes
168 typedef struct dh942_pri_key {
169 biginteger_t prime;
170 biginteger_t base;
171 biginteger_t subprime;
172 biginteger_t value;
173 } dh942_pri_key_t;
176 * PKCS11: Elliptic Curve Private Key Object Attributes
178 typedef struct ec_pri_key {
179 biginteger_t param;
180 biginteger_t value;
181 } ec_pri_key_t;
185 * Private Key Main Struct
187 typedef struct private_key_obj {
188 union {
189 rsa_pri_key_t rsa_pri_key; /* RSA private key */
190 dsa_pri_key_t dsa_pri_key; /* DSA private key */
191 dh_pri_key_t dh_pri_key; /* DH private key */
192 dh942_pri_key_t dh942_pri_key; /* DH9.42 private key */
193 ec_pri_key_t ec_pri_key; /* Elliptic Curve private key */
194 } key_type_u;
195 } private_key_obj_t;
198 * PKCS11: DSA Domain Parameters Object Attributes
200 typedef struct dsa_dom_key {
201 biginteger_t prime;
202 biginteger_t subprime;
203 biginteger_t base;
204 CK_ULONG prime_bits;
205 } dsa_dom_key_t;
209 * PKCS11: Diffie-Hellman Domain Parameters Object Attributes
211 typedef struct dh_dom_key {
212 biginteger_t prime;
213 biginteger_t base;
214 CK_ULONG prime_bits;
215 } dh_dom_key_t;
219 * PKCS11: X9.42 Diffie-Hellman Domain Parameters Object Attributes
221 typedef struct dh942_dom_key {
222 biginteger_t prime;
223 biginteger_t base;
224 biginteger_t subprime;
225 CK_ULONG prime_bits;
226 CK_ULONG subprime_bits;
227 } dh942_dom_key_t;
230 * Domain Parameters Main Struct
232 typedef struct domain_obj {
233 union {
234 dsa_dom_key_t dsa_dom_key; /* DSA domain parameters */
235 dh_dom_key_t dh_dom_key; /* DH domain parameters */
236 dh942_dom_key_t dh942_dom_key; /* DH9.42 domain parameters */
237 } key_type_u;
238 } domain_obj_t;
240 typedef struct cert_attr_type {
241 CK_BYTE *value;
242 CK_ULONG length;
243 } cert_attr_t;
246 * X.509 Public Key Certificate Structure.
247 * This structure contains only the attributes that are
248 * NOT modifiable after creation.
249 * ID, ISSUER, and SUBJECT attributes are kept in the extra_attrlistp
250 * record.
252 typedef struct x509_cert {
253 cert_attr_t *subject; /* DER encoding of certificate subject name */
254 cert_attr_t *value; /* BER encoding of the cert */
255 } x509_cert_t;
258 * X.509 Attribute Certificiate Structure
259 * This structure contains only the attributes that are
260 * NOT modifiable after creation.
261 * AC_ISSUER, SERIAL_NUMBER, and ATTR_TYPES are kept in the
262 * extra_attrlistp record so they may be modified.
264 typedef struct x509_attr_cert {
265 cert_attr_t *owner; /* DER encoding of attr cert subject field */
266 cert_attr_t *value; /* BER encoding of cert */
267 } x509_attr_cert_t;
270 * Certificate Object Main Struct
272 typedef struct certificate_obj {
273 CK_CERTIFICATE_TYPE certificate_type;
274 union {
275 x509_cert_t x509;
276 x509_attr_cert_t x509_attr;
277 } cert_type_u;
278 } certificate_obj_t;
281 * This structure is used to hold the attributes in the
282 * Extra Attribute List.
284 typedef struct attribute_info {
285 CK_ATTRIBUTE attr;
286 struct attribute_info *next;
287 } attribute_info_t;
290 typedef attribute_info_t *CK_ATTRIBUTE_INFO_PTR;
293 * This is the main structure of the Objects.
295 typedef struct object {
296 /* Generic common fields. Always present */
297 uint_t version; /* for token objects only */
298 CK_OBJECT_CLASS class;
299 CK_KEY_TYPE key_type;
300 CK_CERTIFICATE_TYPE cert_type;
301 ulong_t magic_marker;
302 uint64_t bool_attr_mask; /* see below */
303 CK_MECHANISM_TYPE mechanism;
304 uchar_t object_type; /* see below */
305 struct ks_obj_handle ks_handle; /* keystore handle */
307 /* Fields for access and arbitration */
308 pthread_mutex_t object_mutex;
309 struct object *next;
310 struct object *prev;
312 /* Extra non-boolean attribute list */
313 CK_ATTRIBUTE_INFO_PTR extra_attrlistp;
315 /* For each object, only one of these object classes is presented */
316 union {
317 public_key_obj_t *public_key;
318 private_key_obj_t *private_key;
319 secret_key_obj_t *secret_key;
320 domain_obj_t *domain;
321 certificate_obj_t *certificate;
322 } object_class_u;
324 /* Session handle that the object belongs to */
325 CK_SESSION_HANDLE session_handle;
326 uint32_t obj_refcnt; /* object reference count */
327 pthread_cond_t obj_free_cond; /* cond variable for signal and wait */
328 uint32_t obj_delete_sync; /* object delete sync flags */
330 } soft_object_t;
332 typedef struct find_context {
333 soft_object_t **objs_found;
334 CK_ULONG num_results;
335 CK_ULONG next_result_index; /* next result object to return */
336 } find_context_t;
339 * The following structure is used to link the to-be-freed session
340 * objects into a linked list. The objects on this linked list have
341 * not yet been freed via free() after C_DestroyObject() call; instead
342 * they are added to this list. The actual free will take place when
343 * the number of objects queued reaches MAX_OBJ_TO_BE_FREED, at which
344 * time the first object in the list will be freed.
346 #define MAX_OBJ_TO_BE_FREED 300
348 typedef struct obj_to_be_freed_list {
349 struct object *first; /* points to the first obj in the list */
350 struct object *last; /* points to the last obj in the list */
351 uint32_t count; /* current total objs in the list */
352 pthread_mutex_t obj_to_be_free_mutex;
353 } obj_to_be_freed_list_t;
356 * Object type
358 #define SESSION_PUBLIC 0 /* CKA_TOKEN = 0, CKA_PRIVATE = 0 */
359 #define SESSION_PRIVATE 1 /* CKA_TOKEN = 0, CKA_PRIVATE = 1 */
360 #define TOKEN_PUBLIC 2 /* CKA_TOKEN = 1, CKA_PRIVATE = 0 */
361 #define TOKEN_PRIVATE 3 /* CKA_TOKEN = 1, CKA_PRIVATE = 1 */
363 #define TOKEN_OBJECT 2
364 #define PRIVATE_OBJECT 1
366 typedef enum {
367 ALL_TOKEN = 0,
368 PUBLIC_TOKEN = 1,
369 PRIVATE_TOKEN = 2
370 } token_obj_type_t;
372 #define IS_TOKEN_OBJECT(objp) \
373 ((objp->object_type == TOKEN_PUBLIC) || \
374 (objp->object_type == TOKEN_PRIVATE))
377 * Types associated with copying object's content
379 #define SOFT_SET_ATTR_VALUE 1 /* for C_SetAttributeValue */
380 #define SOFT_COPY_OBJECT 2 /* for C_CopyObject */
381 #define SOFT_COPY_OBJ_ORIG_SH 3 /* for copying an object but keeps */
382 /* the original session handle */
385 * The following definitions are the shortcuts
389 * RSA Public Key Object Attributes
391 #define OBJ_PUB(o) \
392 ((o)->object_class_u.public_key)
393 #define KEY_PUB_RSA(k) \
394 &((k)->key_type_u.rsa_pub_key)
395 #define OBJ_PUB_RSA_MOD(o) \
396 &((o)->object_class_u.public_key->key_type_u.rsa_pub_key.modulus)
397 #define KEY_PUB_RSA_MOD(k) \
398 &((k)->key_type_u.rsa_pub_key.modulus)
399 #define OBJ_PUB_RSA_PUBEXPO(o) \
400 &((o)->object_class_u.public_key->key_type_u.rsa_pub_key.pub_exponent)
401 #define KEY_PUB_RSA_PUBEXPO(k) \
402 &((k)->key_type_u.rsa_pub_key.pub_exponent)
403 #define OBJ_PUB_RSA_MOD_BITS(o) \
404 ((o)->object_class_u.public_key->key_type_u.rsa_pub_key.modulus_bits)
405 #define KEY_PUB_RSA_MOD_BITS(k) \
406 ((k)->key_type_u.rsa_pub_key.modulus_bits)
409 * DSA Public Key Object Attributes
411 #define KEY_PUB_DSA(k) \
412 &((k)->key_type_u.dsa_pub_key)
413 #define OBJ_PUB_DSA_PRIME(o) \
414 &((o)->object_class_u.public_key->key_type_u.dsa_pub_key.prime)
415 #define KEY_PUB_DSA_PRIME(k) \
416 &((k)->key_type_u.dsa_pub_key.prime)
417 #define OBJ_PUB_DSA_SUBPRIME(o) \
418 &((o)->object_class_u.public_key->key_type_u.dsa_pub_key.subprime)
419 #define KEY_PUB_DSA_SUBPRIME(k) \
420 &((k)->key_type_u.dsa_pub_key.subprime)
421 #define OBJ_PUB_DSA_BASE(o) \
422 &((o)->object_class_u.public_key->key_type_u.dsa_pub_key.base)
423 #define KEY_PUB_DSA_BASE(k) \
424 &((k)->key_type_u.dsa_pub_key.base)
425 #define OBJ_PUB_DSA_VALUE(o) \
426 &((o)->object_class_u.public_key->key_type_u.dsa_pub_key.value)
427 #define KEY_PUB_DSA_VALUE(k) \
428 &((k)->key_type_u.dsa_pub_key.value)
431 * Diffie-Hellman Public Key Object Attributes
433 #define KEY_PUB_DH(k) \
434 &((k)->key_type_u.dh_pub_key)
435 #define OBJ_PUB_DH_PRIME(o) \
436 &((o)->object_class_u.public_key->key_type_u.dh_pub_key.prime)
437 #define KEY_PUB_DH_PRIME(k) \
438 &((k)->key_type_u.dh_pub_key.prime)
439 #define OBJ_PUB_DH_BASE(o) \
440 &((o)->object_class_u.public_key->key_type_u.dh_pub_key.base)
441 #define KEY_PUB_DH_BASE(k) \
442 &((k)->key_type_u.dh_pub_key.base)
443 #define OBJ_PUB_DH_VALUE(o) \
444 &((o)->object_class_u.public_key->key_type_u.dh_pub_key.value)
445 #define KEY_PUB_DH_VALUE(k) \
446 &((k)->key_type_u.dh_pub_key.value)
449 * X9.42 Diffie-Hellman Public Key Object Attributes
451 #define KEY_PUB_DH942(k) \
452 &((k)->key_type_u.dh942_pub_key)
453 #define OBJ_PUB_DH942_PRIME(o) \
454 &((o)->object_class_u.public_key->key_type_u.dh942_pub_key.prime)
455 #define KEY_PUB_DH942_PRIME(k) \
456 &((k)->key_type_u.dh942_pub_key.prime)
457 #define OBJ_PUB_DH942_BASE(o) \
458 &((o)->object_class_u.public_key->key_type_u.dh942_pub_key.base)
459 #define KEY_PUB_DH942_BASE(k) \
460 &((k)->key_type_u.dh942_pub_key.base)
461 #define OBJ_PUB_DH942_SUBPRIME(o) \
462 &((o)->object_class_u.public_key->key_type_u.dh942_pub_key.subprime)
463 #define KEY_PUB_DH942_SUBPRIME(k) \
464 &((k)->key_type_u.dh942_pub_key.subprime)
465 #define OBJ_PUB_DH942_VALUE(o) \
466 &((o)->object_class_u.public_key->key_type_u.dh942_pub_key.value)
467 #define KEY_PUB_DH942_VALUE(k) \
468 &((k)->key_type_u.dh942_pub_key.value)
471 * Elliptic Curve Public Key Object Attributes
473 #define KEY_PUB_EC(k) \
474 &((k)->key_type_u.ec_pub_key)
475 #define OBJ_PUB_EC_POINT(o) \
476 &((o)->object_class_u.public_key->key_type_u.ec_pub_key.point)
477 #define KEY_PUB_EC_POINT(k) \
478 &((k)->key_type_u.ec_pub_key.point)
482 * RSA Private Key Object Attributes
484 #define OBJ_PRI(o) \
485 ((o)->object_class_u.private_key)
486 #define KEY_PRI_RSA(k) \
487 &((k)->key_type_u.rsa_pri_key)
488 #define OBJ_PRI_RSA_MOD(o) \
489 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.modulus)
490 #define KEY_PRI_RSA_MOD(k) \
491 &((k)->key_type_u.rsa_pri_key.modulus)
492 #define OBJ_PRI_RSA_PUBEXPO(o) \
493 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.pub_exponent)
494 #define KEY_PRI_RSA_PUBEXPO(k) \
495 &((k)->key_type_u.rsa_pri_key.pub_exponent)
496 #define OBJ_PRI_RSA_PRIEXPO(o) \
497 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.pri_exponent)
498 #define KEY_PRI_RSA_PRIEXPO(k) \
499 &((k)->key_type_u.rsa_pri_key.pri_exponent)
500 #define OBJ_PRI_RSA_PRIME1(o) \
501 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.prime_1)
502 #define KEY_PRI_RSA_PRIME1(k) \
503 &((k)->key_type_u.rsa_pri_key.prime_1)
504 #define OBJ_PRI_RSA_PRIME2(o) \
505 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.prime_2)
506 #define KEY_PRI_RSA_PRIME2(k) \
507 &((k)->key_type_u.rsa_pri_key.prime_2)
508 #define OBJ_PRI_RSA_EXPO1(o) \
509 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.exponent_1)
510 #define KEY_PRI_RSA_EXPO1(k) \
511 &((k)->key_type_u.rsa_pri_key.exponent_1)
512 #define OBJ_PRI_RSA_EXPO2(o) \
513 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.exponent_2)
514 #define KEY_PRI_RSA_EXPO2(k) \
515 &((k)->key_type_u.rsa_pri_key.exponent_2)
516 #define OBJ_PRI_RSA_COEF(o) \
517 &((o)->object_class_u.private_key->key_type_u.rsa_pri_key.coefficient)
518 #define KEY_PRI_RSA_COEF(k) \
519 &((k)->key_type_u.rsa_pri_key.coefficient)
522 * DSA Private Key Object Attributes
524 #define KEY_PRI_DSA(k) \
525 &((k)->key_type_u.dsa_pri_key)
526 #define OBJ_PRI_DSA_PRIME(o) \
527 &((o)->object_class_u.private_key->key_type_u.dsa_pri_key.prime)
528 #define KEY_PRI_DSA_PRIME(k) \
529 &((k)->key_type_u.dsa_pri_key.prime)
530 #define OBJ_PRI_DSA_SUBPRIME(o) \
531 &((o)->object_class_u.private_key->key_type_u.dsa_pri_key.subprime)
532 #define KEY_PRI_DSA_SUBPRIME(k) \
533 &((k)->key_type_u.dsa_pri_key.subprime)
534 #define OBJ_PRI_DSA_BASE(o) \
535 &((o)->object_class_u.private_key->key_type_u.dsa_pri_key.base)
536 #define KEY_PRI_DSA_BASE(k) \
537 &((k)->key_type_u.dsa_pri_key.base)
538 #define OBJ_PRI_DSA_VALUE(o) \
539 &((o)->object_class_u.private_key->key_type_u.dsa_pri_key.value)
540 #define KEY_PRI_DSA_VALUE(k) \
541 &((k)->key_type_u.dsa_pri_key.value)
544 * Diffie-Hellman Private Key Object Attributes
546 #define KEY_PRI_DH(k) \
547 &((k)->key_type_u.dh_pri_key)
548 #define OBJ_PRI_DH_PRIME(o) \
549 &((o)->object_class_u.private_key->key_type_u.dh_pri_key.prime)
550 #define KEY_PRI_DH_PRIME(k) \
551 &((k)->key_type_u.dh_pri_key.prime)
552 #define OBJ_PRI_DH_BASE(o) \
553 &((o)->object_class_u.private_key->key_type_u.dh_pri_key.base)
554 #define KEY_PRI_DH_BASE(k) \
555 &((k)->key_type_u.dh_pri_key.base)
556 #define OBJ_PRI_DH_VALUE(o) \
557 &((o)->object_class_u.private_key->key_type_u.dh_pri_key.value)
558 #define KEY_PRI_DH_VALUE(k) \
559 &((k)->key_type_u.dh_pri_key.value)
560 #define OBJ_PRI_DH_VAL_BITS(o) \
561 ((o)->object_class_u.private_key->key_type_u.dh_pri_key.value_bits)
562 #define KEY_PRI_DH_VAL_BITS(k) \
563 ((k)->key_type_u.dh_pri_key.value_bits)
566 * X9.42 Diffie-Hellman Private Key Object Attributes
568 #define KEY_PRI_DH942(k) \
569 &((k)->key_type_u.dh942_pri_key)
570 #define OBJ_PRI_DH942_PRIME(o) \
571 &((o)->object_class_u.private_key->key_type_u.dh942_pri_key.prime)
572 #define KEY_PRI_DH942_PRIME(k) \
573 &((k)->key_type_u.dh942_pri_key.prime)
574 #define OBJ_PRI_DH942_BASE(o) \
575 &((o)->object_class_u.private_key->key_type_u.dh942_pri_key.base)
576 #define KEY_PRI_DH942_BASE(k) \
577 &((k)->key_type_u.dh942_pri_key.base)
578 #define OBJ_PRI_DH942_SUBPRIME(o) \
579 &((o)->object_class_u.private_key->key_type_u.dh942_pri_key.subprime)
580 #define KEY_PRI_DH942_SUBPRIME(k) \
581 &((k)->key_type_u.dh942_pri_key.subprime)
582 #define OBJ_PRI_DH942_VALUE(o) \
583 &((o)->object_class_u.private_key->key_type_u.dh942_pri_key.value)
584 #define KEY_PRI_DH942_VALUE(k) \
585 &((k)->key_type_u.dh942_pri_key.value)
588 * Elliptic Curve Private Key Object Attributes
591 #define KEY_PRI_EC(k) \
592 &((k)->key_type_u.ec_pri_key)
593 #define OBJ_PRI_EC_VALUE(o) \
594 &((o)->object_class_u.private_key->key_type_u.ec_pri_key.value)
595 #define KEY_PRI_EC_VALUE(k) \
596 &((k)->key_type_u.ec_pri_key.value)
599 * DSA Domain Parameters Object Attributes
601 #define OBJ_DOM(o) \
602 ((o)->object_class_u.domain)
603 #define KEY_DOM_DSA(k) \
604 &((k)->key_type_u.dsa_dom_key)
605 #define OBJ_DOM_DSA_PRIME(o) \
606 &((o)->object_class_u.domain->key_type_u.dsa_dom_key.prime)
607 #define KEY_DOM_DSA_PRIME(k) \
608 &((k)->key_type_u.dsa_dom_key.prime)
609 #define OBJ_DOM_DSA_SUBPRIME(o) \
610 &((o)->object_class_u.domain->key_type_u.dsa_dom_key.subprime)
611 #define KEY_DOM_DSA_SUBPRIME(k) \
612 &((k)->key_type_u.dsa_dom_key.subprime)
613 #define OBJ_DOM_DSA_BASE(o) \
614 &((o)->object_class_u.domain->key_type_u.dsa_dom_key.base)
615 #define KEY_DOM_DSA_BASE(k) \
616 &((k)->key_type_u.dsa_dom_key.base)
617 #define OBJ_DOM_DSA_PRIME_BITS(o) \
618 ((o)->object_class_u.domain->key_type_u.dsa_dom_key.prime_bits)
621 * Diffie-Hellman Domain Parameters Object Attributes
623 #define KEY_DOM_DH(k) \
624 &((k)->key_type_u.dh_dom_key)
625 #define OBJ_DOM_DH_PRIME(o) \
626 &((o)->object_class_u.domain->key_type_u.dh_dom_key.prime)
627 #define KEY_DOM_DH_PRIME(k) \
628 &((k)->key_type_u.dh_dom_key.prime)
629 #define OBJ_DOM_DH_BASE(o) \
630 &((o)->object_class_u.domain->key_type_u.dh_dom_key.base)
631 #define KEY_DOM_DH_BASE(k) \
632 &((k)->key_type_u.dh_dom_key.base)
633 #define OBJ_DOM_DH_PRIME_BITS(o) \
634 ((o)->object_class_u.domain->key_type_u.dh_dom_key.prime_bits)
637 * X9.42 Diffie-Hellman Domain Parameters Object Attributes
639 #define KEY_DOM_DH942(k) \
640 &((k)->key_type_u.dh942_dom_key)
641 #define OBJ_DOM_DH942_PRIME(o) \
642 &((o)->object_class_u.domain->key_type_u.dh942_dom_key.prime)
643 #define KEY_DOM_DH942_PRIME(k) \
644 &((k)->key_type_u.dh942_dom_key.prime)
645 #define OBJ_DOM_DH942_BASE(o) \
646 &((o)->object_class_u.domain->key_type_u.dh942_dom_key.base)
647 #define KEY_DOM_DH942_BASE(k) \
648 &((k)->key_type_u.dh942_dom_key.base)
649 #define OBJ_DOM_DH942_SUBPRIME(o) \
650 &((o)->object_class_u.domain->key_type_u.dh942_dom_key.subprime)
651 #define KEY_DOM_DH942_SUBPRIME(k) \
652 &((k)->key_type_u.dh942_dom_key.subprime)
653 #define OBJ_DOM_DH942_PRIME_BITS(o) \
654 ((o)->object_class_u.domain->key_type_u.dh942_dom_key.prime_bits)
655 #define OBJ_DOM_DH942_SUBPRIME_BITS(o) \
656 ((o)->object_class_u.domain->key_type_u.dh942_dom_key.subprime_bits)
659 * Secret Key Object Attributes
661 #define OBJ_SEC(o) \
662 ((o)->object_class_u.secret_key)
663 #define OBJ_SEC_VALUE(o) \
664 ((o)->object_class_u.secret_key->sk_value)
665 #define OBJ_SEC_VALUE_LEN(o) \
666 ((o)->object_class_u.secret_key->sk_value_len)
667 #define OBJ_KEY_SCHED(o) \
668 ((o)->object_class_u.secret_key->key_sched)
669 #define OBJ_KEY_SCHED_LEN(o) \
670 ((o)->object_class_u.secret_key->keysched_len)
672 #define OBJ_CERT(o) \
673 ((o)->object_class_u.certificate)
675 * X.509 Key Certificate object attributes
677 #define X509_CERT(o) \
678 ((o)->object_class_u.certificate->cert_type_u.x509)
679 #define X509_CERT_SUBJECT(o) \
680 ((o)->object_class_u.certificate->cert_type_u.x509.subject)
681 #define X509_CERT_VALUE(o) \
682 ((o)->object_class_u.certificate->cert_type_u.x509.value)
685 * X.509 Attribute Certificate object attributes
687 #define X509_ATTR_CERT(o) \
688 ((o)->object_class_u.certificate->cert_type_u.x509_attr)
689 #define X509_ATTR_CERT_OWNER(o) \
690 ((o)->object_class_u.certificate->cert_type_u.x509_attr.owner)
691 #define X509_ATTR_CERT_VALUE(o) \
692 ((o)->object_class_u.certificate->cert_type_u.x509_attr.value)
695 * key related attributes with CK_BBOOL data type
697 #define DERIVE_BOOL_ON 0x00000001
698 #define LOCAL_BOOL_ON 0x00000002
699 #define SENSITIVE_BOOL_ON 0x00000004
700 #define SECONDARY_AUTH_BOOL_ON 0x00000008
701 #define ENCRYPT_BOOL_ON 0x00000010
702 #define DECRYPT_BOOL_ON 0x00000020
703 #define SIGN_BOOL_ON 0x00000040
704 #define SIGN_RECOVER_BOOL_ON 0x00000080
705 #define VERIFY_BOOL_ON 0x00000100
706 #define VERIFY_RECOVER_BOOL_ON 0x00000200
707 #define WRAP_BOOL_ON 0x00000400
708 #define UNWRAP_BOOL_ON 0x00000800
709 #define TRUSTED_BOOL_ON 0x00001000
710 #define EXTRACTABLE_BOOL_ON 0x00002000
711 #define ALWAYS_SENSITIVE_BOOL_ON 0x00004000
712 #define NEVER_EXTRACTABLE_BOOL_ON 0x00008000
713 #define NOT_MODIFIABLE_BOOL_ON 0x00010000
715 #define PUBLIC_KEY_DEFAULT (ENCRYPT_BOOL_ON|\
716 WRAP_BOOL_ON|\
717 VERIFY_BOOL_ON|\
718 VERIFY_RECOVER_BOOL_ON)
720 #define PRIVATE_KEY_DEFAULT (DECRYPT_BOOL_ON|\
721 UNWRAP_BOOL_ON|\
722 SIGN_BOOL_ON|\
723 SIGN_RECOVER_BOOL_ON|\
724 EXTRACTABLE_BOOL_ON)
726 #define SECRET_KEY_DEFAULT (ENCRYPT_BOOL_ON|\
727 DECRYPT_BOOL_ON|\
728 WRAP_BOOL_ON|\
729 UNWRAP_BOOL_ON|\
730 SIGN_BOOL_ON|\
731 VERIFY_BOOL_ON|\
732 EXTRACTABLE_BOOL_ON)
735 * MAX_KEY_ATTR_BUFLEN
736 * The maximum buffer size needed for public or private key attributes
737 * should be 514 bytes. Just to be safe we give a little more space.
739 #define MAX_KEY_ATTR_BUFLEN 1024
742 * Flag definitions for obj_delete_sync
744 #define OBJECT_IS_DELETING 1 /* Object is in a deleting state */
745 #define OBJECT_REFCNT_WAITING 2 /* Waiting for object reference */
746 /* count to become zero */
749 * This macro is used to type cast an object handle to a pointer to
750 * the object struct. Also, it checks to see if the object struct
751 * is tagged with an object magic number. This is to detect when an
752 * application passes a bogus object pointer.
753 * Also, it checks to see if the object is in the deleting state that
754 * another thread is performing. If not, increment the object reference
755 * count by one. This is to prevent this object from being deleted by
756 * other thread.
758 #define HANDLE2OBJECT_COMMON(hObject, object_p, rv, REFCNT_CODE) { \
759 object_p = (soft_object_t *)(hObject); \
760 if ((object_p == NULL) || \
761 (object_p->magic_marker != SOFTTOKEN_OBJECT_MAGIC)) {\
762 rv = CKR_OBJECT_HANDLE_INVALID; \
763 } else { \
764 (void) pthread_mutex_lock(&object_p->object_mutex); \
765 if (!(object_p->obj_delete_sync & OBJECT_IS_DELETING)) { \
766 REFCNT_CODE; \
767 rv = CKR_OK; \
768 } else { \
769 rv = CKR_OBJECT_HANDLE_INVALID; \
771 (void) pthread_mutex_unlock(&object_p->object_mutex); \
775 #define HANDLE2OBJECT(hObject, object_p, rv) \
776 HANDLE2OBJECT_COMMON(hObject, object_p, rv, object_p->obj_refcnt++)
778 #define HANDLE2OBJECT_DESTROY(hObject, object_p, rv) \
779 HANDLE2OBJECT_COMMON(hObject, object_p, rv, /* no refcnt increment */)
782 #define OBJ_REFRELE(object_p) { \
783 (void) pthread_mutex_lock(&object_p->object_mutex); \
784 if ((--object_p->obj_refcnt) == 0 && \
785 (object_p->obj_delete_sync & OBJECT_REFCNT_WAITING)) { \
786 (void) pthread_cond_signal(&object_p->obj_free_cond); \
788 (void) pthread_mutex_unlock(&object_p->object_mutex); \
792 * Function Prototypes.
794 void soft_cleanup_object(soft_object_t *objp);
796 CK_RV soft_add_object(CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
797 CK_ULONG *objecthandle_p, soft_session_t *sp);
799 void soft_delete_object(soft_session_t *sp, soft_object_t *objp,
800 boolean_t force, boolean_t lock_held);
802 void soft_cleanup_extra_attr(soft_object_t *object_p);
804 CK_RV soft_copy_extra_attr(CK_ATTRIBUTE_INFO_PTR old_attrp,
805 soft_object_t *object_p);
807 void soft_cleanup_object_bigint_attrs(soft_object_t *object_p);
809 CK_RV soft_build_object(CK_ATTRIBUTE_PTR template,
810 CK_ULONG ulAttrNum, soft_object_t *new_object);
812 CK_RV soft_build_secret_key_object(CK_ATTRIBUTE_PTR template,
813 CK_ULONG ulAttrNum, soft_object_t *new_object, CK_ULONG mode,
814 CK_ULONG key_len, CK_KEY_TYPE key_type);
816 CK_RV soft_copy_object(soft_object_t *old_object, soft_object_t **new_object,
817 CK_ULONG object_func, soft_session_t *sp);
819 void soft_merge_object(soft_object_t *old_object, soft_object_t *new_object);
821 CK_RV soft_get_attribute(soft_object_t *object_p, CK_ATTRIBUTE_PTR template);
823 CK_RV soft_set_attribute(soft_object_t *object_p, CK_ATTRIBUTE_PTR template,
824 boolean_t copy);
826 CK_RV soft_set_common_storage_attribute(soft_object_t *object_p,
827 CK_ATTRIBUTE_PTR template, boolean_t copy);
829 CK_RV soft_get_public_value(soft_object_t *, CK_ATTRIBUTE_TYPE, uchar_t *,
830 uint32_t *);
832 CK_RV soft_get_private_value(soft_object_t *, CK_ATTRIBUTE_TYPE, uchar_t *,
833 uint32_t *);
835 CK_RV get_ulong_attr_from_object(CK_ULONG value, CK_ATTRIBUTE_PTR template);
837 void copy_bigint_attr(biginteger_t *src, biginteger_t *dst);
839 void soft_add_object_to_session(soft_object_t *, soft_session_t *);
841 CK_RV soft_build_key(CK_ATTRIBUTE_PTR, CK_ULONG, soft_object_t *,
842 CK_OBJECT_CLASS, CK_KEY_TYPE, CK_ULONG, CK_ULONG);
844 CK_RV soft_copy_public_key_attr(public_key_obj_t *old_pub_key_obj_p,
845 public_key_obj_t **new_pub_key_obj_p, CK_KEY_TYPE key_type);
847 CK_RV soft_copy_private_key_attr(private_key_obj_t *old_pri_key_obj_p,
848 private_key_obj_t **new_pri_key_obj_p, CK_KEY_TYPE key_type);
850 CK_RV soft_copy_secret_key_attr(secret_key_obj_t *old_secret_key_obj_p,
851 secret_key_obj_t **new_secret_key_obj_p);
853 CK_RV soft_copy_domain_attr(domain_obj_t *old_domain_obj_p,
854 domain_obj_t **new_domain_obj_p, CK_KEY_TYPE key_type);
856 CK_RV soft_validate_attr(CK_ATTRIBUTE_PTR template, CK_ULONG ulAttrNum,
857 CK_OBJECT_CLASS *class);
859 CK_RV soft_find_objects_init(soft_session_t *sp, CK_ATTRIBUTE_PTR pTemplate,
860 CK_ULONG ulCount);
862 void soft_find_objects_final(soft_session_t *sp);
864 void soft_find_objects(soft_session_t *sp, CK_OBJECT_HANDLE *obj_found,
865 CK_ULONG max_obj_requested, CK_ULONG *found_obj_count);
867 void soft_process_find_attr(CK_OBJECT_CLASS *pclasses,
868 CK_ULONG *num_result_pclasses, CK_ATTRIBUTE_PTR pTemplate,
869 CK_ULONG ulCount);
871 boolean_t soft_find_match_attrs(soft_object_t *obj, CK_OBJECT_CLASS *pclasses,
872 CK_ULONG num_pclasses, CK_ATTRIBUTE *tmpl_attr, CK_ULONG num_attr);
874 CK_ATTRIBUTE_PTR get_extra_attr(CK_ATTRIBUTE_TYPE type, soft_object_t *obj);
876 CK_RV get_string_from_template(CK_ATTRIBUTE_PTR dest, CK_ATTRIBUTE_PTR src);
878 void string_attr_cleanup(CK_ATTRIBUTE_PTR template);
880 void soft_cleanup_cert_object(soft_object_t *object_p);
882 CK_RV soft_get_certificate_attribute(soft_object_t *object_p,
883 CK_ATTRIBUTE_PTR template);
885 CK_RV soft_set_certificate_attribute(soft_object_t *object_p,
886 CK_ATTRIBUTE_PTR template, boolean_t copy);
888 CK_RV soft_copy_certificate(certificate_obj_t *old, certificate_obj_t **new,
889 CK_CERTIFICATE_TYPE type);
891 CK_RV get_cert_attr_from_template(cert_attr_t **dest,
892 CK_ATTRIBUTE_PTR src);
894 /* Token object related function prototypes */
896 void soft_add_token_object_to_slot(soft_object_t *objp);
898 void soft_remove_token_object_from_slot(soft_object_t *objp,
899 boolean_t lock_held);
901 void soft_delete_token_object(soft_object_t *objp, boolean_t persistent,
902 boolean_t lock_held);
904 void soft_delete_all_in_core_token_objects(token_obj_type_t type);
906 void soft_validate_token_objects(boolean_t validate);
908 CK_RV soft_object_write_access_check(soft_session_t *sp, soft_object_t *objp);
910 CK_RV soft_pin_expired_check(soft_object_t *objp);
912 CK_RV soft_copy_to_old_object(soft_object_t *new, soft_object_t *old);
914 CK_RV soft_keystore_load_latest_object(soft_object_t *old_obj);
916 CK_RV refresh_token_objects();
918 void bigint_attr_cleanup(biginteger_t *big);
920 CK_RV soft_add_extra_attr(CK_ATTRIBUTE_PTR template, soft_object_t *object_p);
922 CK_RV get_bigint_attr_from_template(biginteger_t *big,
923 CK_ATTRIBUTE_PTR template);
925 CK_RV dup_bigint_attr(biginteger_t *bi, CK_BYTE *buf, CK_ULONG buflen);
927 #ifdef __cplusplus
929 #endif
931 #endif /* _SOFTOBJECT_H */