metaGlobal.h revision 8047c9fb10f4d3f14385d535d6b23a5eb80c0c0f
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#ifndef _METAGLOBAL_H
#define _METAGLOBAL_H
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* This file contains all the data structures used for the meta slot
*/
#ifdef __cplusplus
extern "C" {
#endif
#include <pthread.h>
#include <synch.h>
#include <unistd.h>
#include <security/cryptoki.h>
#include <stdio.h>
#include <cryptoutil.h>
#include <pkcs11Session.h>
#include <pkcs11Slot.h>
/*
* In "generic_attr_t", attributes that are not CK_BBOOL and
* CK_ULONG, the data will be stored in generic_data.
* Currently, 16 bytes will be pre-allocated for this.
* This is just a _WILD_ guess. If actual
* experience shows that 16 bytes is too small for most of the
* data that will be stored here, and cause this
* memory to be reallocated all the time, this should be increased.
*/
#define INITIAL_ATTR_LEN 16
/* We provide one slot, with the following arbitrary identifier. */
#define METASLOT_SLOTID 42
/* Metaslot is always the first slot in the framdwork, with slotID=0 */
#define METASLOT_FRAMEWORK_ID 0
/*
* These are the 2 acceptable string values for ${METASLOT_ENABLE} and
* ${METASLOT_AUTO_KEY_MIGRATE} environment variable
*/
#define TRUE_STRING "true"
#define FALSE_STRING "false"
/* Magic values for different data structures */
#define METASLOT_SESSION_MAGIC 0xECF00004
#define METASLOT_SESSION_BADMAGIC 0xBAD00004
#define METASLOT_OBJECT_MAGIC 0xECF0B004
#define METASLOT_OBJECT_BADMAGIC 0xBAD0B004
#define METASLOT_OPSTATE_MAGIC 0xECF09004
#define METASLOT_OPSTATE_BADMAGIC 0xBAD09004
#define IS_READ_ONLY_SESSION(session_flag) \
(!(session_flag & CKF_RW_SESSION))
/*
* Operation types passed to meta_init_operation() / meta_do_operation()
* Operation modes passed to meta_do_operation()
*
* OP_* and MODE_* must be disjoint (treat as a bitmask), see meta_do_operation
*
* MODE_UPDATE_WITHKEY is only used for C_DigestKey.
*/
#define OP_UNUSED 0x0000
#define OP_ENCRYPT 0x0001
#define OP_DECRYPT 0x0002
#define OP_DIGEST 0x0004
#define OP_SIGN 0x0008
#define OP_VERIFY 0x0010
#define OP_SIGNRECOVER 0x0020
#define OP_VERIFYRECOVER 0x0040
#define MODE_SINGLE 0x0100
#define MODE_UPDATE 0x0200
#define MODE_UPDATE_WITHKEY 0x0400
#define MODE_FINAL 0x1000
/* CK_INFO: Information about cryptoki */
#define METASLOT_CRYPTOKI_VERSION_MAJOR 2
#define METASLOT_CRYPTOKI_VERSION_MINOR 11
#define METASLOT_MANUFACTURER_ID "Sun Microsystems, Inc. "
#define METASLOT_LIBRARY_DESCRIPTION "Sun Metaslot "
#define METASLOT_LIBRARY_VERSION_MAJOR 1
#define METASLOT_LIBRARY_VERSION_MINOR 1
/* CK_SLOT_INFO */
#define METASLOT_SLOT_DESCRIPTION "Sun Metaslot " \
" "
#define METASLOT_HARDWARE_VERSION_MAJOR 0
#define METASLOT_HARDWARE_VERSION_MINOR 0
#define METASLOT_FIRMWARE_VERSION_MAJOR 0
#define METASLOT_FIRMWARE_VERSION_MINOR 0
/* CK_TOKEN_INFO: More information about token */
#define METASLOT_TOKEN_LABEL "Sun Metaslot "
#define METASLOT_TOKEN_MODEL "1.0 "
#define RANDOM_DEVICE "/dev/urandom"
/*
* Maximum number of objects and sessions to queue up before actually
* freeing them using the free() system. This is necessary to workaround
* a problem in which applications re-uses handles that are no longer valid
*/
#define MAX_OBJ_TO_BE_FREED 300
#define MAX_SESSION_TO_BE_FREED 300
/*
* The following 2 functions deals with inserting and deleting
* from double linked lists. It can work with any data structure
* that have "prev" and "next" defined.
*/
/* This always inserts into the head of the list */
{ \
} else { \
} \
}
/*
* Remove item from list
*/
{ \
} else { \
} \
} else { \
} else { \
} \
} \
}
/*
* OBJRELEASE
*
* Signal that a metaobject is no longer in use (but is still valid).
*/
#define OBJRELEASE(object) \
}
/*
* REFRELEASE
*
* Signal that a metasession is no longer in use (but is still valid).
*
*/
#define REFRELEASE(session) \
}
/* Generic attribute type, for storing and managing PKCS#11 attributes. */
typedef struct _attr {
/* attr is necessary for creating a clone of the object */
/*
* depends on the PKCS#11 implementation, this attr might or might
* not have a value. It's OK for it to not have a value
* (ie: the default value is empty)
*/
/*
* These need to be defined here before the actual structures are defined
* because they are used in some of the structure definitions.
*/
typedef struct slotobject slot_object_t;
typedef struct metasession meta_session_t;
typedef struct metaobject meta_object_t;
typedef struct metaopstate meta_opstate_t;
/*
* slot_session_t
*
* Wrapper for a session on a provider. This structure is only used internally
* in metaslot; it is never revealed to applications.
*/
typedef struct slotsession {
struct slotsession *next;
struct slotsession *prev;
/*
* slot_object_t
*
* Wrapper for an object on a provider. This structure is only used internally
* in metaslot; it is never revealed to applications.
*/
struct slotobject {
struct slotobject *next;
struct slotobject *prev;
};
/*
* mechinfo_t
*
* A mechinfo_t is created for each mechanism on a slot.
*
* This information is used for selecting which slots support the given
* mechanism for a crypto operation.
*
*/
typedef struct mechinfo {
} mechinfo_t;
/*
* operation_info_t
*
* Part of a meta_session_t, used to track active operations.
*/
typedef struct opinfo {
int type;
typedef struct find_objs_info {
int num_matched_objs;
int next_result_index; /* index of next object to be returned */
typedef struct mech_support_info {
/* Array of mechinfo_t allocated based on number of slots */
unsigned long num_supporting_slots;
/*
* meta_session_t
*
* The internal state for a meta-session is kept here. The session handles
* given to applications are always pointers to a structure of this type.
*
*/
struct metasession {
struct metasession *next;
struct metasession *prev;
/*
* Could have just declared this as "op", but declaring it as
* op1 so that "op2" can be easily added when dual-op support
* is implemented in the future
*/
/*
* This is for keeping track of which slots support a particular
* mechanism. This information doesn't
* have to be kept on a per session bases, but having the
* memory pre-allocated per session would make things much simpiler,
* because memory doesn't need to be allocated/deallocated everytime
* we do an operation.
*/
/* Session objects created by this session. */
/* C_FindObjects support. */
};
/*
* meta_object_t
*
* The internal state for a meta-object is kept here. The object handles
* given to applications are always pointers to a structure of this type.
*/
struct metaobject {
struct metaobject *next;
struct metaobject *prev;
/* indicate if tried to create clone object in a slot */
};
/*
* struct metaopstate
*
* Used as the format for the operation state returned via
* C_GetOperationState.
*/
typedef struct opstate_data {
int op_type;
struct metaopstate {
/*
* Could have just declared this as "state", but declaring it like this
* so that when dual-op support is implemented in the future, the
* changes will be simplier.
*/
};
/*
* session_pool_t
*
* Used to cache open sessions in a slot.
*/
typedef struct sessionpool {
/* list of sessions that's currently in use */
/*
* list of sessions that are not in use, but can't be deleted because
* or we need to have one session left with the provider to maintain
* the logged in state. Any of these sessions could be re-used if
* a session is needed to be established with a provider.
*/
/*
* List of sessions that are not in use at the moment. We keep
* a list of sessions with a particular provider instead of
* creating a new session everytime for efficiency
*/
int num_idle_sessions; /* number of sessions in "idle_list_head" */
/*
* slot_data_t
*
* Each slot has a session pool, a collection of persistant sessions to
* allow for more efficient operation. Specifically, to allow reuse of
* previously session objects (which need the creating session to stick
*/
typedef struct slotdata {
} slot_data_t;
typedef enum {
ALL_TOKEN = 0,
PUBLIC_TOKEN = 1,
PRIVATE_TOKEN = 2
/*
* metaslot_config_t
*
* This holds the configuration information for meta slot.
* It will first be filled with values that users defined
* in environment variables. Any value not defined by the user
* will be filled with values from the system wide configuration file.
*/
typedef struct _metaslot_config {
/* token to be used as the keystore for metaslot */
/* slot to be used as the keystore for metaslot */
/* should meta slot be enabled or not */
/* should auto migration of sensitive token objects be enabled or not */
/*
* The following 2 structures are used to link the to-be-freed
* meta sessions and meta objects into linked lists.
* The items on these linked list have not yet been freed via free(); instead
* they are added to this list. The actual free will take place when
* the number of objects queued reaches MAX_OBJ_TO_BE_FREED or
* MAX_SESSION_TO_BE_FREED, at which time the first object in the
* list will be freed.
*/
typedef struct obj_to_be_freed_list {
typedef struct ses_to_be_freed_list {
/* Global variables */
extern metaslot_config_t metaslot_config;
extern boolean_t metaslot_enabled;
extern CK_SLOT_ID metaslot_keystore_slotid;
extern boolean_t metaslot_auto_key_migrate;
extern struct CK_FUNCTION_LIST metaslot_functionList;
extern int meta_urandom_seed_fd;
extern pthread_mutex_t initmutex;
/* --- Prototypes --- */
void meta_slotManager_finalize();
void meta_mechManager_finalize();
void get_user_metaslot_config();
void meta_sessionManager_finalize();
void meta_objectManager_finalize();
slot_object_t **clone);
CK_ULONG get_keystore_slotnum(void);
int looping_read(int, void *, int);
int looping_write(int, void *, int);
/*
* Prototypes for the various meta_Foo implementations of C_Foo.
*
*/
#ifdef __cplusplus
}
#endif
#endif /* _METAGLOBAL_H */