tpmtok_int.h revision 90485377c865d59d1f5371960ae60cee3b580421
/*
* The Initial Developer of the Original Code is International
* Business Machines Corporation. Portions created by IBM
* Corporation are Copyright(C) 2005 International Business
* Machines Corporation. All Rights Reserved.
*
* it under the terms of the Common Public License as published by
* IBM Corporation; either version 1 of the License, or(at your option)
* any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* Common Public License for more details.
*
* You should have received a copy of the Common Public License
* along with this program; if not, a copy can be viewed at
*/
/* (C) COPYRIGHT International Business Machines Corp. 2001, 2002, 2005 */
/*
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#ifndef _TPMTOK_INT_H
#define _TPMTOK_INT_H
#include <stdio.h>
#include <pthread.h>
#include <string.h>
#include <strings.h>
#include <md5.h>
#include <sha1.h>
#include <limits.h>
#include <syslog.h>
#include <errno.h>
#include <sys/byteorder.h>
#include <security/cryptoki.h>
#include <tss/platform.h>
#include <tss/tss_defines.h>
#include <tss/tss_typedef.h>
#include <tss/tss_structs.h>
#define VERSION_MAJOR 2
#define VERSION_MINOR 1
#define MAX_SESSION_COUNT 64
#define MAX_PIN_LEN 256
#define MIN_PIN_LEN 1
#define MAX_SLOT_ID 10
#ifndef MIN
#define MIN(a, b) ((a) < (b) ? (a) : (b))
#endif
#define MODE_COPY (1 << 0)
// RSA block formatting types
//
#define PKCS_BT_1 1
#define PKCS_BT_2 2
#define OP_ENCRYPT_INIT 1
#define OP_DECRYPT_INIT 2
#define OP_WRAP 3
#define OP_UNWRAP 4
#define OP_SIGN_INIT 5
#define OP_VERIFY_INIT 6
enum {
STATE_INVALID = 0,
};
#define SHA1_BLOCK_SIZE 64
#define RSA_BLOCK_SIZE 256
#ifndef PATH_MAX
#define PATH_MAX MAXPATHLEN
#endif
#ifndef PACK_DATA
#define PACK_DATA
#endif
#define MD5_BLOCK_SIZE 64
#define DSA_SIGNATURE_SIZE 40
#define DEFAULT_SO_PIN "87654321"
typedef enum {
ALL = 1,
typedef struct _DL_NODE
{
void *data;
} DL_NODE;
#define TOKEN_DATA_FILE "token.dat"
#define TOKEN_OBJ_DIR "objects"
#define TOKEN_OBJ_INDEX_FILE "obj.idx"
#define TPMTOK_UUID_INDEX_FILENAME "uuids.idx"
/*
* Filenames used to store migration data.
*/
#define SO_MAKEY_FILENAME "so_makey.dat"
#define USER_MAKEY_FILENAME "user_makey.dat"
#define SO_KEYBLOB_FILENAME "so_blob.dat"
#define USER_KEYBLOB_FILENAME "user_blob.dat"
#define __FUNCTION__ __func__
//
// Both of the strings below have a length of 32 chars and must be
// padded with spaces, and non - null terminated.
//
#define PKW_CRYPTOKI_VERSION_MAJOR 2
#define PKW_CRYPTOKI_VERSION_MINOR 1
#define PKW_CRYPTOKI_MANUFACTURER "Sun Microsystems, Inc. "
#define PKW_CRYPTOKI_LIBDESC "PKCS#11 Interface for TPM "
#define PKW_CRYPTOKI_LIB_VERSION_MAJOR 1
#define PKW_CRYPTOKI_LIB_VERSION_MINOR 0
#define PKW_MAX_DEVICES 10
#define MAX_TOK_OBJS 2048
#define NUMBER_SLOTS_MANAGED 1
#define TPM_SLOTID 1
/*
* CKA_HIDDEN will be used to filter return results on
* a C_FindObjects call. Used for objects internal to the
* TPM token for management
*/
/* custom attributes for the TPM token */
/*
* CKA_ENC_AUTHDATA will be used to store the encrypted SHA-1
* hashes of auth data passed in for TPM keys. The authdata
* will be encrypted using either the public
* leaf key or the private leaf key
*/
/* custom return codes for the TPM token */
typedef struct {
} ST_SESSION_T;
typedef ST_SESSION_T ST_SESSION_HANDLE;
typedef struct {
void *Previous;
void *Next;
typedef Session_Struct_t *SessStructP;
typedef struct {
enum {
PRF_DUMMYFUNCTION = 1,
};
typedef struct _ENCR_DECR_CONTEXT
{
typedef struct _DIGEST_CONTEXT
{
union {
void *ref; /* reference ptr for the union */
} context;
typedef struct _SIGN_VERIFY_CONTEXT
{
void *context; // temporary work area
typedef struct _SESSION
{
} SESSION;
typedef struct _TEMPLATE
{
} TEMPLATE;
typedef struct _OBJECT
{
} OBJECT;
typedef struct _OBJECT_MAP
{
} OBJECT_MAP;
typedef struct _ATTRIBUTE_PARSE_LIST
{
void *ptr;
typedef struct _OP_STATE_DATA
{
typedef struct _TWEAK_VEC
{
int allow_key_mods;
} TWEAK_VEC;
typedef struct _TOKEN_DATA
{
} TOKEN_DATA;
typedef struct _RSA_DIGEST_CONTEXT {
typedef struct _MECH_LIST_ELEMENT
{
struct mech_list_item;
struct mech_list_item {
struct mech_list_item *next;
};
struct mech_list_item *
struct mech_list_item *head);
typedef struct _TOK_OBJ_ENTRY
{
char name[8];
typedef struct _LW_SHM_TYPE
{
} LW_SHM_TYPE;
typedef unsigned int CK_ULONG_32;
typedef CK_ULONG_32 CK_OBJECT_CLASS_32;
typedef CK_ULONG_32 CK_ATTRIBUTE_TYPE_32;
typedef struct CK_ATTRIBUTE_32 {
char *get_tpm_keystore_path();
struct messages {
char *msg;
};
struct token_specific_struct {
int (*t_slot2local)();
CK_RV (*t_rsa_encrypt)(
CK_BYTE *,
CK_BYTE *,
CK_ULONG *,
OBJECT *);
CK_BYTE *,
CK_BYTE *,
OBJECT *);
CK_RV (*t_sha_update)(
CK_BYTE *,
CK_ULONG);
CK_RV (*t_sha_final)(
CK_BYTE *,
CK_ULONG *);
};
typedef struct token_specific_struct token_spec_t;
/*
* Global Variables
*/
extern token_spec_t token_specific;
extern CK_BBOOL initialized;
extern char *card_function_names[];
extern char *total_function_names[];
extern MECH_LIST_ELEMENT mech_list[];
extern CK_ULONG mech_list_len;
extern pthread_mutex_t native_mutex;
extern void *xproclock;
extern DL_NODE *sess_obj_list;
extern DL_NODE *publ_token_obj_list;
extern DL_NODE *priv_token_obj_list;
extern DL_NODE *object_map;
extern LW_SHM_TYPE *global_shm;
extern TOKEN_DATA *nv_token_data;
extern CK_ULONG next_object_handle;
extern CK_ULONG next_session_handle;
extern CK_STATE global_login_state;
extern CK_BYTE ber_AlgIdRSAEncryption[];
extern CK_ULONG ber_AlgIdRSAEncryptionLen;
extern CK_BYTE ber_rsaEncryption[];
extern CK_ULONG ber_rsaEncryptionLen;
extern CK_ULONG ber_idDSALen;
extern CK_BYTE ber_md5WithRSAEncryption[];
extern CK_ULONG ber_md5WithRSAEncryptionLen;
extern CK_BYTE ber_sha1WithRSAEncryption[];
extern CK_ULONG ber_sha1WithRSAEncryptionLen;
extern CK_BYTE ber_AlgMd5[];
extern CK_ULONG ber_AlgMd5Len;
extern CK_BYTE ber_AlgSha1[];
extern CK_ULONG ber_AlgSha1Len;
extern CK_C_INITIALIZE_ARGS cinit_args;
/*
* Function Prototypes
*/
void *attach_shared_memory();
void detach_shared_memory(char *);
int API_Initialized();
void Terminate_All_Process_Sessions();
int API_Register();
void API_UnRegister();
void CreateXProcLock(void *);
int XProcLock(void *);
int XProcUnLock(void *);
void loginit();
void logterm();
void logit(int, char *, ...);
void AddToSessionList(Session_Struct_t *);
void RemoveFromSessionList(Session_Struct_t *);
extern void init_slot_info(TOKEN_DATA *);
unsigned long, unsigned char *);
CK_RV load_public_token_objects(void);
SESSION *,
CK_BYTE *,
CK_BYTE *,
CK_ULONG *);
CK_BYTE *,
CK_BYTE *,
CK_ULONG *);
CK_BYTE *,
CK_BYTE *,
CK_ULONG *);
CK_BYTE *,
CK_BYTE *,
CK_ULONG);
CK_BYTE *,
CK_BYTE *,
CK_ULONG *);
CK_BYTE *,
CK_BYTE *,
CK_ULONG *);
CK_BYTE *,
CK_BYTE *,
CK_ULONG);
CK_BYTE *,
CK_ULONG);
CK_BYTE *,
CK_ULONG);
CK_BYTE *,
CK_ULONG *);
CK_BYTE *,
CK_ULONG);
CK_BYTE *,
CK_BYTE *,
CK_ULONG *);
CK_BYTE *,
CK_BYTE *,
CK_ULONG);
CK_BYTE *,
CK_BYTE *,
CK_ULONG *);
CK_BYTE *,
CK_BYTE *,
CK_ULONG);
void dlist_purge(DL_NODE *);
CK_RV attach_shm(void);
CK_RV detach_shm(void);
// encryption manager routines
//
CK_MECHANISM *,
CK_MECHANISM *,
CK_MECHANISM *);
CK_MECHANISM *,
CK_ATTRIBUTE *, CK_ULONG,
CK_ATTRIBUTE *, CK_ULONG,
CK_OBJECT_HANDLE *);
CK_MECHANISM *,
CK_BYTE *,
CK_ULONG *);
CK_MECHANISM *,
CK_ATTRIBUTE *,
CK_BYTE *,
CK_OBJECT_HANDLE *);
CK_MECHANISM *,
CK_BYTE *,
CK_BYTE *,
CK_ULONG *);
CK_BYTE *,
CK_BYTE *,
CK_ULONG *);
CK_BYTE *,
CK_ULONG *);
CK_BYTE *,
CK_ULONG);
CK_MECHANISM *,
CK_BYTE *,
CK_BYTE *,
CK_ULONG);
CK_BYTE *,
CK_BYTE *,
CK_ULONG *);
CK_BYTE *,
CK_ULONG);
CK_BYTE *,
CK_ULONG);
// session manager routines
//
CK_RV session_mgr_logout_all(void);
CK_OBJECT_HANDLE *);
OBJECT *, CK_OBJECT_HANDLE *);
CK_ATTRIBUTE *,
DL_NODE *,
CK_ATTRIBUTE *,
CK_ULONG);
CK_ULONG *);
CK_ATTRIBUTE *,
CK_ULONG);
OBJECT **);
OBJECT *,
OBJECT **);
CK_BYTE **,
CK_ULONG_32 *);
CK_ATTRIBUTE *,
CK_ULONG);
OBJECT **,
CK_ATTRIBUTE *,
CK_ULONG);
CK_ATTRIBUTE *, CK_ULONG);
CK_ULONG);
CK_ULONG);
CK_ULONG);
CK_ATTRIBUTE *, CK_ULONG);
// DATA OBJECT ROUTINES
//
// CERTIFICATE ROUTINES
//
// KEY ROUTINES
//
CK_ULONG);
// rsa routines
//
// Generic secret key routines
CK_ATTRIBUTE *);
CK_ATTRIBUTE **, CK_ATTRIBUTE **);
#define APPID "TPM_STDLL"
/* log to stdout */
(int)__LINE__, __VA_ARGS__);
/* Debug logging */
#ifdef DEBUG
/* Error logging */
"ERROR: " data)
/* Warn logging */
"WARNING: " data)
/* Info Logging */
"", __VA_ARGS__)
#else
#define LogDebug(...)
#define LogDebug1(...)
#define LogBlob(...)
#define LogError(...)
#define LogError1(...)
#define LogWarn(...)
#define LogWarn1(...)
#define LogInfo(...)
#define LogInfo1(...)
#define st_err_log(...)
#endif
/*
* CK_FUNCTION_LIST is a structure holding a Cryptoki spec
* version and pointers of appropriate types to all the
* Cryptoki functions
*/
/* CK_FUNCTION_LIST is new for v2.0 */
typedef CK_RV
typedef CK_RV
typedef CK_RV
(CK_PTR ST_C_Terminate)();
typedef CK_RV
(CK_INFO_PTR pInfo);
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
(CK_SLOT_ID slotID);
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
typedef CK_RV
struct ST_FCN_LIST {
};
typedef struct ST_FCN_LIST STDLL_FcnList_t;
#endif /* _TPMTOK_INT_H */