pkcs11_kms/common/kmsObject.h

2N/A/*
2N/A * CDDL HEADER START
2N/A *
2N/A * The contents of this file are subject to the terms of the
2N/A * Common Development and Distribution License (the "License").
2N/A * You may not use this file except in compliance with the License.
2N/A *
2N/A * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
2N/A * or http://www.opensolaris.org/os/licensing.
2N/A * See the License for the specific language governing permissions
2N/A * and limitations under the License.
2N/A *
2N/A * When distributing Covered Code, include this CDDL HEADER in each
2N/A * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
2N/A * If applicable, add the following below this CDDL HEADER, with the
2N/A * fields enclosed by brackets "[]" replaced with your own identifying
2N/A * information: Portions Copyright [yyyy] [name of copyright owner]
2N/A *
2N/A * CDDL HEADER END
2N/A */
2N/A/*
2N/A * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
2N/A */
2N/A
2N/A#ifndef _KMSOBJECT_H
2N/A#define _KMSOBJECT_H
2N/A
2N/A#ifdef __cplusplus
2N/Aextern "C" {
2N/A#endif
2N/A
2N/A#include <security/pkcs11t.h>
2N/A#include "kmsSession.h"
2N/A#include "kmsSlot.h"
2N/A
2N/A#define KMSTOKEN_OBJECT_MAGIC 0xECF0B004
2N/A
2N/A#define KMS_CREATE_OBJ  1
2N/A#define KMS_GEN_KEY 2
2N/A
2N/A/*
2N/A * Secret key Struct
2N/A */
2N/Atypedef struct secret_key_obj {
2N/A    CK_BYTE *sk_value;
2N/A    CK_ULONG sk_value_len;
2N/A    void *key_sched;
2N/A    size_t keysched_len;
2N/A} secret_key_obj_t;
2N/A
2N/A/*
2N/A * This structure is used to hold the attributes in the
2N/A * Extra Attribute List.
2N/A */
2N/Atypedef struct attribute_info {
2N/A    CK_ATTRIBUTE    attr;
2N/A    struct attribute_info *next;
2N/A} attribute_info_t;
2N/A
2N/Atypedef attribute_info_t *CK_ATTRIBUTE_INFO_PTR;
2N/A
2N/A/*
2N/A * This is the main structure of the Objects.
2N/A */
2N/Atypedef struct object {
2N/A    boolean_t   is_lib_obj; /* default is TRUE */
2N/A
2N/A    /* Generic common fields. Always present */
2N/A    CK_OBJECT_CLASS class;
2N/A    CK_KEY_TYPE key_type;
2N/A    CK_ULONG magic_marker;
2N/A    uint64_t bool_attr_mask;
2N/A    CK_MECHANISM_TYPE mechanism;
2N/A
2N/A    /* Fields for access and arbitration */
2N/A    pthread_mutex_t object_mutex;
2N/A    struct object *next;
2N/A    struct object *prev;
2N/A
2N/A    /* Extra non-boolean attribute list */
2N/A    CK_ATTRIBUTE_INFO_PTR extra_attrlistp;
2N/A    CK_ULONG extra_attrcount;
2N/A
2N/A    /* For each object, only one object class is presented */
2N/A    union {
2N/A        secret_key_obj_t  *secret_key;
2N/A    } object_class_u;
2N/A
2N/A    /* Session handle that the object belongs to */
2N/A    CK_SESSION_HANDLE   session_handle;
2N/A    uint32_t    obj_refcnt; /* object reference count */
2N/A    pthread_cond_t  obj_free_cond;  /* cond variable for signal and wait */
2N/A    uint32_t    obj_delete_sync;    /* object delete sync flags */
2N/A} kms_object_t;
2N/A
2N/Atypedef struct find_context {
2N/A    kms_object_t **objs_found;
2N/A    CK_ULONG num_results;
2N/A    CK_ULONG next_result_index; /* next result object to return */
2N/A} find_context_t;
2N/A
2N/A/*
2N/A * The following structure is used to link the to-be-freed session
2N/A * objects into a linked list. The objects on this linked list have
2N/A * not yet been freed via free() after C_DestroyObject() call; instead
2N/A * they are added to this list. The actual free will take place when
2N/A * the number of objects queued reaches MAX_OBJ_TO_BE_FREED, at which
2N/A * time the first object in the list will be freed.
2N/A */
2N/A#define MAX_OBJ_TO_BE_FREED     300
2N/A
2N/Atypedef struct obj_to_be_freed_list {
2N/A    kms_object_t    *first; /* points to first obj in the list */
2N/A    kms_object_t    *last;  /* points to last obj in the list */
2N/A    uint32_t    count;  /* current total objs in the list */
2N/A    pthread_mutex_t obj_to_be_free_mutex;
2N/A} object_to_be_freed_list_t;
2N/A
2N/Aextern object_to_be_freed_list_t obj_delay_freed;
2N/A
2N/A/*
2N/A * The following definitions are the shortcuts
2N/A */
2N/A
2N/A/*
2N/A * Secret Key Object Attributes
2N/A */
2N/A#define OBJ_SEC(o) \
2N/A    ((o)->object_class_u.secret_key)
2N/A#define OBJ_SEC_VALUE(o) \
2N/A    ((o)->object_class_u.secret_key->sk_value)
2N/A#define OBJ_SEC_VALUE_LEN(o) \
2N/A    ((o)->object_class_u.secret_key->sk_value_len)
2N/A#define OBJ_KEY_SCHED(o) \
2N/A    ((o)->object_class_u.secret_key->key_sched)
2N/A#define OBJ_KEY_SCHED_LEN(o) \
2N/A    ((o)->object_class_u.secret_key->keysched_len)
2N/A
2N/A/*
2N/A * key related attributes with CK_BBOOL data type
2N/A */
2N/A#define DERIVE_BOOL_ON          0x00000001
2N/A#define LOCAL_BOOL_ON           0x00000002
2N/A#define SENSITIVE_BOOL_ON       0x00000004
2N/A#define SECONDARY_AUTH_BOOL_ON      0x00000008
2N/A#define ENCRYPT_BOOL_ON         0x00000010
2N/A#define DECRYPT_BOOL_ON         0x00000020
2N/A#define SIGN_BOOL_ON            0x00000040
2N/A#define SIGN_RECOVER_BOOL_ON        0x00000080
2N/A#define VERIFY_BOOL_ON          0x00000100
2N/A#define VERIFY_RECOVER_BOOL_ON      0x00000200
2N/A#define WRAP_BOOL_ON            0x00000400
2N/A#define UNWRAP_BOOL_ON          0x00000800
2N/A#define TRUSTED_BOOL_ON         0x00001000
2N/A#define EXTRACTABLE_BOOL_ON     0x00002000
2N/A#define ALWAYS_SENSITIVE_BOOL_ON    0x00004000
2N/A#define NEVER_EXTRACTABLE_BOOL_ON   0x00008000
2N/A#define PRIVATE_BOOL_ON         0x00010000
2N/A#define TOKEN_BOOL_ON           0x00020000
2N/A#define MODIFIABLE_BOOL_ON      0x00040000
2N/A
2N/A#define SECRET_KEY_DEFAULT  (ENCRYPT_BOOL_ON|\
2N/A                DECRYPT_BOOL_ON|\
2N/A                SIGN_BOOL_ON|\
2N/A                VERIFY_BOOL_ON|\
2N/A                WRAP_BOOL_ON|\
2N/A                UNWRAP_BOOL_ON|\
2N/A                EXTRACTABLE_BOOL_ON|\
2N/A                MODIFIABLE_BOOL_ON)
2N/A
2N/A/*
2N/A * Flag definitions for obj_delete_sync
2N/A */
2N/A#define OBJECT_IS_DELETING  1   /* Object is in a deleting state */
2N/A#define OBJECT_REFCNT_WAITING   2   /* Waiting for object reference */
2N/A                    /* count to become zero */
2N/A
2N/A/*
2N/A * This macro is used to type cast an object handle to a pointer to
2N/A * the object struct. Also, it checks to see if the object struct
2N/A * is tagged with an object magic number. This is to detect when an
2N/A * application passes a bogus object pointer.
2N/A * Also, it checks to see if the object is in the deleting state that
2N/A * another thread is performing. If not, increment the object reference
2N/A * count by one. This is to prevent this object from being deleted by
2N/A * other thread.
2N/A */
2N/A#define HANDLE2OBJECT_COMMON(hObject, object_p, rv, REFCNT_CODE) { \
2N/A    object_p = (kms_object_t *)(hObject); \
2N/A    if ((object_p == NULL) || \
2N/A        (object_p->magic_marker != KMSTOKEN_OBJECT_MAGIC)) {\
2N/A            rv = CKR_OBJECT_HANDLE_INVALID; \
2N/A    } else { \
2N/A        (void) pthread_mutex_lock(&object_p->object_mutex); \
2N/A        if (!(object_p->obj_delete_sync & OBJECT_IS_DELETING)) { \
2N/A            REFCNT_CODE; \
2N/A            rv = CKR_OK; \
2N/A        } else { \
2N/A            rv = CKR_OBJECT_HANDLE_INVALID; \
2N/A        } \
2N/A        (void) pthread_mutex_unlock(&object_p->object_mutex); \
2N/A    } \
2N/A}
2N/A
2N/A#define HANDLE2OBJECT(hObject, object_p, rv) \
2N/A    HANDLE2OBJECT_COMMON(hObject, object_p, rv, object_p->obj_refcnt++)
2N/A
2N/A#define HANDLE2OBJECT_DESTROY(hObject, object_p, rv) \
2N/A    HANDLE2OBJECT_COMMON(hObject, object_p, rv, /* no refcnt increment */)
2N/A
2N/A
2N/A#define OBJ_REFRELE(object_p) { \
2N/A    (void) pthread_mutex_lock(&object_p->object_mutex); \
2N/A    if ((--object_p->obj_refcnt) == 0 && \
2N/A        (object_p->obj_delete_sync & OBJECT_REFCNT_WAITING)) { \
2N/A        (void) pthread_cond_signal(&object_p->obj_free_cond); \
2N/A    } \
2N/A    (void) pthread_mutex_unlock(&object_p->object_mutex); \
2N/A}
2N/A
2N/A
2N/A/*
2N/A * Function Prototypes.
2N/A */
2N/Avoid kms_cleanup_object(kms_object_t *objp);
2N/A
2N/ACK_RV kms_add_object(CK_ATTRIBUTE_PTR pTemplate,  CK_ULONG ulCount,
2N/A    CK_ULONG *objecthandle_p, kms_session_t *sp);
2N/A
2N/ACK_RV kms_delete_object(kms_session_t *, kms_object_t *,
2N/A    boolean_t, boolean_t);
2N/A
2N/Avoid kms_cleanup_extra_attr(kms_object_t *object_p);
2N/A
2N/ACK_RV kms_copy_extra_attr(CK_ATTRIBUTE_INFO_PTR old_attrp,
2N/A    kms_object_t *object_p);
2N/A
2N/Avoid kms_cleanup_object_bigint_attrs(kms_object_t *object_p);
2N/A
2N/ACK_RV kms_build_object(CK_ATTRIBUTE_PTR, CK_ULONG, kms_object_t *);
2N/A
2N/ACK_RV kms_copy_object(kms_object_t *old_object,
2N/A    kms_object_t **new_object, boolean_t copy_everything,
2N/A    kms_session_t *sp);
2N/A
2N/Avoid kms_merge_object(kms_object_t *old_object,
2N/A    kms_object_t *new_object);
2N/A
2N/ACK_RV kms_get_attribute(kms_object_t *object_p,
2N/A    CK_ATTRIBUTE_PTR template);
2N/A
2N/ACK_RV kms_set_attribute(kms_object_t *, CK_ATTRIBUTE_PTR, boolean_t);
2N/A
2N/Avoid kms_add_object_to_session(kms_object_t *objp, kms_session_t *sp);
2N/A
2N/ACK_RV kms_copy_secret_key_attr(secret_key_obj_t *old_secret_key_obj_p,
2N/A    secret_key_obj_t **new_secret_key_obj_p);
2N/A
2N/ACK_RV kms_validate_attr(CK_ATTRIBUTE_PTR template, CK_ULONG ulAttrNum,
2N/A    CK_OBJECT_CLASS *class);
2N/A
2N/ACK_RV kms_find_objects_init(kms_session_t *sp,
2N/A    CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount);
2N/A
2N/Avoid kms_find_objects_final(kms_session_t *sp);
2N/A
2N/ACK_RV kms_find_objects(kms_session_t *sp,
2N/A    CK_OBJECT_HANDLE *obj_found, CK_ULONG max_obj_requested,
2N/A    CK_ULONG *found_obj_count);
2N/A
2N/Avoid kms_process_find_attr(CK_OBJECT_CLASS *pclasses,
2N/A    CK_ULONG *num_result_pclasses, CK_ATTRIBUTE_PTR pTemplate,
2N/A    CK_ULONG ulCount);
2N/A
2N/Aboolean_t kms_find_match_attrs(kms_object_t *obj,
2N/A    CK_OBJECT_CLASS *pclasses, CK_ULONG num_pclasses,
2N/A    CK_ATTRIBUTE *tmpl_attr, CK_ULONG num_attr);
2N/A
2N/ACK_ATTRIBUTE_PTR get_extra_attr(CK_ATTRIBUTE_TYPE type, kms_object_t *obj);
2N/A
2N/ACK_RV get_string_from_template(CK_ATTRIBUTE_PTR dest, CK_ATTRIBUTE_PTR src);
2N/A
2N/Avoid string_attr_cleanup(CK_ATTRIBUTE_PTR template);
2N/A
2N/Avoid kms_add_token_object_to_slot(kms_object_t *objp,
2N/A    kms_slot_t *pslot);
2N/A
2N/Avoid kms_remove_token_object_from_slot(kms_slot_t *pslot,
2N/A    kms_object_t *objp);
2N/A
2N/ACK_RV kms_delete_token_object(kms_slot_t *pslot, kms_session_t *sp,
2N/A    kms_object_t *obj, boolean_t lock_held, boolean_t wrapper_only);
2N/A
2N/Avoid kms_cleanup_pri_objects_in_slot(kms_slot_t *pslot,
2N/A    kms_session_t *sp);
2N/A
2N/ACK_RV kms_get_object_size(kms_object_t *objp, CK_ULONG_PTR pulSize);
2N/A
2N/Avoid kms_object_delay_free(kms_object_t *);
2N/A
2N/Akms_object_t *kms_new_object();
2N/Avoid kms_free_object(kms_object_t *);
2N/A
2N/A#ifdef  __cplusplus
2N/A}
2N/A#endif
2N/A
2N/A#endif /* _KMSOBJECT_H */