1 /* 2 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 /* crypto/engine/hw_pk11_err.h */ 7 /* 8 * This product includes software developed by the OpenSSL Project for 9 * use in the OpenSSL Toolkit (http://www.openssl.org/). 10 * 11 * This project also referenced hw_pkcs11-0.9.7b.patch written by 12 * Afchine Madjlessi. 13 */ 14 /* 15 * ==================================================================== 16 * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved. 17 * 18 * Redistribution and use in source and binary forms, with or without 19 * modification, are permitted provided that the following conditions 20 * are met: 21 * 22 * 1. Redistributions of source code must retain the above copyright 23 * notice, this list of conditions and the following disclaimer. 24 * 25 * 2. Redistributions in binary form must reproduce the above copyright 26 * notice, this list of conditions and the following disclaimer in 27 * the documentation and/or other materials provided with the 28 * distribution. 29 * 30 * 3. All advertising materials mentioning features or use of this 31 * software must display the following acknowledgment: 32 * "This product includes software developed by the OpenSSL Project 33 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 34 * 35 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 36 * endorse or promote products derived from this software without 37 * prior written permission. For written permission, please contact 38 * licensing@OpenSSL.org. 39 * 40 * 5. Products derived from this software may not be called "OpenSSL" 41 * nor may "OpenSSL" appear in their names without prior written 42 * permission of the OpenSSL Project. 43 * 44 * 6. Redistributions of any form whatsoever must retain the following 45 * acknowledgment: 46 * "This product includes software developed by the OpenSSL Project 47 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 48 * 49 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 50 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 52 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 53 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 54 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 55 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 56 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 57 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 58 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 59 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 60 * OF THE POSSIBILITY OF SUCH DAMAGE. 61 * ==================================================================== 62 * 63 * This product includes cryptographic software written by Eric Young 64 * (eay@cryptsoft.com). This product includes software written by Tim 65 * Hudson (tjh@cryptsoft.com). 66 * 67 */ 68 69 #ifndef HW_PK11_ERR_H 70 #define HW_PK11_ERR_H 71 72 void ERR_pk11_error(int function, int reason, char *file, int line); 73 void PK11err_add_data(int function, int reason, CK_RV rv); 74 #define PK11err(f, r) ERR_pk11_error((f), (r), __FILE__, __LINE__) 75 76 /* Error codes for the PK11 functions. */ 77 78 /* Function codes. */ 79 80 #define PK11_F_INIT 100 81 #define PK11_F_FINISH 101 82 #define PK11_F_DESTROY 102 83 #define PK11_F_CTRL 103 84 #define PK11_F_RSA_INIT 104 85 #define PK11_F_RSA_FINISH 105 86 #define PK11_F_GET_PUB_RSA_KEY 106 87 #define PK11_F_GET_PRIV_RSA_KEY 107 88 #define PK11_F_RSA_GEN_KEY 108 89 #define PK11_F_RSA_PUB_ENC 109 90 #define PK11_F_RSA_PRIV_ENC 110 91 #define PK11_F_RSA_PUB_DEC 111 92 #define PK11_F_RSA_PRIV_DEC 112 93 #define PK11_F_RSA_SIGN 113 94 #define PK11_F_RSA_VERIFY 114 95 #define PK11_F_RAND_ADD 115 96 #define PK11_F_RAND_BYTES 116 97 #define PK11_F_GET_SESSION 117 98 #define PK11_F_FREE_SESSION 118 99 #define PK11_F_LOAD_PUBKEY 119 100 #define PK11_F_LOAD_PRIVKEY 120 101 #define PK11_F_RSA_PUB_ENC_LOW 121 102 #define PK11_F_RSA_PRIV_ENC_LOW 122 103 #define PK11_F_RSA_PUB_DEC_LOW 123 104 #define PK11_F_RSA_PRIV_DEC_LOW 124 105 #define PK11_F_DSA_SIGN 125 106 #define PK11_F_DSA_VERIFY 126 107 #define PK11_F_DSA_INIT 127 108 #define PK11_F_DSA_FINISH 128 109 #define PK11_F_GET_PUB_DSA_KEY 129 110 #define PK11_F_GET_PRIV_DSA_KEY 130 111 #define PK11_F_DH_INIT 131 112 #define PK11_F_DH_FINISH 132 113 #define PK11_F_MOD_EXP_DH 133 114 #define PK11_F_GET_DH_KEY 134 115 #define PK11_F_FREE_ALL_SESSIONS 135 116 #define PK11_F_SETUP_SESSION 136 117 #define PK11_F_DESTROY_OBJECT 137 118 #define PK11_F_CIPHER_INIT 138 119 #define PK11_F_CIPHER_DO_CIPHER 139 120 #define PK11_F_GET_CIPHER_KEY 140 121 #define PK11_F_DIGEST_INIT 141 122 #define PK11_F_DIGEST_UPDATE 142 123 #define PK11_F_DIGEST_FINAL 143 124 #define PK11_F_CHOOSE_SLOT 144 125 #define PK11_F_CIPHER_FINAL 145 126 #define PK11_F_LIBRARY_INIT 146 127 #define PK11_F_LOAD 147 128 #define PK11_F_DH_GEN_KEY 148 129 #define PK11_F_DH_COMP_KEY 149 130 #define PK11_F_DIGEST_COPY 150 131 #define PK11_F_CIPHER_CLEANUP 151 132 #define PK11_F_ACTIVE_ADD 152 133 #define PK11_F_ACTIVE_DELETE 153 134 #define PK11_F_CHECK_HW_MECHANISMS 154 135 #define PK11_F_INIT_SYMMETRIC 155 136 #define PK11_F_ADD_AES_CTR_NIDS 156 137 #define PK11_F_INIT_ALL_LOCKS 157 138 #define PK11_F_RETURN_SESSION 158 139 140 /* Reason codes. */ 141 #define PK11_R_ALREADY_LOADED 100 142 #define PK11_R_DSO_FAILURE 101 143 #define PK11_R_NOT_LOADED 102 144 #define PK11_R_PASSED_NULL_PARAMETER 103 145 #define PK11_R_COMMAND_NOT_IMPLEMENTED 104 146 #define PK11_R_INITIALIZE 105 147 #define PK11_R_FINALIZE 106 148 #define PK11_R_GETINFO 107 149 #define PK11_R_GETSLOTLIST 108 150 #define PK11_R_NO_MODULUS_OR_NO_EXPONENT 109 151 #define PK11_R_ATTRIBUT_SENSITIVE_OR_INVALID 110 152 #define PK11_R_GETATTRIBUTVALUE 111 153 #define PK11_R_NO_MODULUS 112 154 #define PK11_R_NO_EXPONENT 113 155 #define PK11_R_FINDOBJECTSINIT 114 156 #define PK11_R_FINDOBJECTS 115 157 #define PK11_R_FINDOBJECTSFINAL 116 158 #define PK11_R_CREATEOBJECT 118 159 #define PK11_R_DESTROYOBJECT 119 160 #define PK11_R_OPENSESSION 120 161 #define PK11_R_CLOSESESSION 121 162 #define PK11_R_ENCRYPTINIT 122 163 #define PK11_R_ENCRYPT 123 164 #define PK11_R_SIGNINIT 124 165 #define PK11_R_SIGN 125 166 #define PK11_R_DECRYPTINIT 126 167 #define PK11_R_DECRYPT 127 168 #define PK11_R_VERIFYINIT 128 169 #define PK11_R_VERIFY 129 170 #define PK11_R_VERIFYRECOVERINIT 130 171 #define PK11_R_VERIFYRECOVER 131 172 #define PK11_R_GEN_KEY 132 173 #define PK11_R_SEEDRANDOM 133 174 #define PK11_R_GENERATERANDOM 134 175 #define PK11_R_INVALID_MESSAGE_LENGTH 135 176 #define PK11_R_UNKNOWN_ALGORITHM_TYPE 136 177 #define PK11_R_UNKNOWN_ASN1_OBJECT_ID 137 178 #define PK11_R_UNKNOWN_PADDING_TYPE 138 179 #define PK11_R_PADDING_CHECK_FAILED 139 180 #define PK11_R_DIGEST_TOO_BIG 140 181 #define PK11_R_MALLOC_FAILURE 141 182 #define PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED 142 183 #define PK11_R_DATA_GREATER_THAN_MOD_LEN 143 184 #define PK11_R_DATA_TOO_LARGE_FOR_MODULUS 144 185 #define PK11_R_MISSING_KEY_COMPONENT 145 186 #define PK11_R_INVALID_SIGNATURE_LENGTH 146 187 #define PK11_R_INVALID_DSA_SIGNATURE_R 147 188 #define PK11_R_INVALID_DSA_SIGNATURE_S 148 189 #define PK11_R_INCONSISTENT_KEY 149 190 #define PK11_R_ENCRYPTUPDATE 150 191 #define PK11_R_DECRYPTUPDATE 151 192 #define PK11_R_DIGESTINIT 152 193 #define PK11_R_DIGESTUPDATE 153 194 #define PK11_R_DIGESTFINAL 154 195 #define PK11_R_ENCRYPTFINAL 155 196 #define PK11_R_DECRYPTFINAL 156 197 #define PK11_R_NO_PRNG_SUPPORT 157 198 #define PK11_R_GETTOKENINFO 158 199 #define PK11_R_DERIVEKEY 159 200 #define PK11_R_GET_OPERATION_STATE 160 201 #define PK11_R_SET_OPERATION_STATE 161 202 #define PK11_R_INVALID_HANDLE 162 203 #define PK11_R_KEY_OR_IV_LEN_PROBLEM 163 204 #define PK11_R_INVALID_OPERATION_TYPE 164 205 #define PK11_R_ADD_NID_FAILED 165 206 #define PK11_R_ATFORK_FAILED 166 207 208 /* max byte length of a symetric key we support */ 209 #define PK11_KEY_LEN_MAX 32 210 211 /* 212 * This structure encapsulates all reusable information for a PKCS#11 213 * session. A list of these objects is created on behalf of the 214 * calling application using an on-demand method. Each operation 215 * type (see PK11_OPTYPE below) has its own per-process list. 216 * Each of the lists is basically a cache for faster PKCS#11 object 217 * access to avoid expensive C_Find{,Init,Final}Object() calls. 218 * 219 * When a new request comes in, an object will be taken from the list 220 * (if there is one) or a new one is created to handle the request 221 * (if the list is empty). See pk11_get_session() on how it is done. 222 */ 223 typedef struct PK11_st_SESSION 224 { 225 struct PK11_st_SESSION *next; 226 CK_SESSION_HANDLE session; /* PK11 session handle */ 227 pid_t pid; /* Current process ID */ 228 union 229 { 230 #ifndef OPENSSL_NO_RSA 231 struct 232 { 233 CK_OBJECT_HANDLE rsa_pub_key; /* pub handle */ 234 CK_OBJECT_HANDLE rsa_priv_key; /* priv handle */ 235 RSA *rsa_pub; /* pub key addr */ 236 BIGNUM *rsa_n_num; /* pub modulus */ 237 BIGNUM *rsa_e_num; /* pub exponent */ 238 RSA *rsa_priv; /* priv key addr */ 239 BIGNUM *rsa_d_num; /* priv exponent */ 240 } u_RSA; 241 #endif /* OPENSSL_NO_RSA */ 242 #ifndef OPENSSL_NO_DSA 243 struct 244 { 245 CK_OBJECT_HANDLE dsa_pub_key; /* pub handle */ 246 CK_OBJECT_HANDLE dsa_priv_key; /* priv handle */ 247 DSA *dsa_pub; /* pub key addr */ 248 BIGNUM *dsa_pub_num; /* pub key */ 249 DSA *dsa_priv; /* priv key addr */ 250 BIGNUM *dsa_priv_num; /* priv key */ 251 } u_DSA; 252 #endif /* OPENSSL_NO_DSA */ 253 #ifndef OPENSSL_NO_DH 254 struct 255 { 256 CK_OBJECT_HANDLE dh_key; /* key handle */ 257 DH *dh; /* dh key addr */ 258 BIGNUM *dh_priv_num; /* priv dh key */ 259 } u_DH; 260 #endif /* OPENSSL_NO_DH */ 261 struct 262 { 263 CK_OBJECT_HANDLE cipher_key; /* key handle */ 264 unsigned char key[PK11_KEY_LEN_MAX]; 265 int key_len; /* priv key len */ 266 int encrypt; /* 1/0 enc/decr */ 267 } u_cipher; 268 } opdata_u; 269 } PK11_SESSION; 270 271 #define opdata_rsa_pub_key opdata_u.u_RSA.rsa_pub_key 272 #define opdata_rsa_priv_key opdata_u.u_RSA.rsa_priv_key 273 #define opdata_rsa_pub opdata_u.u_RSA.rsa_pub 274 #define opdata_rsa_priv opdata_u.u_RSA.rsa_priv 275 #define opdata_rsa_n_num opdata_u.u_RSA.rsa_n_num 276 #define opdata_rsa_e_num opdata_u.u_RSA.rsa_e_num 277 #define opdata_rsa_d_num opdata_u.u_RSA.rsa_d_num 278 #define opdata_dsa_pub_key opdata_u.u_DSA.dsa_pub_key 279 #define opdata_dsa_priv_key opdata_u.u_DSA.dsa_priv_key 280 #define opdata_dsa_pub opdata_u.u_DSA.dsa_pub 281 #define opdata_dsa_pub_num opdata_u.u_DSA.dsa_pub_num 282 #define opdata_dsa_priv opdata_u.u_DSA.dsa_priv 283 #define opdata_dsa_priv_num opdata_u.u_DSA.dsa_priv_num 284 #define opdata_dh_key opdata_u.u_DH.dh_key 285 #define opdata_dh opdata_u.u_DH.dh 286 #define opdata_dh_priv_num opdata_u.u_DH.dh_priv_num 287 #define opdata_cipher_key opdata_u.u_cipher.cipher_key 288 #define opdata_key opdata_u.u_cipher.key 289 #define opdata_key_len opdata_u.u_cipher.key_len 290 #define opdata_encrypt opdata_u.u_cipher.encrypt 291 292 /* 293 * We have 3 different groups of operation types: 294 * 1) asymmetric operations 295 * 2) random operations 296 * 3) symmetric and digest operations 297 * 298 * This division into groups stems from the fact that it's common that hardware 299 * providers may support operations from one group only. For example, hardware 300 * providers on UltraSPARC T2, n2rng(7d), ncp(7d), and n2cp(7d), each support 301 * only a single group of operations. 302 * 303 * For every group a different slot can be chosen. That means that we must have 304 * at least 3 different lists of cached PKCS#11 sessions since sessions from 305 * different groups may be initialized in different slots. 306 * 307 * To provide locking granularity in multithreaded environment, the groups are 308 * further splitted into types with each type having a separate session cache. 309 */ 310 typedef enum PK11_OPTYPE_ENUM 311 { 312 OP_RAND, 313 OP_RSA, 314 OP_DSA, 315 OP_DH, 316 OP_CIPHER, 317 OP_DIGEST, 318 OP_MAX 319 } PK11_OPTYPE; 320 321 /* 322 * This structure contains the heads of the lists forming the object caches 323 * and locks associated with the lists. 324 */ 325 typedef struct PK11_st_CACHE 326 { 327 PK11_SESSION *head; 328 pthread_mutex_t *lock; 329 } PK11_CACHE; 330 331 /* structure for tracking handles of asymmetric key objects */ 332 typedef struct PK11_active_st 333 { 334 CK_OBJECT_HANDLE h; 335 unsigned int refcnt; 336 struct PK11_active_st *prev; 337 struct PK11_active_st *next; 338 } PK11_active; 339 340 extern pthread_mutex_t *find_lock[]; 341 extern PK11_active *active_list[]; 342 343 #define LOCK_OBJSTORE(alg_type) \ 344 (void) pthread_mutex_lock(find_lock[alg_type]) 345 #define UNLOCK_OBJSTORE(alg_type) \ 346 (void) pthread_mutex_unlock(find_lock[alg_type]) 347 348 extern PK11_SESSION *pk11_get_session(PK11_OPTYPE optype); 349 extern void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype); 350 351 #ifndef OPENSSL_NO_RSA 352 extern int pk11_destroy_rsa_key_objects(PK11_SESSION *session); 353 extern int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock); 354 extern int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock); 355 extern EVP_PKEY *pk11_load_privkey(ENGINE *e, const char *pubkey_file, 356 UI_METHOD *ui_method, void *callback_data); 357 extern EVP_PKEY *pk11_load_pubkey(ENGINE *e, const char *pubkey_file, 358 UI_METHOD *ui_method, void *callback_data); 359 extern RSA_METHOD *PK11_RSA(void); 360 #endif /* OPENSSL_NO_RSA */ 361 #ifndef OPENSSL_NO_DSA 362 extern int pk11_destroy_dsa_key_objects(PK11_SESSION *session); 363 extern int pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock); 364 extern int pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock); 365 extern DSA_METHOD *PK11_DSA(void); 366 #endif /* OPENSSL_NO_DSA */ 367 #ifndef OPENSSL_NO_DH 368 extern int pk11_destroy_dh_key_objects(PK11_SESSION *session); 369 extern int pk11_destroy_dh_object(PK11_SESSION *sp, CK_BBOOL uselock); 370 extern DH_METHOD *PK11_DH(void); 371 #endif /* OPENSSL_NO_DH */ 372 373 extern CK_FUNCTION_LIST_PTR pFuncList; 374 375 #endif /* HW_PK11_ERR_H */ 376