1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. 23 */ 24 25 #ifndef _KMSOBJECT_H 26 #define _KMSOBJECT_H 27 28 #ifdef __cplusplus 29 extern "C" { 30 #endif 31 32 #include <security/pkcs11t.h> 33 #include "kmsSession.h" 34 #include "kmsSlot.h" 35 36 #define KMSTOKEN_OBJECT_MAGIC 0xECF0B004 37 38 #define KMS_CREATE_OBJ 1 39 #define KMS_GEN_KEY 2 40 41 /* 42 * Secret key Struct 43 */ 44 typedef struct secret_key_obj { 45 CK_BYTE *sk_value; 46 CK_ULONG sk_value_len; 47 void *key_sched; 48 size_t keysched_len; 49 } secret_key_obj_t; 50 51 /* 52 * This structure is used to hold the attributes in the 53 * Extra Attribute List. 54 */ 55 typedef struct attribute_info { 56 CK_ATTRIBUTE attr; 57 struct attribute_info *next; 58 } attribute_info_t; 59 60 typedef attribute_info_t *CK_ATTRIBUTE_INFO_PTR; 61 62 /* 63 * This is the main structure of the Objects. 64 */ 65 typedef struct object { 66 boolean_t is_lib_obj; /* default is TRUE */ 67 68 /* Generic common fields. Always present */ 69 CK_OBJECT_CLASS class; 70 CK_KEY_TYPE key_type; 71 CK_ULONG magic_marker; 72 uint64_t bool_attr_mask; 73 CK_MECHANISM_TYPE mechanism; 74 75 /* Fields for access and arbitration */ 76 pthread_mutex_t object_mutex; 77 struct object *next; 78 struct object *prev; 79 80 /* Extra non-boolean attribute list */ 81 CK_ATTRIBUTE_INFO_PTR extra_attrlistp; 82 CK_ULONG extra_attrcount; 83 84 /* For each object, only one object class is presented */ 85 union { 86 secret_key_obj_t *secret_key; 87 } object_class_u; 88 89 /* Session handle that the object belongs to */ 90 CK_SESSION_HANDLE session_handle; 91 uint32_t obj_refcnt; /* object reference count */ 92 pthread_cond_t obj_free_cond; /* cond variable for signal and wait */ 93 uint32_t obj_delete_sync; /* object delete sync flags */ 94 } kms_object_t; 95 96 typedef struct find_context { 97 kms_object_t **objs_found; 98 CK_ULONG num_results; 99 CK_ULONG next_result_index; /* next result object to return */ 100 } find_context_t; 101 102 /* 103 * The following structure is used to link the to-be-freed session 104 * objects into a linked list. The objects on this linked list have 105 * not yet been freed via free() after C_DestroyObject() call; instead 106 * they are added to this list. The actual free will take place when 107 * the number of objects queued reaches MAX_OBJ_TO_BE_FREED, at which 108 * time the first object in the list will be freed. 109 */ 110 #define MAX_OBJ_TO_BE_FREED 300 111 112 typedef struct obj_to_be_freed_list { 113 kms_object_t *first; /* points to first obj in the list */ 114 kms_object_t *last; /* points to last obj in the list */ 115 uint32_t count; /* current total objs in the list */ 116 pthread_mutex_t obj_to_be_free_mutex; 117 } object_to_be_freed_list_t; 118 119 extern object_to_be_freed_list_t obj_delay_freed; 120 121 /* 122 * The following definitions are the shortcuts 123 */ 124 125 /* 126 * Secret Key Object Attributes 127 */ 128 #define OBJ_SEC(o) \ 129 ((o)->object_class_u.secret_key) 130 #define OBJ_SEC_VALUE(o) \ 131 ((o)->object_class_u.secret_key->sk_value) 132 #define OBJ_SEC_VALUE_LEN(o) \ 133 ((o)->object_class_u.secret_key->sk_value_len) 134 #define OBJ_KEY_SCHED(o) \ 135 ((o)->object_class_u.secret_key->key_sched) 136 #define OBJ_KEY_SCHED_LEN(o) \ 137 ((o)->object_class_u.secret_key->keysched_len) 138 139 /* 140 * key related attributes with CK_BBOOL data type 141 */ 142 #define DERIVE_BOOL_ON 0x00000001 143 #define LOCAL_BOOL_ON 0x00000002 144 #define SENSITIVE_BOOL_ON 0x00000004 145 #define SECONDARY_AUTH_BOOL_ON 0x00000008 146 #define ENCRYPT_BOOL_ON 0x00000010 147 #define DECRYPT_BOOL_ON 0x00000020 148 #define SIGN_BOOL_ON 0x00000040 149 #define SIGN_RECOVER_BOOL_ON 0x00000080 150 #define VERIFY_BOOL_ON 0x00000100 151 #define VERIFY_RECOVER_BOOL_ON 0x00000200 152 #define WRAP_BOOL_ON 0x00000400 153 #define UNWRAP_BOOL_ON 0x00000800 154 #define TRUSTED_BOOL_ON 0x00001000 155 #define EXTRACTABLE_BOOL_ON 0x00002000 156 #define ALWAYS_SENSITIVE_BOOL_ON 0x00004000 157 #define NEVER_EXTRACTABLE_BOOL_ON 0x00008000 158 #define PRIVATE_BOOL_ON 0x00010000 159 #define TOKEN_BOOL_ON 0x00020000 160 #define MODIFIABLE_BOOL_ON 0x00040000 161 162 #define SECRET_KEY_DEFAULT (ENCRYPT_BOOL_ON|\ 163 DECRYPT_BOOL_ON|\ 164 SIGN_BOOL_ON|\ 165 VERIFY_BOOL_ON|\ 166 WRAP_BOOL_ON|\ 167 UNWRAP_BOOL_ON|\ 168 EXTRACTABLE_BOOL_ON|\ 169 MODIFIABLE_BOOL_ON) 170 171 /* 172 * Flag definitions for obj_delete_sync 173 */ 174 #define OBJECT_IS_DELETING 1 /* Object is in a deleting state */ 175 #define OBJECT_REFCNT_WAITING 2 /* Waiting for object reference */ 176 /* count to become zero */ 177 178 /* 179 * This macro is used to type cast an object handle to a pointer to 180 * the object struct. Also, it checks to see if the object struct 181 * is tagged with an object magic number. This is to detect when an 182 * application passes a bogus object pointer. 183 * Also, it checks to see if the object is in the deleting state that 184 * another thread is performing. If not, increment the object reference 185 * count by one. This is to prevent this object from being deleted by 186 * other thread. 187 */ 188 #define HANDLE2OBJECT_COMMON(hObject, object_p, rv, REFCNT_CODE) { \ 189 object_p = (kms_object_t *)(hObject); \ 190 if ((object_p == NULL) || \ 191 (object_p->magic_marker != KMSTOKEN_OBJECT_MAGIC)) {\ 192 rv = CKR_OBJECT_HANDLE_INVALID; \ 193 } else { \ 194 (void) pthread_mutex_lock(&object_p->object_mutex); \ 195 if (!(object_p->obj_delete_sync & OBJECT_IS_DELETING)) { \ 196 REFCNT_CODE; \ 197 rv = CKR_OK; \ 198 } else { \ 199 rv = CKR_OBJECT_HANDLE_INVALID; \ 200 } \ 201 (void) pthread_mutex_unlock(&object_p->object_mutex); \ 202 } \ 203 } 204 205 #define HANDLE2OBJECT(hObject, object_p, rv) \ 206 HANDLE2OBJECT_COMMON(hObject, object_p, rv, object_p->obj_refcnt++) 207 208 #define HANDLE2OBJECT_DESTROY(hObject, object_p, rv) \ 209 HANDLE2OBJECT_COMMON(hObject, object_p, rv, /* no refcnt increment */) 210 211 212 #define OBJ_REFRELE(object_p) { \ 213 (void) pthread_mutex_lock(&object_p->object_mutex); \ 214 if ((--object_p->obj_refcnt) == 0 && \ 215 (object_p->obj_delete_sync & OBJECT_REFCNT_WAITING)) { \ 216 (void) pthread_cond_signal(&object_p->obj_free_cond); \ 217 } \ 218 (void) pthread_mutex_unlock(&object_p->object_mutex); \ 219 } 220 221 222 /* 223 * Function Prototypes. 224 */ 225 void kms_cleanup_object(kms_object_t *objp); 226 227 CK_RV kms_add_object(CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, 228 CK_ULONG *objecthandle_p, kms_session_t *sp); 229 230 CK_RV kms_delete_object(kms_session_t *, kms_object_t *, 231 boolean_t, boolean_t); 232 233 void kms_cleanup_extra_attr(kms_object_t *object_p); 234 235 CK_RV kms_copy_extra_attr(CK_ATTRIBUTE_INFO_PTR old_attrp, 236 kms_object_t *object_p); 237 238 void kms_cleanup_object_bigint_attrs(kms_object_t *object_p); 239 240 CK_RV kms_build_object(CK_ATTRIBUTE_PTR, CK_ULONG, kms_object_t *); 241 242 CK_RV kms_copy_object(kms_object_t *old_object, 243 kms_object_t **new_object, boolean_t copy_everything, 244 kms_session_t *sp); 245 246 void kms_merge_object(kms_object_t *old_object, 247 kms_object_t *new_object); 248 249 CK_RV kms_get_attribute(kms_object_t *object_p, 250 CK_ATTRIBUTE_PTR template); 251 252 CK_RV kms_set_attribute(kms_object_t *, CK_ATTRIBUTE_PTR, boolean_t); 253 254 void kms_add_object_to_session(kms_object_t *objp, kms_session_t *sp); 255 256 CK_RV kms_copy_secret_key_attr(secret_key_obj_t *old_secret_key_obj_p, 257 secret_key_obj_t **new_secret_key_obj_p); 258 259 CK_RV kms_validate_attr(CK_ATTRIBUTE_PTR template, CK_ULONG ulAttrNum, 260 CK_OBJECT_CLASS *class); 261 262 CK_RV kms_find_objects_init(kms_session_t *sp, 263 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount); 264 265 void kms_find_objects_final(kms_session_t *sp); 266 267 CK_RV kms_find_objects(kms_session_t *sp, 268 CK_OBJECT_HANDLE *obj_found, CK_ULONG max_obj_requested, 269 CK_ULONG *found_obj_count); 270 271 void kms_process_find_attr(CK_OBJECT_CLASS *pclasses, 272 CK_ULONG *num_result_pclasses, CK_ATTRIBUTE_PTR pTemplate, 273 CK_ULONG ulCount); 274 275 boolean_t kms_find_match_attrs(kms_object_t *obj, 276 CK_OBJECT_CLASS *pclasses, CK_ULONG num_pclasses, 277 CK_ATTRIBUTE *tmpl_attr, CK_ULONG num_attr); 278 279 CK_ATTRIBUTE_PTR get_extra_attr(CK_ATTRIBUTE_TYPE type, kms_object_t *obj); 280 281 CK_RV get_string_from_template(CK_ATTRIBUTE_PTR dest, CK_ATTRIBUTE_PTR src); 282 283 void string_attr_cleanup(CK_ATTRIBUTE_PTR template); 284 285 void kms_add_token_object_to_slot(kms_object_t *objp, 286 kms_slot_t *pslot); 287 288 void kms_remove_token_object_from_slot(kms_slot_t *pslot, 289 kms_object_t *objp); 290 291 CK_RV kms_delete_token_object(kms_slot_t *pslot, kms_session_t *sp, 292 kms_object_t *obj, boolean_t lock_held, boolean_t wrapper_only); 293 294 void kms_cleanup_pri_objects_in_slot(kms_slot_t *pslot, 295 kms_session_t *sp); 296 297 CK_RV kms_get_object_size(kms_object_t *objp, CK_ULONG_PTR pulSize); 298 299 void kms_object_delay_free(kms_object_t *); 300 301 kms_object_t *kms_new_object(); 302 void kms_free_object(kms_object_t *); 303 304 #ifdef __cplusplus 305 } 306 #endif 307 308 #endif /* _KMSOBJECT_H */ 309