xref: /onnv-gate/usr/src/lib/pkcs11/pkcs11_softtoken/common/softObject.h (revision 12573:fb4ef506980f) 
10Sstevel@tonic-gate /*
20Sstevel@tonic-gate  * CDDL HEADER START
30Sstevel@tonic-gate  *
40Sstevel@tonic-gate  * The contents of this file are subject to the terms of the
54219Smcpowers  * Common Development and Distribution License (the "License").
64219Smcpowers  * You may not use this file except in compliance with the License.
70Sstevel@tonic-gate  *
80Sstevel@tonic-gate  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
90Sstevel@tonic-gate  * or http://www.opensolaris.org/os/licensing.
100Sstevel@tonic-gate  * See the License for the specific language governing permissions
110Sstevel@tonic-gate  * and limitations under the License.
120Sstevel@tonic-gate  *
130Sstevel@tonic-gate  * When distributing Covered Code, include this CDDL HEADER in each
140Sstevel@tonic-gate  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
150Sstevel@tonic-gate  * If applicable, add the following below this CDDL HEADER, with the
160Sstevel@tonic-gate  * fields enclosed by brackets "[]" replaced with your own identifying
170Sstevel@tonic-gate  * information: Portions Copyright [yyyy] [name of copyright owner]
180Sstevel@tonic-gate  *
190Sstevel@tonic-gate  * CDDL HEADER END
200Sstevel@tonic-gate  */
21*12573SDina.Nimeh@Sun.COM 
220Sstevel@tonic-gate /*
23*12573SDina.Nimeh@Sun.COM  * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
240Sstevel@tonic-gate  */
250Sstevel@tonic-gate 
260Sstevel@tonic-gate #ifndef	_SOFTOBJECT_H
270Sstevel@tonic-gate #define	_SOFTOBJECT_H
280Sstevel@tonic-gate 
290Sstevel@tonic-gate #ifdef __cplusplus
300Sstevel@tonic-gate extern "C" {
310Sstevel@tonic-gate #endif
320Sstevel@tonic-gate 
330Sstevel@tonic-gate #include <pthread.h>
340Sstevel@tonic-gate #include <security/pkcs11t.h>
350Sstevel@tonic-gate #include "softKeystoreUtil.h"
360Sstevel@tonic-gate #include "softSession.h"
370Sstevel@tonic-gate 
380Sstevel@tonic-gate 
390Sstevel@tonic-gate #define	SOFTTOKEN_OBJECT_MAGIC	0xECF0B002
400Sstevel@tonic-gate 
410Sstevel@tonic-gate #define	SOFT_CREATE_OBJ		1
420Sstevel@tonic-gate #define	SOFT_GEN_KEY		2
430Sstevel@tonic-gate #define	SOFT_DERIVE_KEY_DH	3	/* for CKM_DH_PKCS_DERIVE */
440Sstevel@tonic-gate #define	SOFT_DERIVE_KEY_OTHER	4	/* for CKM_MD5_KEY_DERIVATION and */
450Sstevel@tonic-gate 					/* CKM_SHA1_KEY_DERIVATION */
460Sstevel@tonic-gate #define	SOFT_UNWRAP_KEY		5
470Sstevel@tonic-gate #define	SOFT_CREATE_OBJ_INT	6	/* internal object creation */
480Sstevel@tonic-gate 
490Sstevel@tonic-gate typedef struct biginteger {
500Sstevel@tonic-gate 	CK_BYTE *big_value;
510Sstevel@tonic-gate 	CK_ULONG big_value_len;
520Sstevel@tonic-gate } biginteger_t;
530Sstevel@tonic-gate 
540Sstevel@tonic-gate 
550Sstevel@tonic-gate /*
560Sstevel@tonic-gate  * Secret key Struct
570Sstevel@tonic-gate  */
580Sstevel@tonic-gate typedef struct secret_key_obj {
590Sstevel@tonic-gate 	CK_BYTE *sk_value;
600Sstevel@tonic-gate 	CK_ULONG sk_value_len;
610Sstevel@tonic-gate 	void *key_sched;
620Sstevel@tonic-gate 	size_t keysched_len;
630Sstevel@tonic-gate } secret_key_obj_t;
640Sstevel@tonic-gate 
650Sstevel@tonic-gate 
660Sstevel@tonic-gate /*
670Sstevel@tonic-gate  * PKCS11: RSA Public Key Object Attributes
680Sstevel@tonic-gate  */
690Sstevel@tonic-gate typedef struct rsa_pub_key {
700Sstevel@tonic-gate 	biginteger_t modulus;
710Sstevel@tonic-gate 	CK_ULONG modulus_bits;
720Sstevel@tonic-gate 	biginteger_t pub_exponent;
730Sstevel@tonic-gate } rsa_pub_key_t;
740Sstevel@tonic-gate 
750Sstevel@tonic-gate 
760Sstevel@tonic-gate /*
770Sstevel@tonic-gate  * PKCS11: DSA Public Key Object Attributes
780Sstevel@tonic-gate  */
790Sstevel@tonic-gate typedef struct dsa_pub_key {
800Sstevel@tonic-gate 	biginteger_t prime;
810Sstevel@tonic-gate 	biginteger_t subprime;
820Sstevel@tonic-gate 	biginteger_t base;
830Sstevel@tonic-gate 	biginteger_t value;
840Sstevel@tonic-gate } dsa_pub_key_t;
850Sstevel@tonic-gate 
860Sstevel@tonic-gate 
870Sstevel@tonic-gate /*
880Sstevel@tonic-gate  * PKCS11: Diffie-Hellman Public Key Object Attributes
890Sstevel@tonic-gate  */
900Sstevel@tonic-gate typedef struct dh_pub_key {
910Sstevel@tonic-gate 	biginteger_t prime;
920Sstevel@tonic-gate 	biginteger_t base;
930Sstevel@tonic-gate 	biginteger_t value;
940Sstevel@tonic-gate } dh_pub_key_t;
950Sstevel@tonic-gate 
960Sstevel@tonic-gate 
970Sstevel@tonic-gate /*
980Sstevel@tonic-gate  * PKCS11: X9.42 Diffie-Hellman Public Key Object Attributes
990Sstevel@tonic-gate  */
1000Sstevel@tonic-gate typedef struct dh942_pub_key {
1010Sstevel@tonic-gate 	biginteger_t prime;
1020Sstevel@tonic-gate 	biginteger_t base;
1030Sstevel@tonic-gate 	biginteger_t subprime;
1040Sstevel@tonic-gate 	biginteger_t value;
1050Sstevel@tonic-gate } dh942_pub_key_t;
1060Sstevel@tonic-gate 
1070Sstevel@tonic-gate 
1080Sstevel@tonic-gate /*
1094219Smcpowers  * PKCS11: Elliptic Curve Public Key Object Attributes
1104219Smcpowers  */
1114219Smcpowers typedef struct ec_pub_key {
1124219Smcpowers 	biginteger_t param;
1134219Smcpowers 	biginteger_t point;
1144219Smcpowers } ec_pub_key_t;
1154219Smcpowers 
1164219Smcpowers 
1174219Smcpowers /*
1180Sstevel@tonic-gate  * Public Key Main Struct
1190Sstevel@tonic-gate  */
1200Sstevel@tonic-gate typedef struct public_key_obj {
1210Sstevel@tonic-gate 	union {
1220Sstevel@tonic-gate 		rsa_pub_key_t rsa_pub_key; /* RSA public key */
1230Sstevel@tonic-gate 		dsa_pub_key_t dsa_pub_key; /* DSA public key */
1240Sstevel@tonic-gate 		dh_pub_key_t  dh_pub_key;  /* DH public key */
1250Sstevel@tonic-gate 		dh942_pub_key_t dh942_pub_key;	/* DH9.42 public key */
1264219Smcpowers 		ec_pub_key_t ec_pub_key; /* Elliptic Curve public key */
1270Sstevel@tonic-gate 	} key_type_u;
1280Sstevel@tonic-gate } public_key_obj_t;
1290Sstevel@tonic-gate 
1300Sstevel@tonic-gate /*
1310Sstevel@tonic-gate  * PKCS11: RSA Private Key Object Attributes
1320Sstevel@tonic-gate  */
1330Sstevel@tonic-gate typedef struct rsa_pri_key {
1340Sstevel@tonic-gate 	biginteger_t modulus;
1350Sstevel@tonic-gate 	biginteger_t pub_exponent;
1360Sstevel@tonic-gate 	biginteger_t pri_exponent;
1370Sstevel@tonic-gate 	biginteger_t prime_1;
1380Sstevel@tonic-gate 	biginteger_t prime_2;
1390Sstevel@tonic-gate 	biginteger_t exponent_1;
1400Sstevel@tonic-gate 	biginteger_t exponent_2;
1410Sstevel@tonic-gate 	biginteger_t coefficient;
1420Sstevel@tonic-gate } rsa_pri_key_t;
1430Sstevel@tonic-gate 
1440Sstevel@tonic-gate /*
1450Sstevel@tonic-gate  * PKCS11: DSA Private Key Object Attributes
1460Sstevel@tonic-gate  */
1470Sstevel@tonic-gate typedef struct dsa_pri_key {
1480Sstevel@tonic-gate 	biginteger_t prime;
1490Sstevel@tonic-gate 	biginteger_t subprime;
1500Sstevel@tonic-gate 	biginteger_t base;
1510Sstevel@tonic-gate 	biginteger_t value;
1520Sstevel@tonic-gate } dsa_pri_key_t;
1530Sstevel@tonic-gate 
1540Sstevel@tonic-gate 
1550Sstevel@tonic-gate /*
1560Sstevel@tonic-gate  * PKCS11: Diffie-Hellman Private Key Object Attributes
1570Sstevel@tonic-gate  */
1580Sstevel@tonic-gate typedef struct dh_pri_key {
1590Sstevel@tonic-gate 	biginteger_t prime;
1600Sstevel@tonic-gate 	biginteger_t base;
1610Sstevel@tonic-gate 	biginteger_t value;
1620Sstevel@tonic-gate 	CK_ULONG value_bits;
1630Sstevel@tonic-gate } dh_pri_key_t;
1640Sstevel@tonic-gate 
1650Sstevel@tonic-gate /*
1660Sstevel@tonic-gate  * PKCS11: X9.42 Diffie-Hellman Private Key Object Attributes
1670Sstevel@tonic-gate  */
1680Sstevel@tonic-gate typedef struct dh942_pri_key {
1690Sstevel@tonic-gate 	biginteger_t prime;
1700Sstevel@tonic-gate 	biginteger_t base;
1710Sstevel@tonic-gate 	biginteger_t subprime;
1720Sstevel@tonic-gate 	biginteger_t value;
1730Sstevel@tonic-gate } dh942_pri_key_t;
1740Sstevel@tonic-gate 
1754219Smcpowers /*
1764219Smcpowers  * PKCS11: Elliptic Curve Private Key Object Attributes
1774219Smcpowers  */
1784219Smcpowers typedef struct ec_pri_key {
1794219Smcpowers 	biginteger_t param;
1804219Smcpowers 	biginteger_t value;
1814219Smcpowers } ec_pri_key_t;
1824219Smcpowers 
1830Sstevel@tonic-gate 
1840Sstevel@tonic-gate /*
1850Sstevel@tonic-gate  * Private Key Main Struct
1860Sstevel@tonic-gate  */
1870Sstevel@tonic-gate typedef struct private_key_obj {
1880Sstevel@tonic-gate 	union {
1890Sstevel@tonic-gate 		rsa_pri_key_t rsa_pri_key; /* RSA private key */
1900Sstevel@tonic-gate 		dsa_pri_key_t dsa_pri_key; /* DSA private key */
1910Sstevel@tonic-gate 		dh_pri_key_t  dh_pri_key;  /* DH private key */
1920Sstevel@tonic-gate 		dh942_pri_key_t dh942_pri_key;	/* DH9.42 private key */
1934219Smcpowers 		ec_pri_key_t ec_pri_key; /* Elliptic Curve private key */
1940Sstevel@tonic-gate 	} key_type_u;
1950Sstevel@tonic-gate } private_key_obj_t;
1960Sstevel@tonic-gate 
1970Sstevel@tonic-gate /*
1980Sstevel@tonic-gate  * PKCS11: DSA Domain Parameters Object Attributes
1990Sstevel@tonic-gate  */
2000Sstevel@tonic-gate typedef struct dsa_dom_key {
2010Sstevel@tonic-gate 	biginteger_t prime;
2020Sstevel@tonic-gate 	biginteger_t subprime;
2030Sstevel@tonic-gate 	biginteger_t base;
2040Sstevel@tonic-gate 	CK_ULONG prime_bits;
2050Sstevel@tonic-gate } dsa_dom_key_t;
2060Sstevel@tonic-gate 
2070Sstevel@tonic-gate 
2080Sstevel@tonic-gate /*
2090Sstevel@tonic-gate  * PKCS11: Diffie-Hellman Domain Parameters Object Attributes
2100Sstevel@tonic-gate  */
2110Sstevel@tonic-gate typedef struct dh_dom_key {
2120Sstevel@tonic-gate 	biginteger_t prime;
2130Sstevel@tonic-gate 	biginteger_t base;
2140Sstevel@tonic-gate 	CK_ULONG prime_bits;
2150Sstevel@tonic-gate } dh_dom_key_t;
2160Sstevel@tonic-gate 
2170Sstevel@tonic-gate 
2180Sstevel@tonic-gate /*
2190Sstevel@tonic-gate  * PKCS11: X9.42 Diffie-Hellman Domain Parameters Object Attributes
2200Sstevel@tonic-gate  */
2210Sstevel@tonic-gate typedef struct dh942_dom_key {
2220Sstevel@tonic-gate 	biginteger_t prime;
2230Sstevel@tonic-gate 	biginteger_t base;
2240Sstevel@tonic-gate 	biginteger_t subprime;
2250Sstevel@tonic-gate 	CK_ULONG prime_bits;
2260Sstevel@tonic-gate 	CK_ULONG subprime_bits;
2270Sstevel@tonic-gate } dh942_dom_key_t;
2280Sstevel@tonic-gate 
2290Sstevel@tonic-gate /*
2300Sstevel@tonic-gate  * Domain Parameters Main Struct
2310Sstevel@tonic-gate  */
2320Sstevel@tonic-gate typedef struct domain_obj {
2330Sstevel@tonic-gate 	union {
2340Sstevel@tonic-gate 		dsa_dom_key_t dsa_dom_key; /* DSA domain parameters */
2350Sstevel@tonic-gate 		dh_dom_key_t  dh_dom_key;  /* DH domain parameters */
2360Sstevel@tonic-gate 		dh942_dom_key_t dh942_dom_key;  /* DH9.42 domain parameters */
2370Sstevel@tonic-gate 	} key_type_u;
2380Sstevel@tonic-gate } domain_obj_t;
2390Sstevel@tonic-gate 
2400Sstevel@tonic-gate typedef struct cert_attr_type {
2410Sstevel@tonic-gate 	CK_BYTE *value;
2420Sstevel@tonic-gate 	CK_ULONG length;
2430Sstevel@tonic-gate } cert_attr_t;
2440Sstevel@tonic-gate 
2450Sstevel@tonic-gate /*
2460Sstevel@tonic-gate  * X.509 Public Key Certificate Structure.
2470Sstevel@tonic-gate  * This structure contains only the attributes that are
2480Sstevel@tonic-gate  * NOT modifiable after creation.
2490Sstevel@tonic-gate  * ID, ISSUER, and SUBJECT attributes are kept in the extra_attrlistp
2500Sstevel@tonic-gate  * record.
2510Sstevel@tonic-gate  */
2520Sstevel@tonic-gate typedef struct x509_cert {
2530Sstevel@tonic-gate 	cert_attr_t *subject; /* DER encoding of certificate subject name */
2540Sstevel@tonic-gate 	cert_attr_t *value;	/* BER encoding of the cert */
2550Sstevel@tonic-gate } x509_cert_t;
2560Sstevel@tonic-gate 
2570Sstevel@tonic-gate /*
2580Sstevel@tonic-gate  * X.509 Attribute Certificiate Structure
2590Sstevel@tonic-gate  * This structure contains only the attributes that are
2600Sstevel@tonic-gate  * NOT modifiable after creation.
2610Sstevel@tonic-gate  * AC_ISSUER, SERIAL_NUMBER, and ATTR_TYPES are kept in the
2620Sstevel@tonic-gate  * extra_attrlistp record so they may be modified.
2630Sstevel@tonic-gate  */
2640Sstevel@tonic-gate typedef struct x509_attr_cert {
2650Sstevel@tonic-gate 	cert_attr_t *owner;	 /* DER encoding of attr cert subject field */
2660Sstevel@tonic-gate 	cert_attr_t *value;	/* BER encoding of cert */
2670Sstevel@tonic-gate } x509_attr_cert_t;
2680Sstevel@tonic-gate 
2690Sstevel@tonic-gate /*
2700Sstevel@tonic-gate  * Certificate Object Main Struct
2710Sstevel@tonic-gate  */
2720Sstevel@tonic-gate typedef struct certificate_obj {
2730Sstevel@tonic-gate 	CK_CERTIFICATE_TYPE certificate_type;
2740Sstevel@tonic-gate 	union {
2750Sstevel@tonic-gate 		x509_cert_t  	x509;
2760Sstevel@tonic-gate 		x509_attr_cert_t x509_attr;
2770Sstevel@tonic-gate 	} cert_type_u;
2780Sstevel@tonic-gate } certificate_obj_t;
2790Sstevel@tonic-gate 
2800Sstevel@tonic-gate /*
2810Sstevel@tonic-gate  * This structure is used to hold the attributes in the
2820Sstevel@tonic-gate  * Extra Attribute List.
2830Sstevel@tonic-gate  */
2840Sstevel@tonic-gate typedef struct attribute_info {
2850Sstevel@tonic-gate 	CK_ATTRIBUTE	attr;
2860Sstevel@tonic-gate 	struct attribute_info *next;
2870Sstevel@tonic-gate } attribute_info_t;
2880Sstevel@tonic-gate 
2890Sstevel@tonic-gate 
2900Sstevel@tonic-gate typedef attribute_info_t *CK_ATTRIBUTE_INFO_PTR;
2910Sstevel@tonic-gate 
2920Sstevel@tonic-gate /*
2930Sstevel@tonic-gate  * This is the main structure of the Objects.
2940Sstevel@tonic-gate  */
2950Sstevel@tonic-gate typedef struct object {
2960Sstevel@tonic-gate 	/* Generic common fields. Always present */
2970Sstevel@tonic-gate 	uint_t			version;	/* for token objects only */
2980Sstevel@tonic-gate 	CK_OBJECT_CLASS 	class;
2990Sstevel@tonic-gate 	CK_KEY_TYPE		key_type;
3000Sstevel@tonic-gate 	CK_CERTIFICATE_TYPE	cert_type;
3010Sstevel@tonic-gate 	ulong_t			magic_marker;
3020Sstevel@tonic-gate 	uint64_t		bool_attr_mask;	/* see below */
3030Sstevel@tonic-gate 	CK_MECHANISM_TYPE	mechanism;
3040Sstevel@tonic-gate 	uchar_t object_type;		/* see below */
3050Sstevel@tonic-gate 	struct ks_obj_handle ks_handle;	/* keystore handle */
3060Sstevel@tonic-gate 
3070Sstevel@tonic-gate 	/* Fields for access and arbitration */
3080Sstevel@tonic-gate 	pthread_mutex_t	object_mutex;
3090Sstevel@tonic-gate 	struct object *next;
3100Sstevel@tonic-gate 	struct object *prev;
3110Sstevel@tonic-gate 
3120Sstevel@tonic-gate 	/* Extra non-boolean attribute list */
3130Sstevel@tonic-gate 	CK_ATTRIBUTE_INFO_PTR extra_attrlistp;
3140Sstevel@tonic-gate 
3150Sstevel@tonic-gate 	/* For each object, only one of these object classes is presented */
3160Sstevel@tonic-gate 	union {
3170Sstevel@tonic-gate 		public_key_obj_t  *public_key;
3180Sstevel@tonic-gate 		private_key_obj_t *private_key;
3190Sstevel@tonic-gate 		secret_key_obj_t  *secret_key;
3200Sstevel@tonic-gate 		domain_obj_t	  *domain;
3210Sstevel@tonic-gate 		certificate_obj_t *certificate;
3220Sstevel@tonic-gate 	} object_class_u;
3230Sstevel@tonic-gate 
3240Sstevel@tonic-gate 	/* Session handle that the object belongs to */
3250Sstevel@tonic-gate 	CK_SESSION_HANDLE	session_handle;
3260Sstevel@tonic-gate 	uint32_t	obj_refcnt;	/* object reference count */
3270Sstevel@tonic-gate 	pthread_cond_t	obj_free_cond;	/* cond variable for signal and wait */
3280Sstevel@tonic-gate 	uint32_t	obj_delete_sync;	/* object delete sync flags */
3290Sstevel@tonic-gate 
3300Sstevel@tonic-gate } soft_object_t;
3310Sstevel@tonic-gate 
3320Sstevel@tonic-gate typedef struct find_context {
3330Sstevel@tonic-gate 	soft_object_t **objs_found;
3340Sstevel@tonic-gate 	CK_ULONG num_results;
3350Sstevel@tonic-gate 	CK_ULONG next_result_index;	/* next result object to return */
3360Sstevel@tonic-gate } find_context_t;
3370Sstevel@tonic-gate 
3380Sstevel@tonic-gate /*
3390Sstevel@tonic-gate  * The following structure is used to link the to-be-freed session
3400Sstevel@tonic-gate  * objects into a linked list. The objects on this linked list have
3410Sstevel@tonic-gate  * not yet been freed via free() after C_DestroyObject() call; instead
3420Sstevel@tonic-gate  * they are added to this list. The actual free will take place when
3430Sstevel@tonic-gate  * the number of objects queued reaches MAX_OBJ_TO_BE_FREED, at which
3440Sstevel@tonic-gate  * time the first object in the list will be freed.
3450Sstevel@tonic-gate  */
3460Sstevel@tonic-gate #define	MAX_OBJ_TO_BE_FREED		300
3470Sstevel@tonic-gate 
3480Sstevel@tonic-gate typedef struct obj_to_be_freed_list {
3490Sstevel@tonic-gate 	struct object	*first;	/* points to the first obj in the list */
3500Sstevel@tonic-gate 	struct object	*last;	/* points to the last obj in the list */
3510Sstevel@tonic-gate 	uint32_t	count;	/* current total objs in the list */
3520Sstevel@tonic-gate 	pthread_mutex_t	obj_to_be_free_mutex;
3530Sstevel@tonic-gate } obj_to_be_freed_list_t;
3540Sstevel@tonic-gate 
3550Sstevel@tonic-gate /*
3560Sstevel@tonic-gate  * Object type
3570Sstevel@tonic-gate  */
3580Sstevel@tonic-gate #define	SESSION_PUBLIC		0	/* CKA_TOKEN = 0, CKA_PRIVATE = 0 */
3590Sstevel@tonic-gate #define	SESSION_PRIVATE		1	/* CKA_TOKEN = 0, CKA_PRIVATE = 1 */
3600Sstevel@tonic-gate #define	TOKEN_PUBLIC		2	/* CKA_TOKEN = 1, CKA_PRIVATE = 0 */
3610Sstevel@tonic-gate #define	TOKEN_PRIVATE		3	/* CKA_TOKEN = 1, CKA_PRIVATE = 1 */
3620Sstevel@tonic-gate 
3630Sstevel@tonic-gate #define	TOKEN_OBJECT		2
3640Sstevel@tonic-gate #define	PRIVATE_OBJECT		1
3650Sstevel@tonic-gate 
3660Sstevel@tonic-gate typedef enum {
3670Sstevel@tonic-gate 		ALL_TOKEN = 0,
3680Sstevel@tonic-gate 		PUBLIC_TOKEN = 1,
3690Sstevel@tonic-gate 		PRIVATE_TOKEN = 2
3700Sstevel@tonic-gate } token_obj_type_t;
3710Sstevel@tonic-gate 
3720Sstevel@tonic-gate #define	IS_TOKEN_OBJECT(objp)	\
3730Sstevel@tonic-gate 	((objp->object_type == TOKEN_PUBLIC) || \
3740Sstevel@tonic-gate 	(objp->object_type == TOKEN_PRIVATE))
3750Sstevel@tonic-gate 
3760Sstevel@tonic-gate /*
3770Sstevel@tonic-gate  * Types associated with copying object's content
3780Sstevel@tonic-gate  */
3790Sstevel@tonic-gate #define	SOFT_SET_ATTR_VALUE	1	/* for C_SetAttributeValue */
3800Sstevel@tonic-gate #define	SOFT_COPY_OBJECT	2	/* for C_CopyObject */
3810Sstevel@tonic-gate #define	SOFT_COPY_OBJ_ORIG_SH	3	/* for copying an object but keeps */
3820Sstevel@tonic-gate 					/* the original session handle */
3830Sstevel@tonic-gate 
3840Sstevel@tonic-gate /*
3850Sstevel@tonic-gate  * The following definitions are the shortcuts
3860Sstevel@tonic-gate  */
3870Sstevel@tonic-gate 
3880Sstevel@tonic-gate /*
3890Sstevel@tonic-gate  * RSA Public Key Object Attributes
3900Sstevel@tonic-gate  */
3910Sstevel@tonic-gate #define	OBJ_PUB(o) \
3920Sstevel@tonic-gate 	((o)->object_class_u.public_key)
3930Sstevel@tonic-gate #define	KEY_PUB_RSA(k) \
3940Sstevel@tonic-gate 	&((k)->key_type_u.rsa_pub_key)
3950Sstevel@tonic-gate #define	OBJ_PUB_RSA_MOD(o) \
3960Sstevel@tonic-gate 	&((o)->object_class_u.public_key->key_type_u.rsa_pub_key.modulus)
3970Sstevel@tonic-gate #define	KEY_PUB_RSA_MOD(k) \
3980Sstevel@tonic-gate 	&((k)->key_type_u.rsa_pub_key.modulus)
3990Sstevel@tonic-gate #define	OBJ_PUB_RSA_PUBEXPO(o) \
4000Sstevel@tonic-gate 	&((o)->object_class_u.public_key->key_type_u.rsa_pub_key.pub_exponent)
4010Sstevel@tonic-gate #define	KEY_PUB_RSA_PUBEXPO(k) \
4020Sstevel@tonic-gate 	&((k)->key_type_u.rsa_pub_key.pub_exponent)
4030Sstevel@tonic-gate #define	OBJ_PUB_RSA_MOD_BITS(o) \
4040Sstevel@tonic-gate 	((o)->object_class_u.public_key->key_type_u.rsa_pub_key.modulus_bits)
4050Sstevel@tonic-gate #define	KEY_PUB_RSA_MOD_BITS(k) \
4060Sstevel@tonic-gate 	((k)->key_type_u.rsa_pub_key.modulus_bits)
4070Sstevel@tonic-gate 
4080Sstevel@tonic-gate /*
4090Sstevel@tonic-gate  * DSA Public Key Object Attributes
4100Sstevel@tonic-gate  */
4110Sstevel@tonic-gate #define	KEY_PUB_DSA(k) \
4120Sstevel@tonic-gate 	&((k)->key_type_u.dsa_pub_key)
4130Sstevel@tonic-gate #define	OBJ_PUB_DSA_PRIME(o) \
4140Sstevel@tonic-gate 	&((o)->object_class_u.public_key->key_type_u.dsa_pub_key.prime)
4150Sstevel@tonic-gate #define	KEY_PUB_DSA_PRIME(k) \
4160Sstevel@tonic-gate 	&((k)->key_type_u.dsa_pub_key.prime)
4170Sstevel@tonic-gate #define	OBJ_PUB_DSA_SUBPRIME(o) \
4180Sstevel@tonic-gate 	&((o)->object_class_u.public_key->key_type_u.dsa_pub_key.subprime)
4190Sstevel@tonic-gate #define	KEY_PUB_DSA_SUBPRIME(k) \
4200Sstevel@tonic-gate 	&((k)->key_type_u.dsa_pub_key.subprime)
4210Sstevel@tonic-gate #define	OBJ_PUB_DSA_BASE(o) \
4220Sstevel@tonic-gate 	&((o)->object_class_u.public_key->key_type_u.dsa_pub_key.base)
4230Sstevel@tonic-gate #define	KEY_PUB_DSA_BASE(k) \
4240Sstevel@tonic-gate 	&((k)->key_type_u.dsa_pub_key.base)
4250Sstevel@tonic-gate #define	OBJ_PUB_DSA_VALUE(o) \
4260Sstevel@tonic-gate 	&((o)->object_class_u.public_key->key_type_u.dsa_pub_key.value)
4270Sstevel@tonic-gate #define	KEY_PUB_DSA_VALUE(k) \
4280Sstevel@tonic-gate 	&((k)->key_type_u.dsa_pub_key.value)
4290Sstevel@tonic-gate 
4300Sstevel@tonic-gate /*
4310Sstevel@tonic-gate  * Diffie-Hellman Public Key Object Attributes
4320Sstevel@tonic-gate  */
4330Sstevel@tonic-gate #define	KEY_PUB_DH(k) \
4340Sstevel@tonic-gate 	&((k)->key_type_u.dh_pub_key)
4350Sstevel@tonic-gate #define	OBJ_PUB_DH_PRIME(o) \
4360Sstevel@tonic-gate 	&((o)->object_class_u.public_key->key_type_u.dh_pub_key.prime)
4370Sstevel@tonic-gate #define	KEY_PUB_DH_PRIME(k) \
4380Sstevel@tonic-gate 	&((k)->key_type_u.dh_pub_key.prime)
4390Sstevel@tonic-gate #define	OBJ_PUB_DH_BASE(o) \
4400Sstevel@tonic-gate 	&((o)->object_class_u.public_key->key_type_u.dh_pub_key.base)
4410Sstevel@tonic-gate #define	KEY_PUB_DH_BASE(k) \
4420Sstevel@tonic-gate 	&((k)->key_type_u.dh_pub_key.base)
4430Sstevel@tonic-gate #define	OBJ_PUB_DH_VALUE(o) \
4440Sstevel@tonic-gate 	&((o)->object_class_u.public_key->key_type_u.dh_pub_key.value)
4450Sstevel@tonic-gate #define	KEY_PUB_DH_VALUE(k) \
4460Sstevel@tonic-gate 	&((k)->key_type_u.dh_pub_key.value)
4470Sstevel@tonic-gate 
4480Sstevel@tonic-gate /*
4490Sstevel@tonic-gate  * X9.42 Diffie-Hellman Public Key Object Attributes
4500Sstevel@tonic-gate  */
4510Sstevel@tonic-gate #define	KEY_PUB_DH942(k) \
4520Sstevel@tonic-gate 	&((k)->key_type_u.dh942_pub_key)
4530Sstevel@tonic-gate #define	OBJ_PUB_DH942_PRIME(o) \
4540Sstevel@tonic-gate 	&((o)->object_class_u.public_key->key_type_u.dh942_pub_key.prime)
4550Sstevel@tonic-gate #define	KEY_PUB_DH942_PRIME(k) \
4560Sstevel@tonic-gate 	&((k)->key_type_u.dh942_pub_key.prime)
4570Sstevel@tonic-gate #define	OBJ_PUB_DH942_BASE(o) \
4580Sstevel@tonic-gate 	&((o)->object_class_u.public_key->key_type_u.dh942_pub_key.base)
4590Sstevel@tonic-gate #define	KEY_PUB_DH942_BASE(k) \
4600Sstevel@tonic-gate 	&((k)->key_type_u.dh942_pub_key.base)
4610Sstevel@tonic-gate #define	OBJ_PUB_DH942_SUBPRIME(o) \
4620Sstevel@tonic-gate 	&((o)->object_class_u.public_key->key_type_u.dh942_pub_key.subprime)
4630Sstevel@tonic-gate #define	KEY_PUB_DH942_SUBPRIME(k) \
4640Sstevel@tonic-gate 	&((k)->key_type_u.dh942_pub_key.subprime)
4650Sstevel@tonic-gate #define	OBJ_PUB_DH942_VALUE(o) \
4660Sstevel@tonic-gate 	&((o)->object_class_u.public_key->key_type_u.dh942_pub_key.value)
4670Sstevel@tonic-gate #define	KEY_PUB_DH942_VALUE(k) \
4680Sstevel@tonic-gate 	&((k)->key_type_u.dh942_pub_key.value)
4690Sstevel@tonic-gate 
4700Sstevel@tonic-gate /*
4714219Smcpowers  * Elliptic Curve Public Key Object Attributes
4724219Smcpowers  */
4734219Smcpowers #define	KEY_PUB_EC(k) \
4744219Smcpowers 	&((k)->key_type_u.ec_pub_key)
4754219Smcpowers #define	OBJ_PUB_EC_POINT(o) \
4764219Smcpowers 	&((o)->object_class_u.public_key->key_type_u.ec_pub_key.point)
4774219Smcpowers #define	KEY_PUB_EC_POINT(k) \
4784219Smcpowers 	&((k)->key_type_u.ec_pub_key.point)
4794219Smcpowers 
4804219Smcpowers 
4814219Smcpowers /*
4820Sstevel@tonic-gate  * RSA Private Key Object Attributes
4830Sstevel@tonic-gate  */
4840Sstevel@tonic-gate #define	OBJ_PRI(o) \
4850Sstevel@tonic-gate 	((o)->object_class_u.private_key)
4860Sstevel@tonic-gate #define	KEY_PRI_RSA(k) \
4870Sstevel@tonic-gate 	&((k)->key_type_u.rsa_pri_key)
4880Sstevel@tonic-gate #define	OBJ_PRI_RSA_MOD(o) \
4890Sstevel@tonic-gate 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.modulus)
4900Sstevel@tonic-gate #define	KEY_PRI_RSA_MOD(k) \
4910Sstevel@tonic-gate 	&((k)->key_type_u.rsa_pri_key.modulus)
4920Sstevel@tonic-gate #define	OBJ_PRI_RSA_PUBEXPO(o) \
4930Sstevel@tonic-gate 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.pub_exponent)
4940Sstevel@tonic-gate #define	KEY_PRI_RSA_PUBEXPO(k) \
4950Sstevel@tonic-gate 	&((k)->key_type_u.rsa_pri_key.pub_exponent)
4960Sstevel@tonic-gate #define	OBJ_PRI_RSA_PRIEXPO(o) \
4970Sstevel@tonic-gate 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.pri_exponent)
4980Sstevel@tonic-gate #define	KEY_PRI_RSA_PRIEXPO(k) \
4990Sstevel@tonic-gate 	&((k)->key_type_u.rsa_pri_key.pri_exponent)
5000Sstevel@tonic-gate #define	OBJ_PRI_RSA_PRIME1(o) \
5010Sstevel@tonic-gate 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.prime_1)
5020Sstevel@tonic-gate #define	KEY_PRI_RSA_PRIME1(k) \
5030Sstevel@tonic-gate 	&((k)->key_type_u.rsa_pri_key.prime_1)
5040Sstevel@tonic-gate #define	OBJ_PRI_RSA_PRIME2(o) \
5050Sstevel@tonic-gate 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.prime_2)
5060Sstevel@tonic-gate #define	KEY_PRI_RSA_PRIME2(k) \
5070Sstevel@tonic-gate 	&((k)->key_type_u.rsa_pri_key.prime_2)
5080Sstevel@tonic-gate #define	OBJ_PRI_RSA_EXPO1(o) \
5090Sstevel@tonic-gate 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.exponent_1)
5100Sstevel@tonic-gate #define	KEY_PRI_RSA_EXPO1(k) \
5110Sstevel@tonic-gate 	&((k)->key_type_u.rsa_pri_key.exponent_1)
5120Sstevel@tonic-gate #define	OBJ_PRI_RSA_EXPO2(o) \
5130Sstevel@tonic-gate 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.exponent_2)
5140Sstevel@tonic-gate #define	KEY_PRI_RSA_EXPO2(k) \
5150Sstevel@tonic-gate 	&((k)->key_type_u.rsa_pri_key.exponent_2)
5160Sstevel@tonic-gate #define	OBJ_PRI_RSA_COEF(o) \
5170Sstevel@tonic-gate 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.coefficient)
5180Sstevel@tonic-gate #define	KEY_PRI_RSA_COEF(k) \
5190Sstevel@tonic-gate 	&((k)->key_type_u.rsa_pri_key.coefficient)
5200Sstevel@tonic-gate 
5210Sstevel@tonic-gate /*
5220Sstevel@tonic-gate  * DSA Private Key Object Attributes
5230Sstevel@tonic-gate  */
5240Sstevel@tonic-gate #define	KEY_PRI_DSA(k) \
5250Sstevel@tonic-gate 	&((k)->key_type_u.dsa_pri_key)
5260Sstevel@tonic-gate #define	OBJ_PRI_DSA_PRIME(o) \
5270Sstevel@tonic-gate 	&((o)->object_class_u.private_key->key_type_u.dsa_pri_key.prime)
5280Sstevel@tonic-gate #define	KEY_PRI_DSA_PRIME(k) \
5290Sstevel@tonic-gate 	&((k)->key_type_u.dsa_pri_key.prime)
5300Sstevel@tonic-gate #define	OBJ_PRI_DSA_SUBPRIME(o) \
5310Sstevel@tonic-gate 	&((o)->object_class_u.private_key->key_type_u.dsa_pri_key.subprime)
5320Sstevel@tonic-gate #define	KEY_PRI_DSA_SUBPRIME(k) \
5330Sstevel@tonic-gate 	&((k)->key_type_u.dsa_pri_key.subprime)
5340Sstevel@tonic-gate #define	OBJ_PRI_DSA_BASE(o) \
5350Sstevel@tonic-gate 	&((o)->object_class_u.private_key->key_type_u.dsa_pri_key.base)
5360Sstevel@tonic-gate #define	KEY_PRI_DSA_BASE(k) \
5370Sstevel@tonic-gate 	&((k)->key_type_u.dsa_pri_key.base)
5380Sstevel@tonic-gate #define	OBJ_PRI_DSA_VALUE(o) \
5390Sstevel@tonic-gate 	&((o)->object_class_u.private_key->key_type_u.dsa_pri_key.value)
5400Sstevel@tonic-gate #define	KEY_PRI_DSA_VALUE(k) \
5410Sstevel@tonic-gate 	&((k)->key_type_u.dsa_pri_key.value)
5420Sstevel@tonic-gate 
5430Sstevel@tonic-gate /*
5440Sstevel@tonic-gate  * Diffie-Hellman Private Key Object Attributes
5450Sstevel@tonic-gate  */
5460Sstevel@tonic-gate #define	KEY_PRI_DH(k) \
5470Sstevel@tonic-gate 	&((k)->key_type_u.dh_pri_key)
5480Sstevel@tonic-gate #define	OBJ_PRI_DH_PRIME(o) \
5490Sstevel@tonic-gate 	&((o)->object_class_u.private_key->key_type_u.dh_pri_key.prime)
5500Sstevel@tonic-gate #define	KEY_PRI_DH_PRIME(k) \
5510Sstevel@tonic-gate 	&((k)->key_type_u.dh_pri_key.prime)
5520Sstevel@tonic-gate #define	OBJ_PRI_DH_BASE(o) \
5530Sstevel@tonic-gate 	&((o)->object_class_u.private_key->key_type_u.dh_pri_key.base)
5540Sstevel@tonic-gate #define	KEY_PRI_DH_BASE(k) \
5550Sstevel@tonic-gate 	&((k)->key_type_u.dh_pri_key.base)
5560Sstevel@tonic-gate #define	OBJ_PRI_DH_VALUE(o) \
5570Sstevel@tonic-gate 	&((o)->object_class_u.private_key->key_type_u.dh_pri_key.value)
5580Sstevel@tonic-gate #define	KEY_PRI_DH_VALUE(k) \
5590Sstevel@tonic-gate 	&((k)->key_type_u.dh_pri_key.value)
5600Sstevel@tonic-gate #define	OBJ_PRI_DH_VAL_BITS(o) \
5610Sstevel@tonic-gate 	((o)->object_class_u.private_key->key_type_u.dh_pri_key.value_bits)
5620Sstevel@tonic-gate #define	KEY_PRI_DH_VAL_BITS(k) \
5630Sstevel@tonic-gate 	((k)->key_type_u.dh_pri_key.value_bits)
5640Sstevel@tonic-gate 
5650Sstevel@tonic-gate /*
5660Sstevel@tonic-gate  * X9.42 Diffie-Hellman Private Key Object Attributes
5670Sstevel@tonic-gate  */
5680Sstevel@tonic-gate #define	KEY_PRI_DH942(k) \
5690Sstevel@tonic-gate 	&((k)->key_type_u.dh942_pri_key)
5700Sstevel@tonic-gate #define	OBJ_PRI_DH942_PRIME(o) \
5710Sstevel@tonic-gate 	&((o)->object_class_u.private_key->key_type_u.dh942_pri_key.prime)
5720Sstevel@tonic-gate #define	KEY_PRI_DH942_PRIME(k) \
5730Sstevel@tonic-gate 	&((k)->key_type_u.dh942_pri_key.prime)
5740Sstevel@tonic-gate #define	OBJ_PRI_DH942_BASE(o) \
5750Sstevel@tonic-gate 	&((o)->object_class_u.private_key->key_type_u.dh942_pri_key.base)
5760Sstevel@tonic-gate #define	KEY_PRI_DH942_BASE(k) \
5770Sstevel@tonic-gate 	&((k)->key_type_u.dh942_pri_key.base)
5780Sstevel@tonic-gate #define	OBJ_PRI_DH942_SUBPRIME(o) \
5790Sstevel@tonic-gate 	&((o)->object_class_u.private_key->key_type_u.dh942_pri_key.subprime)
5800Sstevel@tonic-gate #define	KEY_PRI_DH942_SUBPRIME(k) \
5810Sstevel@tonic-gate 	&((k)->key_type_u.dh942_pri_key.subprime)
5820Sstevel@tonic-gate #define	OBJ_PRI_DH942_VALUE(o) \
5830Sstevel@tonic-gate 	&((o)->object_class_u.private_key->key_type_u.dh942_pri_key.value)
5840Sstevel@tonic-gate #define	KEY_PRI_DH942_VALUE(k) \
5850Sstevel@tonic-gate 	&((k)->key_type_u.dh942_pri_key.value)
5860Sstevel@tonic-gate 
5870Sstevel@tonic-gate /*
5884219Smcpowers  * Elliptic Curve Private Key Object Attributes
5894219Smcpowers  */
5904219Smcpowers 
5914219Smcpowers #define	KEY_PRI_EC(k) \
5924219Smcpowers 	&((k)->key_type_u.ec_pri_key)
5934219Smcpowers #define	OBJ_PRI_EC_VALUE(o) \
5944219Smcpowers 	&((o)->object_class_u.private_key->key_type_u.ec_pri_key.value)
5954219Smcpowers #define	KEY_PRI_EC_VALUE(k) \
5964219Smcpowers 	&((k)->key_type_u.ec_pri_key.value)
5974219Smcpowers 
5984219Smcpowers /*
5990Sstevel@tonic-gate  * DSA Domain Parameters Object Attributes
6000Sstevel@tonic-gate  */
6010Sstevel@tonic-gate #define	OBJ_DOM(o) \
6020Sstevel@tonic-gate 	((o)->object_class_u.domain)
6030Sstevel@tonic-gate #define	KEY_DOM_DSA(k) \
6040Sstevel@tonic-gate 	&((k)->key_type_u.dsa_dom_key)
6050Sstevel@tonic-gate #define	OBJ_DOM_DSA_PRIME(o) \
6060Sstevel@tonic-gate 	&((o)->object_class_u.domain->key_type_u.dsa_dom_key.prime)
6070Sstevel@tonic-gate #define	KEY_DOM_DSA_PRIME(k) \
6080Sstevel@tonic-gate 	&((k)->key_type_u.dsa_dom_key.prime)
6090Sstevel@tonic-gate #define	OBJ_DOM_DSA_SUBPRIME(o) \
6100Sstevel@tonic-gate 	&((o)->object_class_u.domain->key_type_u.dsa_dom_key.subprime)
6110Sstevel@tonic-gate #define	KEY_DOM_DSA_SUBPRIME(k) \
6120Sstevel@tonic-gate 	&((k)->key_type_u.dsa_dom_key.subprime)
6130Sstevel@tonic-gate #define	OBJ_DOM_DSA_BASE(o) \
6140Sstevel@tonic-gate 	&((o)->object_class_u.domain->key_type_u.dsa_dom_key.base)
6150Sstevel@tonic-gate #define	KEY_DOM_DSA_BASE(k) \
6160Sstevel@tonic-gate 	&((k)->key_type_u.dsa_dom_key.base)
6170Sstevel@tonic-gate #define	OBJ_DOM_DSA_PRIME_BITS(o) \
6180Sstevel@tonic-gate 	((o)->object_class_u.domain->key_type_u.dsa_dom_key.prime_bits)
6190Sstevel@tonic-gate 
6200Sstevel@tonic-gate /*
6210Sstevel@tonic-gate  * Diffie-Hellman Domain Parameters Object Attributes
6220Sstevel@tonic-gate  */
6230Sstevel@tonic-gate #define	KEY_DOM_DH(k) \
6240Sstevel@tonic-gate 	&((k)->key_type_u.dh_dom_key)
6250Sstevel@tonic-gate #define	OBJ_DOM_DH_PRIME(o) \
6260Sstevel@tonic-gate 	&((o)->object_class_u.domain->key_type_u.dh_dom_key.prime)
6270Sstevel@tonic-gate #define	KEY_DOM_DH_PRIME(k) \
6280Sstevel@tonic-gate 	&((k)->key_type_u.dh_dom_key.prime)
6290Sstevel@tonic-gate #define	OBJ_DOM_DH_BASE(o) \
6300Sstevel@tonic-gate 	&((o)->object_class_u.domain->key_type_u.dh_dom_key.base)
6310Sstevel@tonic-gate #define	KEY_DOM_DH_BASE(k) \
6320Sstevel@tonic-gate 	&((k)->key_type_u.dh_dom_key.base)
6330Sstevel@tonic-gate #define	OBJ_DOM_DH_PRIME_BITS(o) \
6340Sstevel@tonic-gate 	((o)->object_class_u.domain->key_type_u.dh_dom_key.prime_bits)
6350Sstevel@tonic-gate 
6360Sstevel@tonic-gate /*
6370Sstevel@tonic-gate  * X9.42 Diffie-Hellman Domain Parameters Object Attributes
6380Sstevel@tonic-gate  */
6390Sstevel@tonic-gate #define	KEY_DOM_DH942(k) \
6400Sstevel@tonic-gate 	&((k)->key_type_u.dh942_dom_key)
6410Sstevel@tonic-gate #define	OBJ_DOM_DH942_PRIME(o) \
6420Sstevel@tonic-gate 	&((o)->object_class_u.domain->key_type_u.dh942_dom_key.prime)
6430Sstevel@tonic-gate #define	KEY_DOM_DH942_PRIME(k) \
6440Sstevel@tonic-gate 	&((k)->key_type_u.dh942_dom_key.prime)
6450Sstevel@tonic-gate #define	OBJ_DOM_DH942_BASE(o) \
6460Sstevel@tonic-gate 	&((o)->object_class_u.domain->key_type_u.dh942_dom_key.base)
6470Sstevel@tonic-gate #define	KEY_DOM_DH942_BASE(k) \
6480Sstevel@tonic-gate 	&((k)->key_type_u.dh942_dom_key.base)
6490Sstevel@tonic-gate #define	OBJ_DOM_DH942_SUBPRIME(o) \
6500Sstevel@tonic-gate 	&((o)->object_class_u.domain->key_type_u.dh942_dom_key.subprime)
6510Sstevel@tonic-gate #define	KEY_DOM_DH942_SUBPRIME(k) \
6520Sstevel@tonic-gate 	&((k)->key_type_u.dh942_dom_key.subprime)
6530Sstevel@tonic-gate #define	OBJ_DOM_DH942_PRIME_BITS(o) \
6540Sstevel@tonic-gate 	((o)->object_class_u.domain->key_type_u.dh942_dom_key.prime_bits)
6550Sstevel@tonic-gate #define	OBJ_DOM_DH942_SUBPRIME_BITS(o) \
6560Sstevel@tonic-gate 	((o)->object_class_u.domain->key_type_u.dh942_dom_key.subprime_bits)
6570Sstevel@tonic-gate 
6580Sstevel@tonic-gate /*
6590Sstevel@tonic-gate  * Secret Key Object Attributes
6600Sstevel@tonic-gate  */
6610Sstevel@tonic-gate #define	OBJ_SEC(o) \
6620Sstevel@tonic-gate 	((o)->object_class_u.secret_key)
6630Sstevel@tonic-gate #define	OBJ_SEC_VALUE(o) \
6640Sstevel@tonic-gate 	((o)->object_class_u.secret_key->sk_value)
6650Sstevel@tonic-gate #define	OBJ_SEC_VALUE_LEN(o) \
6660Sstevel@tonic-gate 	((o)->object_class_u.secret_key->sk_value_len)
6670Sstevel@tonic-gate #define	OBJ_KEY_SCHED(o) \
6680Sstevel@tonic-gate 	((o)->object_class_u.secret_key->key_sched)
6690Sstevel@tonic-gate #define	OBJ_KEY_SCHED_LEN(o) \
6700Sstevel@tonic-gate 	((o)->object_class_u.secret_key->keysched_len)
6710Sstevel@tonic-gate 
6720Sstevel@tonic-gate #define	OBJ_CERT(o) \
6730Sstevel@tonic-gate 	((o)->object_class_u.certificate)
6740Sstevel@tonic-gate /*
6750Sstevel@tonic-gate  * X.509 Key Certificate object attributes
6760Sstevel@tonic-gate  */
6770Sstevel@tonic-gate #define	X509_CERT(o) \
6780Sstevel@tonic-gate 	((o)->object_class_u.certificate->cert_type_u.x509)
6790Sstevel@tonic-gate #define	X509_CERT_SUBJECT(o) \
6800Sstevel@tonic-gate 	((o)->object_class_u.certificate->cert_type_u.x509.subject)
6810Sstevel@tonic-gate #define	X509_CERT_VALUE(o) \
6820Sstevel@tonic-gate 	((o)->object_class_u.certificate->cert_type_u.x509.value)
6830Sstevel@tonic-gate 
6840Sstevel@tonic-gate /*
6850Sstevel@tonic-gate  * X.509 Attribute Certificate object attributes
6860Sstevel@tonic-gate  */
6870Sstevel@tonic-gate #define	X509_ATTR_CERT(o) \
6880Sstevel@tonic-gate 	((o)->object_class_u.certificate->cert_type_u.x509_attr)
6890Sstevel@tonic-gate #define	X509_ATTR_CERT_OWNER(o) \
6900Sstevel@tonic-gate 	((o)->object_class_u.certificate->cert_type_u.x509_attr.owner)
6910Sstevel@tonic-gate #define	X509_ATTR_CERT_VALUE(o) \
6920Sstevel@tonic-gate 	((o)->object_class_u.certificate->cert_type_u.x509_attr.value)
6930Sstevel@tonic-gate 
6940Sstevel@tonic-gate /*
6950Sstevel@tonic-gate  * key related attributes with CK_BBOOL data type
6960Sstevel@tonic-gate  */
6970Sstevel@tonic-gate #define	DERIVE_BOOL_ON			0x00000001
6980Sstevel@tonic-gate #define	LOCAL_BOOL_ON			0x00000002
6990Sstevel@tonic-gate #define	SENSITIVE_BOOL_ON		0x00000004
7000Sstevel@tonic-gate #define	SECONDARY_AUTH_BOOL_ON		0x00000008
7010Sstevel@tonic-gate #define	ENCRYPT_BOOL_ON			0x00000010
7020Sstevel@tonic-gate #define	DECRYPT_BOOL_ON			0x00000020
7030Sstevel@tonic-gate #define	SIGN_BOOL_ON			0x00000040
7040Sstevel@tonic-gate #define	SIGN_RECOVER_BOOL_ON		0x00000080
7050Sstevel@tonic-gate #define	VERIFY_BOOL_ON			0x00000100
7060Sstevel@tonic-gate #define	VERIFY_RECOVER_BOOL_ON		0x00000200
7070Sstevel@tonic-gate #define	WRAP_BOOL_ON			0x00000400
7080Sstevel@tonic-gate #define	UNWRAP_BOOL_ON			0x00000800
7090Sstevel@tonic-gate #define	TRUSTED_BOOL_ON			0x00001000
7100Sstevel@tonic-gate #define	EXTRACTABLE_BOOL_ON		0x00002000
7110Sstevel@tonic-gate #define	ALWAYS_SENSITIVE_BOOL_ON	0x00004000
7120Sstevel@tonic-gate #define	NEVER_EXTRACTABLE_BOOL_ON	0x00008000
7130Sstevel@tonic-gate #define	NOT_MODIFIABLE_BOOL_ON		0x00010000
7140Sstevel@tonic-gate 
7150Sstevel@tonic-gate #define	PUBLIC_KEY_DEFAULT	(ENCRYPT_BOOL_ON|\
7160Sstevel@tonic-gate 				WRAP_BOOL_ON|\
7170Sstevel@tonic-gate 				VERIFY_BOOL_ON|\
7180Sstevel@tonic-gate 				VERIFY_RECOVER_BOOL_ON)
7190Sstevel@tonic-gate 
7200Sstevel@tonic-gate #define	PRIVATE_KEY_DEFAULT	(DECRYPT_BOOL_ON|\
7210Sstevel@tonic-gate 				UNWRAP_BOOL_ON|\
7220Sstevel@tonic-gate 				SIGN_BOOL_ON|\
7230Sstevel@tonic-gate 				SIGN_RECOVER_BOOL_ON|\
7240Sstevel@tonic-gate 				EXTRACTABLE_BOOL_ON)
7250Sstevel@tonic-gate 
7260Sstevel@tonic-gate #define	SECRET_KEY_DEFAULT	(ENCRYPT_BOOL_ON|\
7270Sstevel@tonic-gate 				DECRYPT_BOOL_ON|\
7280Sstevel@tonic-gate 				WRAP_BOOL_ON|\
7290Sstevel@tonic-gate 				UNWRAP_BOOL_ON|\
7300Sstevel@tonic-gate 				SIGN_BOOL_ON|\
7310Sstevel@tonic-gate 				VERIFY_BOOL_ON|\
7320Sstevel@tonic-gate 				EXTRACTABLE_BOOL_ON)
7330Sstevel@tonic-gate 
7340Sstevel@tonic-gate /*
7350Sstevel@tonic-gate  * MAX_KEY_ATTR_BUFLEN
7360Sstevel@tonic-gate  * The maximum buffer size needed for public or private key attributes
7370Sstevel@tonic-gate  * should be 514 bytes.  Just to be safe we give a little more space.
7380Sstevel@tonic-gate  */
7390Sstevel@tonic-gate #define	MAX_KEY_ATTR_BUFLEN 1024
7400Sstevel@tonic-gate 
7410Sstevel@tonic-gate /*
7420Sstevel@tonic-gate  * Flag definitions for obj_delete_sync
7430Sstevel@tonic-gate  */
7440Sstevel@tonic-gate #define	OBJECT_IS_DELETING	1	/* Object is in a deleting state */
7450Sstevel@tonic-gate #define	OBJECT_REFCNT_WAITING	2	/* Waiting for object reference */
7460Sstevel@tonic-gate 					/* count to become zero */
7470Sstevel@tonic-gate 
7480Sstevel@tonic-gate /*
7490Sstevel@tonic-gate  * This macro is used to type cast an object handle to a pointer to
7500Sstevel@tonic-gate  * the object struct. Also, it checks to see if the object struct
7510Sstevel@tonic-gate  * is tagged with an object magic number. This is to detect when an
7520Sstevel@tonic-gate  * application passes a bogus object pointer.
7530Sstevel@tonic-gate  * Also, it checks to see if the object is in the deleting state that
7540Sstevel@tonic-gate  * another thread is performing. If not, increment the object reference
7550Sstevel@tonic-gate  * count by one. This is to prevent this object from being deleted by
7560Sstevel@tonic-gate  * other thread.
7570Sstevel@tonic-gate  */
7580Sstevel@tonic-gate #define	HANDLE2OBJECT_COMMON(hObject, object_p, rv, REFCNT_CODE) { \
7590Sstevel@tonic-gate 	object_p = (soft_object_t *)(hObject); \
7600Sstevel@tonic-gate 	if ((object_p == NULL) || \
7610Sstevel@tonic-gate 		(object_p->magic_marker != SOFTTOKEN_OBJECT_MAGIC)) {\
7620Sstevel@tonic-gate 			rv = CKR_OBJECT_HANDLE_INVALID; \
7630Sstevel@tonic-gate 	} else { \
7640Sstevel@tonic-gate 		(void) pthread_mutex_lock(&object_p->object_mutex); \
7650Sstevel@tonic-gate 		if (!(object_p->obj_delete_sync & OBJECT_IS_DELETING)) { \
7660Sstevel@tonic-gate 			REFCNT_CODE; \
7670Sstevel@tonic-gate 			rv = CKR_OK; \
7680Sstevel@tonic-gate 		} else { \
7690Sstevel@tonic-gate 			rv = CKR_OBJECT_HANDLE_INVALID; \
7700Sstevel@tonic-gate 		} \
7710Sstevel@tonic-gate 		(void) pthread_mutex_unlock(&object_p->object_mutex); \
7720Sstevel@tonic-gate 	} \
7730Sstevel@tonic-gate }
7740Sstevel@tonic-gate 
7750Sstevel@tonic-gate #define	HANDLE2OBJECT(hObject, object_p, rv) \
7760Sstevel@tonic-gate 	HANDLE2OBJECT_COMMON(hObject, object_p, rv, object_p->obj_refcnt++)
7770Sstevel@tonic-gate 
7780Sstevel@tonic-gate #define	HANDLE2OBJECT_DESTROY(hObject, object_p, rv) \
7790Sstevel@tonic-gate 	HANDLE2OBJECT_COMMON(hObject, object_p, rv, /* no refcnt increment */)
7800Sstevel@tonic-gate 
7810Sstevel@tonic-gate 
7820Sstevel@tonic-gate #define	OBJ_REFRELE(object_p) { \
7830Sstevel@tonic-gate 	(void) pthread_mutex_lock(&object_p->object_mutex); \
7840Sstevel@tonic-gate 	if ((--object_p->obj_refcnt) == 0 && \
7850Sstevel@tonic-gate 	    (object_p->obj_delete_sync & OBJECT_REFCNT_WAITING)) { \
7860Sstevel@tonic-gate 		(void) pthread_cond_signal(&object_p->obj_free_cond); \
7870Sstevel@tonic-gate 	} \
7880Sstevel@tonic-gate 	(void) pthread_mutex_unlock(&object_p->object_mutex); \
7890Sstevel@tonic-gate }
7900Sstevel@tonic-gate 
7910Sstevel@tonic-gate /*
7920Sstevel@tonic-gate  * Function Prototypes.
7930Sstevel@tonic-gate  */
7940Sstevel@tonic-gate void soft_cleanup_object(soft_object_t *objp);
7950Sstevel@tonic-gate 
7960Sstevel@tonic-gate CK_RV soft_add_object(CK_ATTRIBUTE_PTR pTemplate,  CK_ULONG ulCount,
7970Sstevel@tonic-gate 	CK_ULONG *objecthandle_p, soft_session_t *sp);
7980Sstevel@tonic-gate 
7990Sstevel@tonic-gate void soft_delete_object(soft_session_t *sp, soft_object_t *objp,
8009661SZdenek.Kotala@Sun.COM 	boolean_t force, boolean_t lock_held);
8010Sstevel@tonic-gate 
8020Sstevel@tonic-gate void soft_cleanup_extra_attr(soft_object_t *object_p);
8030Sstevel@tonic-gate 
8040Sstevel@tonic-gate CK_RV soft_copy_extra_attr(CK_ATTRIBUTE_INFO_PTR old_attrp,
8050Sstevel@tonic-gate 	soft_object_t *object_p);
8060Sstevel@tonic-gate 
8070Sstevel@tonic-gate void soft_cleanup_object_bigint_attrs(soft_object_t *object_p);
8080Sstevel@tonic-gate 
8090Sstevel@tonic-gate CK_RV soft_build_object(CK_ATTRIBUTE_PTR template,
8100Sstevel@tonic-gate 	CK_ULONG ulAttrNum, soft_object_t *new_object);
8110Sstevel@tonic-gate 
8120Sstevel@tonic-gate CK_RV soft_build_secret_key_object(CK_ATTRIBUTE_PTR template,
8130Sstevel@tonic-gate 	CK_ULONG ulAttrNum, soft_object_t *new_object, CK_ULONG mode,
8140Sstevel@tonic-gate 	CK_ULONG key_len, CK_KEY_TYPE key_type);
8150Sstevel@tonic-gate 
8160Sstevel@tonic-gate CK_RV soft_copy_object(soft_object_t *old_object, soft_object_t **new_object,
8170Sstevel@tonic-gate 	CK_ULONG object_func, soft_session_t *sp);
8180Sstevel@tonic-gate 
8190Sstevel@tonic-gate void soft_merge_object(soft_object_t *old_object, soft_object_t *new_object);
8200Sstevel@tonic-gate 
8210Sstevel@tonic-gate CK_RV soft_get_attribute(soft_object_t *object_p, CK_ATTRIBUTE_PTR template);
8220Sstevel@tonic-gate 
8230Sstevel@tonic-gate CK_RV soft_set_attribute(soft_object_t *object_p, CK_ATTRIBUTE_PTR template,
8240Sstevel@tonic-gate 	boolean_t copy);
8250Sstevel@tonic-gate 
8260Sstevel@tonic-gate CK_RV soft_set_common_storage_attribute(soft_object_t *object_p,
8270Sstevel@tonic-gate 	CK_ATTRIBUTE_PTR template, boolean_t copy);
8280Sstevel@tonic-gate 
8297260Smcpowers CK_RV soft_get_public_value(soft_object_t *, CK_ATTRIBUTE_TYPE, uchar_t *,
8300Sstevel@tonic-gate 	uint32_t *);
8310Sstevel@tonic-gate 
8327260Smcpowers CK_RV soft_get_private_value(soft_object_t *, CK_ATTRIBUTE_TYPE, uchar_t *,
8330Sstevel@tonic-gate 	uint32_t *);
8340Sstevel@tonic-gate 
8350Sstevel@tonic-gate CK_RV get_ulong_attr_from_object(CK_ULONG value, CK_ATTRIBUTE_PTR template);
8360Sstevel@tonic-gate 
8370Sstevel@tonic-gate void copy_bigint_attr(biginteger_t *src, biginteger_t *dst);
8380Sstevel@tonic-gate 
8390Sstevel@tonic-gate void soft_add_object_to_session(soft_object_t *, soft_session_t *);
8400Sstevel@tonic-gate 
8410Sstevel@tonic-gate CK_RV soft_build_key(CK_ATTRIBUTE_PTR, CK_ULONG, soft_object_t *,
8420Sstevel@tonic-gate 	CK_OBJECT_CLASS, CK_KEY_TYPE, CK_ULONG, CK_ULONG);
8430Sstevel@tonic-gate 
8440Sstevel@tonic-gate CK_RV soft_copy_public_key_attr(public_key_obj_t *old_pub_key_obj_p,
8450Sstevel@tonic-gate 	public_key_obj_t **new_pub_key_obj_p, CK_KEY_TYPE key_type);
8460Sstevel@tonic-gate 
8470Sstevel@tonic-gate CK_RV soft_copy_private_key_attr(private_key_obj_t *old_pri_key_obj_p,
8480Sstevel@tonic-gate 	private_key_obj_t **new_pri_key_obj_p, CK_KEY_TYPE key_type);
8490Sstevel@tonic-gate 
8500Sstevel@tonic-gate CK_RV soft_copy_secret_key_attr(secret_key_obj_t *old_secret_key_obj_p,
8510Sstevel@tonic-gate 	secret_key_obj_t **new_secret_key_obj_p);
8520Sstevel@tonic-gate 
8530Sstevel@tonic-gate CK_RV soft_copy_domain_attr(domain_obj_t *old_domain_obj_p,
8540Sstevel@tonic-gate 	domain_obj_t **new_domain_obj_p, CK_KEY_TYPE key_type);
8550Sstevel@tonic-gate 
8560Sstevel@tonic-gate CK_RV soft_validate_attr(CK_ATTRIBUTE_PTR template, CK_ULONG ulAttrNum,
8570Sstevel@tonic-gate 	CK_OBJECT_CLASS *class);
8580Sstevel@tonic-gate 
8590Sstevel@tonic-gate CK_RV soft_find_objects_init(soft_session_t *sp, CK_ATTRIBUTE_PTR pTemplate,
8600Sstevel@tonic-gate 	CK_ULONG ulCount);
8610Sstevel@tonic-gate 
8620Sstevel@tonic-gate void soft_find_objects_final(soft_session_t *sp);
8630Sstevel@tonic-gate 
8640Sstevel@tonic-gate void soft_find_objects(soft_session_t *sp, CK_OBJECT_HANDLE *obj_found,
8650Sstevel@tonic-gate 	CK_ULONG max_obj_requested, CK_ULONG *found_obj_count);
8660Sstevel@tonic-gate 
8670Sstevel@tonic-gate void soft_process_find_attr(CK_OBJECT_CLASS *pclasses,
8680Sstevel@tonic-gate 	CK_ULONG *num_result_pclasses, CK_ATTRIBUTE_PTR pTemplate,
8690Sstevel@tonic-gate 	CK_ULONG ulCount);
8700Sstevel@tonic-gate 
8710Sstevel@tonic-gate boolean_t soft_find_match_attrs(soft_object_t *obj, CK_OBJECT_CLASS *pclasses,
8720Sstevel@tonic-gate 	CK_ULONG num_pclasses, CK_ATTRIBUTE *tmpl_attr, CK_ULONG num_attr);
8730Sstevel@tonic-gate 
8740Sstevel@tonic-gate CK_ATTRIBUTE_PTR get_extra_attr(CK_ATTRIBUTE_TYPE type, soft_object_t *obj);
8750Sstevel@tonic-gate 
8760Sstevel@tonic-gate CK_RV get_string_from_template(CK_ATTRIBUTE_PTR dest, CK_ATTRIBUTE_PTR src);
8770Sstevel@tonic-gate 
8780Sstevel@tonic-gate void string_attr_cleanup(CK_ATTRIBUTE_PTR template);
8790Sstevel@tonic-gate 
8800Sstevel@tonic-gate void soft_cleanup_cert_object(soft_object_t *object_p);
8810Sstevel@tonic-gate 
8820Sstevel@tonic-gate CK_RV soft_get_certificate_attribute(soft_object_t *object_p,
8830Sstevel@tonic-gate 	CK_ATTRIBUTE_PTR template);
8840Sstevel@tonic-gate 
8850Sstevel@tonic-gate CK_RV soft_set_certificate_attribute(soft_object_t *object_p,
8860Sstevel@tonic-gate 	CK_ATTRIBUTE_PTR template, boolean_t copy);
8870Sstevel@tonic-gate 
8880Sstevel@tonic-gate CK_RV soft_copy_certificate(certificate_obj_t *old, certificate_obj_t **new,
8890Sstevel@tonic-gate 	CK_CERTIFICATE_TYPE type);
8900Sstevel@tonic-gate 
8910Sstevel@tonic-gate CK_RV get_cert_attr_from_template(cert_attr_t **dest,
8920Sstevel@tonic-gate 	CK_ATTRIBUTE_PTR src);
8930Sstevel@tonic-gate 
8940Sstevel@tonic-gate /* Token object related function prototypes */
8950Sstevel@tonic-gate 
8960Sstevel@tonic-gate void soft_add_token_object_to_slot(soft_object_t *objp);
8970Sstevel@tonic-gate 
8980Sstevel@tonic-gate void soft_remove_token_object_from_slot(soft_object_t *objp,
8990Sstevel@tonic-gate 	boolean_t lock_held);
9000Sstevel@tonic-gate 
9010Sstevel@tonic-gate void soft_delete_token_object(soft_object_t *objp, boolean_t persistent,
9020Sstevel@tonic-gate 	boolean_t lock_held);
9030Sstevel@tonic-gate 
9040Sstevel@tonic-gate void soft_delete_all_in_core_token_objects(token_obj_type_t type);
9050Sstevel@tonic-gate 
9060Sstevel@tonic-gate void soft_validate_token_objects(boolean_t validate);
9070Sstevel@tonic-gate 
9080Sstevel@tonic-gate CK_RV soft_object_write_access_check(soft_session_t *sp, soft_object_t *objp);
9090Sstevel@tonic-gate 
9100Sstevel@tonic-gate CK_RV soft_pin_expired_check(soft_object_t *objp);
9110Sstevel@tonic-gate 
9120Sstevel@tonic-gate CK_RV soft_copy_to_old_object(soft_object_t *new, soft_object_t *old);
9130Sstevel@tonic-gate 
9140Sstevel@tonic-gate CK_RV soft_keystore_load_latest_object(soft_object_t *old_obj);
9150Sstevel@tonic-gate 
9160Sstevel@tonic-gate CK_RV refresh_token_objects();
9170Sstevel@tonic-gate 
9180Sstevel@tonic-gate void bigint_attr_cleanup(biginteger_t *big);
9190Sstevel@tonic-gate 
9200Sstevel@tonic-gate CK_RV soft_add_extra_attr(CK_ATTRIBUTE_PTR template, soft_object_t *object_p);
9210Sstevel@tonic-gate 
9220Sstevel@tonic-gate CK_RV get_bigint_attr_from_template(biginteger_t *big,
9230Sstevel@tonic-gate 	CK_ATTRIBUTE_PTR template);
9240Sstevel@tonic-gate 
925*12573SDina.Nimeh@Sun.COM CK_RV dup_bigint_attr(biginteger_t *bi, CK_BYTE *buf, CK_ULONG buflen);
926*12573SDina.Nimeh@Sun.COM 
9270Sstevel@tonic-gate #ifdef	__cplusplus
9280Sstevel@tonic-gate }
9290Sstevel@tonic-gate #endif
9300Sstevel@tonic-gate 
9310Sstevel@tonic-gate #endif /* _SOFTOBJECT_H */
932