usr/src/lib/pkcs11/pkcs11_kms/common/kmsObject.h

   1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
  23  */
  24
  25 #ifndef _KMSOBJECT_H
  26 #define _KMSOBJECT_H
  27
  28 #ifdef __cplusplus
  29 extern "C" {
  30 #endif
  31
  32 #include <security/pkcs11t.h>
  33 #include "kmsSession.h"
  34 #include "kmsSlot.h"
  35
  36 #define KMSTOKEN_OBJECT_MAGIC 0xECF0B004
  37
  38 #define KMS_CREATE_OBJ  1
  39 #define KMS_GEN_KEY     2
  40
  41 /*
  42  * Secret key Struct
  43  */
  44 typedef struct secret_key_obj {
  45         CK_BYTE *sk_value;
  46         CK_ULONG sk_value_len;
  47         void *key_sched;
  48         size_t keysched_len;
  49 } secret_key_obj_t;
  50
  51 /*
  52  * This structure is used to hold the attributes in the
  53  * Extra Attribute List.
  54  */
  55 typedef struct attribute_info {
  56         CK_ATTRIBUTE    attr;
  57         struct attribute_info *next;
  58 } attribute_info_t;
  59
  60 typedef attribute_info_t *CK_ATTRIBUTE_INFO_PTR;
  61
  62 /*
  63  * This is the main structure of the Objects.
  64  */
  65 typedef struct object {
  66         boolean_t       is_lib_obj; /* default is TRUE */
  67
  68         /* Generic common fields. Always present */
  69         CK_OBJECT_CLASS class;
  70         CK_KEY_TYPE key_type;
  71         CK_ULONG magic_marker;
  72         uint64_t bool_attr_mask;
  73         CK_MECHANISM_TYPE mechanism;
  74
  75         /* Fields for access and arbitration */
  76         pthread_mutex_t object_mutex;
  77         struct object *next;
  78         struct object *prev;
  79
  80         /* Extra non-boolean attribute list */
  81         CK_ATTRIBUTE_INFO_PTR extra_attrlistp;
  82         CK_ULONG extra_attrcount;
  83
  84         /* For each object, only one object class is presented */
  85         union {
  86                 secret_key_obj_t  *secret_key;
  87         } object_class_u;
  88
  89         /* Session handle that the object belongs to */
  90         CK_SESSION_HANDLE       session_handle;
  91         uint32_t        obj_refcnt;     /* object reference count */
  92         pthread_cond_t  obj_free_cond;  /* cond variable for signal and wait */
  93         uint32_t        obj_delete_sync;        /* object delete sync flags */
  94 } kms_object_t;
  95
  96 typedef struct find_context {
  97         kms_object_t **objs_found;
  98         CK_ULONG num_results;
  99         CK_ULONG next_result_index; /* next result object to return */
 100 } find_context_t;
 101
 102 /*
 103  * The following structure is used to link the to-be-freed session
 104  * objects into a linked list. The objects on this linked list have
 105  * not yet been freed via free() after C_DestroyObject() call; instead
 106  * they are added to this list. The actual free will take place when
 107  * the number of objects queued reaches MAX_OBJ_TO_BE_FREED, at which
 108  * time the first object in the list will be freed.
 109  */
 110 #define MAX_OBJ_TO_BE_FREED             300
 111
 112 typedef struct obj_to_be_freed_list {
 113         kms_object_t    *first; /* points to first obj in the list */
 114         kms_object_t    *last;  /* points to last obj in the list */
 115         uint32_t        count;  /* current total objs in the list */
 116         pthread_mutex_t obj_to_be_free_mutex;
 117 } object_to_be_freed_list_t;
 118
 119 extern object_to_be_freed_list_t obj_delay_freed;
 120
 121 /*
 122  * The following definitions are the shortcuts
 123  */
 124
 125 /*
 126  * Secret Key Object Attributes
 127  */
 128 #define OBJ_SEC(o) \
 129         ((o)->object_class_u.secret_key)
 130 #define OBJ_SEC_VALUE(o) \
 131         ((o)->object_class_u.secret_key->sk_value)
 132 #define OBJ_SEC_VALUE_LEN(o) \
 133         ((o)->object_class_u.secret_key->sk_value_len)
 134 #define OBJ_KEY_SCHED(o) \
 135         ((o)->object_class_u.secret_key->key_sched)
 136 #define OBJ_KEY_SCHED_LEN(o) \
 137         ((o)->object_class_u.secret_key->keysched_len)
 138
 139 /*
 140  * key related attributes with CK_BBOOL data type
 141  */
 142 #define DERIVE_BOOL_ON                  0x00000001
 143 #define LOCAL_BOOL_ON                   0x00000002
 144 #define SENSITIVE_BOOL_ON               0x00000004
 145 #define SECONDARY_AUTH_BOOL_ON          0x00000008
 146 #define ENCRYPT_BOOL_ON                 0x00000010
 147 #define DECRYPT_BOOL_ON                 0x00000020
 148 #define SIGN_BOOL_ON                    0x00000040
 149 #define SIGN_RECOVER_BOOL_ON            0x00000080
 150 #define VERIFY_BOOL_ON                  0x00000100
 151 #define VERIFY_RECOVER_BOOL_ON          0x00000200
 152 #define WRAP_BOOL_ON                    0x00000400
 153 #define UNWRAP_BOOL_ON                  0x00000800
 154 #define TRUSTED_BOOL_ON                 0x00001000
 155 #define EXTRACTABLE_BOOL_ON             0x00002000
 156 #define ALWAYS_SENSITIVE_BOOL_ON        0x00004000
 157 #define NEVER_EXTRACTABLE_BOOL_ON       0x00008000
 158 #define PRIVATE_BOOL_ON                 0x00010000
 159 #define TOKEN_BOOL_ON                   0x00020000
 160 #define MODIFIABLE_BOOL_ON              0x00040000
 161
 162 #define SECRET_KEY_DEFAULT      (ENCRYPT_BOOL_ON|\
 163                                 DECRYPT_BOOL_ON|\
 164                                 SIGN_BOOL_ON|\
 165                                 VERIFY_BOOL_ON|\
 166                                 WRAP_BOOL_ON|\
 167                                 UNWRAP_BOOL_ON|\
 168                                 EXTRACTABLE_BOOL_ON|\
 169                                 MODIFIABLE_BOOL_ON)
 170
 171 /*
 172  * Flag definitions for obj_delete_sync
 173  */
 174 #define OBJECT_IS_DELETING      1       /* Object is in a deleting state */
 175 #define OBJECT_REFCNT_WAITING   2       /* Waiting for object reference */
 176                                         /* count to become zero */
 177
 178 /*
 179  * This macro is used to type cast an object handle to a pointer to
 180  * the object struct. Also, it checks to see if the object struct
 181  * is tagged with an object magic number. This is to detect when an
 182  * application passes a bogus object pointer.
 183  * Also, it checks to see if the object is in the deleting state that
 184  * another thread is performing. If not, increment the object reference
 185  * count by one. This is to prevent this object from being deleted by
 186  * other thread.
 187  */
 188 #define HANDLE2OBJECT_COMMON(hObject, object_p, rv, REFCNT_CODE) { \
 189         object_p = (kms_object_t *)(hObject); \
 190         if ((object_p == NULL) || \
 191                 (object_p->magic_marker != KMSTOKEN_OBJECT_MAGIC)) {\
 192                         rv = CKR_OBJECT_HANDLE_INVALID; \
 193         } else { \
 194                 (void) pthread_mutex_lock(&object_p->object_mutex); \
 195                 if (!(object_p->obj_delete_sync & OBJECT_IS_DELETING)) { \
 196                         REFCNT_CODE; \
 197                         rv = CKR_OK; \
 198                 } else { \
 199                         rv = CKR_OBJECT_HANDLE_INVALID; \
 200                 } \
 201                 (void) pthread_mutex_unlock(&object_p->object_mutex); \
 202         } \
 203 }
 204
 205 #define HANDLE2OBJECT(hObject, object_p, rv) \
 206         HANDLE2OBJECT_COMMON(hObject, object_p, rv, object_p->obj_refcnt++)
 207
 208 #define HANDLE2OBJECT_DESTROY(hObject, object_p, rv) \
 209         HANDLE2OBJECT_COMMON(hObject, object_p, rv, /* no refcnt increment */)
 210
 211
 212 #define OBJ_REFRELE(object_p) { \
 213         (void) pthread_mutex_lock(&object_p->object_mutex); \
 214         if ((--object_p->obj_refcnt) == 0 && \
 215             (object_p->obj_delete_sync & OBJECT_REFCNT_WAITING)) { \
 216                 (void) pthread_cond_signal(&object_p->obj_free_cond); \
 217         } \
 218         (void) pthread_mutex_unlock(&object_p->object_mutex); \
 219 }
 220
 221
 222 /*
 223  * Function Prototypes.
 224  */
 225 void kms_cleanup_object(kms_object_t *objp);
 226
 227 CK_RV kms_add_object(CK_ATTRIBUTE_PTR pTemplate,  CK_ULONG ulCount,
 228     CK_ULONG *objecthandle_p, kms_session_t *sp);
 229
 230 CK_RV kms_delete_object(kms_session_t *, kms_object_t *,
 231     boolean_t, boolean_t);
 232
 233 void kms_cleanup_extra_attr(kms_object_t *object_p);
 234
 235 CK_RV kms_copy_extra_attr(CK_ATTRIBUTE_INFO_PTR old_attrp,
 236     kms_object_t *object_p);
 237
 238 void kms_cleanup_object_bigint_attrs(kms_object_t *object_p);
 239
 240 CK_RV kms_build_object(CK_ATTRIBUTE_PTR, CK_ULONG, kms_object_t *);
 241
 242 CK_RV kms_copy_object(kms_object_t *old_object,
 243     kms_object_t **new_object, boolean_t copy_everything,
 244     kms_session_t *sp);
 245
 246 void kms_merge_object(kms_object_t *old_object,
 247     kms_object_t *new_object);
 248
 249 CK_RV kms_get_attribute(kms_object_t *object_p,
 250     CK_ATTRIBUTE_PTR template);
 251
 252 CK_RV kms_set_attribute(kms_object_t *, CK_ATTRIBUTE_PTR, boolean_t);
 253
 254 void kms_add_object_to_session(kms_object_t *objp, kms_session_t *sp);
 255
 256 CK_RV kms_copy_secret_key_attr(secret_key_obj_t *old_secret_key_obj_p,
 257     secret_key_obj_t **new_secret_key_obj_p);
 258
 259 CK_RV kms_validate_attr(CK_ATTRIBUTE_PTR template, CK_ULONG ulAttrNum,
 260     CK_OBJECT_CLASS *class);
 261
 262 CK_RV kms_find_objects_init(kms_session_t *sp,
 263     CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount);
 264
 265 void kms_find_objects_final(kms_session_t *sp);
 266
 267 CK_RV kms_find_objects(kms_session_t *sp,
 268     CK_OBJECT_HANDLE *obj_found, CK_ULONG max_obj_requested,
 269     CK_ULONG *found_obj_count);
 270
 271 void kms_process_find_attr(CK_OBJECT_CLASS *pclasses,
 272     CK_ULONG *num_result_pclasses, CK_ATTRIBUTE_PTR pTemplate,
 273     CK_ULONG ulCount);
 274
 275 boolean_t kms_find_match_attrs(kms_object_t *obj,
 276     CK_OBJECT_CLASS *pclasses, CK_ULONG num_pclasses,
 277     CK_ATTRIBUTE *tmpl_attr, CK_ULONG num_attr);
 278
 279 CK_ATTRIBUTE_PTR get_extra_attr(CK_ATTRIBUTE_TYPE type, kms_object_t *obj);
 280
 281 CK_RV get_string_from_template(CK_ATTRIBUTE_PTR dest, CK_ATTRIBUTE_PTR src);
 282
 283 void string_attr_cleanup(CK_ATTRIBUTE_PTR template);
 284
 285 void kms_add_token_object_to_slot(kms_object_t *objp,
 286     kms_slot_t *pslot);
 287
 288 void kms_remove_token_object_from_slot(kms_slot_t *pslot,
 289     kms_object_t *objp);
 290
 291 CK_RV kms_delete_token_object(kms_slot_t *pslot, kms_session_t *sp,
 292     kms_object_t *obj, boolean_t lock_held, boolean_t wrapper_only);
 293
 294 void kms_cleanup_pri_objects_in_slot(kms_slot_t *pslot,
 295     kms_session_t *sp);
 296
 297 CK_RV kms_get_object_size(kms_object_t *objp, CK_ULONG_PTR pulSize);
 298
 299 void kms_object_delay_free(kms_object_t *);
 300
 301 kms_object_t *kms_new_object();
 302 void kms_free_object(kms_object_t *);
 303
 304 #ifdef  __cplusplus
 305 }
 306 #endif
 307
 308 #endif /* _KMSOBJECT_H */