1 /* |
|
2 * Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved. |
|
3 */ |
|
4 |
|
5 /* crypto/engine/e_pk11.h */ |
|
6 /* |
|
7 * This product includes software developed by the OpenSSL Project for |
|
8 * use in the OpenSSL Toolkit (http://www.openssl.org/). |
|
9 * |
|
10 * This project also referenced hw_pkcs11-0.9.7b.patch written by |
|
11 * Afchine Madjlessi. |
|
12 */ |
|
13 /* |
|
14 * ==================================================================== |
|
15 * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved. |
|
16 * |
|
17 * Redistribution and use in source and binary forms, with or without |
|
18 * modification, are permitted provided that the following conditions |
|
19 * are met: |
|
20 * |
|
21 * 1. Redistributions of source code must retain the above copyright |
|
22 * notice, this list of conditions and the following disclaimer. |
|
23 * |
|
24 * 2. Redistributions in binary form must reproduce the above copyright |
|
25 * notice, this list of conditions and the following disclaimer in |
|
26 * the documentation and/or other materials provided with the |
|
27 * distribution. |
|
28 * |
|
29 * 3. All advertising materials mentioning features or use of this |
|
30 * software must display the following acknowledgment: |
|
31 * "This product includes software developed by the OpenSSL Project |
|
32 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" |
|
33 * |
|
34 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|
35 * endorse or promote products derived from this software without |
|
36 * prior written permission. For written permission, please contact |
|
37 * [email protected]. |
|
38 * |
|
39 * 5. Products derived from this software may not be called "OpenSSL" |
|
40 * nor may "OpenSSL" appear in their names without prior written |
|
41 * permission of the OpenSSL Project. |
|
42 * |
|
43 * 6. Redistributions of any form whatsoever must retain the following |
|
44 * acknowledgment: |
|
45 * "This product includes software developed by the OpenSSL Project |
|
46 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" |
|
47 * |
|
48 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|
49 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|
51 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|
52 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|
53 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|
54 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|
55 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|
56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|
57 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|
58 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|
59 * OF THE POSSIBILITY OF SUCH DAMAGE. |
|
60 * ==================================================================== |
|
61 * |
|
62 * This product includes cryptographic software written by Eric Young |
|
63 * ([email protected]). This product includes software written by Tim |
|
64 * Hudson ([email protected]). |
|
65 * |
|
66 */ |
|
67 |
|
68 #ifndef E_PK11_H |
|
69 #define E_PK11_H |
|
70 |
|
71 #include "e_pk11_err.h" |
|
72 |
|
73 #ifdef __cplusplus |
|
74 extern "C" { |
|
75 #endif |
|
76 |
|
77 /* max byte length of a symmetric key we support */ |
|
78 #define PK11_KEY_LEN_MAX 32 |
|
79 |
|
80 /* |
|
81 * This structure encapsulates all reusable information for a PKCS#11 |
|
82 * session. A list of these objects is created on behalf of the |
|
83 * calling application using an on-demand method. Each operation |
|
84 * type (see PK11_OPTYPE below) has its own per-process list. |
|
85 * Each of the lists is basically a cache for faster PKCS#11 object |
|
86 * access to avoid expensive C_Find{,Init,Final}Object() calls. |
|
87 * |
|
88 * When a new request comes in, an object will be taken from the list |
|
89 * (if there is one) or a new one is created to handle the request |
|
90 * (if the list is empty). See pk11_get_session() on how it is done. |
|
91 */ |
|
92 typedef struct PK11_st_SESSION |
|
93 { |
|
94 struct PK11_st_SESSION *next; |
|
95 CK_SESSION_HANDLE session; /* PK11 session handle */ |
|
96 pid_t pid; /* Current process ID */ |
|
97 CK_BBOOL persistent; /* is that a keystore object? */ |
|
98 union |
|
99 { |
|
100 #ifndef OPENSSL_NO_RSA |
|
101 struct |
|
102 { |
|
103 CK_OBJECT_HANDLE rsa_pub_key; /* pub handle */ |
|
104 CK_OBJECT_HANDLE rsa_priv_key; /* priv handle */ |
|
105 RSA *rsa_pub; /* pub key addr */ |
|
106 BIGNUM *rsa_n_num; /* pub modulus */ |
|
107 BIGNUM *rsa_e_num; /* pub exponent */ |
|
108 RSA *rsa_priv; /* priv key addr */ |
|
109 BIGNUM *rsa_d_num; /* priv exponent */ |
|
110 } u_RSA; |
|
111 #endif /* OPENSSL_NO_RSA */ |
|
112 #ifndef OPENSSL_NO_DSA |
|
113 struct |
|
114 { |
|
115 CK_OBJECT_HANDLE dsa_pub_key; /* pub handle */ |
|
116 CK_OBJECT_HANDLE dsa_priv_key; /* priv handle */ |
|
117 DSA *dsa_pub; /* pub key addr */ |
|
118 BIGNUM *dsa_pub_num; /* pub key */ |
|
119 DSA *dsa_priv; /* priv key addr */ |
|
120 BIGNUM *dsa_priv_num; /* priv key */ |
|
121 } u_DSA; |
|
122 #endif /* OPENSSL_NO_DSA */ |
|
123 #ifndef OPENSSL_NO_DH |
|
124 struct |
|
125 { |
|
126 CK_OBJECT_HANDLE dh_key; /* key handle */ |
|
127 DH *dh; /* dh key addr */ |
|
128 BIGNUM *dh_priv_num; /* priv dh key */ |
|
129 } u_DH; |
|
130 #endif /* OPENSSL_NO_DH */ |
|
131 struct |
|
132 { |
|
133 CK_OBJECT_HANDLE cipher_key; /* key handle */ |
|
134 unsigned char key[PK11_KEY_LEN_MAX]; |
|
135 int key_len; /* priv key len */ |
|
136 int encrypt; /* 1/0 enc/decr */ |
|
137 } u_cipher; |
|
138 } opdata_u; |
|
139 } PK11_SESSION; |
|
140 |
|
141 #define opdata_rsa_pub_key opdata_u.u_RSA.rsa_pub_key |
|
142 #define opdata_rsa_priv_key opdata_u.u_RSA.rsa_priv_key |
|
143 #define opdata_rsa_pub opdata_u.u_RSA.rsa_pub |
|
144 #define opdata_rsa_priv opdata_u.u_RSA.rsa_priv |
|
145 #define opdata_rsa_n_num opdata_u.u_RSA.rsa_n_num |
|
146 #define opdata_rsa_e_num opdata_u.u_RSA.rsa_e_num |
|
147 #define opdata_rsa_d_num opdata_u.u_RSA.rsa_d_num |
|
148 #define opdata_dsa_pub_key opdata_u.u_DSA.dsa_pub_key |
|
149 #define opdata_dsa_priv_key opdata_u.u_DSA.dsa_priv_key |
|
150 #define opdata_dsa_pub opdata_u.u_DSA.dsa_pub |
|
151 #define opdata_dsa_pub_num opdata_u.u_DSA.dsa_pub_num |
|
152 #define opdata_dsa_priv opdata_u.u_DSA.dsa_priv |
|
153 #define opdata_dsa_priv_num opdata_u.u_DSA.dsa_priv_num |
|
154 #define opdata_dh_key opdata_u.u_DH.dh_key |
|
155 #define opdata_dh opdata_u.u_DH.dh |
|
156 #define opdata_dh_priv_num opdata_u.u_DH.dh_priv_num |
|
157 #define opdata_cipher_key opdata_u.u_cipher.cipher_key |
|
158 #define opdata_key opdata_u.u_cipher.key |
|
159 #define opdata_key_len opdata_u.u_cipher.key_len |
|
160 #define opdata_encrypt opdata_u.u_cipher.encrypt |
|
161 |
|
162 /* |
|
163 * We have 3 different groups of operation types: |
|
164 * 1) asymmetric operations |
|
165 * 2) random operations |
|
166 * 3) symmetric and digest operations |
|
167 * |
|
168 * This division into groups stems from the fact that it's common that hardware |
|
169 * providers may support operations from one group only. For example, hardware |
|
170 * providers on UltraSPARC T2, n2rng(7d), ncp(7d), and n2cp(7d), each support |
|
171 * only a single group of operations. |
|
172 * |
|
173 * For every group a different slot can be chosen. That means that we must have |
|
174 * at least 3 different lists of cached PKCS#11 sessions since sessions from |
|
175 * different groups may be initialized in different slots. |
|
176 * |
|
177 * To provide locking granularity in multithreaded environment, the groups are |
|
178 * further split into types with each type having a separate session cache. |
|
179 */ |
|
180 typedef enum PK11_OPTYPE_ENUM |
|
181 { |
|
182 OP_RAND, |
|
183 OP_RSA, |
|
184 OP_DSA, |
|
185 OP_DH, |
|
186 OP_CIPHER, |
|
187 OP_DIGEST, |
|
188 OP_MAX |
|
189 } PK11_OPTYPE; |
|
190 |
|
191 /* |
|
192 * This structure contains the heads of the lists forming the object caches |
|
193 * and locks associated with the lists. |
|
194 */ |
|
195 typedef struct PK11_st_CACHE |
|
196 { |
|
197 PK11_SESSION *head; |
|
198 pthread_mutex_t *lock; |
|
199 } PK11_CACHE; |
|
200 |
|
201 /* structure for tracking handles of asymmetric key objects */ |
|
202 typedef struct PK11_active_st |
|
203 { |
|
204 CK_OBJECT_HANDLE h; |
|
205 unsigned int refcnt; |
|
206 struct PK11_active_st *prev; |
|
207 struct PK11_active_st *next; |
|
208 } PK11_active; |
|
209 |
|
210 extern pthread_mutex_t *find_lock[]; |
|
211 extern PK11_active *active_list[]; |
|
212 /* |
|
213 * These variables are specific for the RSA keys by reference code. See |
|
214 * e_pk11_pub.c for explanation. |
|
215 */ |
|
216 extern char *passphrasedialog; |
|
217 extern CK_FLAGS pubkey_token_flags; |
|
218 |
|
219 #define LOCK_OBJSTORE(alg_type) \ |
|
220 (void) pthread_mutex_lock(find_lock[alg_type]) |
|
221 #define UNLOCK_OBJSTORE(alg_type) \ |
|
222 (void) pthread_mutex_unlock(find_lock[alg_type]) |
|
223 |
|
224 extern PK11_SESSION *pk11_get_session(PK11_OPTYPE optype); |
|
225 extern void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype); |
|
226 |
|
227 #ifndef OPENSSL_NO_RSA |
|
228 extern int pk11_destroy_rsa_key_objects(PK11_SESSION *session); |
|
229 extern int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock); |
|
230 extern int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock); |
|
231 extern EVP_PKEY *pk11_load_privkey(ENGINE *e, const char *pubkey_file, |
|
232 UI_METHOD *ui_method, void *callback_data); |
|
233 extern EVP_PKEY *pk11_load_pubkey(ENGINE *e, const char *pubkey_file, |
|
234 UI_METHOD *ui_method, void *callback_data); |
|
235 extern RSA_METHOD *PK11_RSA(void); |
|
236 #endif /* OPENSSL_NO_RSA */ |
|
237 #ifndef OPENSSL_NO_DSA |
|
238 extern int pk11_destroy_dsa_key_objects(PK11_SESSION *session); |
|
239 extern int pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock); |
|
240 extern int pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock); |
|
241 extern DSA_METHOD *PK11_DSA(void); |
|
242 #endif /* OPENSSL_NO_DSA */ |
|
243 #ifndef OPENSSL_NO_DH |
|
244 extern int pk11_destroy_dh_key_objects(PK11_SESSION *session); |
|
245 extern int pk11_destroy_dh_object(PK11_SESSION *sp, CK_BBOOL uselock); |
|
246 extern DH_METHOD *PK11_DH(void); |
|
247 #endif /* OPENSSL_NO_DH */ |
|
248 |
|
249 extern int pk11_engine_pkey_methods(ENGINE *e, EVP_PKEY_METHOD **pmeth, |
|
250 const int **nids, int nid); |
|
251 |
|
252 extern CK_FUNCTION_LIST_PTR pFuncList; |
|
253 |
|
254 #ifdef __cplusplus |
|
255 } |
|
256 #endif |
|
257 #endif /* E_PK11_H */ |
|