1 /* |
|
2 * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved. |
|
3 * |
|
4 */ |
|
5 |
|
6 /* crypto/engine/hw_pk11.h */ |
|
7 /* |
|
8 * This product includes software developed by the OpenSSL Project for |
|
9 * use in the OpenSSL Toolkit (http://www.openssl.org/). |
|
10 * |
|
11 * This project also referenced hw_pkcs11-0.9.7b.patch written by |
|
12 * Afchine Madjlessi. |
|
13 */ |
|
14 /* |
|
15 * ==================================================================== |
|
16 * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved. |
|
17 * |
|
18 * Redistribution and use in source and binary forms, with or without |
|
19 * modification, are permitted provided that the following conditions |
|
20 * are met: |
|
21 * |
|
22 * 1. Redistributions of source code must retain the above copyright |
|
23 * notice, this list of conditions and the following disclaimer. |
|
24 * |
|
25 * 2. Redistributions in binary form must reproduce the above copyright |
|
26 * notice, this list of conditions and the following disclaimer in |
|
27 * the documentation and/or other materials provided with the |
|
28 * distribution. |
|
29 * |
|
30 * 3. All advertising materials mentioning features or use of this |
|
31 * software must display the following acknowledgment: |
|
32 * "This product includes software developed by the OpenSSL Project |
|
33 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" |
|
34 * |
|
35 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|
36 * endorse or promote products derived from this software without |
|
37 * prior written permission. For written permission, please contact |
|
38 * [email protected]. |
|
39 * |
|
40 * 5. Products derived from this software may not be called "OpenSSL" |
|
41 * nor may "OpenSSL" appear in their names without prior written |
|
42 * permission of the OpenSSL Project. |
|
43 * |
|
44 * 6. Redistributions of any form whatsoever must retain the following |
|
45 * acknowledgment: |
|
46 * "This product includes software developed by the OpenSSL Project |
|
47 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" |
|
48 * |
|
49 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|
50 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|
52 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|
53 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|
54 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|
55 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|
56 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|
57 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|
58 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|
59 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|
60 * OF THE POSSIBILITY OF SUCH DAMAGE. |
|
61 * ==================================================================== |
|
62 * |
|
63 * This product includes cryptographic software written by Eric Young |
|
64 * ([email protected]). This product includes software written by Tim |
|
65 * Hudson ([email protected]). |
|
66 * |
|
67 */ |
|
68 |
|
69 #ifndef HW_PK11_H |
|
70 #define HW_PK11_H |
|
71 |
|
72 #include "hw_pk11_err.h" |
|
73 |
|
74 /* max byte length of a symetric key we support */ |
|
75 #define PK11_KEY_LEN_MAX 32 |
|
76 |
|
77 /* |
|
78 * This structure encapsulates all reusable information for a PKCS#11 |
|
79 * session. A list of these objects is created on behalf of the |
|
80 * calling application using an on-demand method. Each operation |
|
81 * type (see PK11_OPTYPE below) has its own per-process list. |
|
82 * Each of the lists is basically a cache for faster PKCS#11 object |
|
83 * access to avoid expensive C_Find{,Init,Final}Object() calls. |
|
84 * |
|
85 * When a new request comes in, an object will be taken from the list |
|
86 * (if there is one) or a new one is created to handle the request |
|
87 * (if the list is empty). See pk11_get_session() on how it is done. |
|
88 */ |
|
89 typedef struct PK11_st_SESSION |
|
90 { |
|
91 struct PK11_st_SESSION *next; |
|
92 CK_SESSION_HANDLE session; /* PK11 session handle */ |
|
93 pid_t pid; /* Current process ID */ |
|
94 CK_BBOOL persistent; /* is that a keystore object? */ |
|
95 union |
|
96 { |
|
97 #ifndef OPENSSL_NO_RSA |
|
98 struct |
|
99 { |
|
100 CK_OBJECT_HANDLE rsa_pub_key; /* pub handle */ |
|
101 CK_OBJECT_HANDLE rsa_priv_key; /* priv handle */ |
|
102 RSA *rsa_pub; /* pub key addr */ |
|
103 BIGNUM *rsa_n_num; /* pub modulus */ |
|
104 BIGNUM *rsa_e_num; /* pub exponent */ |
|
105 RSA *rsa_priv; /* priv key addr */ |
|
106 BIGNUM *rsa_d_num; /* priv exponent */ |
|
107 } u_RSA; |
|
108 #endif /* OPENSSL_NO_RSA */ |
|
109 #ifndef OPENSSL_NO_DSA |
|
110 struct |
|
111 { |
|
112 CK_OBJECT_HANDLE dsa_pub_key; /* pub handle */ |
|
113 CK_OBJECT_HANDLE dsa_priv_key; /* priv handle */ |
|
114 DSA *dsa_pub; /* pub key addr */ |
|
115 BIGNUM *dsa_pub_num; /* pub key */ |
|
116 DSA *dsa_priv; /* priv key addr */ |
|
117 BIGNUM *dsa_priv_num; /* priv key */ |
|
118 } u_DSA; |
|
119 #endif /* OPENSSL_NO_DSA */ |
|
120 #ifndef OPENSSL_NO_DH |
|
121 struct |
|
122 { |
|
123 CK_OBJECT_HANDLE dh_key; /* key handle */ |
|
124 DH *dh; /* dh key addr */ |
|
125 BIGNUM *dh_priv_num; /* priv dh key */ |
|
126 } u_DH; |
|
127 #endif /* OPENSSL_NO_DH */ |
|
128 struct |
|
129 { |
|
130 CK_OBJECT_HANDLE cipher_key; /* key handle */ |
|
131 unsigned char key[PK11_KEY_LEN_MAX]; |
|
132 int key_len; /* priv key len */ |
|
133 int encrypt; /* 1/0 enc/decr */ |
|
134 } u_cipher; |
|
135 } opdata_u; |
|
136 } PK11_SESSION; |
|
137 |
|
138 #define opdata_rsa_pub_key opdata_u.u_RSA.rsa_pub_key |
|
139 #define opdata_rsa_priv_key opdata_u.u_RSA.rsa_priv_key |
|
140 #define opdata_rsa_pub opdata_u.u_RSA.rsa_pub |
|
141 #define opdata_rsa_priv opdata_u.u_RSA.rsa_priv |
|
142 #define opdata_rsa_n_num opdata_u.u_RSA.rsa_n_num |
|
143 #define opdata_rsa_e_num opdata_u.u_RSA.rsa_e_num |
|
144 #define opdata_rsa_d_num opdata_u.u_RSA.rsa_d_num |
|
145 #define opdata_dsa_pub_key opdata_u.u_DSA.dsa_pub_key |
|
146 #define opdata_dsa_priv_key opdata_u.u_DSA.dsa_priv_key |
|
147 #define opdata_dsa_pub opdata_u.u_DSA.dsa_pub |
|
148 #define opdata_dsa_pub_num opdata_u.u_DSA.dsa_pub_num |
|
149 #define opdata_dsa_priv opdata_u.u_DSA.dsa_priv |
|
150 #define opdata_dsa_priv_num opdata_u.u_DSA.dsa_priv_num |
|
151 #define opdata_dh_key opdata_u.u_DH.dh_key |
|
152 #define opdata_dh opdata_u.u_DH.dh |
|
153 #define opdata_dh_priv_num opdata_u.u_DH.dh_priv_num |
|
154 #define opdata_cipher_key opdata_u.u_cipher.cipher_key |
|
155 #define opdata_key opdata_u.u_cipher.key |
|
156 #define opdata_key_len opdata_u.u_cipher.key_len |
|
157 #define opdata_encrypt opdata_u.u_cipher.encrypt |
|
158 |
|
159 /* |
|
160 * We have 3 different groups of operation types: |
|
161 * 1) asymmetric operations |
|
162 * 2) random operations |
|
163 * 3) symmetric and digest operations |
|
164 * |
|
165 * This division into groups stems from the fact that it's common that hardware |
|
166 * providers may support operations from one group only. For example, hardware |
|
167 * providers on UltraSPARC T2, n2rng(7d), ncp(7d), and n2cp(7d), each support |
|
168 * only a single group of operations. |
|
169 * |
|
170 * For every group a different slot can be chosen. That means that we must have |
|
171 * at least 3 different lists of cached PKCS#11 sessions since sessions from |
|
172 * different groups may be initialized in different slots. |
|
173 * |
|
174 * To provide locking granularity in multithreaded environment, the groups are |
|
175 * further splitted into types with each type having a separate session cache. |
|
176 */ |
|
177 typedef enum PK11_OPTYPE_ENUM |
|
178 { |
|
179 OP_RAND, |
|
180 OP_RSA, |
|
181 OP_DSA, |
|
182 OP_DH, |
|
183 OP_CIPHER, |
|
184 OP_DIGEST, |
|
185 OP_MAX |
|
186 } PK11_OPTYPE; |
|
187 |
|
188 /* |
|
189 * This structure contains the heads of the lists forming the object caches |
|
190 * and locks associated with the lists. |
|
191 */ |
|
192 typedef struct PK11_st_CACHE |
|
193 { |
|
194 PK11_SESSION *head; |
|
195 pthread_mutex_t *lock; |
|
196 } PK11_CACHE; |
|
197 |
|
198 /* structure for tracking handles of asymmetric key objects */ |
|
199 typedef struct PK11_active_st |
|
200 { |
|
201 CK_OBJECT_HANDLE h; |
|
202 unsigned int refcnt; |
|
203 struct PK11_active_st *prev; |
|
204 struct PK11_active_st *next; |
|
205 } PK11_active; |
|
206 |
|
207 extern pthread_mutex_t *find_lock[]; |
|
208 extern PK11_active *active_list[]; |
|
209 /* |
|
210 * These variables are specific for the RSA keys by reference code. See |
|
211 * hw_pk11_pub.c for explanation. |
|
212 */ |
|
213 extern char *passphrasedialog; |
|
214 extern CK_FLAGS pubkey_token_flags; |
|
215 |
|
216 #define LOCK_OBJSTORE(alg_type) \ |
|
217 (void) pthread_mutex_lock(find_lock[alg_type]) |
|
218 #define UNLOCK_OBJSTORE(alg_type) \ |
|
219 (void) pthread_mutex_unlock(find_lock[alg_type]) |
|
220 |
|
221 extern PK11_SESSION *pk11_get_session(PK11_OPTYPE optype); |
|
222 extern void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype); |
|
223 |
|
224 #ifndef OPENSSL_NO_RSA |
|
225 extern int pk11_destroy_rsa_key_objects(PK11_SESSION *session); |
|
226 extern int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock); |
|
227 extern int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock); |
|
228 extern EVP_PKEY *pk11_load_privkey(ENGINE *e, const char *pubkey_file, |
|
229 UI_METHOD *ui_method, void *callback_data); |
|
230 extern EVP_PKEY *pk11_load_pubkey(ENGINE *e, const char *pubkey_file, |
|
231 UI_METHOD *ui_method, void *callback_data); |
|
232 extern RSA_METHOD *PK11_RSA(void); |
|
233 #endif /* OPENSSL_NO_RSA */ |
|
234 #ifndef OPENSSL_NO_DSA |
|
235 extern int pk11_destroy_dsa_key_objects(PK11_SESSION *session); |
|
236 extern int pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock); |
|
237 extern int pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock); |
|
238 extern DSA_METHOD *PK11_DSA(void); |
|
239 #endif /* OPENSSL_NO_DSA */ |
|
240 #ifndef OPENSSL_NO_DH |
|
241 extern int pk11_destroy_dh_key_objects(PK11_SESSION *session); |
|
242 extern int pk11_destroy_dh_object(PK11_SESSION *sp, CK_BBOOL uselock); |
|
243 extern DH_METHOD *PK11_DH(void); |
|
244 #endif /* OPENSSL_NO_DH */ |
|
245 |
|
246 extern CK_FUNCTION_LIST_PTR pFuncList; |
|
247 |
|
248 #endif /* HW_PK11_H */ |
|