1 /*
2 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
3 * Use is subject to license terms.
4 */
5
6 /* crypto/engine/hw_pk11_err.h */
7 /*
8 * This product includes software developed by the OpenSSL Project for
9 * use in the OpenSSL Toolkit (http://www.openssl.org/).
10 *
11 * This project also referenced hw_pkcs11-0.9.7b.patch written by
12 * Afchine Madjlessi.
13 */
14 /*
15 * ====================================================================
16 * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
17 *
18 * Redistribution and use in source and binary forms, with or without
19 * modification, are permitted provided that the following conditions
20 * are met:
21 *
22 * 1. Redistributions of source code must retain the above copyright
23 * notice, this list of conditions and the following disclaimer.
24 *
25 * 2. Redistributions in binary form must reproduce the above copyright
26 * notice, this list of conditions and the following disclaimer in
27 * the documentation and/or other materials provided with the
28 * distribution.
29 *
30 * 3. All advertising materials mentioning features or use of this
31 * software must display the following acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
34 *
35 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
36 * endorse or promote products derived from this software without
37 * prior written permission. For written permission, please contact
38 * licensing@OpenSSL.org.
39 *
40 * 5. Products derived from this software may not be called "OpenSSL"
41 * nor may "OpenSSL" appear in their names without prior written
42 * permission of the OpenSSL Project.
43 *
44 * 6. Redistributions of any form whatsoever must retain the following
45 * acknowledgment:
46 * "This product includes software developed by the OpenSSL Project
47 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
48 *
49 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
50 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
52 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
53 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
54 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
55 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
56 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
57 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
58 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
59 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
60 * OF THE POSSIBILITY OF SUCH DAMAGE.
61 * ====================================================================
62 *
63 * This product includes cryptographic software written by Eric Young
64 * (eay@cryptsoft.com). This product includes software written by Tim
65 * Hudson (tjh@cryptsoft.com).
66 *
67 */
68
69 #ifndef HW_PK11_ERR_H
70 #define HW_PK11_ERR_H
71
72 void ERR_pk11_error(int function, int reason, char *file, int line);
73 void PK11err_add_data(int function, int reason, CK_RV rv);
74 #define PK11err(f, r) ERR_pk11_error((f), (r), __FILE__, __LINE__)
75
76 /* Error codes for the PK11 functions. */
77
78 /* Function codes. */
79
80 #define PK11_F_INIT 100
81 #define PK11_F_FINISH 101
82 #define PK11_F_DESTROY 102
83 #define PK11_F_CTRL 103
84 #define PK11_F_RSA_INIT 104
85 #define PK11_F_RSA_FINISH 105
86 #define PK11_F_GET_PUB_RSA_KEY 106
87 #define PK11_F_GET_PRIV_RSA_KEY 107
88 #define PK11_F_RSA_GEN_KEY 108
89 #define PK11_F_RSA_PUB_ENC 109
90 #define PK11_F_RSA_PRIV_ENC 110
91 #define PK11_F_RSA_PUB_DEC 111
92 #define PK11_F_RSA_PRIV_DEC 112
93 #define PK11_F_RSA_SIGN 113
94 #define PK11_F_RSA_VERIFY 114
95 #define PK11_F_RAND_ADD 115
96 #define PK11_F_RAND_BYTES 116
97 #define PK11_F_GET_SESSION 117
98 #define PK11_F_FREE_SESSION 118
99 #define PK11_F_LOAD_PUBKEY 119
100 #define PK11_F_LOAD_PRIVKEY 120
101 #define PK11_F_RSA_PUB_ENC_LOW 121
102 #define PK11_F_RSA_PRIV_ENC_LOW 122
103 #define PK11_F_RSA_PUB_DEC_LOW 123
104 #define PK11_F_RSA_PRIV_DEC_LOW 124
105 #define PK11_F_DSA_SIGN 125
106 #define PK11_F_DSA_VERIFY 126
107 #define PK11_F_DSA_INIT 127
108 #define PK11_F_DSA_FINISH 128
109 #define PK11_F_GET_PUB_DSA_KEY 129
110 #define PK11_F_GET_PRIV_DSA_KEY 130
111 #define PK11_F_DH_INIT 131
112 #define PK11_F_DH_FINISH 132
113 #define PK11_F_MOD_EXP_DH 133
114 #define PK11_F_GET_DH_KEY 134
115 #define PK11_F_FREE_ALL_SESSIONS 135
116 #define PK11_F_SETUP_SESSION 136
117 #define PK11_F_DESTROY_OBJECT 137
118 #define PK11_F_CIPHER_INIT 138
119 #define PK11_F_CIPHER_DO_CIPHER 139
120 #define PK11_F_GET_CIPHER_KEY 140
121 #define PK11_F_DIGEST_INIT 141
122 #define PK11_F_DIGEST_UPDATE 142
123 #define PK11_F_DIGEST_FINAL 143
124 #define PK11_F_CHOOSE_SLOT 144
125 #define PK11_F_CIPHER_FINAL 145
126 #define PK11_F_LIBRARY_INIT 146
127 #define PK11_F_LOAD 147
128 #define PK11_F_DH_GEN_KEY 148
129 #define PK11_F_DH_COMP_KEY 149
130 #define PK11_F_DIGEST_COPY 150
131 #define PK11_F_CIPHER_CLEANUP 151
132 #define PK11_F_ACTIVE_ADD 152
133 #define PK11_F_ACTIVE_DELETE 153
134 #define PK11_F_CHECK_HW_MECHANISMS 154
135 #define PK11_F_INIT_SYMMETRIC 155
136 #define PK11_F_ADD_AES_CTR_NIDS 156
137 #define PK11_F_INIT_ALL_LOCKS 157
138 #define PK11_F_RETURN_SESSION 158
139
140 /* Reason codes. */
141 #define PK11_R_ALREADY_LOADED 100
142 #define PK11_R_DSO_FAILURE 101
143 #define PK11_R_NOT_LOADED 102
144 #define PK11_R_PASSED_NULL_PARAMETER 103
145 #define PK11_R_COMMAND_NOT_IMPLEMENTED 104
146 #define PK11_R_INITIALIZE 105
147 #define PK11_R_FINALIZE 106
148 #define PK11_R_GETINFO 107
149 #define PK11_R_GETSLOTLIST 108
150 #define PK11_R_NO_MODULUS_OR_NO_EXPONENT 109
151 #define PK11_R_ATTRIBUT_SENSITIVE_OR_INVALID 110
152 #define PK11_R_GETATTRIBUTVALUE 111
153 #define PK11_R_NO_MODULUS 112
154 #define PK11_R_NO_EXPONENT 113
155 #define PK11_R_FINDOBJECTSINIT 114
156 #define PK11_R_FINDOBJECTS 115
157 #define PK11_R_FINDOBJECTSFINAL 116
158 #define PK11_R_CREATEOBJECT 118
159 #define PK11_R_DESTROYOBJECT 119
160 #define PK11_R_OPENSESSION 120
161 #define PK11_R_CLOSESESSION 121
162 #define PK11_R_ENCRYPTINIT 122
163 #define PK11_R_ENCRYPT 123
164 #define PK11_R_SIGNINIT 124
165 #define PK11_R_SIGN 125
166 #define PK11_R_DECRYPTINIT 126
167 #define PK11_R_DECRYPT 127
168 #define PK11_R_VERIFYINIT 128
169 #define PK11_R_VERIFY 129
170 #define PK11_R_VERIFYRECOVERINIT 130
171 #define PK11_R_VERIFYRECOVER 131
172 #define PK11_R_GEN_KEY 132
173 #define PK11_R_SEEDRANDOM 133
174 #define PK11_R_GENERATERANDOM 134
175 #define PK11_R_INVALID_MESSAGE_LENGTH 135
176 #define PK11_R_UNKNOWN_ALGORITHM_TYPE 136
177 #define PK11_R_UNKNOWN_ASN1_OBJECT_ID 137
178 #define PK11_R_UNKNOWN_PADDING_TYPE 138
179 #define PK11_R_PADDING_CHECK_FAILED 139
180 #define PK11_R_DIGEST_TOO_BIG 140
181 #define PK11_R_MALLOC_FAILURE 141
182 #define PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED 142
183 #define PK11_R_DATA_GREATER_THAN_MOD_LEN 143
184 #define PK11_R_DATA_TOO_LARGE_FOR_MODULUS 144
185 #define PK11_R_MISSING_KEY_COMPONENT 145
186 #define PK11_R_INVALID_SIGNATURE_LENGTH 146
187 #define PK11_R_INVALID_DSA_SIGNATURE_R 147
188 #define PK11_R_INVALID_DSA_SIGNATURE_S 148
189 #define PK11_R_INCONSISTENT_KEY 149
190 #define PK11_R_ENCRYPTUPDATE 150
191 #define PK11_R_DECRYPTUPDATE 151
192 #define PK11_R_DIGESTINIT 152
193 #define PK11_R_DIGESTUPDATE 153
194 #define PK11_R_DIGESTFINAL 154
195 #define PK11_R_ENCRYPTFINAL 155
196 #define PK11_R_DECRYPTFINAL 156
197 #define PK11_R_NO_PRNG_SUPPORT 157
198 #define PK11_R_GETTOKENINFO 158
199 #define PK11_R_DERIVEKEY 159
200 #define PK11_R_GET_OPERATION_STATE 160
201 #define PK11_R_SET_OPERATION_STATE 161
202 #define PK11_R_INVALID_HANDLE 162
203 #define PK11_R_KEY_OR_IV_LEN_PROBLEM 163
204 #define PK11_R_INVALID_OPERATION_TYPE 164
205 #define PK11_R_ADD_NID_FAILED 165
206 #define PK11_R_ATFORK_FAILED 166
207
208 /* max byte length of a symetric key we support */
209 #define PK11_KEY_LEN_MAX 32
210
211 /*
212 * This structure encapsulates all reusable information for a PKCS#11
213 * session. A list of these objects is created on behalf of the
214 * calling application using an on-demand method. Each operation
215 * type (see PK11_OPTYPE below) has its own per-process list.
216 * Each of the lists is basically a cache for faster PKCS#11 object
217 * access to avoid expensive C_Find{,Init,Final}Object() calls.
218 *
219 * When a new request comes in, an object will be taken from the list
220 * (if there is one) or a new one is created to handle the request
221 * (if the list is empty). See pk11_get_session() on how it is done.
222 */
223 typedef struct PK11_st_SESSION
224 {
225 struct PK11_st_SESSION *next;
226 CK_SESSION_HANDLE session; /* PK11 session handle */
227 pid_t pid; /* Current process ID */
228 union
229 {
230 #ifndef OPENSSL_NO_RSA
231 struct
232 {
233 CK_OBJECT_HANDLE rsa_pub_key; /* pub handle */
234 CK_OBJECT_HANDLE rsa_priv_key; /* priv handle */
235 RSA *rsa_pub; /* pub key addr */
236 BIGNUM *rsa_n_num; /* pub modulus */
237 BIGNUM *rsa_e_num; /* pub exponent */
238 RSA *rsa_priv; /* priv key addr */
239 BIGNUM *rsa_d_num; /* priv exponent */
240 } u_RSA;
241 #endif /* OPENSSL_NO_RSA */
242 #ifndef OPENSSL_NO_DSA
243 struct
244 {
245 CK_OBJECT_HANDLE dsa_pub_key; /* pub handle */
246 CK_OBJECT_HANDLE dsa_priv_key; /* priv handle */
247 DSA *dsa_pub; /* pub key addr */
248 BIGNUM *dsa_pub_num; /* pub key */
249 DSA *dsa_priv; /* priv key addr */
250 BIGNUM *dsa_priv_num; /* priv key */
251 } u_DSA;
252 #endif /* OPENSSL_NO_DSA */
253 #ifndef OPENSSL_NO_DH
254 struct
255 {
256 CK_OBJECT_HANDLE dh_key; /* key handle */
257 DH *dh; /* dh key addr */
258 BIGNUM *dh_priv_num; /* priv dh key */
259 } u_DH;
260 #endif /* OPENSSL_NO_DH */
261 struct
262 {
263 CK_OBJECT_HANDLE cipher_key; /* key handle */
264 unsigned char key[PK11_KEY_LEN_MAX];
265 int key_len; /* priv key len */
266 int encrypt; /* 1/0 enc/decr */
267 } u_cipher;
268 } opdata_u;
269 } PK11_SESSION;
270
271 #define opdata_rsa_pub_key opdata_u.u_RSA.rsa_pub_key
272 #define opdata_rsa_priv_key opdata_u.u_RSA.rsa_priv_key
273 #define opdata_rsa_pub opdata_u.u_RSA.rsa_pub
274 #define opdata_rsa_priv opdata_u.u_RSA.rsa_priv
275 #define opdata_rsa_n_num opdata_u.u_RSA.rsa_n_num
276 #define opdata_rsa_e_num opdata_u.u_RSA.rsa_e_num
277 #define opdata_rsa_d_num opdata_u.u_RSA.rsa_d_num
278 #define opdata_dsa_pub_key opdata_u.u_DSA.dsa_pub_key
279 #define opdata_dsa_priv_key opdata_u.u_DSA.dsa_priv_key
280 #define opdata_dsa_pub opdata_u.u_DSA.dsa_pub
281 #define opdata_dsa_pub_num opdata_u.u_DSA.dsa_pub_num
282 #define opdata_dsa_priv opdata_u.u_DSA.dsa_priv
283 #define opdata_dsa_priv_num opdata_u.u_DSA.dsa_priv_num
284 #define opdata_dh_key opdata_u.u_DH.dh_key
285 #define opdata_dh opdata_u.u_DH.dh
286 #define opdata_dh_priv_num opdata_u.u_DH.dh_priv_num
287 #define opdata_cipher_key opdata_u.u_cipher.cipher_key
288 #define opdata_key opdata_u.u_cipher.key
289 #define opdata_key_len opdata_u.u_cipher.key_len
290 #define opdata_encrypt opdata_u.u_cipher.encrypt
291
292 /*
293 * We have 3 different groups of operation types:
294 * 1) asymmetric operations
295 * 2) random operations
296 * 3) symmetric and digest operations
297 *
298 * This division into groups stems from the fact that it's common that hardware
299 * providers may support operations from one group only. For example, hardware
300 * providers on UltraSPARC T2, n2rng(7d), ncp(7d), and n2cp(7d), each support
301 * only a single group of operations.
302 *
303 * For every group a different slot can be chosen. That means that we must have
304 * at least 3 different lists of cached PKCS#11 sessions since sessions from
305 * different groups may be initialized in different slots.
306 *
307 * To provide locking granularity in multithreaded environment, the groups are
308 * further splitted into types with each type having a separate session cache.
309 */
310 typedef enum PK11_OPTYPE_ENUM
311 {
312 OP_RAND,
313 OP_RSA,
314 OP_DSA,
315 OP_DH,
316 OP_CIPHER,
317 OP_DIGEST,
318 OP_MAX
319 } PK11_OPTYPE;
320
321 /*
322 * This structure contains the heads of the lists forming the object caches
323 * and locks associated with the lists.
324 */
325 typedef struct PK11_st_CACHE
326 {
327 PK11_SESSION *head;
328 pthread_mutex_t *lock;
329 } PK11_CACHE;
330
331 /* structure for tracking handles of asymmetric key objects */
332 typedef struct PK11_active_st
333 {
334 CK_OBJECT_HANDLE h;
335 unsigned int refcnt;
336 struct PK11_active_st *prev;
337 struct PK11_active_st *next;
338 } PK11_active;
339
340 extern pthread_mutex_t *find_lock[];
341 extern PK11_active *active_list[];
342
343 #define LOCK_OBJSTORE(alg_type) \
344 (void) pthread_mutex_lock(find_lock[alg_type])
345 #define UNLOCK_OBJSTORE(alg_type) \
346 (void) pthread_mutex_unlock(find_lock[alg_type])
347
348 extern PK11_SESSION *pk11_get_session(PK11_OPTYPE optype);
349 extern void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype);
350
351 #ifndef OPENSSL_NO_RSA
352 extern int pk11_destroy_rsa_key_objects(PK11_SESSION *session);
353 extern int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
354 extern int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
355 extern EVP_PKEY *pk11_load_privkey(ENGINE *e, const char *pubkey_file,
356 UI_METHOD *ui_method, void *callback_data);
357 extern EVP_PKEY *pk11_load_pubkey(ENGINE *e, const char *pubkey_file,
358 UI_METHOD *ui_method, void *callback_data);
359 extern RSA_METHOD *PK11_RSA(void);
360 #endif /* OPENSSL_NO_RSA */
361 #ifndef OPENSSL_NO_DSA
362 extern int pk11_destroy_dsa_key_objects(PK11_SESSION *session);
363 extern int pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
364 extern int pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
365 extern DSA_METHOD *PK11_DSA(void);
366 #endif /* OPENSSL_NO_DSA */
367 #ifndef OPENSSL_NO_DH
368 extern int pk11_destroy_dh_key_objects(PK11_SESSION *session);
369 extern int pk11_destroy_dh_object(PK11_SESSION *sp, CK_BBOOL uselock);
370 extern DH_METHOD *PK11_DH(void);
371 #endif /* OPENSSL_NO_DH */
372
373 extern CK_FUNCTION_LIST_PTR pFuncList;
374
375 #endif /* HW_PK11_ERR_H */