1 /*
   2  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
   3  * Use is subject to license terms.
   4  */
   5 
   6 /* crypto/engine/hw_pk11_err.h */
   7 /*
   8  * This product includes software developed by the OpenSSL Project for
   9  * use in the OpenSSL Toolkit (http://www.openssl.org/).
  10  *
  11  * This project also referenced hw_pkcs11-0.9.7b.patch written by
  12  * Afchine Madjlessi.
  13  */
  14 /*
  15  * ====================================================================
  16  * Copyright (c) 2000-2001 The OpenSSL Project.  All rights reserved.
  17  *
  18  * Redistribution and use in source and binary forms, with or without
  19  * modification, are permitted provided that the following conditions
  20  * are met:
  21  *
  22  * 1. Redistributions of source code must retain the above copyright
  23  *    notice, this list of conditions and the following disclaimer.
  24  *
  25  * 2. Redistributions in binary form must reproduce the above copyright
  26  *    notice, this list of conditions and the following disclaimer in
  27  *    the documentation and/or other materials provided with the
  28  *    distribution.
  29  *
  30  * 3. All advertising materials mentioning features or use of this
  31  *    software must display the following acknowledgment:
  32  *    "This product includes software developed by the OpenSSL Project
  33  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  34  *
  35  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  36  *    endorse or promote products derived from this software without
  37  *    prior written permission. For written permission, please contact
  38  *    licensing@OpenSSL.org.
  39  *
  40  * 5. Products derived from this software may not be called "OpenSSL"
  41  *    nor may "OpenSSL" appear in their names without prior written
  42  *    permission of the OpenSSL Project.
  43  *
  44  * 6. Redistributions of any form whatsoever must retain the following
  45  *    acknowledgment:
  46  *    "This product includes software developed by the OpenSSL Project
  47  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  48  *
  49  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  50  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  51  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  52  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
  53  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  54  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  55  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  56  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  57  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  58  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  59  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  60  * OF THE POSSIBILITY OF SUCH DAMAGE.
  61  * ====================================================================
  62  *
  63  * This product includes cryptographic software written by Eric Young
  64  * (eay@cryptsoft.com).  This product includes software written by Tim
  65  * Hudson (tjh@cryptsoft.com).
  66  *
  67  */
  68 
  69 #ifndef HW_PK11_ERR_H
  70 #define HW_PK11_ERR_H
  71 
  72 void ERR_pk11_error(int function, int reason, char *file, int line);
  73 void PK11err_add_data(int function, int reason, CK_RV rv);
  74 #define PK11err(f, r)   ERR_pk11_error((f), (r), __FILE__, __LINE__)
  75 
  76 /* Error codes for the PK11 functions. */
  77 
  78 /* Function codes. */
  79 
  80 #define PK11_F_INIT                             100
  81 #define PK11_F_FINISH                           101
  82 #define PK11_F_DESTROY                          102
  83 #define PK11_F_CTRL                             103
  84 #define PK11_F_RSA_INIT                         104
  85 #define PK11_F_RSA_FINISH                       105
  86 #define PK11_F_GET_PUB_RSA_KEY                  106
  87 #define PK11_F_GET_PRIV_RSA_KEY                 107
  88 #define PK11_F_RSA_GEN_KEY                      108
  89 #define PK11_F_RSA_PUB_ENC                      109
  90 #define PK11_F_RSA_PRIV_ENC                     110
  91 #define PK11_F_RSA_PUB_DEC                      111
  92 #define PK11_F_RSA_PRIV_DEC                     112
  93 #define PK11_F_RSA_SIGN                         113
  94 #define PK11_F_RSA_VERIFY                       114
  95 #define PK11_F_RAND_ADD                         115
  96 #define PK11_F_RAND_BYTES                       116
  97 #define PK11_F_GET_SESSION                      117
  98 #define PK11_F_FREE_SESSION                     118
  99 #define PK11_F_LOAD_PUBKEY                      119
 100 #define PK11_F_LOAD_PRIVKEY                     120
 101 #define PK11_F_RSA_PUB_ENC_LOW                  121
 102 #define PK11_F_RSA_PRIV_ENC_LOW                 122
 103 #define PK11_F_RSA_PUB_DEC_LOW                  123
 104 #define PK11_F_RSA_PRIV_DEC_LOW                 124
 105 #define PK11_F_DSA_SIGN                         125
 106 #define PK11_F_DSA_VERIFY                       126
 107 #define PK11_F_DSA_INIT                         127
 108 #define PK11_F_DSA_FINISH                       128
 109 #define PK11_F_GET_PUB_DSA_KEY                  129
 110 #define PK11_F_GET_PRIV_DSA_KEY                 130
 111 #define PK11_F_DH_INIT                          131
 112 #define PK11_F_DH_FINISH                        132
 113 #define PK11_F_MOD_EXP_DH                       133
 114 #define PK11_F_GET_DH_KEY                       134
 115 #define PK11_F_FREE_ALL_SESSIONS                135
 116 #define PK11_F_SETUP_SESSION                    136
 117 #define PK11_F_DESTROY_OBJECT                   137
 118 #define PK11_F_CIPHER_INIT                      138
 119 #define PK11_F_CIPHER_DO_CIPHER                 139
 120 #define PK11_F_GET_CIPHER_KEY                   140
 121 #define PK11_F_DIGEST_INIT                      141
 122 #define PK11_F_DIGEST_UPDATE                    142
 123 #define PK11_F_DIGEST_FINAL                     143
 124 #define PK11_F_CHOOSE_SLOT                      144
 125 #define PK11_F_CIPHER_FINAL                     145
 126 #define PK11_F_LIBRARY_INIT                     146
 127 #define PK11_F_LOAD                             147
 128 #define PK11_F_DH_GEN_KEY                       148
 129 #define PK11_F_DH_COMP_KEY                      149
 130 #define PK11_F_DIGEST_COPY                      150
 131 #define PK11_F_CIPHER_CLEANUP                   151
 132 #define PK11_F_ACTIVE_ADD                       152
 133 #define PK11_F_ACTIVE_DELETE                    153
 134 #define PK11_F_CHECK_HW_MECHANISMS              154
 135 #define PK11_F_INIT_SYMMETRIC                   155
 136 #define PK11_F_ADD_AES_CTR_NIDS                 156
 137 #define PK11_F_INIT_ALL_LOCKS                   157
 138 #define PK11_F_RETURN_SESSION                   158
 139 
 140 /* Reason codes. */
 141 #define PK11_R_ALREADY_LOADED                   100
 142 #define PK11_R_DSO_FAILURE                      101
 143 #define PK11_R_NOT_LOADED                       102
 144 #define PK11_R_PASSED_NULL_PARAMETER            103
 145 #define PK11_R_COMMAND_NOT_IMPLEMENTED          104
 146 #define PK11_R_INITIALIZE                       105
 147 #define PK11_R_FINALIZE                         106
 148 #define PK11_R_GETINFO                          107
 149 #define PK11_R_GETSLOTLIST                      108
 150 #define PK11_R_NO_MODULUS_OR_NO_EXPONENT        109
 151 #define PK11_R_ATTRIBUT_SENSITIVE_OR_INVALID    110
 152 #define PK11_R_GETATTRIBUTVALUE                 111
 153 #define PK11_R_NO_MODULUS                       112
 154 #define PK11_R_NO_EXPONENT                      113
 155 #define PK11_R_FINDOBJECTSINIT                  114
 156 #define PK11_R_FINDOBJECTS                      115
 157 #define PK11_R_FINDOBJECTSFINAL                 116
 158 #define PK11_R_CREATEOBJECT                     118
 159 #define PK11_R_DESTROYOBJECT                    119
 160 #define PK11_R_OPENSESSION                      120
 161 #define PK11_R_CLOSESESSION                     121
 162 #define PK11_R_ENCRYPTINIT                      122
 163 #define PK11_R_ENCRYPT                          123
 164 #define PK11_R_SIGNINIT                         124
 165 #define PK11_R_SIGN                             125
 166 #define PK11_R_DECRYPTINIT                      126
 167 #define PK11_R_DECRYPT                          127
 168 #define PK11_R_VERIFYINIT                       128
 169 #define PK11_R_VERIFY                           129
 170 #define PK11_R_VERIFYRECOVERINIT                130
 171 #define PK11_R_VERIFYRECOVER                    131
 172 #define PK11_R_GEN_KEY                          132
 173 #define PK11_R_SEEDRANDOM                       133
 174 #define PK11_R_GENERATERANDOM                   134
 175 #define PK11_R_INVALID_MESSAGE_LENGTH           135
 176 #define PK11_R_UNKNOWN_ALGORITHM_TYPE           136
 177 #define PK11_R_UNKNOWN_ASN1_OBJECT_ID           137
 178 #define PK11_R_UNKNOWN_PADDING_TYPE             138
 179 #define PK11_R_PADDING_CHECK_FAILED             139
 180 #define PK11_R_DIGEST_TOO_BIG                   140
 181 #define PK11_R_MALLOC_FAILURE                   141
 182 #define PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED     142
 183 #define PK11_R_DATA_GREATER_THAN_MOD_LEN        143
 184 #define PK11_R_DATA_TOO_LARGE_FOR_MODULUS       144
 185 #define PK11_R_MISSING_KEY_COMPONENT            145
 186 #define PK11_R_INVALID_SIGNATURE_LENGTH         146
 187 #define PK11_R_INVALID_DSA_SIGNATURE_R          147
 188 #define PK11_R_INVALID_DSA_SIGNATURE_S          148
 189 #define PK11_R_INCONSISTENT_KEY                 149
 190 #define PK11_R_ENCRYPTUPDATE                    150
 191 #define PK11_R_DECRYPTUPDATE                    151
 192 #define PK11_R_DIGESTINIT                       152
 193 #define PK11_R_DIGESTUPDATE                     153
 194 #define PK11_R_DIGESTFINAL                      154
 195 #define PK11_R_ENCRYPTFINAL                     155
 196 #define PK11_R_DECRYPTFINAL                     156
 197 #define PK11_R_NO_PRNG_SUPPORT                  157
 198 #define PK11_R_GETTOKENINFO                     158
 199 #define PK11_R_DERIVEKEY                        159
 200 #define PK11_R_GET_OPERATION_STATE              160
 201 #define PK11_R_SET_OPERATION_STATE              161
 202 #define PK11_R_INVALID_HANDLE                   162
 203 #define PK11_R_KEY_OR_IV_LEN_PROBLEM            163
 204 #define PK11_R_INVALID_OPERATION_TYPE           164
 205 #define PK11_R_ADD_NID_FAILED                   165
 206 #define PK11_R_ATFORK_FAILED                    166
 207 
 208 /* max byte length of a symetric key we support */
 209 #define PK11_KEY_LEN_MAX                        32
 210 
 211 /*
 212  * This structure encapsulates all reusable information for a PKCS#11
 213  * session. A list of these objects is created on behalf of the
 214  * calling application using an on-demand method. Each operation
 215  * type (see PK11_OPTYPE below) has its own per-process list.
 216  * Each of the lists is basically a cache for faster PKCS#11 object
 217  * access to avoid expensive C_Find{,Init,Final}Object() calls.
 218  *
 219  * When a new request comes in, an object will be taken from the list
 220  * (if there is one) or a new one is created to handle the request
 221  * (if the list is empty). See pk11_get_session() on how it is done.
 222  */
 223 typedef struct PK11_st_SESSION
 224         {
 225         struct PK11_st_SESSION  *next;
 226         CK_SESSION_HANDLE       session;        /* PK11 session handle */
 227         pid_t                   pid;            /* Current process ID */
 228         union
 229                 {
 230 #ifndef OPENSSL_NO_RSA
 231                 struct
 232                         {
 233                         CK_OBJECT_HANDLE        rsa_pub_key; /* pub handle */
 234                         CK_OBJECT_HANDLE        rsa_priv_key; /* priv handle */
 235                         RSA                     *rsa_pub; /* pub key addr */
 236                         BIGNUM                  *rsa_n_num; /* pub modulus */
 237                         BIGNUM                  *rsa_e_num; /* pub exponent */
 238                         RSA                     *rsa_priv; /* priv key addr */
 239                         BIGNUM                  *rsa_d_num; /* priv exponent */
 240                         } u_RSA;
 241 #endif /* OPENSSL_NO_RSA */
 242 #ifndef OPENSSL_NO_DSA
 243                 struct
 244                         {
 245                         CK_OBJECT_HANDLE        dsa_pub_key; /* pub handle */
 246                         CK_OBJECT_HANDLE        dsa_priv_key; /* priv handle */
 247                         DSA                     *dsa_pub; /* pub key addr */
 248                         BIGNUM                  *dsa_pub_num; /* pub key */
 249                         DSA                     *dsa_priv; /* priv key addr */
 250                         BIGNUM                  *dsa_priv_num; /* priv key */
 251                         } u_DSA;
 252 #endif /* OPENSSL_NO_DSA */
 253 #ifndef OPENSSL_NO_DH
 254                 struct
 255                         {
 256                         CK_OBJECT_HANDLE        dh_key; /* key handle */
 257                         DH                      *dh; /* dh key addr */
 258                         BIGNUM                  *dh_priv_num; /* priv dh key */
 259                         } u_DH;
 260 #endif /* OPENSSL_NO_DH */
 261                 struct
 262                         {
 263                         CK_OBJECT_HANDLE        cipher_key; /* key handle */
 264                         unsigned char           key[PK11_KEY_LEN_MAX];
 265                         int                     key_len; /* priv key len */
 266                         int                     encrypt; /* 1/0 enc/decr */
 267                         } u_cipher;
 268                 } opdata_u;
 269         } PK11_SESSION;
 270 
 271 #define opdata_rsa_pub_key      opdata_u.u_RSA.rsa_pub_key
 272 #define opdata_rsa_priv_key     opdata_u.u_RSA.rsa_priv_key
 273 #define opdata_rsa_pub          opdata_u.u_RSA.rsa_pub
 274 #define opdata_rsa_priv         opdata_u.u_RSA.rsa_priv
 275 #define opdata_rsa_n_num        opdata_u.u_RSA.rsa_n_num
 276 #define opdata_rsa_e_num        opdata_u.u_RSA.rsa_e_num
 277 #define opdata_rsa_d_num        opdata_u.u_RSA.rsa_d_num
 278 #define opdata_dsa_pub_key      opdata_u.u_DSA.dsa_pub_key
 279 #define opdata_dsa_priv_key     opdata_u.u_DSA.dsa_priv_key
 280 #define opdata_dsa_pub          opdata_u.u_DSA.dsa_pub
 281 #define opdata_dsa_pub_num      opdata_u.u_DSA.dsa_pub_num
 282 #define opdata_dsa_priv         opdata_u.u_DSA.dsa_priv
 283 #define opdata_dsa_priv_num     opdata_u.u_DSA.dsa_priv_num
 284 #define opdata_dh_key           opdata_u.u_DH.dh_key
 285 #define opdata_dh               opdata_u.u_DH.dh
 286 #define opdata_dh_priv_num      opdata_u.u_DH.dh_priv_num
 287 #define opdata_cipher_key       opdata_u.u_cipher.cipher_key
 288 #define opdata_key              opdata_u.u_cipher.key
 289 #define opdata_key_len          opdata_u.u_cipher.key_len
 290 #define opdata_encrypt          opdata_u.u_cipher.encrypt
 291 
 292 /*
 293  * We have 3 different groups of operation types:
 294  *   1) asymmetric operations
 295  *   2) random operations
 296  *   3) symmetric and digest operations
 297  *
 298  * This division into groups stems from the fact that it's common that hardware
 299  * providers may support operations from one group only. For example, hardware
 300  * providers on UltraSPARC T2, n2rng(7d), ncp(7d), and n2cp(7d), each support
 301  * only a single group of operations.
 302  *
 303  * For every group a different slot can be chosen. That means that we must have
 304  * at least 3 different lists of cached PKCS#11 sessions since sessions from
 305  * different groups may be initialized in different slots.
 306  *
 307  * To provide locking granularity in multithreaded environment, the groups are
 308  * further splitted into types with each type having a separate session cache.
 309  */
 310 typedef enum PK11_OPTYPE_ENUM
 311         {
 312         OP_RAND,
 313         OP_RSA,
 314         OP_DSA,
 315         OP_DH,
 316         OP_CIPHER,
 317         OP_DIGEST,
 318         OP_MAX
 319         } PK11_OPTYPE;
 320 
 321 /*
 322  * This structure contains the heads of the lists forming the object caches
 323  * and locks associated with the lists.
 324  */
 325 typedef struct PK11_st_CACHE
 326         {
 327         PK11_SESSION *head;
 328         pthread_mutex_t *lock;
 329         } PK11_CACHE;
 330 
 331 /* structure for tracking handles of asymmetric key objects */
 332 typedef struct PK11_active_st
 333         {
 334         CK_OBJECT_HANDLE h;
 335         unsigned int refcnt;
 336         struct PK11_active_st *prev;
 337         struct PK11_active_st *next;
 338         } PK11_active;
 339 
 340 extern pthread_mutex_t *find_lock[];
 341 extern PK11_active *active_list[];
 342 
 343 #define LOCK_OBJSTORE(alg_type) \
 344         (void) pthread_mutex_lock(find_lock[alg_type])
 345 #define UNLOCK_OBJSTORE(alg_type)       \
 346         (void) pthread_mutex_unlock(find_lock[alg_type])
 347 
 348 extern PK11_SESSION *pk11_get_session(PK11_OPTYPE optype);
 349 extern void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype);
 350 
 351 #ifndef OPENSSL_NO_RSA
 352 extern int pk11_destroy_rsa_key_objects(PK11_SESSION *session);
 353 extern int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
 354 extern int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
 355 extern EVP_PKEY *pk11_load_privkey(ENGINE *e, const char *pubkey_file,
 356         UI_METHOD *ui_method, void *callback_data);
 357 extern EVP_PKEY *pk11_load_pubkey(ENGINE *e, const char *pubkey_file,
 358         UI_METHOD *ui_method, void *callback_data);
 359 extern RSA_METHOD *PK11_RSA(void);
 360 #endif /* OPENSSL_NO_RSA */
 361 #ifndef OPENSSL_NO_DSA
 362 extern int pk11_destroy_dsa_key_objects(PK11_SESSION *session);
 363 extern int pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
 364 extern int pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
 365 extern DSA_METHOD *PK11_DSA(void);
 366 #endif /* OPENSSL_NO_DSA */
 367 #ifndef OPENSSL_NO_DH
 368 extern int pk11_destroy_dh_key_objects(PK11_SESSION *session);
 369 extern int pk11_destroy_dh_object(PK11_SESSION *sp, CK_BBOOL uselock);
 370 extern DH_METHOD *PK11_DH(void);
 371 #endif /* OPENSSL_NO_DH */
 372 
 373 extern CK_FUNCTION_LIST_PTR pFuncList;
 374 
 375 #endif /* HW_PK11_ERR_H */