Home | History | Annotate | Download | only in engine
      1 /*
      2  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
      3  * Use is subject to license terms.
      4  */
      5 
      6 /* crypto/engine/hw_pk11_err.h */
      7 /*
      8  * This product includes software developed by the OpenSSL Project for
      9  * use in the OpenSSL Toolkit (http://www.openssl.org/).
     10  *
     11  * This project also referenced hw_pkcs11-0.9.7b.patch written by
     12  * Afchine Madjlessi.
     13  */
     14 /*
     15  * ====================================================================
     16  * Copyright (c) 2000-2001 The OpenSSL Project.  All rights reserved.
     17  *
     18  * Redistribution and use in source and binary forms, with or without
     19  * modification, are permitted provided that the following conditions
     20  * are met:
     21  *
     22  * 1. Redistributions of source code must retain the above copyright
     23  *    notice, this list of conditions and the following disclaimer.
     24  *
     25  * 2. Redistributions in binary form must reproduce the above copyright
     26  *    notice, this list of conditions and the following disclaimer in
     27  *    the documentation and/or other materials provided with the
     28  *    distribution.
     29  *
     30  * 3. All advertising materials mentioning features or use of this
     31  *    software must display the following acknowledgment:
     32  *    "This product includes software developed by the OpenSSL Project
     33  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
     34  *
     35  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
     36  *    endorse or promote products derived from this software without
     37  *    prior written permission. For written permission, please contact
     38  *    licensing (at) OpenSSL.org.
     39  *
     40  * 5. Products derived from this software may not be called "OpenSSL"
     41  *    nor may "OpenSSL" appear in their names without prior written
     42  *    permission of the OpenSSL Project.
     43  *
     44  * 6. Redistributions of any form whatsoever must retain the following
     45  *    acknowledgment:
     46  *    "This product includes software developed by the OpenSSL Project
     47  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
     48  *
     49  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
     50  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     51  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
     52  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
     53  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     54  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
     55  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
     56  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     57  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
     58  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
     59  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
     60  * OF THE POSSIBILITY OF SUCH DAMAGE.
     61  * ====================================================================
     62  *
     63  * This product includes cryptographic software written by Eric Young
     64  * (eay (at) cryptsoft.com).  This product includes software written by Tim
     65  * Hudson (tjh (at) cryptsoft.com).
     66  *
     67  */
     68 
     69 #ifndef	HW_PK11_ERR_H
     70 #define	HW_PK11_ERR_H
     71 
     72 void ERR_pk11_error(int function, int reason, char *file, int line);
     73 void PK11err_add_data(int function, int reason, CK_RV rv);
     74 #define	PK11err(f, r)	ERR_pk11_error((f), (r), __FILE__, __LINE__)
     75 
     76 /* Error codes for the PK11 functions. */
     77 
     78 /* Function codes. */
     79 
     80 #define	PK11_F_INIT 				100
     81 #define	PK11_F_FINISH				101
     82 #define	PK11_F_DESTROY 				102
     83 #define	PK11_F_CTRL 				103
     84 #define	PK11_F_RSA_INIT 			104
     85 #define	PK11_F_RSA_FINISH 			105
     86 #define	PK11_F_GET_PUB_RSA_KEY 			106
     87 #define	PK11_F_GET_PRIV_RSA_KEY 		107
     88 #define	PK11_F_RSA_GEN_KEY 			108
     89 #define	PK11_F_RSA_PUB_ENC 			109
     90 #define	PK11_F_RSA_PRIV_ENC 			110
     91 #define	PK11_F_RSA_PUB_DEC 			111
     92 #define	PK11_F_RSA_PRIV_DEC 			112
     93 #define	PK11_F_RSA_SIGN 			113
     94 #define	PK11_F_RSA_VERIFY 			114
     95 #define	PK11_F_RAND_ADD 			115
     96 #define	PK11_F_RAND_BYTES 			116
     97 #define	PK11_F_GET_SESSION 			117
     98 #define	PK11_F_FREE_SESSION 			118
     99 #define	PK11_F_LOAD_PUBKEY 			119
    100 #define	PK11_F_LOAD_PRIVKEY 			120
    101 #define	PK11_F_RSA_PUB_ENC_LOW 			121
    102 #define	PK11_F_RSA_PRIV_ENC_LOW 		122
    103 #define	PK11_F_RSA_PUB_DEC_LOW 			123
    104 #define	PK11_F_RSA_PRIV_DEC_LOW 		124
    105 #define	PK11_F_DSA_SIGN				125
    106 #define	PK11_F_DSA_VERIFY			126
    107 #define	PK11_F_DSA_INIT				127
    108 #define	PK11_F_DSA_FINISH			128
    109 #define	PK11_F_GET_PUB_DSA_KEY 			129
    110 #define	PK11_F_GET_PRIV_DSA_KEY 		130
    111 #define	PK11_F_DH_INIT 				131
    112 #define	PK11_F_DH_FINISH 			132
    113 #define	PK11_F_MOD_EXP_DH 			133
    114 #define	PK11_F_GET_DH_KEY 			134
    115 #define	PK11_F_FREE_ALL_SESSIONS		135
    116 #define	PK11_F_SETUP_SESSION			136
    117 #define	PK11_F_DESTROY_OBJECT			137
    118 #define	PK11_F_CIPHER_INIT			138
    119 #define	PK11_F_CIPHER_DO_CIPHER			139
    120 #define	PK11_F_GET_CIPHER_KEY			140
    121 #define	PK11_F_DIGEST_INIT			141
    122 #define	PK11_F_DIGEST_UPDATE			142
    123 #define	PK11_F_DIGEST_FINAL			143
    124 #define	PK11_F_CHOOSE_SLOT			144
    125 #define	PK11_F_CIPHER_FINAL			145
    126 #define	PK11_F_LIBRARY_INIT 			146
    127 #define	PK11_F_LOAD 				147
    128 #define	PK11_F_DH_GEN_KEY			148
    129 #define	PK11_F_DH_COMP_KEY 			149
    130 #define	PK11_F_DIGEST_COPY 			150
    131 #define	PK11_F_CIPHER_CLEANUP			151
    132 #define	PK11_F_ACTIVE_ADD			152
    133 #define	PK11_F_ACTIVE_DELETE			153
    134 #define	PK11_F_CHECK_HW_MECHANISMS		154
    135 #define	PK11_F_INIT_SYMMETRIC			155
    136 #define	PK11_F_ADD_AES_CTR_NIDS			156
    137 #define	PK11_F_INIT_ALL_LOCKS			157
    138 #define	PK11_F_RETURN_SESSION			158
    139 
    140 /* Reason codes. */
    141 #define	PK11_R_ALREADY_LOADED 			100
    142 #define	PK11_R_DSO_FAILURE 			101
    143 #define	PK11_R_NOT_LOADED 			102
    144 #define	PK11_R_PASSED_NULL_PARAMETER 		103
    145 #define	PK11_R_COMMAND_NOT_IMPLEMENTED 		104
    146 #define	PK11_R_INITIALIZE 			105
    147 #define	PK11_R_FINALIZE 			106
    148 #define	PK11_R_GETINFO 				107
    149 #define	PK11_R_GETSLOTLIST 			108
    150 #define	PK11_R_NO_MODULUS_OR_NO_EXPONENT 	109
    151 #define	PK11_R_ATTRIBUT_SENSITIVE_OR_INVALID 	110
    152 #define	PK11_R_GETATTRIBUTVALUE 		111
    153 #define	PK11_R_NO_MODULUS 			112
    154 #define	PK11_R_NO_EXPONENT 			113
    155 #define	PK11_R_FINDOBJECTSINIT 			114
    156 #define	PK11_R_FINDOBJECTS 			115
    157 #define	PK11_R_FINDOBJECTSFINAL 		116
    158 #define	PK11_R_CREATEOBJECT 			118
    159 #define	PK11_R_DESTROYOBJECT 			119
    160 #define	PK11_R_OPENSESSION 			120
    161 #define	PK11_R_CLOSESESSION 			121
    162 #define	PK11_R_ENCRYPTINIT 			122
    163 #define	PK11_R_ENCRYPT 				123
    164 #define	PK11_R_SIGNINIT 			124
    165 #define	PK11_R_SIGN 				125
    166 #define	PK11_R_DECRYPTINIT 			126
    167 #define	PK11_R_DECRYPT 				127
    168 #define	PK11_R_VERIFYINIT 			128
    169 #define	PK11_R_VERIFY 				129
    170 #define	PK11_R_VERIFYRECOVERINIT 		130
    171 #define	PK11_R_VERIFYRECOVER 			131
    172 #define	PK11_R_GEN_KEY 				132
    173 #define	PK11_R_SEEDRANDOM 			133
    174 #define	PK11_R_GENERATERANDOM 			134
    175 #define	PK11_R_INVALID_MESSAGE_LENGTH 		135
    176 #define	PK11_R_UNKNOWN_ALGORITHM_TYPE 		136
    177 #define	PK11_R_UNKNOWN_ASN1_OBJECT_ID 		137
    178 #define	PK11_R_UNKNOWN_PADDING_TYPE 		138
    179 #define	PK11_R_PADDING_CHECK_FAILED 		139
    180 #define	PK11_R_DIGEST_TOO_BIG 			140
    181 #define	PK11_R_MALLOC_FAILURE 			141
    182 #define	PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED 	142
    183 #define	PK11_R_DATA_GREATER_THAN_MOD_LEN 	143
    184 #define	PK11_R_DATA_TOO_LARGE_FOR_MODULUS 	144
    185 #define	PK11_R_MISSING_KEY_COMPONENT		145
    186 #define	PK11_R_INVALID_SIGNATURE_LENGTH		146
    187 #define	PK11_R_INVALID_DSA_SIGNATURE_R		147
    188 #define	PK11_R_INVALID_DSA_SIGNATURE_S		148
    189 #define	PK11_R_INCONSISTENT_KEY			149
    190 #define	PK11_R_ENCRYPTUPDATE			150
    191 #define	PK11_R_DECRYPTUPDATE			151
    192 #define	PK11_R_DIGESTINIT			152
    193 #define	PK11_R_DIGESTUPDATE			153
    194 #define	PK11_R_DIGESTFINAL			154
    195 #define	PK11_R_ENCRYPTFINAL			155
    196 #define	PK11_R_DECRYPTFINAL			156
    197 #define	PK11_R_NO_PRNG_SUPPORT			157
    198 #define	PK11_R_GETTOKENINFO			158
    199 #define	PK11_R_DERIVEKEY			159
    200 #define	PK11_R_GET_OPERATION_STATE		160
    201 #define	PK11_R_SET_OPERATION_STATE		161
    202 #define	PK11_R_INVALID_HANDLE			162
    203 #define	PK11_R_KEY_OR_IV_LEN_PROBLEM		163
    204 #define	PK11_R_INVALID_OPERATION_TYPE		164
    205 #define	PK11_R_ADD_NID_FAILED			165
    206 #define	PK11_R_ATFORK_FAILED			166
    207 
    208 /* max byte length of a symetric key we support */
    209 #define	PK11_KEY_LEN_MAX			32
    210 
    211 /*
    212  * This structure encapsulates all reusable information for a PKCS#11
    213  * session. A list of these objects is created on behalf of the
    214  * calling application using an on-demand method. Each operation
    215  * type (see PK11_OPTYPE below) has its own per-process list.
    216  * Each of the lists is basically a cache for faster PKCS#11 object
    217  * access to avoid expensive C_Find{,Init,Final}Object() calls.
    218  *
    219  * When a new request comes in, an object will be taken from the list
    220  * (if there is one) or a new one is created to handle the request
    221  * (if the list is empty). See pk11_get_session() on how it is done.
    222  */
    223 typedef struct PK11_st_SESSION
    224 	{
    225 	struct PK11_st_SESSION	*next;
    226 	CK_SESSION_HANDLE	session;	/* PK11 session handle */
    227 	pid_t			pid;		/* Current process ID */
    228 	union
    229 		{
    230 #ifndef OPENSSL_NO_RSA
    231 		struct
    232 			{
    233 			CK_OBJECT_HANDLE	rsa_pub_key; /* pub handle */
    234 			CK_OBJECT_HANDLE	rsa_priv_key; /* priv handle */
    235 			RSA			*rsa_pub; /* pub key addr */
    236 			BIGNUM			*rsa_n_num; /* pub modulus */
    237 			BIGNUM			*rsa_e_num; /* pub exponent */
    238 			RSA			*rsa_priv; /* priv key addr */
    239 			BIGNUM			*rsa_d_num; /* priv exponent */
    240 			} u_RSA;
    241 #endif /* OPENSSL_NO_RSA */
    242 #ifndef OPENSSL_NO_DSA
    243 		struct
    244 			{
    245 			CK_OBJECT_HANDLE	dsa_pub_key; /* pub handle */
    246 			CK_OBJECT_HANDLE	dsa_priv_key; /* priv handle */
    247 			DSA			*dsa_pub; /* pub key addr */
    248 			BIGNUM			*dsa_pub_num; /* pub key */
    249 			DSA			*dsa_priv; /* priv key addr */
    250 			BIGNUM			*dsa_priv_num; /* priv key */
    251 			} u_DSA;
    252 #endif /* OPENSSL_NO_DSA */
    253 #ifndef OPENSSL_NO_DH
    254 		struct
    255 			{
    256 			CK_OBJECT_HANDLE	dh_key; /* key handle */
    257 			DH			*dh; /* dh key addr */
    258 			BIGNUM			*dh_priv_num; /* priv dh key */
    259 			} u_DH;
    260 #endif /* OPENSSL_NO_DH */
    261 		struct
    262 			{
    263 			CK_OBJECT_HANDLE	cipher_key; /* key handle */
    264 			unsigned char		key[PK11_KEY_LEN_MAX];
    265 			int			key_len; /* priv key len */
    266 			int			encrypt; /* 1/0 enc/decr */
    267 			} u_cipher;
    268 		} opdata_u;
    269 	} PK11_SESSION;
    270 
    271 #define	opdata_rsa_pub_key	opdata_u.u_RSA.rsa_pub_key
    272 #define	opdata_rsa_priv_key	opdata_u.u_RSA.rsa_priv_key
    273 #define	opdata_rsa_pub		opdata_u.u_RSA.rsa_pub
    274 #define	opdata_rsa_priv		opdata_u.u_RSA.rsa_priv
    275 #define	opdata_rsa_n_num	opdata_u.u_RSA.rsa_n_num
    276 #define	opdata_rsa_e_num	opdata_u.u_RSA.rsa_e_num
    277 #define	opdata_rsa_d_num	opdata_u.u_RSA.rsa_d_num
    278 #define	opdata_dsa_pub_key	opdata_u.u_DSA.dsa_pub_key
    279 #define	opdata_dsa_priv_key	opdata_u.u_DSA.dsa_priv_key
    280 #define	opdata_dsa_pub		opdata_u.u_DSA.dsa_pub
    281 #define	opdata_dsa_pub_num	opdata_u.u_DSA.dsa_pub_num
    282 #define	opdata_dsa_priv		opdata_u.u_DSA.dsa_priv
    283 #define	opdata_dsa_priv_num	opdata_u.u_DSA.dsa_priv_num
    284 #define	opdata_dh_key		opdata_u.u_DH.dh_key
    285 #define	opdata_dh		opdata_u.u_DH.dh
    286 #define	opdata_dh_priv_num	opdata_u.u_DH.dh_priv_num
    287 #define	opdata_cipher_key	opdata_u.u_cipher.cipher_key
    288 #define	opdata_key		opdata_u.u_cipher.key
    289 #define	opdata_key_len		opdata_u.u_cipher.key_len
    290 #define	opdata_encrypt		opdata_u.u_cipher.encrypt
    291 
    292 /*
    293  * We have 3 different groups of operation types:
    294  *   1) asymmetric operations
    295  *   2) random operations
    296  *   3) symmetric and digest operations
    297  *
    298  * This division into groups stems from the fact that it's common that hardware
    299  * providers may support operations from one group only. For example, hardware
    300  * providers on UltraSPARC T2, n2rng(7d), ncp(7d), and n2cp(7d), each support
    301  * only a single group of operations.
    302  *
    303  * For every group a different slot can be chosen. That means that we must have
    304  * at least 3 different lists of cached PKCS#11 sessions since sessions from
    305  * different groups may be initialized in different slots.
    306  *
    307  * To provide locking granularity in multithreaded environment, the groups are
    308  * further splitted into types with each type having a separate session cache.
    309  */
    310 typedef enum PK11_OPTYPE_ENUM
    311 	{
    312 	OP_RAND,
    313 	OP_RSA,
    314 	OP_DSA,
    315 	OP_DH,
    316 	OP_CIPHER,
    317 	OP_DIGEST,
    318 	OP_MAX
    319 	} PK11_OPTYPE;
    320 
    321 /*
    322  * This structure contains the heads of the lists forming the object caches
    323  * and locks associated with the lists.
    324  */
    325 typedef struct PK11_st_CACHE
    326 	{
    327 	PK11_SESSION *head;
    328 	pthread_mutex_t *lock;
    329 	} PK11_CACHE;
    330 
    331 /* structure for tracking handles of asymmetric key objects */
    332 typedef struct PK11_active_st
    333 	{
    334 	CK_OBJECT_HANDLE h;
    335 	unsigned int refcnt;
    336 	struct PK11_active_st *prev;
    337 	struct PK11_active_st *next;
    338 	} PK11_active;
    339 
    340 extern pthread_mutex_t *find_lock[];
    341 extern PK11_active *active_list[];
    342 
    343 #define	LOCK_OBJSTORE(alg_type)	\
    344 	(void) pthread_mutex_lock(find_lock[alg_type])
    345 #define	UNLOCK_OBJSTORE(alg_type)	\
    346 	(void) pthread_mutex_unlock(find_lock[alg_type])
    347 
    348 extern PK11_SESSION *pk11_get_session(PK11_OPTYPE optype);
    349 extern void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype);
    350 
    351 #ifndef OPENSSL_NO_RSA
    352 extern int pk11_destroy_rsa_key_objects(PK11_SESSION *session);
    353 extern int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
    354 extern int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
    355 extern EVP_PKEY *pk11_load_privkey(ENGINE *e, const char *pubkey_file,
    356 	UI_METHOD *ui_method, void *callback_data);
    357 extern EVP_PKEY *pk11_load_pubkey(ENGINE *e, const char *pubkey_file,
    358 	UI_METHOD *ui_method, void *callback_data);
    359 extern RSA_METHOD *PK11_RSA(void);
    360 #endif /* OPENSSL_NO_RSA */
    361 #ifndef OPENSSL_NO_DSA
    362 extern int pk11_destroy_dsa_key_objects(PK11_SESSION *session);
    363 extern int pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
    364 extern int pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
    365 extern DSA_METHOD *PK11_DSA(void);
    366 #endif /* OPENSSL_NO_DSA */
    367 #ifndef OPENSSL_NO_DH
    368 extern int pk11_destroy_dh_key_objects(PK11_SESSION *session);
    369 extern int pk11_destroy_dh_object(PK11_SESSION *sp, CK_BBOOL uselock);
    370 extern DH_METHOD *PK11_DH(void);
    371 #endif /* OPENSSL_NO_DH */
    372 
    373 extern CK_FUNCTION_LIST_PTR pFuncList;
    374 
    375 #endif /* HW_PK11_ERR_H */
    376