OpenSolaris_b135/common/openssl/crypto/engine/hw_pk11_err.h
/*
* Copyright 2008 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
/* crypto/engine/hw_pk11_err.h */
/*
* This product includes software developed by the OpenSSL Project for
* use in the OpenSSL Toolkit (http://www.openssl.org/).
*
* This project also referenced hw_pkcs11-0.9.7b.patch written by
* Afchine Madjlessi.
*/
/*
* ====================================================================
* Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HW_PK11_ERR_H
#define HW_PK11_ERR_H
void ERR_pk11_error(int function, int reason, char *file, int line);
void PK11err_add_data(int function, int reason, CK_RV rv);
#define PK11err(f, r) ERR_pk11_error((f), (r), __FILE__, __LINE__)
/* Error codes for the PK11 functions. */
/* Function codes. */
#define PK11_F_INIT 100
#define PK11_F_FINISH 101
#define PK11_F_DESTROY 102
#define PK11_F_CTRL 103
#define PK11_F_RSA_INIT 104
#define PK11_F_RSA_FINISH 105
#define PK11_F_GET_PUB_RSA_KEY 106
#define PK11_F_GET_PRIV_RSA_KEY 107
#define PK11_F_RSA_GEN_KEY 108
#define PK11_F_RSA_PUB_ENC 109
#define PK11_F_RSA_PRIV_ENC 110
#define PK11_F_RSA_PUB_DEC 111
#define PK11_F_RSA_PRIV_DEC 112
#define PK11_F_RSA_SIGN 113
#define PK11_F_RSA_VERIFY 114
#define PK11_F_RAND_ADD 115
#define PK11_F_RAND_BYTES 116
#define PK11_F_GET_SESSION 117
#define PK11_F_FREE_SESSION 118
#define PK11_F_LOAD_PUBKEY 119
#define PK11_F_LOAD_PRIVKEY 120
#define PK11_F_RSA_PUB_ENC_LOW 121
#define PK11_F_RSA_PRIV_ENC_LOW 122
#define PK11_F_RSA_PUB_DEC_LOW 123
#define PK11_F_RSA_PRIV_DEC_LOW 124
#define PK11_F_DSA_SIGN 125
#define PK11_F_DSA_VERIFY 126
#define PK11_F_DSA_INIT 127
#define PK11_F_DSA_FINISH 128
#define PK11_F_GET_PUB_DSA_KEY 129
#define PK11_F_GET_PRIV_DSA_KEY 130
#define PK11_F_DH_INIT 131
#define PK11_F_DH_FINISH 132
#define PK11_F_MOD_EXP_DH 133
#define PK11_F_GET_DH_KEY 134
#define PK11_F_FREE_ALL_SESSIONS 135
#define PK11_F_SETUP_SESSION 136
#define PK11_F_DESTROY_OBJECT 137
#define PK11_F_CIPHER_INIT 138
#define PK11_F_CIPHER_DO_CIPHER 139
#define PK11_F_GET_CIPHER_KEY 140
#define PK11_F_DIGEST_INIT 141
#define PK11_F_DIGEST_UPDATE 142
#define PK11_F_DIGEST_FINAL 143
#define PK11_F_CHOOSE_SLOT 144
#define PK11_F_CIPHER_FINAL 145
#define PK11_F_LIBRARY_INIT 146
#define PK11_F_LOAD 147
#define PK11_F_DH_GEN_KEY 148
#define PK11_F_DH_COMP_KEY 149
#define PK11_F_DIGEST_COPY 150
#define PK11_F_CIPHER_CLEANUP 151
#define PK11_F_ACTIVE_ADD 152
#define PK11_F_ACTIVE_DELETE 153
#define PK11_F_CHECK_HW_MECHANISMS 154
#define PK11_F_INIT_SYMMETRIC 155
#define PK11_F_ADD_AES_CTR_NIDS 156
#define PK11_F_INIT_ALL_LOCKS 157
#define PK11_F_RETURN_SESSION 158
/* Reason codes. */
#define PK11_R_ALREADY_LOADED 100
#define PK11_R_DSO_FAILURE 101
#define PK11_R_NOT_LOADED 102
#define PK11_R_PASSED_NULL_PARAMETER 103
#define PK11_R_COMMAND_NOT_IMPLEMENTED 104
#define PK11_R_INITIALIZE 105
#define PK11_R_FINALIZE 106
#define PK11_R_GETINFO 107
#define PK11_R_GETSLOTLIST 108
#define PK11_R_NO_MODULUS_OR_NO_EXPONENT 109
#define PK11_R_ATTRIBUT_SENSITIVE_OR_INVALID 110
#define PK11_R_GETATTRIBUTVALUE 111
#define PK11_R_NO_MODULUS 112
#define PK11_R_NO_EXPONENT 113
#define PK11_R_FINDOBJECTSINIT 114
#define PK11_R_FINDOBJECTS 115
#define PK11_R_FINDOBJECTSFINAL 116
#define PK11_R_CREATEOBJECT 118
#define PK11_R_DESTROYOBJECT 119
#define PK11_R_OPENSESSION 120
#define PK11_R_CLOSESESSION 121
#define PK11_R_ENCRYPTINIT 122
#define PK11_R_ENCRYPT 123
#define PK11_R_SIGNINIT 124
#define PK11_R_SIGN 125
#define PK11_R_DECRYPTINIT 126
#define PK11_R_DECRYPT 127
#define PK11_R_VERIFYINIT 128
#define PK11_R_VERIFY 129
#define PK11_R_VERIFYRECOVERINIT 130
#define PK11_R_VERIFYRECOVER 131
#define PK11_R_GEN_KEY 132
#define PK11_R_SEEDRANDOM 133
#define PK11_R_GENERATERANDOM 134
#define PK11_R_INVALID_MESSAGE_LENGTH 135
#define PK11_R_UNKNOWN_ALGORITHM_TYPE 136
#define PK11_R_UNKNOWN_ASN1_OBJECT_ID 137
#define PK11_R_UNKNOWN_PADDING_TYPE 138
#define PK11_R_PADDING_CHECK_FAILED 139
#define PK11_R_DIGEST_TOO_BIG 140
#define PK11_R_MALLOC_FAILURE 141
#define PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED 142
#define PK11_R_DATA_GREATER_THAN_MOD_LEN 143
#define PK11_R_DATA_TOO_LARGE_FOR_MODULUS 144
#define PK11_R_MISSING_KEY_COMPONENT 145
#define PK11_R_INVALID_SIGNATURE_LENGTH 146
#define PK11_R_INVALID_DSA_SIGNATURE_R 147
#define PK11_R_INVALID_DSA_SIGNATURE_S 148
#define PK11_R_INCONSISTENT_KEY 149
#define PK11_R_ENCRYPTUPDATE 150
#define PK11_R_DECRYPTUPDATE 151
#define PK11_R_DIGESTINIT 152
#define PK11_R_DIGESTUPDATE 153
#define PK11_R_DIGESTFINAL 154
#define PK11_R_ENCRYPTFINAL 155
#define PK11_R_DECRYPTFINAL 156
#define PK11_R_NO_PRNG_SUPPORT 157
#define PK11_R_GETTOKENINFO 158
#define PK11_R_DERIVEKEY 159
#define PK11_R_GET_OPERATION_STATE 160
#define PK11_R_SET_OPERATION_STATE 161
#define PK11_R_INVALID_HANDLE 162
#define PK11_R_KEY_OR_IV_LEN_PROBLEM 163
#define PK11_R_INVALID_OPERATION_TYPE 164
#define PK11_R_ADD_NID_FAILED 165
#define PK11_R_ATFORK_FAILED 166
/* max byte length of a symetric key we support */
#define PK11_KEY_LEN_MAX 32
/*
* This structure encapsulates all reusable information for a PKCS#11
* session. A list of these objects is created on behalf of the
* calling application using an on-demand method. Each operation
* type (see PK11_OPTYPE below) has its own per-process list.
* Each of the lists is basically a cache for faster PKCS#11 object
* access to avoid expensive C_Find{,Init,Final}Object() calls.
*
* When a new request comes in, an object will be taken from the list
* (if there is one) or a new one is created to handle the request
* (if the list is empty). See pk11_get_session() on how it is done.
*/
typedef struct PK11_st_SESSION
{
struct PK11_st_SESSION *next;
CK_SESSION_HANDLE session; /* PK11 session handle */
pid_t pid; /* Current process ID */
union
{
#ifndef OPENSSL_NO_RSA
struct
{
CK_OBJECT_HANDLE rsa_pub_key; /* pub handle */
CK_OBJECT_HANDLE rsa_priv_key; /* priv handle */
RSA *rsa_pub; /* pub key addr */
BIGNUM *rsa_n_num; /* pub modulus */
BIGNUM *rsa_e_num; /* pub exponent */
RSA *rsa_priv; /* priv key addr */
BIGNUM *rsa_d_num; /* priv exponent */
} u_RSA;
#endif /* OPENSSL_NO_RSA */
#ifndef OPENSSL_NO_DSA
struct
{
CK_OBJECT_HANDLE dsa_pub_key; /* pub handle */
CK_OBJECT_HANDLE dsa_priv_key; /* priv handle */
DSA *dsa_pub; /* pub key addr */
BIGNUM *dsa_pub_num; /* pub key */
DSA *dsa_priv; /* priv key addr */
BIGNUM *dsa_priv_num; /* priv key */
} u_DSA;
#endif /* OPENSSL_NO_DSA */
#ifndef OPENSSL_NO_DH
struct
{
CK_OBJECT_HANDLE dh_key; /* key handle */
DH *dh; /* dh key addr */
BIGNUM *dh_priv_num; /* priv dh key */
} u_DH;
#endif /* OPENSSL_NO_DH */
struct
{
CK_OBJECT_HANDLE cipher_key; /* key handle */
unsigned char key[PK11_KEY_LEN_MAX];
int key_len; /* priv key len */
int encrypt; /* 1/0 enc/decr */
} u_cipher;
} opdata_u;
} PK11_SESSION;
#define opdata_rsa_pub_key opdata_u.u_RSA.rsa_pub_key
#define opdata_rsa_priv_key opdata_u.u_RSA.rsa_priv_key
#define opdata_rsa_pub opdata_u.u_RSA.rsa_pub
#define opdata_rsa_priv opdata_u.u_RSA.rsa_priv
#define opdata_rsa_n_num opdata_u.u_RSA.rsa_n_num
#define opdata_rsa_e_num opdata_u.u_RSA.rsa_e_num
#define opdata_rsa_d_num opdata_u.u_RSA.rsa_d_num
#define opdata_dsa_pub_key opdata_u.u_DSA.dsa_pub_key
#define opdata_dsa_priv_key opdata_u.u_DSA.dsa_priv_key
#define opdata_dsa_pub opdata_u.u_DSA.dsa_pub
#define opdata_dsa_pub_num opdata_u.u_DSA.dsa_pub_num
#define opdata_dsa_priv opdata_u.u_DSA.dsa_priv
#define opdata_dsa_priv_num opdata_u.u_DSA.dsa_priv_num
#define opdata_dh_key opdata_u.u_DH.dh_key
#define opdata_dh opdata_u.u_DH.dh
#define opdata_dh_priv_num opdata_u.u_DH.dh_priv_num
#define opdata_cipher_key opdata_u.u_cipher.cipher_key
#define opdata_key opdata_u.u_cipher.key
#define opdata_key_len opdata_u.u_cipher.key_len
#define opdata_encrypt opdata_u.u_cipher.encrypt
/*
* We have 3 different groups of operation types:
* 1) asymmetric operations
* 2) random operations
* 3) symmetric and digest operations
*
* This division into groups stems from the fact that it's common that hardware
* providers may support operations from one group only. For example, hardware
* providers on UltraSPARC T2, n2rng(7d), ncp(7d), and n2cp(7d), each support
* only a single group of operations.
*
* For every group a different slot can be chosen. That means that we must have
* at least 3 different lists of cached PKCS#11 sessions since sessions from
* different groups may be initialized in different slots.
*
* To provide locking granularity in multithreaded environment, the groups are
* further splitted into types with each type having a separate session cache.
*/
typedef enum PK11_OPTYPE_ENUM
{
OP_RAND,
OP_RSA,
OP_DSA,
OP_DH,
OP_CIPHER,
OP_DIGEST,
OP_MAX
} PK11_OPTYPE;
/*
* This structure contains the heads of the lists forming the object caches
* and locks associated with the lists.
*/
typedef struct PK11_st_CACHE
{
PK11_SESSION *head;
pthread_mutex_t *lock;
} PK11_CACHE;
/* structure for tracking handles of asymmetric key objects */
typedef struct PK11_active_st
{
CK_OBJECT_HANDLE h;
unsigned int refcnt;
struct PK11_active_st *prev;
struct PK11_active_st *next;
} PK11_active;
extern pthread_mutex_t *find_lock[];
extern PK11_active *active_list[];
#define LOCK_OBJSTORE(alg_type) \
(void) pthread_mutex_lock(find_lock[alg_type])
#define UNLOCK_OBJSTORE(alg_type) \
(void) pthread_mutex_unlock(find_lock[alg_type])
extern PK11_SESSION *pk11_get_session(PK11_OPTYPE optype);
extern void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype);
#ifndef OPENSSL_NO_RSA
extern int pk11_destroy_rsa_key_objects(PK11_SESSION *session);
extern int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
extern int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
extern EVP_PKEY *pk11_load_privkey(ENGINE *e, const char *pubkey_file,
UI_METHOD *ui_method, void *callback_data);
extern EVP_PKEY *pk11_load_pubkey(ENGINE *e, const char *pubkey_file,
UI_METHOD *ui_method, void *callback_data);
extern RSA_METHOD *PK11_RSA(void);
#endif /* OPENSSL_NO_RSA */
#ifndef OPENSSL_NO_DSA
extern int pk11_destroy_dsa_key_objects(PK11_SESSION *session);
extern int pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock);
extern int pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock);
extern DSA_METHOD *PK11_DSA(void);
#endif /* OPENSSL_NO_DSA */
#ifndef OPENSSL_NO_DH
extern int pk11_destroy_dh_key_objects(PK11_SESSION *session);
extern int pk11_destroy_dh_object(PK11_SESSION *sp, CK_BBOOL uselock);
extern DH_METHOD *PK11_DH(void);
#endif /* OPENSSL_NO_DH */
extern CK_FUNCTION_LIST_PTR pFuncList;
#endif /* HW_PK11_ERR_H */