1 /*
2  * COPYRIGHT (c) International Business Machines Corp. 2001-2017
3  *
4  * This program is provided under the terms of the Common Public License,
5  * version 1.0 (CPL-1.0). Any use, reproduction or distribution for this
6  * software constitutes recipient's acceptance of CPL-1.0 terms which can be
7  * found in the file LICENSE file or at
8  * https://opensource.org/licenses/cpl1.0.php
9  */
10 
11 #include <sys/types.h>
12 #include <sys/mman.h>
13 #ifndef _HOST_DEFS_H
14 #define _HOST_DEFS_H
15 
16 #include <pthread.h>
17 #if defined(__OpenBSD__) || defined(__FreeBSD__)
18 #include <sys/endian.h>
19 #ifdef _BYTE_ORDER
20 #define	__BYTE_ORDER    _BYTE_ORDER
21 #endif
22 #ifdef _LITTLE_ENDIAN
23 #define	__LITTLE_ENDIAN _LITTLE_ENDIAN
24 #endif
25 #else
26 #include <endian.h>
27 #endif
28 
29 #include "pkcs32.h"
30 #include <stdint.h>
31 
32 #include "local_types.h"
33 
34 typedef struct _ENCR_DECR_CONTEXT {
35     CK_OBJECT_HANDLE key;
36     CK_MECHANISM mech;
37     CK_BYTE *context;
38     CK_ULONG context_len;
39     CK_BBOOL multi;
40     CK_BBOOL active;
41     CK_BBOOL init_pending;      // indicate init request pending
42     CK_BBOOL multi_init;        // multi field is initialized
43                                 // on first call *after* init
44 } ENCR_DECR_CONTEXT;
45 
46 typedef struct _DIGEST_CONTEXT {
47     CK_MECHANISM mech;
48     CK_BYTE *context;
49     CK_ULONG context_len;
50     CK_BBOOL multi;
51     CK_BBOOL active;
52     CK_BBOOL multi_init;        // multi field is initialized
53                                 // on first call *after* init
54 } DIGEST_CONTEXT;
55 
56 typedef struct _SIGN_VERIFY_CONTEXT {
57     CK_OBJECT_HANDLE key;
58     CK_MECHANISM mech;          // current sign mechanism
59     CK_BYTE *context;           // temporary work area
60     CK_ULONG context_len;
61     CK_BBOOL multi;             // is this a multi-part operation?
62     CK_BBOOL recover;           // are we in recover mode?
63     CK_BBOOL active;
64     CK_BBOOL init_pending;      // indicate init request pending
65     CK_BBOOL multi_init;        // multi field is initialized
66                                 // on first call *after* init
67 } SIGN_VERIFY_CONTEXT;
68 
69 
70 typedef struct _SESSION {
71     CK_SESSION_HANDLE handle;
72     CK_SESSION_INFO session_info;
73 
74     CK_OBJECT_HANDLE *find_list;        // array of CK_OBJECT_HANDLE
75     CK_ULONG_32 find_count;     // # handles in the list
76     CK_ULONG_32 find_len;       // max # of handles in the list
77     CK_ULONG_32 find_idx;       // current position
78     CK_BBOOL find_active;
79 
80     ENCR_DECR_CONTEXT encr_ctx;
81     ENCR_DECR_CONTEXT decr_ctx;
82     DIGEST_CONTEXT digest_ctx;
83     SIGN_VERIFY_CONTEXT sign_ctx;
84     SIGN_VERIFY_CONTEXT verify_ctx;
85 
86     void *private_data;
87 } SESSION;
88 
89 /* TODO:
90  * Add compile-time checking that sizeof(void *) == sizeof(CK_SESSION_HANDLE)
91  * */
92 
93 
94 typedef struct _DES_CONTEXT {
95     CK_BYTE data[DES_BLOCK_SIZE];
96     CK_ULONG len;
97     CK_BBOOL cbc_pad;           // is this a CKM_DES_CBC_PAD operation?
98 } DES_CONTEXT;
99 
100 typedef struct _DES_DATA_CONTEXT {
101     CK_BYTE data[DES_BLOCK_SIZE];
102     CK_ULONG len;
103     CK_BYTE iv[DES_BLOCK_SIZE];
104 } DES_DATA_CONTEXT;
105 
106 typedef struct _AES_CONTEXT {
107     CK_BYTE data[AES_BLOCK_SIZE];
108     CK_ULONG len;
109     CK_BBOOL cbc_pad;
110 } AES_CONTEXT;
111 
112 typedef struct _AES_DATA_CONTEXT {
113     CK_BYTE data[AES_BLOCK_SIZE];
114     CK_ULONG len;
115     CK_BYTE iv[AES_BLOCK_SIZE];
116 } AES_DATA_CONTEXT;
117 
118 typedef struct _AES_GCM_CONTEXT {
119     /* Data buffer for DecryptUpdate needs space
120      * for tag data and remaining tail data */
121     CK_BYTE data[2 * AES_BLOCK_SIZE];
122     CK_ULONG len;
123     CK_BYTE icb[AES_BLOCK_SIZE];
124     CK_BYTE ucb[AES_BLOCK_SIZE];
125     CK_BYTE hash[AES_BLOCK_SIZE];
126     CK_BYTE subkey[AES_BLOCK_SIZE];
127     CK_ULONG ulAlen;
128     CK_ULONG ulClen;
129 } AES_GCM_CONTEXT;
130 
131 typedef struct _SHA1_CONTEXT {
132     unsigned int buf[16];
133     unsigned int hash_value[5];
134     unsigned int bits_hi, bits_lo;      // # bits  processed so far
135 
136 } SHA1_CONTEXT;
137 
138 typedef SHA1_CONTEXT SHA2_CONTEXT;
139 
140 
141 typedef struct _MD2_CONTEXT {
142     CK_BYTE state[16];          // state
143     CK_BYTE checksum[16];       // checksum
144     CK_ULONG count;             // number of bytes, modulo 16
145     CK_BYTE buffer[16];         // input buffer
146 } MD2_CONTEXT;
147 
148 
149 typedef struct _MD5_CONTEXT {
150     CK_ULONG i[2];              // number of _bits_ handled mod 2^64
151     CK_ULONG buf[4];            // scratch buffer
152     CK_BYTE in[64];             // input buffer
153     CK_BYTE digest[16];         // actual digest after MD5Final call
154 
155 } MD5_CONTEXT;
156 
157 
158 // linux
159 typedef pthread_mutex_t MUTEX;
160 
161 // This is actualy wrong... XPROC will be with spinlocks
162 
163 typedef struct _TEMPLATE {
164     DL_NODE *attribute_list;
165 } TEMPLATE;
166 
167 
168 typedef struct _OBJECT {
169     CK_OBJECT_CLASS class;
170     CK_BYTE name[8];            // for token objects
171 
172     SESSION *session;           // creator; only for session objects
173     TEMPLATE *template;
174     CK_ULONG count_hi;          // only significant for token objects
175     CK_ULONG count_lo;          // only significant for token objects
176     CK_ULONG index;             // SAB  Index into the SHM
177     CK_OBJECT_HANDLE map_handle;
178 } OBJECT;
179 
180 
181 typedef struct _OBJECT_MAP {
182     CK_OBJECT_HANDLE obj_handle;
183     CK_BBOOL is_private;
184     CK_BBOOL is_session_obj;
185     SESSION *session;
186 } OBJECT_MAP;
187 
188 /* FIXME: Compile-time check that sizeof(void *) == sizeof(CK_OBJECT_HANDLE) */
189 
190 
191 typedef struct _ATTRIBUTE_PARSE_LIST {
192     CK_ATTRIBUTE_TYPE type;
193     void *ptr;
194     CK_ULONG len;
195     CK_BBOOL found;
196 } ATTRIBUTE_PARSE_LIST;
197 
198 
199 typedef struct _OP_STATE_DATA {
200     CK_STATE session_state;
201     CK_ULONG active_operation;
202     CK_ULONG data_len;
203     // state data gets appended here
204     //
205 
206     // mechanism parameter gets appended here
207     //
208 } OP_STATE_DATA;
209 
210 
211 // this is our internal "tweak" vector (not the FCV) used to tweak various
212 // aspects of the PKCS #11 implementation.  Some of these tweaks deviate from
213 // the PKCS #11 specification but are needed to support Netscape.  Others
214 // are left as token-defined values by PKCS #11.
215 //
216 //    - whether or not to allow weak/semi-weak DES keys to be imported
217 //    - whether to insist imported DES keys have proper parity
218 //    - whether the CKA_ENCRYPT/DECRYPT/SIGN/VERIFY attributes are modifiable
219 //      after key creation
220 //
221 typedef struct _TWEAK_VEC {
222     int allow_weak_des;
223     int check_des_parity;
224     int allow_key_mods;
225     int netscape_mods;
226 } TWEAK_VEC;
227 
228 typedef struct _TOKEN_DATA {
229     CK_TOKEN_INFO_32 token_info;
230 
231     CK_BYTE user_pin_sha[3 * DES_BLOCK_SIZE];
232     CK_BYTE so_pin_sha[3 * DES_BLOCK_SIZE];
233     CK_BYTE next_token_object_name[8];
234     TWEAK_VEC tweak_vector;
235 } TOKEN_DATA;
236 
237 
238 typedef struct _SSL3_MAC_CONTEXT {
239     DIGEST_CONTEXT hash_context;
240     CK_BBOOL flag;
241 } SSL3_MAC_CONTEXT;
242 
243 
244 typedef struct _RSA_DIGEST_CONTEXT {
245     DIGEST_CONTEXT hash_context;
246     CK_BBOOL flag;
247 } RSA_DIGEST_CONTEXT;
248 
249 
250 typedef struct _MECH_LIST_ELEMENT {
251     CK_MECHANISM_TYPE mech_type;
252     CK_MECHANISM_INFO mech_info;
253 } MECH_LIST_ELEMENT;
254 
255 struct mech_list_item;
256 
257 struct mech_list_item {
258     struct mech_list_item *next;
259     MECH_LIST_ELEMENT element;
260 };
261 
262 struct mech_list_item *find_mech_list_item_for_type(CK_MECHANISM_TYPE type,
263                                                     struct mech_list_item
264                                                     *head);
265 
266 /* mech_list.c */
267 CK_RV ock_generic_get_mechanism_list(CK_MECHANISM_TYPE_PTR pMechanismList,
268                                      CK_ULONG_PTR pulCount);
269 
270 /* mech_list.c */
271 CK_RV ock_generic_get_mechanism_info(CK_MECHANISM_TYPE type,
272                                      CK_MECHANISM_INFO_PTR pInfo);
273 
274 typedef struct _TOK_OBJ_ENTRY {
275     CK_BBOOL deleted;
276     char name[8];
277     CK_ULONG_32 count_lo;
278     CK_ULONG_32 count_hi;
279 } TOK_OBJ_ENTRY;
280 
281 struct _LW_SHM_TYPE {
282     TOKEN_DATA nv_token_data;
283     CK_ULONG_32 num_priv_tok_obj;
284     CK_ULONG_32 num_publ_tok_obj;
285     CK_BBOOL priv_loaded;
286     CK_BBOOL publ_loaded;
287     TOK_OBJ_ENTRY publ_tok_objs[MAX_TOK_OBJS];
288     TOK_OBJ_ENTRY priv_tok_objs[MAX_TOK_OBJS];
289 };
290 
291 struct _STDLL_TokData_t {
292     CK_SLOT_INFO slot_info;
293     int spinxplfd;              // token specific lock
294     char data_store[256];       // path information of the token directory
295     CK_BYTE user_pin_md5[MD5_HASH_SIZE];
296     CK_BYTE so_pin_md5[MD5_HASH_SIZE];
297     CK_BYTE master_key[MAX_KEY_SIZE];
298     CK_BBOOL initialized;
299     CK_ULONG ro_session_count;
300     CK_STATE global_login_state;
301     LW_SHM_TYPE *global_shm;
302     TOKEN_DATA *nv_token_data;
303     void *private_data;
304 };
305 
306 // These are the same for both AIX and Linux...
307 #define  MY_CreateMutex(x)    _CreateMutex((MUTEX *)(x))
308 #define  MY_DestroyMutex(x)    _DestroyMutex((MUTEX *)(x))
309 #define  MY_LockMutex(x)       _LockMutex((MUTEX *)(x))
310 #define  MY_UnlockMutex(x)     _UnlockMutex((MUTEX *)(x))
311 
312 #endif
313