1 /* 2 * COPYRIGHT (c) International Business Machines Corp. 2001-2017 3 * 4 * This program is provided under the terms of the Common Public License, 5 * version 1.0 (CPL-1.0). Any use, reproduction or distribution for this 6 * software constitutes recipient's acceptance of CPL-1.0 terms which can be 7 * found in the file LICENSE file or at 8 * https://opensource.org/licenses/cpl1.0.php 9 */ 10 11 #include <sys/types.h> 12 #include <sys/mman.h> 13 #ifndef _HOST_DEFS_H 14 #define _HOST_DEFS_H 15 16 #include <pthread.h> 17 #if defined(__OpenBSD__) || defined(__FreeBSD__) 18 #include <sys/endian.h> 19 #ifdef _BYTE_ORDER 20 #define __BYTE_ORDER _BYTE_ORDER 21 #endif 22 #ifdef _LITTLE_ENDIAN 23 #define __LITTLE_ENDIAN _LITTLE_ENDIAN 24 #endif 25 #else 26 #include <endian.h> 27 #endif 28 29 #include "pkcs32.h" 30 #include <stdint.h> 31 32 #include "local_types.h" 33 34 typedef struct _ENCR_DECR_CONTEXT { 35 CK_OBJECT_HANDLE key; 36 CK_MECHANISM mech; 37 CK_BYTE *context; 38 CK_ULONG context_len; 39 CK_BBOOL multi; 40 CK_BBOOL active; 41 CK_BBOOL init_pending; // indicate init request pending 42 CK_BBOOL multi_init; // multi field is initialized 43 // on first call *after* init 44 } ENCR_DECR_CONTEXT; 45 46 typedef struct _DIGEST_CONTEXT { 47 CK_MECHANISM mech; 48 CK_BYTE *context; 49 CK_ULONG context_len; 50 CK_BBOOL multi; 51 CK_BBOOL active; 52 CK_BBOOL multi_init; // multi field is initialized 53 // on first call *after* init 54 } DIGEST_CONTEXT; 55 56 typedef struct _SIGN_VERIFY_CONTEXT { 57 CK_OBJECT_HANDLE key; 58 CK_MECHANISM mech; // current sign mechanism 59 CK_BYTE *context; // temporary work area 60 CK_ULONG context_len; 61 CK_BBOOL multi; // is this a multi-part operation? 62 CK_BBOOL recover; // are we in recover mode? 63 CK_BBOOL active; 64 CK_BBOOL init_pending; // indicate init request pending 65 CK_BBOOL multi_init; // multi field is initialized 66 // on first call *after* init 67 } SIGN_VERIFY_CONTEXT; 68 69 70 typedef struct _SESSION { 71 CK_SESSION_HANDLE handle; 72 CK_SESSION_INFO session_info; 73 74 CK_OBJECT_HANDLE *find_list; // array of CK_OBJECT_HANDLE 75 CK_ULONG_32 find_count; // # handles in the list 76 CK_ULONG_32 find_len; // max # of handles in the list 77 CK_ULONG_32 find_idx; // current position 78 CK_BBOOL find_active; 79 80 ENCR_DECR_CONTEXT encr_ctx; 81 ENCR_DECR_CONTEXT decr_ctx; 82 DIGEST_CONTEXT digest_ctx; 83 SIGN_VERIFY_CONTEXT sign_ctx; 84 SIGN_VERIFY_CONTEXT verify_ctx; 85 86 void *private_data; 87 } SESSION; 88 89 /* TODO: 90 * Add compile-time checking that sizeof(void *) == sizeof(CK_SESSION_HANDLE) 91 * */ 92 93 94 typedef struct _DES_CONTEXT { 95 CK_BYTE data[DES_BLOCK_SIZE]; 96 CK_ULONG len; 97 CK_BBOOL cbc_pad; // is this a CKM_DES_CBC_PAD operation? 98 } DES_CONTEXT; 99 100 typedef struct _DES_DATA_CONTEXT { 101 CK_BYTE data[DES_BLOCK_SIZE]; 102 CK_ULONG len; 103 CK_BYTE iv[DES_BLOCK_SIZE]; 104 } DES_DATA_CONTEXT; 105 106 typedef struct _AES_CONTEXT { 107 CK_BYTE data[AES_BLOCK_SIZE]; 108 CK_ULONG len; 109 CK_BBOOL cbc_pad; 110 } AES_CONTEXT; 111 112 typedef struct _AES_DATA_CONTEXT { 113 CK_BYTE data[AES_BLOCK_SIZE]; 114 CK_ULONG len; 115 CK_BYTE iv[AES_BLOCK_SIZE]; 116 } AES_DATA_CONTEXT; 117 118 typedef struct _AES_GCM_CONTEXT { 119 /* Data buffer for DecryptUpdate needs space 120 * for tag data and remaining tail data */ 121 CK_BYTE data[2 * AES_BLOCK_SIZE]; 122 CK_ULONG len; 123 CK_BYTE icb[AES_BLOCK_SIZE]; 124 CK_BYTE ucb[AES_BLOCK_SIZE]; 125 CK_BYTE hash[AES_BLOCK_SIZE]; 126 CK_BYTE subkey[AES_BLOCK_SIZE]; 127 CK_ULONG ulAlen; 128 CK_ULONG ulClen; 129 } AES_GCM_CONTEXT; 130 131 typedef struct _SHA1_CONTEXT { 132 unsigned int buf[16]; 133 unsigned int hash_value[5]; 134 unsigned int bits_hi, bits_lo; // # bits processed so far 135 136 } SHA1_CONTEXT; 137 138 typedef SHA1_CONTEXT SHA2_CONTEXT; 139 140 141 typedef struct _MD2_CONTEXT { 142 CK_BYTE state[16]; // state 143 CK_BYTE checksum[16]; // checksum 144 CK_ULONG count; // number of bytes, modulo 16 145 CK_BYTE buffer[16]; // input buffer 146 } MD2_CONTEXT; 147 148 149 typedef struct _MD5_CONTEXT { 150 CK_ULONG i[2]; // number of _bits_ handled mod 2^64 151 CK_ULONG buf[4]; // scratch buffer 152 CK_BYTE in[64]; // input buffer 153 CK_BYTE digest[16]; // actual digest after MD5Final call 154 155 } MD5_CONTEXT; 156 157 158 // linux 159 typedef pthread_mutex_t MUTEX; 160 161 // This is actualy wrong... XPROC will be with spinlocks 162 163 typedef struct _TEMPLATE { 164 DL_NODE *attribute_list; 165 } TEMPLATE; 166 167 168 typedef struct _OBJECT { 169 CK_OBJECT_CLASS class; 170 CK_BYTE name[8]; // for token objects 171 172 SESSION *session; // creator; only for session objects 173 TEMPLATE *template; 174 CK_ULONG count_hi; // only significant for token objects 175 CK_ULONG count_lo; // only significant for token objects 176 CK_ULONG index; // SAB Index into the SHM 177 CK_OBJECT_HANDLE map_handle; 178 } OBJECT; 179 180 181 typedef struct _OBJECT_MAP { 182 CK_OBJECT_HANDLE obj_handle; 183 CK_BBOOL is_private; 184 CK_BBOOL is_session_obj; 185 SESSION *session; 186 } OBJECT_MAP; 187 188 /* FIXME: Compile-time check that sizeof(void *) == sizeof(CK_OBJECT_HANDLE) */ 189 190 191 typedef struct _ATTRIBUTE_PARSE_LIST { 192 CK_ATTRIBUTE_TYPE type; 193 void *ptr; 194 CK_ULONG len; 195 CK_BBOOL found; 196 } ATTRIBUTE_PARSE_LIST; 197 198 199 typedef struct _OP_STATE_DATA { 200 CK_STATE session_state; 201 CK_ULONG active_operation; 202 CK_ULONG data_len; 203 // state data gets appended here 204 // 205 206 // mechanism parameter gets appended here 207 // 208 } OP_STATE_DATA; 209 210 211 // this is our internal "tweak" vector (not the FCV) used to tweak various 212 // aspects of the PKCS #11 implementation. Some of these tweaks deviate from 213 // the PKCS #11 specification but are needed to support Netscape. Others 214 // are left as token-defined values by PKCS #11. 215 // 216 // - whether or not to allow weak/semi-weak DES keys to be imported 217 // - whether to insist imported DES keys have proper parity 218 // - whether the CKA_ENCRYPT/DECRYPT/SIGN/VERIFY attributes are modifiable 219 // after key creation 220 // 221 typedef struct _TWEAK_VEC { 222 int allow_weak_des; 223 int check_des_parity; 224 int allow_key_mods; 225 int netscape_mods; 226 } TWEAK_VEC; 227 228 typedef struct _TOKEN_DATA { 229 CK_TOKEN_INFO_32 token_info; 230 231 CK_BYTE user_pin_sha[3 * DES_BLOCK_SIZE]; 232 CK_BYTE so_pin_sha[3 * DES_BLOCK_SIZE]; 233 CK_BYTE next_token_object_name[8]; 234 TWEAK_VEC tweak_vector; 235 } TOKEN_DATA; 236 237 238 typedef struct _SSL3_MAC_CONTEXT { 239 DIGEST_CONTEXT hash_context; 240 CK_BBOOL flag; 241 } SSL3_MAC_CONTEXT; 242 243 244 typedef struct _RSA_DIGEST_CONTEXT { 245 DIGEST_CONTEXT hash_context; 246 CK_BBOOL flag; 247 } RSA_DIGEST_CONTEXT; 248 249 250 typedef struct _MECH_LIST_ELEMENT { 251 CK_MECHANISM_TYPE mech_type; 252 CK_MECHANISM_INFO mech_info; 253 } MECH_LIST_ELEMENT; 254 255 struct mech_list_item; 256 257 struct mech_list_item { 258 struct mech_list_item *next; 259 MECH_LIST_ELEMENT element; 260 }; 261 262 struct mech_list_item *find_mech_list_item_for_type(CK_MECHANISM_TYPE type, 263 struct mech_list_item 264 *head); 265 266 /* mech_list.c */ 267 CK_RV ock_generic_get_mechanism_list(CK_MECHANISM_TYPE_PTR pMechanismList, 268 CK_ULONG_PTR pulCount); 269 270 /* mech_list.c */ 271 CK_RV ock_generic_get_mechanism_info(CK_MECHANISM_TYPE type, 272 CK_MECHANISM_INFO_PTR pInfo); 273 274 typedef struct _TOK_OBJ_ENTRY { 275 CK_BBOOL deleted; 276 char name[8]; 277 CK_ULONG_32 count_lo; 278 CK_ULONG_32 count_hi; 279 } TOK_OBJ_ENTRY; 280 281 struct _LW_SHM_TYPE { 282 TOKEN_DATA nv_token_data; 283 CK_ULONG_32 num_priv_tok_obj; 284 CK_ULONG_32 num_publ_tok_obj; 285 CK_BBOOL priv_loaded; 286 CK_BBOOL publ_loaded; 287 TOK_OBJ_ENTRY publ_tok_objs[MAX_TOK_OBJS]; 288 TOK_OBJ_ENTRY priv_tok_objs[MAX_TOK_OBJS]; 289 }; 290 291 struct _STDLL_TokData_t { 292 CK_SLOT_INFO slot_info; 293 int spinxplfd; // token specific lock 294 char data_store[256]; // path information of the token directory 295 CK_BYTE user_pin_md5[MD5_HASH_SIZE]; 296 CK_BYTE so_pin_md5[MD5_HASH_SIZE]; 297 CK_BYTE master_key[MAX_KEY_SIZE]; 298 CK_BBOOL initialized; 299 CK_ULONG ro_session_count; 300 CK_STATE global_login_state; 301 LW_SHM_TYPE *global_shm; 302 TOKEN_DATA *nv_token_data; 303 void *private_data; 304 }; 305 306 // These are the same for both AIX and Linux... 307 #define MY_CreateMutex(x) _CreateMutex((MUTEX *)(x)) 308 #define MY_DestroyMutex(x) _DestroyMutex((MUTEX *)(x)) 309 #define MY_LockMutex(x) _LockMutex((MUTEX *)(x)) 310 #define MY_UnlockMutex(x) _UnlockMutex((MUTEX *)(x)) 311 312 #endif 313