pkcs11i.h (39631B)
1 /* This Source Code Form is subject to the terms of the Mozilla Public 2 * License, v. 2.0. If a copy of the MPL was not distributed with this 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 4 /* 5 * Internal data structures and functions used by pkcs11.c 6 */ 7 #ifndef _PKCS11I_H_ 8 #define _PKCS11I_H_ 1 9 10 #include "nssilock.h" 11 #include "seccomon.h" 12 #include "secoidt.h" 13 #include "lowkeyti.h" 14 #include "pkcs11t.h" 15 16 #include "sftkdbt.h" 17 #include "chacha20poly1305.h" 18 #include "hasht.h" 19 20 #include "alghmac.h" 21 #include "cmac.h" 22 23 /* 24 * Configuration Defines 25 * 26 * The following defines affect the space verse speed trade offs of 27 * the PKCS #11 module. For the most part the current settings are optimized 28 * for web servers, where we want faster speed and lower lock contention at 29 * the expense of space. 30 */ 31 32 /* 33 * The attribute allocation strategy is static allocation: 34 * Attributes are pre-allocated as part of the session object and used from 35 * the object array. 36 */ 37 #define MAX_OBJS_ATTRS 45 /* number of attributes to preallocate in \ 38 * the object (must me the absolute max) */ 39 #define ATTR_SPACE 50 /* Maximum size of attribute data before extra \ 40 * data needs to be allocated. This is set to \ 41 * enough space to hold an SSL MASTER secret */ 42 43 #define NSC_STRICT PR_FALSE /* forces the code to do strict template \ 44 * matching when doing C_FindObject on token \ 45 * objects. This will slow down search in \ 46 * NSS. */ 47 /* default search block allocations and increments */ 48 #define NSC_CERT_BLOCK_SIZE 50 49 #define NSC_SEARCH_BLOCK_SIZE 5 50 #define NSC_SLOT_LIST_BLOCK_SIZE 10 51 52 #define NSC_MIN_SESSION_OBJECT_HANDLE 1U 53 54 #define NSC_FIPS_MODULE 1 55 #define NSC_NON_FIPS_MODULE 0 56 57 /* these are data base storage hashes, not cryptographic hashes.. The define 58 * the effective size of the various object hash tables */ 59 /* clients care more about memory usage than lookup performance on 60 * cyrptographic objects. Clients also have less objects around to play with 61 * 62 * we eventually should make this configurable at runtime! Especially now that 63 * NSS is a shared library. 64 */ 65 #define SPACE_ATTRIBUTE_HASH_SIZE 32 66 #define SPACE_SESSION_OBJECT_HASH_SIZE 32 67 #define SPACE_SESSION_HASH_SIZE 32 68 #define TIME_ATTRIBUTE_HASH_SIZE 32 69 #define TIME_SESSION_OBJECT_HASH_SIZE 1024 70 #define TIME_SESSION_HASH_SIZE 1024 71 #define MAX_OBJECT_LIST_SIZE 800 72 /* how many objects to keep on the free list 73 * before we start freeing them */ 74 #define MAX_KEY_LEN 256 /* maximum symmetric key length in bytes */ 75 76 /* 77 * LOG2_BUCKETS_PER_SESSION_LOCK must be a prime number. 78 * With SESSION_HASH_SIZE=1024, LOG2 can be 9, 5, 1, or 0. 79 * With SESSION_HASH_SIZE=4096, LOG2 can be 11, 9, 5, 1, or 0. 80 * 81 * HASH_SIZE LOG2_BUCKETS_PER BUCKETS_PER_LOCK NUMBER_OF_BUCKETS 82 * 1024 9 512 2 83 * 1024 5 32 32 84 * 1024 1 2 512 85 * 1024 0 1 1024 86 * 4096 11 2048 2 87 * 4096 9 512 8 88 * 4096 5 32 128 89 * 4096 1 2 2048 90 * 4096 0 1 4096 91 */ 92 #define LOG2_BUCKETS_PER_SESSION_LOCK 1 93 #define BUCKETS_PER_SESSION_LOCK (1 << (LOG2_BUCKETS_PER_SESSION_LOCK)) 94 /* NOSPREAD sessionID to hash table index macro has been slower. */ 95 96 /* define typedefs, double as forward declarations as well */ 97 typedef struct SFTKAttributeStr SFTKAttribute; 98 typedef struct SFTKObjectListStr SFTKObjectList; 99 typedef struct SFTKObjectFreeListStr SFTKObjectFreeList; 100 typedef struct SFTKObjectListElementStr SFTKObjectListElement; 101 typedef struct SFTKObjectStr SFTKObject; 102 typedef struct SFTKSessionObjectStr SFTKSessionObject; 103 typedef struct SFTKTokenObjectStr SFTKTokenObject; 104 typedef struct SFTKSessionStr SFTKSession; 105 typedef struct SFTKSlotStr SFTKSlot; 106 typedef struct SFTKSessionContextStr SFTKSessionContext; 107 typedef struct SFTKSearchResultsStr SFTKSearchResults; 108 typedef struct SFTKHashVerifyInfoStr SFTKHashVerifyInfo; 109 typedef struct SFTKHashSignInfoStr SFTKHashSignInfo; 110 typedef struct SFTKOAEPInfoStr SFTKOAEPInfo; 111 typedef struct SFTKPSSSignInfoStr SFTKPSSSignInfo; 112 typedef struct SFTKPSSVerifyInfoStr SFTKPSSVerifyInfo; 113 typedef struct SFTKSSLMACInfoStr SFTKSSLMACInfo; 114 typedef struct SFTKChaCha20Poly1305InfoStr SFTKChaCha20Poly1305Info; 115 typedef struct SFTKChaCha20CtrInfoStr SFTKChaCha20CtrInfo; 116 typedef struct SFTKItemTemplateStr SFTKItemTemplate; 117 118 /* define function pointer typdefs for pointer tables */ 119 typedef void (*SFTKDestroy)(void *, PRBool); 120 typedef void (*SFTKBegin)(void *); 121 typedef SECStatus (*SFTKCipher)(void *, unsigned char *, unsigned int *, unsigned int, 122 const unsigned char *, unsigned int); 123 typedef SECStatus (*SFTKAEADCipher)(void *, void *, unsigned int *, 124 unsigned int, void *, unsigned int, 125 void *, unsigned int, void *, unsigned int); 126 typedef SECStatus (*SFTKVerify)(void *, const unsigned char *, unsigned int, const unsigned char *, unsigned int); 127 typedef void (*SFTKHash)(void *, const unsigned char *, unsigned int); 128 typedef void (*SFTKEnd)(void *, unsigned char *, unsigned int *, unsigned int); 129 typedef void (*SFTKFree)(void *); 130 131 /* Value to tell if an attribute is modifiable or not. 132 * NEVER: attribute is only set on creation. 133 * ONCOPY: attribute is set on creation and can only be changed on copy. 134 * SENSITIVE: attribute can only be changed to TRUE. 135 * ALWAYS: attribute can always be changed. 136 */ 137 typedef enum { 138 SFTK_NEVER = 0, 139 SFTK_ONCOPY = 1, 140 SFTK_SENSITIVE = 2, 141 SFTK_ALWAYS = 3 142 } SFTKModifyType; 143 144 /* 145 * Free Status Enum... tell us more information when we think we're 146 * deleting an object. 147 */ 148 typedef enum { 149 SFTK_DestroyFailure, 150 SFTK_Destroyed, 151 SFTK_Busy 152 } SFTKFreeStatus; 153 154 /* 155 * attribute values of an object. 156 */ 157 struct SFTKAttributeStr { 158 SFTKAttribute *next; 159 SFTKAttribute *prev; 160 PRBool freeAttr; 161 PRBool freeData; 162 /*must be called handle to make sftkqueue_find work */ 163 CK_ATTRIBUTE_TYPE handle; 164 CK_ATTRIBUTE attrib; 165 unsigned char space[ATTR_SPACE]; 166 }; 167 168 /* 169 * doubly link list of objects 170 */ 171 struct SFTKObjectListStr { 172 SFTKObjectList *next; 173 SFTKObjectList *prev; 174 SFTKObject *parent; 175 }; 176 177 struct SFTKObjectFreeListStr { 178 SFTKObject *head; 179 PZLock *lock; 180 int count; 181 }; 182 183 /* 184 * PKCS 11 crypto object structure 185 */ 186 struct SFTKObjectStr { 187 SFTKObject *next; 188 SFTKObject *prev; 189 CK_OBJECT_CLASS objclass; 190 CK_OBJECT_HANDLE handle; 191 int refCount; 192 PZLock *refLock; 193 SFTKSlot *slot; 194 void *objectInfo; 195 SFTKFree infoFree; 196 CK_FLAGS validation_value; 197 SFTKAttribute validation_attribute; 198 }; 199 200 struct SFTKTokenObjectStr { 201 SFTKObject obj; 202 SECItem dbKey; 203 }; 204 205 struct SFTKSessionObjectStr { 206 SFTKObject obj; 207 SFTKObjectList sessionList; 208 PZLock *attributeLock; 209 SFTKSession *session; 210 PRBool wasDerived; 211 int nextAttr; 212 SFTKAttribute attrList[MAX_OBJS_ATTRS]; 213 PRBool optimizeSpace; 214 unsigned int hashSize; 215 SFTKAttribute *head[1]; 216 }; 217 218 /* 219 * struct to deal with a temparary list of objects 220 */ 221 struct SFTKObjectListElementStr { 222 SFTKObjectListElement *next; 223 SFTKObject *object; 224 }; 225 226 /* 227 * Area to hold Search results 228 */ 229 struct SFTKSearchResultsStr { 230 CK_OBJECT_HANDLE *handles; 231 int size; 232 int index; 233 int array_size; 234 }; 235 236 /* 237 * the universal crypto/hash/sign/verify context structure 238 */ 239 typedef enum { 240 SFTK_ENCRYPT, 241 SFTK_DECRYPT, 242 SFTK_HASH, 243 SFTK_SIGN, 244 SFTK_SIGN_RECOVER, 245 SFTK_VERIFY, 246 SFTK_VERIFY_RECOVER, 247 SFTK_MESSAGE_ENCRYPT, 248 SFTK_MESSAGE_DECRYPT, 249 SFTK_MESSAGE_SIGN, 250 SFTK_MESSAGE_VERIFY 251 } SFTKContextType; 252 253 /** max block size of supported block ciphers */ 254 #define SFTK_MAX_BLOCK_SIZE 16 255 /** currently SHA512 is the biggest hash length */ 256 #define SFTK_MAX_MAC_LENGTH 64 257 #define SFTK_INVALID_MAC_SIZE 0xffffffff 258 259 /** Particular ongoing operation in session (sign/verify/digest/encrypt/...) 260 * 261 * Understanding sign/verify context: 262 * multi=1 hashInfo=0 block (symmetric) cipher MACing 263 * multi=1 hashInfo=X PKC S/V with prior hashing 264 * multi=0 hashInfo=0 PKC S/V one shot (w/o hashing) 265 * multi=0 hashInfo=X *** shouldn't happen *** 266 */ 267 struct SFTKSessionContextStr { 268 SFTKContextType type; 269 PRBool multi; /* is multipart */ 270 PRBool rsa; /* is rsa */ 271 PRBool doPad; /* use PKCS padding for block ciphers */ 272 PRBool isXCBC; /* xcbc, use special handling in final */ 273 PRBool isFIPS; /* current operation is in FIPS mode */ 274 unsigned int blockSize; /* blocksize for padding */ 275 unsigned int padDataLength; /* length of the valid data in padbuf */ 276 /** latest incomplete block of data for block cipher */ 277 unsigned char padBuf[SFTK_MAX_BLOCK_SIZE]; 278 /** result of MAC'ing of latest full block of data with block cipher */ 279 unsigned char macBuf[SFTK_MAX_BLOCK_SIZE]; 280 unsigned char k2[SFTK_MAX_BLOCK_SIZE]; 281 unsigned char k3[SFTK_MAX_BLOCK_SIZE]; 282 CK_ULONG macSize; /* size of a general block cipher mac*/ 283 void *cipherInfo; 284 void *hashInfo; 285 unsigned int cipherInfoLen; 286 CK_MECHANISM_TYPE currentMech; 287 SFTKCipher update; 288 SFTKAEADCipher aeadUpdate; 289 SFTKHash hashUpdate; 290 SFTKEnd end; 291 SFTKDestroy destroy; 292 SFTKDestroy hashdestroy; 293 SFTKVerify verify; 294 unsigned int maxLen; 295 SFTKObject *key; 296 SECItem *signature; 297 }; 298 299 /* 300 * Sessions (have objects) 301 */ 302 struct SFTKSessionStr { 303 SFTKSession *next; 304 SFTKSession *prev; 305 CK_SESSION_HANDLE handle; 306 PZLock *objectLock; 307 int objectIDCount; 308 CK_SESSION_INFO info; 309 CK_NOTIFY notify; 310 CK_VOID_PTR appData; 311 SFTKSlot *slot; 312 SFTKSearchResults *search; 313 SFTKSessionContext *enc_context; 314 SFTKSessionContext *hash_context; 315 SFTKSessionContext *sign_context; 316 PRBool lastOpWasFIPS; 317 SFTKObjectList *objects[1]; 318 }; 319 320 /* 321 * slots (have sessions and objects) 322 * 323 * The array of sessionLock's protect the session hash table (head[]) 324 * as well as the reference count of session objects in that bucket 325 * (head[]->refCount), objectLock protects all elements of the slot's 326 * object hash tables (sessObjHashTable[] and tokObjHashTable), and 327 * sessionObjectHandleCount. 328 * slotLock protects the remaining protected elements: 329 * password, needLogin, isLoggedIn, ssoLoggedIn, and sessionCount, 330 * and pwCheckLock serializes the key database password checks in 331 * NSC_SetPIN and NSC_Login. 332 * 333 * Each of the fields below has the following lifetime as commented 334 * next to the fields: 335 * invariant - This value is set when the slot is first created and 336 * never changed until it is destroyed. 337 * per load - This value is set when the slot is first created, or 338 * when the slot is used to open another directory. Between open and close 339 * this field does not change. 340 * variable - This value changes through the normal process of slot operation. 341 * - reset. The value of this variable is cleared during an open/close 342 * cycles. 343 * - preserved. The value of this variable is preserved over open/close 344 * cycles. 345 */ 346 struct SFTKSlotStr { 347 CK_SLOT_ID slotID; /* invariant */ 348 PZLock *slotLock; /* invariant */ 349 PZLock **sessionLock; /* invariant */ 350 unsigned int numSessionLocks; /* invariant */ 351 unsigned long sessionLockMask; /* invariant */ 352 PZLock *objectLock; /* invariant */ 353 PRLock *pwCheckLock; /* invariant */ 354 PRBool present; /* variable -set */ 355 PRBool hasTokens; /* per load */ 356 PRBool isLoggedIn; /* variable - reset */ 357 PRBool ssoLoggedIn; /* variable - reset */ 358 PRBool needLogin; /* per load */ 359 PRBool DB_loaded; /* per load */ 360 PRBool readOnly; /* per load */ 361 PRBool optimizeSpace; /* invariant */ 362 SFTKDBHandle *certDB; /* per load */ 363 SFTKDBHandle *keyDB; /* per load */ 364 int minimumPinLen; /* per load */ 365 PRInt32 sessionIDCount; /* atomically incremented */ 366 /* (preserved) */ 367 int sessionIDConflict; /* not protected by a lock */ 368 /* (preserved) */ 369 int sessionCount; /* variable - reset */ 370 PRInt32 rwSessionCount; /* set by atomic operations */ 371 /* (reset) */ 372 int sessionObjectHandleCount; /* variable - perserved */ 373 CK_ULONG index; /* invariant */ 374 PLHashTable *tokObjHashTable; /* invariant */ 375 SFTKObject **sessObjHashTable; /* variable - reset */ 376 unsigned int sessObjHashSize; /* invariant */ 377 SFTKSession **head; /* variable -reset */ 378 unsigned int sessHashSize; /* invariant */ 379 char tokDescription[33]; /* per load */ 380 char updateTokDescription[33]; /* per load */ 381 char slotDescription[65]; /* invariant */ 382 SFTKSession moduleObjects; /* global session to hang module specific 383 * objects like profile objects or 384 * validation objects */ 385 }; 386 387 /* 388 * special joint operations Contexts 389 */ 390 struct SFTKHashVerifyInfoStr { 391 SECOidTag hashOid; 392 void *params; 393 NSSLOWKEYPublicKey *key; 394 }; 395 396 struct SFTKHashSignInfoStr { 397 SECOidTag hashOid; 398 void *params; 399 NSSLOWKEYPrivateKey *key; 400 }; 401 402 struct SFTKPSSVerifyInfoStr { 403 size_t size; /* must be first */ 404 CK_RSA_PKCS_PSS_PARAMS params; 405 NSSLOWKEYPublicKey *key; 406 }; 407 408 struct SFTKPSSSignInfoStr { 409 size_t size; /* must be first */ 410 CK_RSA_PKCS_PSS_PARAMS params; 411 NSSLOWKEYPrivateKey *key; 412 }; 413 414 /** 415 * Contexts for RSA-OAEP 416 */ 417 struct SFTKOAEPInfoStr { 418 CK_RSA_PKCS_OAEP_PARAMS params; 419 PRBool isEncrypt; 420 union { 421 NSSLOWKEYPublicKey *pub; 422 NSSLOWKEYPrivateKey *priv; 423 } key; 424 }; 425 426 /* context for the Final SSLMAC message */ 427 struct SFTKSSLMACInfoStr { 428 size_t size; /* must be first */ 429 void *hashContext; 430 SFTKBegin begin; 431 SFTKHash update; 432 SFTKEnd end; 433 CK_ULONG macSize; 434 int padSize; 435 unsigned char key[MAX_KEY_LEN]; 436 unsigned int keySize; 437 }; 438 439 /* SFTKChaCha20Poly1305Info saves the key, tag length, nonce, 440 * and additional data for a ChaCha20+Poly1305 AEAD operation. */ 441 struct SFTKChaCha20Poly1305InfoStr { 442 ChaCha20Poly1305Context freeblCtx; 443 unsigned char nonce[12]; 444 unsigned char ad[16]; 445 unsigned char *adOverflow; 446 unsigned int adLen; 447 }; 448 449 /* SFTKChaCha20BlockInfoStr the key, nonce and counter for a 450 * ChaCha20 block operation. */ 451 struct SFTKChaCha20CtrInfoStr { 452 PRUint8 key[32]; 453 PRUint8 nonce[12]; 454 PRUint32 counter; 455 }; 456 457 /* 458 * Template based on SECItems, suitable for passing as arrays 459 */ 460 struct SFTKItemTemplateStr { 461 CK_ATTRIBUTE_TYPE type; 462 SECItem *item; 463 }; 464 465 /* macro for setting SFTKTemplates. */ 466 #define SFTK_SET_ITEM_TEMPLATE(templ, count, itemPtr, attr) \ 467 templ[count].type = attr; \ 468 templ[count].item = itemPtr 469 470 #define SFTK_MAX_ITEM_TEMPLATE 10 471 472 /* 473 * session handle modifiers 474 */ 475 #define SFTK_SESSION_SLOT_MASK 0xff000000L 476 477 /* 478 * object handle modifiers 479 */ 480 #define SFTK_TOKEN_MASK 0x80000000L 481 #define SFTK_TOKEN_MAGIC 0x80000000L 482 #define SFTK_TOKEN_TYPE_MASK 0x70000000L 483 /* keydb (high bit == 0) */ 484 #define SFTK_TOKEN_TYPE_PRIV 0x10000000L 485 #define SFTK_TOKEN_TYPE_PUB 0x20000000L 486 #define SFTK_TOKEN_TYPE_KEY 0x30000000L 487 /* certdb (high bit == 1) */ 488 #define SFTK_TOKEN_TYPE_TRUST 0x40000000L 489 #define SFTK_TOKEN_TYPE_CRL 0x50000000L 490 #define SFTK_TOKEN_TYPE_SMIME 0x60000000L 491 #define SFTK_TOKEN_TYPE_CERT 0x70000000L 492 493 #define SFTK_TOKEN_KRL_HANDLE (SFTK_TOKEN_MAGIC | SFTK_TOKEN_TYPE_CRL | 1) 494 /* how big (in bytes) a password/pin we can deal with */ 495 #define SFTK_MAX_PIN 500 496 /* minimum password/pin length (in Unicode characters) in FIPS mode */ 497 #define FIPS_MIN_PIN 7 498 499 /* slot ID's */ 500 #define NETSCAPE_SLOT_ID 1 501 #define PRIVATE_KEY_SLOT_ID 2 502 #define FIPS_SLOT_ID 3 503 504 /* slot helper macros */ 505 #define sftk_SlotFromSession(sp) ((sp)->slot) 506 #define sftk_isToken(id) (((id)&SFTK_TOKEN_MASK) == SFTK_TOKEN_MAGIC) 507 #define sftk_isFIPS(id) \ 508 (((id) == FIPS_SLOT_ID) || ((id) >= SFTK_MIN_FIPS_USER_SLOT_ID)) 509 510 /* validation flags. These are token specific, but also 511 * visible to the application via the validation object 512 * each validation should cover a unique bit. */ 513 #define SFTK_VALIDATION_FIPS_FLAG 0x00000001L 514 515 /* the session hash multiplier (see bug 201081) */ 516 #define SHMULTIPLIER 1791398085 517 518 /* queueing helper macros */ 519 #define sftk_hash(value, size) \ 520 ((PRUint32)((value)*SHMULTIPLIER) & (size - 1)) 521 #define sftkqueue_add(element, id, head, hash_size) \ 522 { \ 523 int tmp = sftk_hash(id, hash_size); \ 524 (element)->next = (head)[tmp]; \ 525 (element)->prev = NULL; \ 526 if ((head)[tmp]) \ 527 (head)[tmp]->prev = (element); \ 528 (head)[tmp] = (element); \ 529 } 530 #define sftkqueue_find(element, id, head, hash_size) \ 531 for ((element) = (head)[sftk_hash(id, hash_size)]; (element) != NULL; \ 532 (element) = (element)->next) { \ 533 if ((element)->handle == (id)) { \ 534 break; \ 535 } \ 536 } 537 #define sftkqueue_is_queued(element, id, head, hash_size) \ 538 (((element)->next) || ((element)->prev) || \ 539 ((head)[sftk_hash(id, hash_size)] == (element))) 540 #define sftkqueue_delete(element, id, head, hash_size) \ 541 if ((element)->next) \ 542 (element)->next->prev = (element)->prev; \ 543 if ((element)->prev) \ 544 (element)->prev->next = (element)->next; \ 545 else \ 546 (head)[sftk_hash(id, hash_size)] = ((element)->next); \ 547 (element)->next = NULL; \ 548 (element)->prev = NULL; 549 550 #define sftkqueue_init_element(element) \ 551 (element)->prev = NULL; 552 553 #define sftkqueue_add2(element, id, index, head) \ 554 { \ 555 (element)->next = (head)[index]; \ 556 if ((head)[index]) \ 557 (head)[index]->prev = (element); \ 558 (head)[index] = (element); \ 559 } 560 561 #define sftkqueue_find2(element, id, index, head) \ 562 for ((element) = (head)[index]; \ 563 (element) != NULL; \ 564 (element) = (element)->next) { \ 565 if ((element)->handle == (id)) { \ 566 break; \ 567 } \ 568 } 569 570 #define sftkqueue_delete2(element, id, index, head) \ 571 if ((element)->next) \ 572 (element)->next->prev = (element)->prev; \ 573 if ((element)->prev) \ 574 (element)->prev->next = (element)->next; \ 575 else \ 576 (head)[index] = ((element)->next); 577 578 #define sftkqueue_clear_deleted_element(element) \ 579 (element)->next = NULL; \ 580 (element)->prev = NULL; 581 582 /* sessionID (handle) is used to determine session lock bucket */ 583 #ifdef NOSPREAD 584 /* NOSPREAD: (ID>>L2LPB) & (perbucket-1) */ 585 #define SFTK_SESSION_LOCK(slot, handle) \ 586 ((slot)->sessionLock[((handle) >> LOG2_BUCKETS_PER_SESSION_LOCK) & (slot)->sessionLockMask]) 587 #else 588 /* SPREAD: ID & (perbucket-1) */ 589 #define SFTK_SESSION_LOCK(slot, handle) \ 590 ((slot)->sessionLock[(handle) & (slot)->sessionLockMask]) 591 #endif 592 593 /* expand an attribute & secitem structures out */ 594 #define sftk_attr_expand(ap) (ap)->type, (ap)->pValue, (ap)->ulValueLen 595 #define sftk_item_expand(ip) (ip)->data, (ip)->len 596 597 typedef struct sftk_token_parametersStr { 598 CK_SLOT_ID slotID; 599 char *configdir; 600 char *certPrefix; 601 char *keyPrefix; 602 char *updatedir; 603 char *updCertPrefix; 604 char *updKeyPrefix; 605 char *updateID; 606 char *tokdes; 607 char *slotdes; 608 char *updtokdes; 609 int minPW; 610 PRBool readOnly; 611 PRBool noCertDB; 612 PRBool noKeyDB; 613 PRBool forceOpen; 614 PRBool pwRequired; 615 PRBool optimizeSpace; 616 } sftk_token_parameters; 617 618 typedef struct sftk_parametersStr { 619 char *configdir; 620 char *updatedir; 621 char *updateID; 622 char *secmodName; 623 char *man; 624 char *libdes; 625 PRBool readOnly; 626 PRBool noModDB; 627 PRBool noCertDB; 628 PRBool forceOpen; 629 PRBool pwRequired; 630 PRBool optimizeSpace; 631 sftk_token_parameters *tokens; 632 int token_count; 633 } sftk_parameters; 634 635 /* path stuff (was machine dependent) used by dbinit.c and pk11db.c */ 636 #define CERT_DB_FMT "%scert%s.db" 637 #define KEY_DB_FMT "%skey%s.db" 638 639 struct sftk_MACConstantTimeCtxStr { 640 const SECHashObject *hash; 641 unsigned char mac[64]; 642 unsigned char secret[64]; 643 unsigned int headerLength; 644 unsigned int secretLength; 645 unsigned int totalLength; 646 unsigned char header[75]; 647 }; 648 typedef struct sftk_MACConstantTimeCtxStr sftk_MACConstantTimeCtx; 649 650 struct sftk_MACCtxStr { 651 /* This is a common MAC context that supports both HMAC and CMAC 652 * operations. This also presents a unified set of semantics: 653 * 654 * - Everything except Destroy returns a CK_RV, indicating success 655 * or failure. (This handles the difference between HMAC's and CMAC's 656 * interfaces, since the underlying AES _might_ fail with CMAC). 657 * 658 * - The underlying MAC is started on Init(...), so Update(...) can 659 * called right away. (This handles the difference between HMAC and 660 * CMAC in their *_Init(...) functions). 661 * 662 * - Calling semantics: 663 * 664 * - One of sftk_MAC_{Create,Init,InitRaw}(...) to set up the MAC 665 * context, checking the return code. 666 * - sftk_MAC_Update(...) as many times as necessary to process 667 * input data, checking the return code. 668 * - sftk_MAC_End(...) to get the output of the MAC; result_len 669 * may be NULL if the caller knows the expected output length, 670 * checking the return code. If result_len is NULL, this will 671 * PR_ASSERT(...) that the actual returned length was equal to 672 * max_result_len. 673 * 674 * Note: unlike HMAC_Finish(...), this allows the caller to specify 675 * a return value less than return length, to align with 676 * CMAC_Finish(...)'s semantics. This will force an additional 677 * stack allocation of size SFTK_MAX_MAC_LENGTH. 678 * - sftk_MAC_Reset(...) if the caller wishes to compute a new MAC 679 * with the same key, checking the return code. 680 * - sftk_MAC_DestroyContext(...) when the caller frees its associated 681 * memory, passing PR_TRUE if sftk_MAC_Create(...) was called, 682 * and PR_FALSE otherwise. 683 */ 684 685 CK_MECHANISM_TYPE mech; 686 unsigned int mac_size; 687 688 union { 689 HMACContext *hmac; 690 CMACContext *cmac; 691 692 /* Functions to update when adding a new MAC or a new hash: 693 * 694 * - sftk_MAC_Init 695 * - sftk_MAC_Update 696 * - sftk_MAC_End 697 * - sftk_MAC_Reset 698 */ 699 void *raw; 700 } mac; 701 702 void (*destroy_func)(void *ctx, PRBool free_it); 703 }; 704 typedef struct sftk_MACCtxStr sftk_MACCtx; 705 706 extern CK_NSS_MODULE_FUNCTIONS sftk_module_funcList; 707 extern CK_NSS_FIPS_FUNCTIONS sftk_fips_funcList; 708 709 SEC_BEGIN_PROTOS 710 711 /* shared functions between pkcs11.c and fipstokn.c */ 712 extern PRBool nsf_init; 713 extern CK_RV nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS); 714 extern CK_RV nsc_CommonFinalize(CK_VOID_PTR pReserved, PRBool isFIPS); 715 extern PRBool sftk_ForkReset(CK_VOID_PTR pReserved, CK_RV *crv); 716 extern CK_RV nsc_CommonGetSlotList(CK_BBOOL tokPresent, 717 CK_SLOT_ID_PTR pSlotList, 718 CK_ULONG_PTR pulCount, 719 unsigned int moduleIndex); 720 721 /* slot initialization, reinit, shutdown and destruction */ 722 extern CK_RV SFTK_SlotInit(char *configdir, char *updatedir, char *updateID, 723 sftk_token_parameters *params, 724 unsigned int moduleIndex); 725 extern CK_RV SFTK_SlotReInit(SFTKSlot *slot, char *configdir, 726 char *updatedir, char *updateID, 727 sftk_token_parameters *params, 728 unsigned int moduleIndex); 729 extern CK_RV SFTK_DestroySlotData(SFTKSlot *slot); 730 extern CK_RV SFTK_ShutdownSlot(SFTKSlot *slot); 731 extern CK_RV sftk_CloseAllSessions(SFTKSlot *slot, PRBool logout); 732 733 /* internal utility functions used by pkcs11.c */ 734 extern CK_RV sftk_MapCryptError(int error); 735 extern CK_RV sftk_MapDecryptError(int error); 736 extern CK_RV sftk_MapVerifyError(int error); 737 extern SFTKAttribute *sftk_FindAttribute(SFTKObject *object, 738 CK_ATTRIBUTE_TYPE type); 739 extern void sftk_FreeAttribute(SFTKAttribute *attribute); 740 extern CK_RV sftk_AddAttributeType(SFTKObject *object, CK_ATTRIBUTE_TYPE type, 741 const void *valPtr, CK_ULONG length); 742 extern CK_RV sftk_Attribute2SecItem(PLArenaPool *arena, SECItem *item, 743 SFTKObject *object, CK_ATTRIBUTE_TYPE type); 744 extern CK_RV sftk_MultipleAttribute2SecItem(PLArenaPool *arena, 745 SFTKObject *object, 746 SFTKItemTemplate *templ, int count); 747 extern unsigned int sftk_GetLengthInBits(unsigned char *buf, 748 unsigned int bufLen); 749 extern CK_RV sftk_ConstrainAttribute(SFTKObject *object, 750 CK_ATTRIBUTE_TYPE type, int minLength, 751 int maxLength, int minMultiple); 752 extern PRBool sftk_hasAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type); 753 extern PRBool sftk_isTrue(SFTKObject *object, CK_ATTRIBUTE_TYPE type); 754 extern void sftk_DeleteAttributeType(SFTKObject *object, 755 CK_ATTRIBUTE_TYPE type); 756 extern CK_RV sftk_Attribute2SecItem(PLArenaPool *arena, SECItem *item, 757 SFTKObject *object, CK_ATTRIBUTE_TYPE type); 758 extern CK_RV sftk_Attribute2SSecItem(PLArenaPool *arena, SECItem *item, 759 SFTKObject *object, 760 CK_ATTRIBUTE_TYPE type); 761 extern SFTKModifyType sftk_modifyType(CK_ATTRIBUTE_TYPE type, 762 CK_OBJECT_CLASS inClass); 763 extern PRBool sftk_isSensitive(CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass); 764 extern char *sftk_getString(SFTKObject *object, CK_ATTRIBUTE_TYPE type); 765 extern void sftk_nullAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type); 766 extern CK_RV sftk_GetULongAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type, 767 CK_ULONG *longData); 768 extern CK_RV sftk_ReadAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type, 769 unsigned char *data, unsigned int maxlen, 770 unsigned int *lenp); 771 extern CK_RV sftk_forceAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type, 772 const void *value, unsigned int len); 773 extern CK_RV sftk_defaultAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type, 774 const void *value, unsigned int len); 775 extern unsigned int sftk_MapTrust(CK_TRUST trust, PRBool clientAuth); 776 777 extern SFTKObject *sftk_NewObject(SFTKSlot *slot); 778 extern CK_RV sftk_CopyObject(SFTKObject *destObject, SFTKObject *srcObject); 779 extern SFTKFreeStatus sftk_FreeObject(SFTKObject *object); 780 extern CK_RV sftk_DeleteObject(SFTKSession *session, SFTKObject *object); 781 extern void sftk_ReferenceObject(SFTKObject *object); 782 extern SFTKObject *sftk_ObjectFromHandle(CK_OBJECT_HANDLE handle, 783 SFTKSession *session); 784 extern CK_OBJECT_HANDLE sftk_getNextHandle(SFTKSlot *slot); 785 extern void sftk_AddSlotObject(SFTKSlot *slot, SFTKObject *object); 786 extern void sftk_AddObject(SFTKSession *session, SFTKObject *object); 787 /* clear out all the existing object ID to database key mappings. 788 * used to reinit a token */ 789 extern CK_RV SFTK_ClearTokenKeyHashTable(SFTKSlot *slot); 790 791 extern CK_RV sftk_searchObjectList(SFTKSearchResults *search, 792 SFTKObject **head, unsigned int size, 793 PZLock *lock, CK_ATTRIBUTE_PTR inTemplate, 794 int count, PRBool isLoggedIn); 795 extern SFTKObjectListElement *sftk_FreeObjectListElement( 796 SFTKObjectListElement *objectList); 797 extern void sftk_FreeObjectList(SFTKObjectListElement *objectList); 798 extern void sftk_FreeSearch(SFTKSearchResults *search); 799 extern CK_RV sftk_handleObject(SFTKObject *object, SFTKSession *session); 800 801 extern SFTKSlot *sftk_SlotFromID(CK_SLOT_ID slotID, PRBool all); 802 extern SFTKSlot *sftk_SlotFromSessionHandle(CK_SESSION_HANDLE handle); 803 extern CK_SLOT_ID sftk_SlotIDFromSessionHandle(CK_SESSION_HANDLE handle); 804 extern SFTKSession *sftk_SessionFromHandle(CK_SESSION_HANDLE handle); 805 extern void sftk_FreeSession(SFTKSession *session); 806 extern void sftk_ClearSession(SFTKSession *session); 807 extern void sftk_DestroySession(SFTKSession *session); 808 extern CK_RV sftk_InitSession(SFTKSession *session, SFTKSlot *slot, 809 CK_SLOT_ID slotID, CK_NOTIFY notify, 810 CK_VOID_PTR pApplication, CK_FLAGS flags); 811 extern SFTKSession *sftk_NewSession(CK_SLOT_ID slotID, CK_NOTIFY notify, 812 CK_VOID_PTR pApplication, CK_FLAGS flags); 813 extern void sftk_update_state(SFTKSlot *slot, SFTKSession *session); 814 extern void sftk_update_all_states(SFTKSlot *slot); 815 extern void sftk_InitFreeLists(void); 816 extern void sftk_CleanupFreeLists(void); 817 818 /* 819 * Helper functions to handle the session crypto contexts 820 */ 821 extern CK_RV sftk_InitGeneric(SFTKSession *session, 822 CK_MECHANISM *pMechanism, 823 SFTKSessionContext **contextPtr, 824 SFTKContextType ctype, SFTKObject **keyPtr, 825 CK_OBJECT_HANDLE hKey, CK_KEY_TYPE *keyTypePtr, 826 CK_OBJECT_CLASS pubKeyType, 827 CK_ATTRIBUTE_TYPE operation); 828 void sftk_SetContextByType(SFTKSession *session, SFTKContextType type, 829 SFTKSessionContext *context); 830 extern CK_RV sftk_GetContext(CK_SESSION_HANDLE handle, 831 SFTKSessionContext **contextPtr, 832 SFTKContextType type, PRBool needMulti, 833 SFTKSession **sessionPtr); 834 extern void sftk_TerminateOp(SFTKSession *session, SFTKContextType ctype, 835 SFTKSessionContext *context); 836 extern void sftk_FreeContext(SFTKSessionContext *context); 837 838 extern NSSLOWKEYPublicKey *sftk_GetPubKey(SFTKObject *object, 839 CK_KEY_TYPE key_type, CK_RV *crvp); 840 extern NSSLOWKEYPrivateKey *sftk_GetPrivKey(SFTKObject *object, 841 CK_KEY_TYPE key_type, CK_RV *crvp); 842 extern CK_RV sftk_PutPubKey(SFTKObject *publicKey, SFTKObject *privKey, CK_KEY_TYPE keyType, 843 NSSLOWKEYPublicKey *pubKey); 844 extern void sftk_FormatDESKey(unsigned char *key, int length); 845 extern PRBool sftk_CheckDESKey(unsigned char *key); 846 extern PRBool sftk_IsWeakKey(unsigned char *key, CK_KEY_TYPE key_type); 847 extern void sftk_EncodeInteger(PRUint64 integer, CK_ULONG num_bits, CK_BBOOL littleEndian, 848 CK_BYTE_PTR output, CK_ULONG_PTR output_len); 849 850 /* ike and xcbc helpers */ 851 extern CK_RV sftk_ike_prf(CK_SESSION_HANDLE hSession, 852 const SFTKAttribute *inKey, 853 const CK_IKE_PRF_DERIVE_PARAMS *params, SFTKObject *outKey); 854 extern CK_RV sftk_ike1_prf(CK_SESSION_HANDLE hSession, 855 const SFTKAttribute *inKey, 856 const CK_IKE1_PRF_DERIVE_PARAMS *params, SFTKObject *outKey, 857 unsigned int keySize); 858 extern CK_RV sftk_ike1_appendix_b_prf(CK_SESSION_HANDLE hSession, 859 const SFTKAttribute *inKey, 860 const CK_IKE1_EXTENDED_DERIVE_PARAMS *params, 861 SFTKObject *outKey, 862 unsigned int keySize); 863 extern CK_RV sftk_ike_prf_plus(CK_SESSION_HANDLE hSession, 864 const SFTKAttribute *inKey, 865 const CK_IKE2_PRF_PLUS_DERIVE_PARAMS *params, SFTKObject *outKey, 866 unsigned int keySize); 867 extern CK_RV sftk_aes_xcbc_new_keys(CK_SESSION_HANDLE hSession, 868 CK_OBJECT_HANDLE hKey, CK_OBJECT_HANDLE_PTR phKey, 869 unsigned char *k2, unsigned char *k3); 870 extern CK_RV sftk_xcbc_mac_pad(unsigned char *padBuf, unsigned int bufLen, 871 unsigned int blockSize, const unsigned char *k2, 872 const unsigned char *k3); 873 extern SECStatus sftk_fips_IKE_PowerUpSelfTests(void); 874 875 /* mechanism allows this operation */ 876 extern CK_RV sftk_MechAllowsOperation(CK_MECHANISM_TYPE type, CK_ATTRIBUTE_TYPE op); 877 878 /* helper function which calls nsslowkey_FindKeyByPublicKey after safely 879 * acquiring a reference to the keydb from the slot */ 880 NSSLOWKEYPrivateKey *sftk_FindKeyByPublicKey(SFTKSlot *slot, SECItem *dbKey); 881 882 /* 883 * parameter parsing functions 884 */ 885 CK_RV sftk_parseParameters(char *param, sftk_parameters *parsed, PRBool isFIPS); 886 void sftk_freeParams(sftk_parameters *params); 887 PRBool sftk_RawArgHasFlag(const char *entry, const char *flag, const void *pReserved); 888 889 /* 890 * narrow objects 891 */ 892 SFTKSessionObject *sftk_narrowToSessionObject(SFTKObject *); 893 SFTKTokenObject *sftk_narrowToTokenObject(SFTKObject *); 894 895 /* 896 * token object utilities 897 */ 898 void sftk_addHandle(SFTKSearchResults *search, CK_OBJECT_HANDLE handle); 899 PRBool sftk_poisonHandle(SFTKSlot *slot, SECItem *dbkey, 900 CK_OBJECT_HANDLE handle); 901 SFTKObject *sftk_NewTokenObject(SFTKSlot *slot, SECItem *dbKey, 902 CK_OBJECT_HANDLE handle); 903 SFTKTokenObject *sftk_convertSessionToToken(SFTKObject *so); 904 905 /* J-PAKE (jpakesftk.c) */ 906 extern CK_RV jpake_Round1(HASH_HashType hashType, 907 CK_NSS_JPAKERound1Params *params, 908 SFTKObject *key); 909 extern CK_RV jpake_Round2(HASH_HashType hashType, 910 CK_NSS_JPAKERound2Params *params, 911 SFTKObject *sourceKey, SFTKObject *key); 912 extern CK_RV jpake_Final(HASH_HashType hashType, 913 const CK_NSS_JPAKEFinalParams *params, 914 SFTKObject *sourceKey, SFTKObject *key); 915 916 /* Constant time MAC functions (hmacct.c) */ 917 sftk_MACConstantTimeCtx *sftk_HMACConstantTime_New( 918 CK_MECHANISM_PTR mech, SFTKObject *key); 919 sftk_MACConstantTimeCtx *sftk_SSLv3MACConstantTime_New( 920 CK_MECHANISM_PTR mech, SFTKObject *key); 921 void sftk_HMACConstantTime_Update(void *pctx, const unsigned char *data, unsigned int len); 922 void sftk_SSLv3MACConstantTime_Update(void *pctx, const unsigned char *data, unsigned int len); 923 void sftk_MACConstantTime_EndHash( 924 void *pctx, unsigned char *out, unsigned int *outLength, unsigned int maxLength); 925 void sftk_MACConstantTime_DestroyContext(void *pctx, PRBool); 926 927 /* Crypto Utilities */ 928 HASH_HashType sftk_GetHashTypeFromMechanism(CK_MECHANISM_TYPE mech); 929 930 /**************************************** 931 * implement TLS Pseudo Random Function (PRF) 932 */ 933 934 extern CK_RV 935 sftk_TLSPRFInit(SFTKSessionContext *context, 936 SFTKObject *key, 937 CK_KEY_TYPE key_type, 938 HASH_HashType hash_alg, 939 unsigned int out_len); 940 941 /* PKCS#11 MAC implementation. See sftk_MACCtxStr declaration above for 942 * calling semantics for these functions. */ 943 HASH_HashType sftk_HMACMechanismToHash(CK_MECHANISM_TYPE mech); 944 CK_RV sftk_MAC_Create(CK_MECHANISM_TYPE mech, SFTKObject *key, sftk_MACCtx **ret_ctx); 945 CK_RV sftk_MAC_Init(sftk_MACCtx *ctx, CK_MECHANISM_TYPE mech, SFTKObject *key); 946 CK_RV sftk_MAC_InitRaw(sftk_MACCtx *ctx, CK_MECHANISM_TYPE mech, const unsigned char *key, unsigned int key_len, PRBool isFIPS); 947 CK_RV sftk_MAC_Update(sftk_MACCtx *ctx, const CK_BYTE *data, unsigned int data_len); 948 CK_RV sftk_MAC_End(sftk_MACCtx *ctx, CK_BYTE_PTR result, unsigned int *result_len, unsigned int max_result_len); 949 CK_RV sftk_MAC_Reset(sftk_MACCtx *ctx); 950 void sftk_MAC_DestroyContext(sftk_MACCtx *ctx, PRBool free_it); 951 952 /* constant time helpers */ 953 unsigned int sftk_CKRVToMask(CK_RV rv); 954 CK_RV sftk_CheckCBCPadding(CK_BYTE_PTR pBuf, unsigned int bufLen, 955 unsigned int blockSize, unsigned int *outPadSize); 956 957 /* NIST 800-108 (kbkdf.c) implementations */ 958 extern CK_RV kbkdf_Dispatch(CK_MECHANISM_TYPE mech, CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, SFTKObject *base_key, SFTKObject *ret_key, CK_ULONG keySize); 959 extern SECStatus sftk_fips_SP800_108_PowerUpSelfTests(void); 960 961 /* export the HKDF function for use in PowerupSelfTests */ 962 CK_RV sftk_HKDF(CK_HKDF_PARAMS_PTR params, CK_SESSION_HANDLE hSession, 963 SFTKObject *sourceKey, const unsigned char *sourceKeyBytes, 964 int sourceKeyLen, SFTKObject *key, 965 unsigned char *outKeyBytes, int keySize, 966 PRBool canBeData, PRBool isFIPS); 967 968 char **NSC_ModuleDBFunc(unsigned long function, char *parameters, void *args); 969 970 /* dh verify functions */ 971 /* verify that dhPrime matches one of our known primes, and if so return 972 * it's subprime value */ 973 const SECItem *sftk_VerifyDH_Prime(SECItem *dhPrime, SECItem *generator, PRBool isFIPS); 974 /* check if dhSubPrime claims dhPrime is a safe prime. */ 975 SECStatus sftk_IsSafePrime(SECItem *dhPrime, SECItem *dhSubPrime, PRBool *isSafe); 976 /* map an operation Attribute to a Mechanism flag */ 977 CK_FLAGS sftk_AttributeToFlags(CK_ATTRIBUTE_TYPE op); 978 /* check the FIPS table to determine if this current operation is allowed by 979 * FIPS security policy */ 980 PRBool sftk_operationIsFIPS(SFTKSlot *slot, CK_MECHANISM *mech, 981 CK_ATTRIBUTE_TYPE op, SFTKObject *source); 982 /* manage the fips flag on objects */ 983 void sftk_setFIPS(SFTKObject *obj, PRBool isFIPS); 984 PRBool sftk_hasFIPS(SFTKObject *obj); 985 986 /* add validation objects to the slot */ 987 CK_RV sftk_CreateValidationObjects(SFTKSlot *slot); 988 989 /* get the length of an MLDSASignature based on the PKCS #11 parameter set */ 990 unsigned int sftk_MLDSAGetSigLen(CK_ML_DSA_PARAMETER_SET_TYPE paramSet); 991 992 SEC_END_PROTOS 993 994 #endif /* _PKCS11I_H_ */