1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #ifndef	_KERNELOBJECT_H
27 #define	_KERNELOBJECT_H
28 
29 #ifdef __cplusplus
30 extern "C" {
31 #endif
32 
33 #include <security/pkcs11t.h>
34 #include "kernelSession.h"
35 #include "kernelSlot.h"
36 
37 #define	KERNELTOKEN_OBJECT_MAGIC	0xECF0B003
38 
39 #define	KERNEL_CREATE_OBJ	1
40 #define	KERNEL_GEN_KEY		2
41 
42 #define	RSA_PRI_ATTR_COUNT		7
43 #define	RSA_PUB_ATTR_COUNT		3
44 #define	DSA_ATTR_COUNT			4
45 #define	EC_ATTR_COUNT			2
46 
47 /*
48  * Secret key Struct
49  */
50 typedef struct secret_key_obj {
51 	CK_BYTE *sk_value;
52 	CK_ULONG sk_value_len;
53 } secret_key_obj_t;
54 
55 
56 /*
57  * This structure is used to hold the attributes in the
58  * Extra Attribute List.
59  */
60 typedef struct attribute_info {
61 	CK_ATTRIBUTE	attr;
62 	struct attribute_info *next;
63 } attribute_info_t;
64 
65 typedef attribute_info_t *CK_ATTRIBUTE_INFO_PTR;
66 
67 
68 /*
69  * biginteger Struct
70  */
71 typedef struct biginteger {
72 	CK_BYTE *big_value;
73 	CK_ULONG big_value_len;
74 } biginteger_t;
75 
76 
77 /*
78  * PKCS11: RSA Public Key Object Attributes
79  */
80 typedef struct rsa_pub_key {
81 	biginteger_t modulus;
82 	CK_ULONG modulus_bits;
83 	biginteger_t pub_exponent;
84 } rsa_pub_key_t;
85 
86 
87 /*
88  * PKCS11: DSA Public Key Object Attributes
89  */
90 typedef struct dsa_pub_key {
91 	biginteger_t prime;
92 	biginteger_t subprime;
93 	biginteger_t base;
94 	biginteger_t value;
95 } dsa_pub_key_t;
96 
97 /*
98  * PKCS11: Diffie-Hellman Public Key Object Attributes
99  */
100 typedef struct dh_pub_key {
101 	biginteger_t prime;
102 	biginteger_t base;
103 	biginteger_t value;
104 } dh_pub_key_t;
105 
106 /*
107  * PKCS11: EC Public Key Object Attributes
108  */
109 typedef struct ec_pub_key {
110 	biginteger_t point;
111 } ec_pub_key_t;
112 
113 
114 /*
115  * Public Key Main Struct
116  */
117 typedef struct public_key_obj {
118 	union {
119 		rsa_pub_key_t rsa_pub_key; /* RSA public key */
120 		dsa_pub_key_t dsa_pub_key; /* DSA public key */
121 		dh_pub_key_t dh_pub_key; /* DH public key */
122 		ec_pub_key_t ec_pub_key; /* EC public key */
123 	} key_type_u;
124 } public_key_obj_t;
125 
126 
127 /*
128  * PKCS11: RSA Private Key Object Attributes
129  */
130 typedef struct rsa_pri_key {
131 	biginteger_t modulus;
132 	biginteger_t pub_exponent;
133 	biginteger_t pri_exponent;
134 	biginteger_t prime_1;
135 	biginteger_t prime_2;
136 	biginteger_t exponent_1;
137 	biginteger_t exponent_2;
138 	biginteger_t coefficient;
139 } rsa_pri_key_t;
140 
141 
142 /*
143  * PKCS11: DSA Private Key Object Attributes
144  */
145 typedef struct dsa_pri_key {
146 	biginteger_t prime;
147 	biginteger_t subprime;
148 	biginteger_t base;
149 	biginteger_t value;
150 } dsa_pri_key_t;
151 
152 
153 /*
154  * PKCS11: Diffie-Hellman Private Key Object Attributes
155  */
156 typedef struct dh_pri_key {
157 	biginteger_t prime;
158 	biginteger_t base;
159 	biginteger_t value;
160 	CK_ULONG value_bits;
161 } dh_pri_key_t;
162 
163 
164 /*
165  * PKCS11: EC Private Key Object Attributes
166  */
167 typedef struct ec_pri_key {
168 	biginteger_t value;
169 } ec_pri_key_t;
170 
171 /*
172  * Private Key Main Struct
173  */
174 typedef struct private_key_obj {
175 	union {
176 		rsa_pri_key_t rsa_pri_key; /* RSA private key */
177 		dsa_pri_key_t dsa_pri_key; /* DSA private key */
178 		dh_pri_key_t dh_pri_key; /* DH private key */
179 		ec_pri_key_t ec_pri_key; /* EC private key */
180 	} key_type_u;
181 } private_key_obj_t;
182 
183 
184 /*
185  * This is the main structure of the Objects.
186  */
187 typedef struct object {
188 	boolean_t	is_lib_obj; /* default is TRUE */
189 	crypto_object_id_t	k_handle;
190 
191 	/* Generic common fields. Always present */
192 	CK_OBJECT_CLASS class;
193 	CK_KEY_TYPE key_type;
194 	CK_ULONG magic_marker;
195 	uint64_t bool_attr_mask;
196 	CK_MECHANISM_TYPE mechanism;
197 
198 	/* Fields for access and arbitration */
199 	pthread_mutex_t object_mutex;
200 	struct object *next;
201 	struct object *prev;
202 
203 	/* Extra non-boolean attribute list */
204 	CK_ATTRIBUTE_INFO_PTR extra_attrlistp;
205 	CK_ULONG extra_attrcount;
206 
207 	/* For each object, only one object class is presented */
208 	union {
209 		secret_key_obj_t  *secret_key;
210 		public_key_obj_t  *public_key;
211 		private_key_obj_t *private_key;
212 	} object_class_u;
213 
214 	/* Session handle that the object belongs to */
215 	CK_SESSION_HANDLE	session_handle;
216 	uint32_t	obj_refcnt;	/* object reference count */
217 	pthread_cond_t	obj_free_cond;	/* cond variable for signal and wait */
218 	uint32_t	obj_delete_sync;	/* object delete sync flags */
219 
220 } kernel_object_t;
221 
222 
223 typedef struct find_context {
224 	kernel_object_t **objs_found;
225 	CK_ULONG num_results;
226 	CK_ULONG next_result_index; /* next result object to return */
227 } find_context_t;
228 
229 /*
230  * The following structure is used to link the to-be-freed session
231  * objects into a linked list. The objects on this linked list have
232  * not yet been freed via free() after C_DestroyObject() call; instead
233  * they are added to this list. The actual free will take place when
234  * the number of objects queued reaches MAX_OBJ_TO_BE_FREED, at which
235  * time the first object in the list will be freed.
236  */
237 #define	MAX_OBJ_TO_BE_FREED		300
238 
239 typedef struct obj_to_be_freed_list {
240 	kernel_object_t	*first;	/* points to first obj in the list */
241 	kernel_object_t	*last;	/* points to last obj in the list */
242 	uint32_t	count;	/* current total objs in the list */
243 	pthread_mutex_t obj_to_be_free_mutex;
244 } object_to_be_freed_list_t;
245 
246 extern object_to_be_freed_list_t obj_delay_freed;
247 
248 
249 /*
250  * The following definitions are the shortcuts
251  */
252 
253 /*
254  * Secret Key Object Attributes
255  */
256 #define	OBJ_SEC(o) \
257 	(o->object_class_u.secret_key)
258 #define	OBJ_SEC_VALUE(o) \
259 	(o->object_class_u.secret_key->sk_value)
260 #define	OBJ_SEC_VALUE_LEN(o) \
261 	(o->object_class_u.secret_key->sk_value_len)
262 
263 /*
264  * RSA Public Key Object Attributes
265  */
266 #define	OBJ_PUB(o) \
267 	((o)->object_class_u.public_key)
268 #define	KEY_PUB_RSA(k) \
269 	&((k)->key_type_u.rsa_pub_key)
270 #define	OBJ_PUB_RSA_MOD(o) \
271 	&((o)->object_class_u.public_key->key_type_u.rsa_pub_key.modulus)
272 #define	KEY_PUB_RSA_MOD(k) \
273 	&((k)->key_type_u.rsa_pub_key.modulus)
274 #define	OBJ_PUB_RSA_PUBEXPO(o) \
275 	&((o)->object_class_u.public_key->key_type_u.rsa_pub_key.pub_exponent)
276 #define	KEY_PUB_RSA_PUBEXPO(k) \
277 	&((k)->key_type_u.rsa_pub_key.pub_exponent)
278 #define	OBJ_PUB_RSA_MOD_BITS(o) \
279 	((o)->object_class_u.public_key->key_type_u.rsa_pub_key.modulus_bits)
280 #define	KEY_PUB_RSA_MOD_BITS(k) \
281 	((k)->key_type_u.rsa_pub_key.modulus_bits)
282 
283 
284 /*
285  * DSA Public Key Object Attributes
286  */
287 #define	KEY_PUB_DSA(k) \
288 	&((k)->key_type_u.dsa_pub_key)
289 #define	OBJ_PUB_DSA_PRIME(o) \
290 	&((o)->object_class_u.public_key->key_type_u.dsa_pub_key.prime)
291 #define	KEY_PUB_DSA_PRIME(k) \
292 	&((k)->key_type_u.dsa_pub_key.prime)
293 #define	OBJ_PUB_DSA_SUBPRIME(o) \
294 	&((o)->object_class_u.public_key->key_type_u.dsa_pub_key.subprime)
295 #define	KEY_PUB_DSA_SUBPRIME(k) \
296 	&((k)->key_type_u.dsa_pub_key.subprime)
297 #define	OBJ_PUB_DSA_BASE(o) \
298 	&((o)->object_class_u.public_key->key_type_u.dsa_pub_key.base)
299 #define	KEY_PUB_DSA_BASE(k) \
300 	&((k)->key_type_u.dsa_pub_key.base)
301 #define	OBJ_PUB_DSA_VALUE(o) \
302 	&((o)->object_class_u.public_key->key_type_u.dsa_pub_key.value)
303 #define	KEY_PUB_DSA_VALUE(k) \
304 	&((k)->key_type_u.dsa_pub_key.value)
305 
306 
307 /*
308  * Diffie-Hellman Public Key Object Attributes
309  */
310 #define	KEY_PUB_DH(k) \
311 	&((k)->key_type_u.dh_pub_key)
312 #define	OBJ_PUB_DH_PRIME(o) \
313 	&((o)->object_class_u.public_key->key_type_u.dh_pub_key.prime)
314 #define	KEY_PUB_DH_PRIME(k) \
315 	&((k)->key_type_u.dh_pub_key.prime)
316 #define	OBJ_PUB_DH_BASE(o) \
317 	&((o)->object_class_u.public_key->key_type_u.dh_pub_key.base)
318 #define	KEY_PUB_DH_BASE(k) \
319 	&((k)->key_type_u.dh_pub_key.base)
320 #define	OBJ_PUB_DH_VALUE(o) \
321 	&((o)->object_class_u.public_key->key_type_u.dh_pub_key.value)
322 #define	KEY_PUB_DH_VALUE(k) \
323 	&((k)->key_type_u.dh_pub_key.value)
324 
325 
326 /*
327  * EC Public Key Object Attributes
328  */
329 #define	OBJ_PUB_EC_POINT(o) \
330 	&((o)->object_class_u.public_key->key_type_u.ec_pub_key.point)
331 #define	KEY_PUB_EC_POINT(k) \
332 	&((k)->key_type_u.ec_pub_key.point)
333 
334 
335 /*
336  * RSA Private Key Object Attributes
337  */
338 #define	OBJ_PRI(o) \
339 	((o)->object_class_u.private_key)
340 #define	KEY_PRI_RSA(k) \
341 	&((k)->key_type_u.rsa_pri_key)
342 #define	OBJ_PRI_RSA_MOD(o) \
343 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.modulus)
344 #define	KEY_PRI_RSA_MOD(k) \
345 	&((k)->key_type_u.rsa_pri_key.modulus)
346 #define	OBJ_PRI_RSA_PUBEXPO(o) \
347 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.pub_exponent)
348 #define	KEY_PRI_RSA_PUBEXPO(k) \
349 	&((k)->key_type_u.rsa_pri_key.pub_exponent)
350 #define	OBJ_PRI_RSA_PRIEXPO(o) \
351 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.pri_exponent)
352 #define	KEY_PRI_RSA_PRIEXPO(k) \
353 	&((k)->key_type_u.rsa_pri_key.pri_exponent)
354 #define	OBJ_PRI_RSA_PRIME1(o) \
355 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.prime_1)
356 #define	KEY_PRI_RSA_PRIME1(k) \
357 	&((k)->key_type_u.rsa_pri_key.prime_1)
358 #define	OBJ_PRI_RSA_PRIME2(o) \
359 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.prime_2)
360 #define	KEY_PRI_RSA_PRIME2(k) \
361 	&((k)->key_type_u.rsa_pri_key.prime_2)
362 #define	OBJ_PRI_RSA_EXPO1(o) \
363 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.exponent_1)
364 #define	KEY_PRI_RSA_EXPO1(k) \
365 	&((k)->key_type_u.rsa_pri_key.exponent_1)
366 #define	OBJ_PRI_RSA_EXPO2(o) \
367 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.exponent_2)
368 #define	KEY_PRI_RSA_EXPO2(k) \
369 	&((k)->key_type_u.rsa_pri_key.exponent_2)
370 #define	OBJ_PRI_RSA_COEF(o) \
371 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.coefficient)
372 #define	KEY_PRI_RSA_COEF(k) \
373 	&((k)->key_type_u.rsa_pri_key.coefficient)
374 
375 /*
376  * DSA Private Key Object Attributes
377  */
378 #define	KEY_PRI_DSA(k) \
379 	&((k)->key_type_u.dsa_pri_key)
380 #define	OBJ_PRI_DSA_PRIME(o) \
381 	&((o)->object_class_u.private_key->key_type_u.dsa_pri_key.prime)
382 #define	KEY_PRI_DSA_PRIME(k) \
383 	&((k)->key_type_u.dsa_pri_key.prime)
384 #define	OBJ_PRI_DSA_SUBPRIME(o) \
385 	&((o)->object_class_u.private_key->key_type_u.dsa_pri_key.subprime)
386 #define	KEY_PRI_DSA_SUBPRIME(k) \
387 	&((k)->key_type_u.dsa_pri_key.subprime)
388 #define	OBJ_PRI_DSA_BASE(o) \
389 	&((o)->object_class_u.private_key->key_type_u.dsa_pri_key.base)
390 #define	KEY_PRI_DSA_BASE(k) \
391 	&((k)->key_type_u.dsa_pri_key.base)
392 #define	OBJ_PRI_DSA_VALUE(o) \
393 	&((o)->object_class_u.private_key->key_type_u.dsa_pri_key.value)
394 #define	KEY_PRI_DSA_VALUE(k) \
395 	&((k)->key_type_u.dsa_pri_key.value)
396 
397 /*
398  * Diffie-Hellman Private Key Object Attributes
399  */
400 #define	KEY_PRI_DH(k) \
401 	&((k)->key_type_u.dh_pri_key)
402 #define	OBJ_PRI_DH_PRIME(o) \
403 	&((o)->object_class_u.private_key->key_type_u.dh_pri_key.prime)
404 #define	KEY_PRI_DH_PRIME(k) \
405 	&((k)->key_type_u.dh_pri_key.prime)
406 #define	OBJ_PRI_DH_BASE(o) \
407 	&((o)->object_class_u.private_key->key_type_u.dh_pri_key.base)
408 #define	KEY_PRI_DH_BASE(k) \
409 	&((k)->key_type_u.dh_pri_key.base)
410 #define	OBJ_PRI_DH_VALUE(o) \
411 	&((o)->object_class_u.private_key->key_type_u.dh_pri_key.value)
412 #define	KEY_PRI_DH_VALUE(k) \
413 	&((k)->key_type_u.dh_pri_key.value)
414 #define	OBJ_PRI_DH_VAL_BITS(o) \
415 	((o)->object_class_u.private_key->key_type_u.dh_pri_key.value_bits)
416 #define	KEY_PRI_DH_VAL_BITS(k) \
417 	((k)->key_type_u.dh_pri_key.value_bits)
418 
419 /*
420  * EC Private Key Object Attributes
421  */
422 #define	OBJ_PRI_EC_VALUE(o) \
423 	&((o)->object_class_u.private_key->key_type_u.ec_pri_key.value)
424 #define	KEY_PRI_EC_VALUE(k) \
425 	&((k)->key_type_u.ec_pri_key.value)
426 
427 /*
428  * key related attributes with CK_BBOOL data type
429  */
430 #define	DERIVE_BOOL_ON			0x00000001
431 #define	LOCAL_BOOL_ON			0x00000002
432 #define	SENSITIVE_BOOL_ON		0x00000004
433 #define	SECONDARY_AUTH_BOOL_ON		0x00000008
434 #define	ENCRYPT_BOOL_ON			0x00000010
435 #define	DECRYPT_BOOL_ON			0x00000020
436 #define	SIGN_BOOL_ON			0x00000040
437 #define	SIGN_RECOVER_BOOL_ON		0x00000080
438 #define	VERIFY_BOOL_ON			0x00000100
439 #define	VERIFY_RECOVER_BOOL_ON		0x00000200
440 #define	WRAP_BOOL_ON			0x00000400
441 #define	UNWRAP_BOOL_ON			0x00000800
442 #define	TRUSTED_BOOL_ON			0x00001000
443 #define	EXTRACTABLE_BOOL_ON		0x00002000
444 #define	ALWAYS_SENSITIVE_BOOL_ON	0x00004000
445 #define	NEVER_EXTRACTABLE_BOOL_ON	0x00008000
446 #define	PRIVATE_BOOL_ON			0x00010000
447 #define	TOKEN_BOOL_ON			0x00020000
448 #define	MODIFIABLE_BOOL_ON		0x00040000
449 
450 #define	SECRET_KEY_DEFAULT	(ENCRYPT_BOOL_ON|\
451 				DECRYPT_BOOL_ON|\
452 				SIGN_BOOL_ON|\
453 				VERIFY_BOOL_ON|\
454 				WRAP_BOOL_ON|\
455 				UNWRAP_BOOL_ON|\
456 				EXTRACTABLE_BOOL_ON|\
457 				MODIFIABLE_BOOL_ON)
458 
459 #define	PUBLIC_KEY_DEFAULT	(ENCRYPT_BOOL_ON|\
460 				WRAP_BOOL_ON|\
461 				VERIFY_BOOL_ON|\
462 				VERIFY_RECOVER_BOOL_ON|\
463 				MODIFIABLE_BOOL_ON)
464 
465 #define	PRIVATE_KEY_DEFAULT	(DECRYPT_BOOL_ON|\
466 				UNWRAP_BOOL_ON|\
467 				SIGN_BOOL_ON|\
468 				SIGN_RECOVER_BOOL_ON|\
469 				EXTRACTABLE_BOOL_ON|\
470 				MODIFIABLE_BOOL_ON)
471 
472 /*
473  * Flag definitions for obj_delete_sync
474  */
475 #define	OBJECT_IS_DELETING	1	/* Object is in a deleting state */
476 #define	OBJECT_REFCNT_WAITING	2	/* Waiting for object reference */
477 					/* count to become zero */
478 
479 /*
480  * This macro is used to type cast an object handle to a pointer to
481  * the object struct. Also, it checks to see if the object struct
482  * is tagged with an object magic number. This is to detect when an
483  * application passes a bogus object pointer.
484  * Also, it checks to see if the object is in the deleting state that
485  * another thread is performing. If not, increment the object reference
486  * count by one. This is to prevent this object from being deleted by
487  * other thread.
488  */
489 #define	HANDLE2OBJECT_COMMON(hObject, object_p, rv, REFCNT_CODE) { \
490 	object_p = (kernel_object_t *)(hObject); \
491 	if ((object_p == NULL) || \
492 		(object_p->magic_marker != KERNELTOKEN_OBJECT_MAGIC)) {\
493 			rv = CKR_OBJECT_HANDLE_INVALID; \
494 	} else { \
495 		(void) pthread_mutex_lock(&object_p->object_mutex); \
496 		if (!(object_p->obj_delete_sync & OBJECT_IS_DELETING)) { \
497 			REFCNT_CODE; \
498 			rv = CKR_OK; \
499 		} else { \
500 			rv = CKR_OBJECT_HANDLE_INVALID; \
501 		} \
502 		(void) pthread_mutex_unlock(&object_p->object_mutex); \
503 	} \
504 }
505 
506 #define	HANDLE2OBJECT(hObject, object_p, rv) \
507 	HANDLE2OBJECT_COMMON(hObject, object_p, rv, object_p->obj_refcnt++)
508 
509 #define	HANDLE2OBJECT_DESTROY(hObject, object_p, rv) \
510 	HANDLE2OBJECT_COMMON(hObject, object_p, rv, /* no refcnt increment */)
511 
512 
513 #define	OBJ_REFRELE(object_p) { \
514 	(void) pthread_mutex_lock(&object_p->object_mutex); \
515 	if ((--object_p->obj_refcnt) == 0 && \
516 	    (object_p->obj_delete_sync & OBJECT_REFCNT_WAITING)) { \
517 		(void) pthread_cond_signal(&object_p->obj_free_cond); \
518 	} \
519 	(void) pthread_mutex_unlock(&object_p->object_mutex); \
520 }
521 
522 
523 /*
524  * Function Prototypes.
525  */
526 void kernel_cleanup_object(kernel_object_t *objp);
527 
528 CK_RV kernel_add_object(CK_ATTRIBUTE_PTR pTemplate,  CK_ULONG ulCount,
529     CK_ULONG *objecthandle_p, kernel_session_t *sp);
530 
531 CK_RV kernel_delete_session_object(kernel_session_t *sp, kernel_object_t *objp,
532     boolean_t lock_held, boolean_t wrapper_only);
533 
534 void kernel_cleanup_extra_attr(kernel_object_t *object_p);
535 
536 CK_RV kernel_copy_extra_attr(CK_ATTRIBUTE_INFO_PTR old_attrp,
537     kernel_object_t *object_p);
538 
539 void kernel_cleanup_object_bigint_attrs(kernel_object_t *object_p);
540 
541 CK_RV kernel_build_object(CK_ATTRIBUTE_PTR template, CK_ULONG ulAttrNum,
542     kernel_object_t *new_object, kernel_session_t *sp, uint_t);
543 
544 CK_RV kernel_copy_object(kernel_object_t *old_object,
545     kernel_object_t **new_object, boolean_t copy_everything,
546     kernel_session_t *sp);
547 
548 void kernel_merge_object(kernel_object_t *old_object,
549     kernel_object_t *new_object);
550 
551 CK_RV kernel_get_attribute(kernel_object_t *object_p,
552     CK_ATTRIBUTE_PTR template);
553 
554 CK_RV kernel_set_attribute(kernel_object_t *object_p,
555     CK_ATTRIBUTE_PTR template, boolean_t copy, kernel_session_t *sp);
556 
557 void copy_bigint_attr(biginteger_t *src, biginteger_t *dst);
558 
559 void kernel_add_object_to_session(kernel_object_t *objp, kernel_session_t *sp);
560 
561 CK_RV kernel_copy_public_key_attr(public_key_obj_t *old_pub_key_obj_p,
562     public_key_obj_t **new_pub_key_obj_p, CK_KEY_TYPE key_type);
563 
564 CK_RV kernel_copy_private_key_attr(private_key_obj_t *old_pri_key_obj_p,
565     private_key_obj_t **new_pri_key_obj_p, CK_KEY_TYPE key_type);
566 
567 CK_RV kernel_copy_secret_key_attr(secret_key_obj_t *old_secret_key_obj_p,
568     secret_key_obj_t **new_secret_key_obj_p);
569 
570 CK_RV kernel_validate_attr(CK_ATTRIBUTE_PTR template, CK_ULONG ulAttrNum,
571     CK_OBJECT_CLASS *class);
572 
573 CK_RV kernel_find_objects_init(kernel_session_t *sp,
574     CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount);
575 
576 void kernel_find_objects_final(kernel_session_t *sp);
577 
578 void kernel_find_objects(kernel_session_t *sp,
579     CK_OBJECT_HANDLE *obj_found, CK_ULONG max_obj_requested,
580     CK_ULONG *found_obj_count);
581 
582 void kernel_process_find_attr(CK_OBJECT_CLASS *pclasses,
583     CK_ULONG *num_result_pclasses, CK_ATTRIBUTE_PTR pTemplate,
584     CK_ULONG ulCount);
585 
586 boolean_t kernel_find_match_attrs(kernel_object_t *obj,
587     CK_OBJECT_CLASS *pclasses, CK_ULONG num_pclasses,
588     CK_ATTRIBUTE *tmpl_attr, CK_ULONG num_attr);
589 
590 CK_ATTRIBUTE_PTR get_extra_attr(CK_ATTRIBUTE_TYPE type, kernel_object_t *obj);
591 
592 CK_RV get_string_from_template(CK_ATTRIBUTE_PTR dest, CK_ATTRIBUTE_PTR src);
593 
594 void string_attr_cleanup(CK_ATTRIBUTE_PTR template);
595 
596 void kernel_add_token_object_to_slot(kernel_object_t *objp,
597     kernel_slot_t *pslot);
598 
599 void kernel_remove_token_object_from_slot(kernel_slot_t *pslot,
600     kernel_object_t *objp);
601 
602 CK_RV kernel_delete_token_object(kernel_slot_t *pslot, kernel_session_t *sp,
603     kernel_object_t *obj, boolean_t lock_held, boolean_t wrapper_only);
604 
605 void kernel_cleanup_pri_objects_in_slot(kernel_slot_t *pslot,
606     kernel_session_t *sp);
607 
608 CK_RV kernel_get_object_size(kernel_object_t *objp, CK_ULONG_PTR pulSize);
609 
610 void kernel_object_delay_free(kernel_object_t *objp);
611 
612 #ifdef	__cplusplus
613 }
614 #endif
615 
616 #endif /* _KERNELOBJECT_H */
617