1/*
2 * The Initial Developer of the Original Code is International
3 * Business Machines Corporation. Portions created by IBM
4 * Corporation are Copyright(C) 2005 International Business
5 * Machines Corporation. All Rights Reserved.
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the Common Public License as published by
9 * IBM Corporation; either version 1 of the License, or(at your option)
10 * any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * Common Public License for more details.
16 *
17 * You should have received a copy of the Common Public License
18 * along with this program; if not, a copy can be viewed at
19 * http://www.opensource.org/licenses/cpl1.0.php.
20 */
21
22/* (C) COPYRIGHT International Business Machines Corp. 2001, 2002, 2005 */
23/*
24 * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
25 * Use is subject to license terms.
26 * Copyright 2018 Jason King
27 */
28
29#ifndef _TPMTOK_INT_H
30#define	_TPMTOK_INT_H
31
32#include <stdio.h>
33#include <pthread.h>
34#include <string.h>
35#include <strings.h>
36#include <sys/md5.h>
37#include <sys/sha1.h>
38#include <limits.h>
39#include <syslog.h>
40#include <errno.h>
41#include <sys/types.h>
42#include <sys/stat.h>
43#include <sys/param.h>
44#include <sys/byteorder.h>
45#include <security/cryptoki.h>
46
47#include <tss/platform.h>
48#include <tss/tss_defines.h>
49#include <tss/tss_typedef.h>
50#include <tss/tss_structs.h>
51#include <tss/tspi.h>
52
53#define	VERSION_MAJOR 2
54#define	VERSION_MINOR 1
55
56#define	MAX_SESSION_COUNT	64
57#define	MAX_PIN_LEN	256
58#define	MIN_PIN_LEN	1
59
60#define	MAX_SLOT_ID	10
61
62#ifndef MIN
63#define	MIN(a, b)  ((a) < (b) ? (a) : (b))
64#endif
65
66#define	MODE_COPY	(1 << 0)
67#define	MODE_CREATE	(1 << 1)
68#define	MODE_KEYGEN	(1 << 2)
69#define	MODE_MODIFY	(1 << 3)
70#define	MODE_DERIVE	(1 << 4)
71#define	MODE_UNWRAP	(1 << 5)
72
73// RSA block formatting types
74//
75#define	PKCS_BT_1	1
76#define	PKCS_BT_2	2
77
78#define	OP_ENCRYPT_INIT 1
79#define	OP_DECRYPT_INIT 2
80#define	OP_WRAP		3
81#define	OP_UNWRAP	4
82#define	OP_SIGN_INIT	5
83#define	OP_VERIFY_INIT	6
84
85enum {
86	STATE_INVALID = 0,
87	STATE_ENCR,
88	STATE_DECR,
89	STATE_DIGEST,
90	STATE_SIGN,
91	STATE_VERIFY
92};
93
94#define	SHA1_BLOCK_SIZE 64
95#define	SHA1_BLOCK_SIZE_MASK (SHA1_BLOCK_SIZE - 1)
96
97#define	RSA_BLOCK_SIZE 256
98
99#ifndef PATH_MAX
100#define	PATH_MAX MAXPATHLEN
101#endif
102
103#ifndef PACK_DATA
104#define	PACK_DATA
105#endif
106
107#define	MD5_BLOCK_SIZE  64
108
109#define	DSA_SIGNATURE_SIZE  40
110
111#define	DEFAULT_SO_PIN  "87654321"
112
113typedef enum {
114	ALL = 1,
115	PRIVATE,
116	PUBLIC
117} SESS_OBJ_TYPE;
118
119typedef struct _DL_NODE
120{
121	struct _DL_NODE	*next;
122	struct _DL_NODE	*prev;
123	void  *data;
124} DL_NODE;
125
126#define	TOKEN_DATA_FILE	"token.dat"
127#define	TOKEN_OBJ_DIR	"objects"
128#define	TOKEN_OBJ_INDEX_FILE "obj.idx"
129
130#define	TPMTOK_UUID_INDEX_FILENAME "uuids.idx"
131
132/*
133 * Filenames used to store migration data.
134 */
135#define	SO_MAKEY_FILENAME	"so_makey.dat"
136#define	USER_MAKEY_FILENAME	"user_makey.dat"
137#define	SO_KEYBLOB_FILENAME	"so_blob.dat"
138#define	USER_KEYBLOB_FILENAME	"user_blob.dat"
139
140#define	__FUNCTION__ __func__
141
142//
143// Both of the strings below have a length of 32 chars and must be
144// padded with spaces, and non - null terminated.
145//
146#define	PKW_CRYPTOKI_VERSION_MAJOR	2
147#define	PKW_CRYPTOKI_VERSION_MINOR	1
148#define	PKW_CRYPTOKI_MANUFACTURER	"Sun Microsystems, Inc.	  "
149#define	PKW_CRYPTOKI_LIBDESC	    "PKCS#11 Interface for TPM	"
150#define	PKW_CRYPTOKI_LIB_VERSION_MAJOR  1
151#define	PKW_CRYPTOKI_LIB_VERSION_MINOR  0
152#define	PKW_MAX_DEVICES		 10
153
154#define	MAX_TOK_OBJS  2048
155#define	NUMBER_SLOTS_MANAGED 1
156#define	TPM_SLOTID 1
157
158/*
159 * CKA_HIDDEN will be used to filter return results on
160 * a C_FindObjects call. Used for objects internal to the
161 * TPM token for management
162 */
163/* custom attributes for the TPM token */
164#define	CKA_HIDDEN	CKA_VENDOR_DEFINED + 0x01
165#define	CKA_IBM_OPAQUE	CKA_VENDOR_DEFINED + 0x02
166/*
167 * CKA_ENC_AUTHDATA will be used to store the encrypted SHA-1
168 * hashes of auth data passed in for TPM keys. The authdata
169 * will be encrypted using either the public
170 * leaf key or the private leaf key
171 */
172#define	CKA_ENC_AUTHDATA CKA_VENDOR_DEFINED + 0x03
173
174/* custom return codes for the TPM token */
175#define	CKR_KEY_NOT_FOUND	CKR_VENDOR_DEFINED + 0x01
176#define	CKR_FILE_NOT_FOUND	CKR_VENDOR_DEFINED + 0x02
177
178typedef struct {
179	CK_SLOT_ID  slotID;
180	CK_SESSION_HANDLE  sessionh;
181} ST_SESSION_T;
182
183typedef ST_SESSION_T ST_SESSION_HANDLE;
184
185typedef struct {
186	void *Previous;
187	void *Next;
188	CK_SLOT_ID   SltId;
189	CK_SESSION_HANDLE  RealHandle;
190} Session_Struct_t;
191
192typedef Session_Struct_t *SessStructP;
193
194typedef struct {
195	pid_t Pid;
196	pthread_mutex_t  ProcMutex;
197	Session_Struct_t *SessListBeg;
198	Session_Struct_t *SessListEnd;
199	pthread_mutex_t  SessListMutex;
200} API_Proc_Struct_t;
201
202
203
204
205enum {
206	PRF_DUMMYFUNCTION = 1,
207	PRF_FCVFUNCTION,
208	PRF_INITIALIZE,
209	PRF_FINALIZE,
210	PRF_GETINFO,
211	PRF_GETFUNCTIONLIST,
212	PRF_GETSLOTLIST,
213	PRF_GETSLOTINFO,
214	PRF_GETTOKENINFO,
215	PRF_GETMECHLIST,
216	PRF_GETMECHINFO,
217	PRF_INITTOKEN,
218	PRF_INITPIN,
219	PRF_SETPIN,
220	PRF_OPENSESSION,
221	PRF_CLOSESESSION,
222	PRF_CLOSEALLSESSIONS,
223	PRF_GETSESSIONINFO,
224	PRF_GETOPERATIONSTATE,
225	PRF_SETOPERATIONSTATE,
226	PRF_LOGIN,
227	PRF_LOGOUT,
228	PRF_CREATEOBJECT,
229	PRF_COPYOBJECT,
230	PRF_DESTROYOBJECT,
231	PRF_GETOBJECTSIZE,
232	PRF_GETATTRIBUTEVALUE,
233	PRF_SETATTRIBUTEVALUE,
234	PRF_FINDOBJECTSINIT,
235	PRF_FINDOBJECTS,
236	PRF_FINDOBJECTSFINAL,
237	PRF_ENCRYPTINIT,
238	PRF_ENCRYPT,
239	PRF_ENCRYPTUPDATE,
240	PRF_ENCRYPTFINAL,
241	PRF_DECRYPTINIT,
242	PRF_DECRYPT,
243	PRF_DECRYPTUPDATE,
244	PRF_DECRYPTFINAL,
245	PRF_DIGESTINIT,
246	PRF_DIGEST,
247	PRF_DIGESTUPDATE,
248	PRF_DIGESTKEY,
249	PRF_DIGESTFINAL,
250	PRF_SIGNINIT,
251	PRF_SIGN,
252	PRF_SIGNUPDATE,
253	PRF_SIGNFINAL,
254	PRF_SIGNRECOVERINIT,
255	PRF_SIGNRECOVER,
256	PRF_VERIFYINIT,
257	PRF_VERIFY,
258	PRF_VERIFYUPDATE,
259	PRF_VERIFYFINAL,
260	PRF_VERIFYRECOVERINIT,
261	PRF_VERIFYRECOVER,
262	PRF_GENKEY,
263	PRF_GENKEYPAIR,
264	PRF_WRAPKEY,
265	PRF_UNWRAPKEY,
266	PRF_DERIVEKEY,
267	PRF_GENRND,
268	PRF_LASTENTRY
269};
270
271typedef struct _ENCR_DECR_CONTEXT
272{
273	CK_OBJECT_HANDLE  key;
274	CK_MECHANISM mech;
275	CK_BYTE	  *context;
276	CK_ULONG  context_len;
277	CK_BBOOL  multi;
278	CK_BBOOL  active;
279} ENCR_DECR_CONTEXT;
280
281typedef struct _DIGEST_CONTEXT
282{
283	CK_MECHANISM   mech;
284	union {
285		MD5_CTX *md5ctx;
286		SHA1_CTX *sha1ctx;
287		void *ref; /* reference ptr for the union */
288	} context;
289	CK_ULONG context_len;
290	CK_BBOOL multi;
291	CK_BBOOL active;
292} DIGEST_CONTEXT;
293
294typedef struct _SIGN_VERIFY_CONTEXT
295{
296	CK_OBJECT_HANDLE key;
297	CK_MECHANISM	mech;	// current sign mechanism
298	void	 *context;  // temporary work area
299	CK_ULONG context_len;
300	CK_BBOOL multi;    // is this a multi - part operation?
301	CK_BBOOL recover;  // are we in recover mode?
302	CK_BBOOL active;
303} SIGN_VERIFY_CONTEXT;
304
305typedef struct _SESSION
306{
307	CK_SESSION_HANDLE    handle;
308	CK_SESSION_INFO	session_info;
309
310	CK_OBJECT_HANDLE    *find_list;	// array of CK_OBJECT_HANDLE
311	CK_ULONG	find_count;    // # handles in the list
312	CK_ULONG	find_len;	// max # of handles in the list
313	CK_ULONG	find_idx;	// current position
314	CK_BBOOL	find_active;
315
316	ENCR_DECR_CONTEXT    encr_ctx;
317	ENCR_DECR_CONTEXT    decr_ctx;
318	DIGEST_CONTEXT	digest_ctx;
319	SIGN_VERIFY_CONTEXT  sign_ctx;
320	SIGN_VERIFY_CONTEXT  verify_ctx;
321
322	TSS_HCONTEXT	hContext;
323} SESSION;
324
325typedef struct _TEMPLATE
326{
327	DL_NODE  *attribute_list;
328} TEMPLATE;
329
330typedef struct _OBJECT
331{
332	CK_OBJECT_CLASS   class;
333	CK_BYTE	 name[8];   // for token objects
334
335	SESSION	 *session;   // creator; only for session objects
336	TEMPLATE *template;
337	CK_ULONG count_hi;  // only significant for token objects
338	CK_ULONG count_lo;  // only significant for token objects
339	CK_ULONG index;
340} OBJECT;
341
342typedef struct _OBJECT_MAP
343{
344	CK_OBJECT_HANDLE	handle;
345	CK_BBOOL is_private;
346	CK_BBOOL is_session_obj;
347	SESSION	 *session;
348	OBJECT   *ptr;
349} OBJECT_MAP;
350
351typedef struct _ATTRIBUTE_PARSE_LIST
352{
353	CK_ATTRIBUTE_TYPE type;
354	void		*ptr;
355	CK_ULONG	  len;
356	CK_BBOOL	  found;
357} ATTRIBUTE_PARSE_LIST;
358
359typedef struct _OP_STATE_DATA
360{
361	CK_STATE    session_state;
362	CK_ULONG    active_operation;
363	CK_ULONG    data_len;
364} OP_STATE_DATA;
365
366typedef struct _TWEAK_VEC
367{
368	int   allow_key_mods;
369} TWEAK_VEC;
370
371typedef struct _TOKEN_DATA
372{
373	CK_TOKEN_INFO token_info;
374	CK_BYTE   user_pin_sha[SHA1_DIGEST_LENGTH];
375	CK_BYTE   so_pin_sha[SHA1_DIGEST_LENGTH];
376	CK_BYTE   next_token_object_name[8];
377	TWEAK_VEC tweak_vector;
378} TOKEN_DATA;
379
380typedef struct _RSA_DIGEST_CONTEXT {
381	DIGEST_CONTEXT hash_context;
382	CK_BBOOL	flag;
383} RSA_DIGEST_CONTEXT;
384
385typedef struct _MECH_LIST_ELEMENT
386{
387	CK_MECHANISM_TYPE    mech_type;
388	CK_MECHANISM_INFO    mech_info;
389} MECH_LIST_ELEMENT;
390
391struct mech_list_item;
392
393struct mech_list_item {
394	struct mech_list_item *next;
395	MECH_LIST_ELEMENT element;
396};
397
398struct mech_list_item *
399find_mech_list_item_for_type(CK_MECHANISM_TYPE type,
400	struct mech_list_item *head);
401
402typedef struct _TOK_OBJ_ENTRY
403{
404	CK_BBOOL  deleted;
405	char	name[8];
406	CK_ULONG  count_lo;
407	CK_ULONG  count_hi;
408} TOK_OBJ_ENTRY;
409
410typedef struct _LW_SHM_TYPE
411{
412	pthread_mutex_t	mutex;
413	TOKEN_DATA	nv_token_data;
414	CK_ULONG	num_priv_tok_obj;
415	CK_ULONG	num_publ_tok_obj;
416	CK_BBOOL	priv_loaded;
417	CK_BBOOL	publ_loaded;
418	CK_BBOOL	token_available;
419	TOK_OBJ_ENTRY  publ_tok_objs[ MAX_TOK_OBJS ];
420	TOK_OBJ_ENTRY  priv_tok_objs[ MAX_TOK_OBJS ];
421} LW_SHM_TYPE;
422
423typedef unsigned int CK_ULONG_32;
424typedef CK_ULONG_32 CK_OBJECT_CLASS_32;
425typedef CK_ULONG_32 CK_ATTRIBUTE_TYPE_32;
426
427typedef struct CK_ATTRIBUTE_32 {
428	CK_ATTRIBUTE_TYPE_32 type;
429	CK_ULONG_32 pValue;
430	CK_ULONG_32 ulValueLen;
431} CK_ATTRIBUTE_32;
432
433char *get_tpm_keystore_path();
434
435struct messages {
436	char *msg;
437};
438
439struct token_specific_struct {
440	CK_BYTE  token_debug_tag[MAXPATHLEN];
441
442	CK_RV  (*t_init)(char *, CK_SLOT_ID, TSS_HCONTEXT *);
443	int  (*t_slot2local)();
444
445	CK_RV  (*t_rng)(TSS_HCONTEXT, CK_BYTE *, CK_ULONG);
446	CK_RV  (*t_session)(CK_SLOT_ID);
447	CK_RV  (*t_final)(TSS_HCONTEXT);
448	CK_RV (*t_rsa_decrypt)(TSS_HCONTEXT, CK_BYTE *,
449		CK_ULONG, CK_BYTE *, CK_ULONG *, OBJECT *);
450
451	CK_RV (*t_rsa_encrypt)(
452		TSS_HCONTEXT,
453		CK_BYTE *, CK_ULONG, CK_BYTE *,
454		CK_ULONG *, OBJECT *);
455
456	CK_RV (*t_rsa_sign)(TSS_HCONTEXT,
457		CK_BYTE *,
458		CK_ULONG,
459		CK_BYTE *,
460		CK_ULONG *,
461		OBJECT *);
462
463	CK_RV (*t_rsa_verify)(TSS_HCONTEXT,
464		CK_BYTE *,
465		CK_ULONG,
466		CK_BYTE *,
467		CK_ULONG,
468		OBJECT *);
469
470	CK_RV (*t_rsa_generate_keypair)(TSS_HCONTEXT, TEMPLATE *, TEMPLATE *);
471
472	CK_RV (*t_sha_init)(DIGEST_CONTEXT *);
473
474	CK_RV (*t_sha_update)(
475		DIGEST_CONTEXT *,
476		CK_BYTE	*,
477		CK_ULONG);
478
479	CK_RV (*t_sha_final)(
480		DIGEST_CONTEXT *,
481		CK_BYTE *,
482		CK_ULONG *);
483	CK_RV (*t_login)(TSS_HCONTEXT, CK_USER_TYPE, CK_BYTE *, CK_ULONG);
484	CK_RV (*t_logout)(TSS_HCONTEXT);
485	CK_RV (*t_init_pin)(TSS_HCONTEXT, CK_BYTE *, CK_ULONG);
486	CK_RV (*t_set_pin)(ST_SESSION_HANDLE, CK_BYTE *,
487		CK_ULONG, CK_BYTE *, CK_ULONG);
488	CK_RV (*t_verify_so_pin)(TSS_HCONTEXT, CK_BYTE *, CK_ULONG);
489};
490
491typedef  struct token_specific_struct token_spec_t;
492
493/*
494 * Global Variables
495 */
496extern void copy_slot_info(CK_SLOT_ID, CK_SLOT_INFO_PTR);
497
498extern struct messages err_msg[];
499
500extern token_spec_t token_specific;
501extern CK_BBOOL initialized;
502extern char *card_function_names[];
503extern char *total_function_names[];
504
505extern MECH_LIST_ELEMENT mech_list[];
506extern CK_ULONG mech_list_len;
507
508extern pthread_mutex_t native_mutex;
509
510extern void *xproclock;
511
512extern pthread_mutex_t pkcs_mutex, obj_list_mutex,
513	sess_list_mutex, login_mutex;
514
515extern DL_NODE *sess_list;
516extern DL_NODE *sess_obj_list;
517extern DL_NODE *publ_token_obj_list;
518extern DL_NODE *priv_token_obj_list;
519extern DL_NODE *object_map;
520
521extern CK_BYTE so_pin_md5[MD5_DIGEST_LENGTH];
522extern CK_BYTE user_pin_md5[MD5_DIGEST_LENGTH];
523
524extern CK_BYTE default_user_pin_sha[SHA1_DIGEST_LENGTH];
525extern CK_BYTE default_so_pin_sha[SHA1_DIGEST_LENGTH];
526extern CK_BYTE default_so_pin_md5[MD5_DIGEST_LENGTH];
527
528extern LW_SHM_TYPE *global_shm;
529
530extern TOKEN_DATA *nv_token_data;
531
532extern CK_ULONG next_object_handle;
533extern CK_ULONG next_session_handle;
534
535extern CK_STATE global_login_state;
536
537extern CK_BYTE	ber_AlgIdRSAEncryption[];
538extern CK_ULONG	ber_AlgIdRSAEncryptionLen;
539extern CK_BYTE	ber_rsaEncryption[];
540extern CK_ULONG	ber_rsaEncryptionLen;
541extern CK_BYTE	ber_idDSA[];
542extern CK_ULONG	ber_idDSALen;
543
544extern CK_BYTE ber_md5WithRSAEncryption[];
545extern CK_ULONG ber_md5WithRSAEncryptionLen;
546extern CK_BYTE ber_sha1WithRSAEncryption[];
547extern CK_ULONG ber_sha1WithRSAEncryptionLen;
548extern CK_BYTE ber_AlgMd5[];
549extern CK_ULONG ber_AlgMd5Len;
550extern CK_BYTE ber_AlgSha1[];
551extern CK_ULONG ber_AlgSha1Len;
552
553extern CK_C_INITIALIZE_ARGS cinit_args;
554
555/*
556 * Function Prototypes
557 */
558void *attach_shared_memory();
559void  detach_shared_memory(char *);
560
561int API_Initialized();
562void Terminate_All_Process_Sessions();
563int API_Register();
564void API_UnRegister();
565
566void CreateXProcLock(void *);
567int XProcLock(void *);
568int XProcUnLock(void *);
569
570void loginit();
571void logterm();
572void logit(int, char *, ...);
573void AddToSessionList(Session_Struct_t *);
574void RemoveFromSessionList(Session_Struct_t *);
575
576int Valid_Session(Session_Struct_t *, ST_SESSION_T *);
577
578CK_BBOOL pin_expired(CK_SESSION_INFO *, CK_FLAGS);
579CK_BBOOL pin_locked(CK_SESSION_INFO *, CK_FLAGS);
580void set_login_flags(CK_USER_TYPE, CK_FLAGS *);
581
582extern void init_slot_info(TOKEN_DATA *);
583
584CK_RV update_migration_data(TSS_HCONTEXT,
585	TSS_HKEY, TSS_HKEY, char *, char *, BYTE *, BYTE *);
586CK_RV token_rng(TSS_HCONTEXT, CK_BYTE *, CK_ULONG);
587
588TSS_RESULT set_public_modulus(TSS_HCONTEXT, TSS_HKEY,
589    unsigned long, unsigned char *);
590TSS_RESULT open_tss_context(TSS_HCONTEXT *);
591CK_RV token_get_tpm_info(TSS_HCONTEXT, TOKEN_DATA *);
592
593CK_RV clock_set_default_attributes(TEMPLATE *);
594CK_RV clock_check_required_attributes(TEMPLATE *, CK_ULONG);
595CK_RV clock_validate_attribute(TEMPLATE *, CK_ATTRIBUTE *, CK_ULONG);
596
597CK_RV counter_set_default_attributes(TEMPLATE *);
598CK_RV counter_check_required_attributes(TEMPLATE *, CK_ULONG);
599CK_RV counter_validate_attribute(TEMPLATE *, CK_ATTRIBUTE *, CK_ULONG);
600
601CK_RV compute_next_token_obj_name(CK_BYTE *, CK_BYTE *);
602
603CK_RV save_token_object(TSS_HCONTEXT, OBJECT *);
604CK_RV save_public_token_object(OBJECT *);
605CK_RV save_private_token_object(TSS_HCONTEXT, OBJECT *);
606
607CK_RV load_public_token_objects(void);
608CK_RV load_private_token_objects(TSS_HCONTEXT);
609
610CK_RV reload_token_object(TSS_HCONTEXT, OBJECT *);
611
612CK_RV delete_token_object(OBJECT *);
613
614CK_RV init_token_data(TSS_HCONTEXT, TOKEN_DATA *);
615CK_RV load_token_data(TSS_HCONTEXT, TOKEN_DATA *);
616CK_RV save_token_data(TOKEN_DATA *);
617void copy_slot_info(CK_SLOT_ID, CK_SLOT_INFO_PTR);
618
619CK_RV compute_sha(CK_BYTE *, CK_ULONG_32, CK_BYTE *);
620
621CK_RV parity_is_odd(CK_BYTE);
622
623CK_RV build_attribute(CK_ATTRIBUTE_TYPE,
624	CK_BYTE *, CK_ULONG, CK_ATTRIBUTE **);
625
626CK_RV add_pkcs_padding(CK_BYTE *, UINT32, UINT32, UINT32);
627
628CK_RV strip_pkcs_padding(CK_BYTE *, UINT32, UINT32 *);
629
630CK_RV remove_leading_zeros(CK_ATTRIBUTE *);
631
632CK_RV rsa_pkcs_encrypt(
633	SESSION *,
634	CK_BBOOL,
635	ENCR_DECR_CONTEXT *,
636	CK_BYTE *,
637	CK_ULONG,
638	CK_BYTE *,
639	CK_ULONG *);
640
641CK_RV rsa_pkcs_decrypt(SESSION *,
642	CK_BBOOL,
643	ENCR_DECR_CONTEXT *,
644	CK_BYTE *,
645	CK_ULONG,
646	CK_BYTE *,
647	CK_ULONG *);
648
649CK_RV rsa_pkcs_sign(SESSION *,
650	CK_BBOOL,
651	SIGN_VERIFY_CONTEXT *,
652	CK_BYTE *,
653	CK_ULONG,
654	CK_BYTE *,
655	CK_ULONG *);
656
657CK_RV rsa_pkcs_verify(SESSION *,
658	SIGN_VERIFY_CONTEXT *,
659	CK_BYTE *,
660	CK_ULONG,
661	CK_BYTE *,
662	CK_ULONG);
663
664CK_RV rsa_pkcs_verify_recover(SESSION *,
665	CK_BBOOL,
666	SIGN_VERIFY_CONTEXT *,
667	CK_BYTE *,
668	CK_ULONG,
669	CK_BYTE *,
670	CK_ULONG *);
671
672CK_RV rsa_hash_pkcs_sign(SESSION *,
673	CK_BBOOL,
674	SIGN_VERIFY_CONTEXT *,
675	CK_BYTE *,
676	CK_ULONG,
677	CK_BYTE *,
678	CK_ULONG *);
679
680CK_RV rsa_hash_pkcs_verify(SESSION *,
681	SIGN_VERIFY_CONTEXT *,
682	CK_BYTE *,
683	CK_ULONG,
684	CK_BYTE *,
685	CK_ULONG);
686
687CK_RV rsa_hash_pkcs_sign_update(SESSION *,
688	SIGN_VERIFY_CONTEXT *,
689	CK_BYTE *,
690	CK_ULONG);
691
692CK_RV rsa_hash_pkcs_verify_update(SESSION *,
693	SIGN_VERIFY_CONTEXT *,
694	CK_BYTE *,
695	CK_ULONG);
696
697CK_RV rsa_hash_pkcs_sign_final(SESSION *,
698	CK_BBOOL,
699	SIGN_VERIFY_CONTEXT *,
700	CK_BYTE *,
701	CK_ULONG *);
702
703CK_RV rsa_hash_pkcs_verify_final(SESSION *,
704	SIGN_VERIFY_CONTEXT *,
705	CK_BYTE *,
706	CK_ULONG);
707
708
709CK_RV ckm_rsa_key_pair_gen(TSS_HCONTEXT, TEMPLATE *, TEMPLATE *);
710
711CK_RV sha1_hash(SESSION *, CK_BBOOL,
712	DIGEST_CONTEXT *,
713	CK_BYTE *, CK_ULONG,
714	CK_BYTE *, CK_ULONG *);
715
716CK_RV sha1_hmac_sign(SESSION *, CK_BBOOL,
717	SIGN_VERIFY_CONTEXT *,
718	CK_BYTE *,
719	CK_ULONG,
720	CK_BYTE *,
721	CK_ULONG *);
722
723CK_RV sha1_hmac_verify(SESSION *,
724	SIGN_VERIFY_CONTEXT *,
725	CK_BYTE *,
726	CK_ULONG,
727	CK_BYTE *,
728	CK_ULONG);
729
730CK_RV md5_hash(SESSION *, CK_BBOOL,
731	DIGEST_CONTEXT *,
732	CK_BYTE *, CK_ULONG,
733	CK_BYTE *, CK_ULONG *);
734
735CK_RV md5_hmac_sign(SESSION *, CK_BBOOL,
736	SIGN_VERIFY_CONTEXT *,
737	CK_BYTE *,
738	CK_ULONG,
739	CK_BYTE *,
740	CK_ULONG *);
741
742CK_RV md5_hmac_verify(SESSION *,
743	SIGN_VERIFY_CONTEXT *,
744	CK_BYTE *,
745	CK_ULONG,
746	CK_BYTE *,
747	CK_ULONG);
748
749DL_NODE *dlist_add_as_first(DL_NODE *, void *);
750DL_NODE *dlist_add_as_last(DL_NODE *, void *);
751DL_NODE *dlist_find(DL_NODE *, void *);
752DL_NODE *dlist_get_first(DL_NODE *);
753DL_NODE *dlist_get_last(DL_NODE *);
754	CK_ULONG dlist_length(DL_NODE *);
755DL_NODE *dlist_next(DL_NODE *);
756DL_NODE *dlist_prev(DL_NODE *);
757void dlist_purge(DL_NODE *);
758DL_NODE *dlist_remove_node(DL_NODE *, DL_NODE *);
759
760CK_RV attach_shm(void);
761CK_RV detach_shm(void);
762
763// encryption manager routines
764//
765CK_RV encr_mgr_init(SESSION *,
766	ENCR_DECR_CONTEXT *,
767	CK_ULONG,
768	CK_MECHANISM *,
769	CK_OBJECT_HANDLE);
770
771CK_RV encr_mgr_cleanup(ENCR_DECR_CONTEXT *);
772
773CK_RV encr_mgr_encrypt(SESSION *, CK_BBOOL,
774	ENCR_DECR_CONTEXT *,
775	CK_BYTE *, CK_ULONG,
776	CK_BYTE *, CK_ULONG *);
777
778CK_RV decr_mgr_init(SESSION *,
779	ENCR_DECR_CONTEXT *,
780	CK_ULONG,
781	CK_MECHANISM *,
782	CK_OBJECT_HANDLE);
783
784CK_RV decr_mgr_cleanup(ENCR_DECR_CONTEXT *);
785
786CK_RV decr_mgr_decrypt(SESSION *, CK_BBOOL,
787	ENCR_DECR_CONTEXT *,
788	CK_BYTE *, CK_ULONG,
789	CK_BYTE *, CK_ULONG *);
790
791CK_RV digest_mgr_cleanup(DIGEST_CONTEXT *);
792
793CK_RV digest_mgr_init(SESSION *,
794	DIGEST_CONTEXT *,
795	CK_MECHANISM *);
796
797CK_RV digest_mgr_digest(SESSION *, CK_BBOOL,
798	DIGEST_CONTEXT *,
799	CK_BYTE *, CK_ULONG,
800	CK_BYTE *, CK_ULONG *);
801
802CK_RV digest_mgr_digest_update(SESSION *,
803	DIGEST_CONTEXT *,
804	CK_BYTE *, CK_ULONG);
805
806CK_RV digest_mgr_digest_key(SESSION *,
807	DIGEST_CONTEXT *,
808	CK_OBJECT_HANDLE);
809
810CK_RV digest_mgr_digest_final(SESSION *,
811	DIGEST_CONTEXT *,
812	CK_BYTE *, CK_ULONG *);
813
814CK_RV key_mgr_generate_key_pair(SESSION *,
815	CK_MECHANISM *,
816	CK_ATTRIBUTE *, CK_ULONG,
817	CK_ATTRIBUTE *, CK_ULONG,
818	CK_OBJECT_HANDLE *,
819	CK_OBJECT_HANDLE *);
820
821CK_RV key_mgr_wrap_key(SESSION *,
822	CK_BBOOL,
823	CK_MECHANISM *,
824	CK_OBJECT_HANDLE,
825	CK_OBJECT_HANDLE,
826	CK_BYTE *,
827	CK_ULONG *);
828
829CK_RV key_mgr_unwrap_key(SESSION *,
830	CK_MECHANISM *,
831	CK_ATTRIBUTE *,
832	CK_ULONG,
833	CK_BYTE *,
834	CK_ULONG,
835	CK_OBJECT_HANDLE,
836	CK_OBJECT_HANDLE *);
837
838CK_RV sign_mgr_init(SESSION *,
839	SIGN_VERIFY_CONTEXT *,
840	CK_MECHANISM *,
841	CK_BBOOL,
842	CK_OBJECT_HANDLE);
843
844CK_RV sign_mgr_cleanup(SIGN_VERIFY_CONTEXT *);
845
846CK_RV sign_mgr_sign(SESSION *,
847	CK_BBOOL,
848	SIGN_VERIFY_CONTEXT *,
849	CK_BYTE *,
850	CK_ULONG,
851	CK_BYTE *,
852	CK_ULONG *);
853
854CK_RV sign_mgr_sign_recover(SESSION *,
855	CK_BBOOL,
856	SIGN_VERIFY_CONTEXT *,
857	CK_BYTE *,
858	CK_ULONG,
859	CK_BYTE *,
860	CK_ULONG *);
861
862CK_RV sign_mgr_sign_final(SESSION *,
863	CK_BBOOL,
864	SIGN_VERIFY_CONTEXT *,
865	CK_BYTE *,
866	CK_ULONG *);
867
868CK_RV sign_mgr_sign_update(SESSION *,
869	SIGN_VERIFY_CONTEXT *,
870	CK_BYTE *,
871	CK_ULONG);
872
873CK_RV verify_mgr_init(SESSION *,
874	SIGN_VERIFY_CONTEXT *,
875	CK_MECHANISM *,
876	CK_BBOOL,
877	CK_OBJECT_HANDLE);
878
879CK_RV verify_mgr_cleanup(SIGN_VERIFY_CONTEXT *);
880
881CK_RV verify_mgr_verify(SESSION *,
882	SIGN_VERIFY_CONTEXT *,
883	CK_BYTE *,
884	CK_ULONG,
885	CK_BYTE *,
886	CK_ULONG);
887
888CK_RV verify_mgr_verify_recover(SESSION *,
889	CK_BBOOL,
890	SIGN_VERIFY_CONTEXT *,
891	CK_BYTE *,
892	CK_ULONG,
893	CK_BYTE *,
894	CK_ULONG *);
895
896CK_RV verify_mgr_verify_update(SESSION *,
897	SIGN_VERIFY_CONTEXT *,
898	CK_BYTE *,
899	CK_ULONG);
900
901CK_RV verify_mgr_verify_final(SESSION *,
902	SIGN_VERIFY_CONTEXT *,
903	CK_BYTE *,
904	CK_ULONG);
905
906
907// session manager routines
908//
909CK_RV session_mgr_close_all_sessions(void);
910CK_RV session_mgr_close_session(SESSION *);
911SESSION *session_mgr_find(CK_SESSION_HANDLE);
912CK_RV session_mgr_login_all(CK_USER_TYPE);
913CK_RV session_mgr_logout_all(void);
914CK_RV session_mgr_new(CK_ULONG, SESSION **);
915
916CK_BBOOL session_mgr_readonly_exists(void);
917CK_BBOOL session_mgr_so_session_exists(void);
918CK_BBOOL session_mgr_user_session_exists(void);
919CK_BBOOL session_mgr_public_session_exists(void);
920
921CK_RV session_mgr_get_op_state(SESSION *, CK_BBOOL,
922	CK_BYTE *, CK_ULONG *);
923
924CK_RV session_mgr_set_op_state(SESSION *,
925	CK_OBJECT_HANDLE, CK_OBJECT_HANDLE, CK_BYTE *);
926
927CK_RV object_mgr_add(SESSION *,
928	CK_ATTRIBUTE *, CK_ULONG, CK_OBJECT_HANDLE *);
929
930CK_RV object_mgr_add_to_map(SESSION *, OBJECT *, CK_OBJECT_HANDLE *);
931
932CK_RV object_mgr_add_to_shm(OBJECT *);
933CK_RV object_mgr_del_from_shm(OBJECT *);
934
935CK_RV object_mgr_copy(SESSION *,
936	CK_ATTRIBUTE *, CK_ULONG, CK_OBJECT_HANDLE,
937	CK_OBJECT_HANDLE *);
938
939CK_RV object_mgr_create_final(SESSION *,
940	OBJECT *, CK_OBJECT_HANDLE *);
941
942CK_RV object_mgr_create_skel(SESSION *,
943	CK_ATTRIBUTE *, CK_ULONG, CK_ULONG,
944	CK_ULONG, CK_ULONG, OBJECT **);
945
946CK_RV object_mgr_destroy_object(SESSION *, CK_OBJECT_HANDLE);
947
948CK_RV object_mgr_destroy_token_objects(TSS_HCONTEXT);
949
950CK_RV object_mgr_find_in_map1(TSS_HCONTEXT, CK_OBJECT_HANDLE, OBJECT **);
951
952CK_RV object_mgr_find_in_map2(TSS_HCONTEXT, OBJECT *, CK_OBJECT_HANDLE *);
953
954CK_RV object_mgr_find_init(SESSION *, CK_ATTRIBUTE *, CK_ULONG);
955
956CK_RV object_mgr_find_build_list(SESSION *,
957	CK_ATTRIBUTE *,
958	CK_ULONG,
959	DL_NODE *,
960	CK_BBOOL public_only);
961
962CK_RV object_mgr_find_final(SESSION *);
963
964CK_RV object_mgr_get_attribute_values(SESSION *,
965	CK_OBJECT_HANDLE,
966	CK_ATTRIBUTE *,
967	CK_ULONG);
968
969CK_RV object_mgr_get_object_size(TSS_HCONTEXT, CK_OBJECT_HANDLE,
970	CK_ULONG *);
971
972CK_BBOOL object_mgr_invalidate_handle1(CK_OBJECT_HANDLE handle);
973
974CK_BBOOL object_mgr_invalidate_handle2(OBJECT *);
975
976CK_BBOOL object_mgr_purge_session_objects(SESSION *, SESS_OBJ_TYPE);
977
978CK_BBOOL object_mgr_purge_token_objects(TSS_HCONTEXT);
979
980CK_BBOOL object_mgr_purge_private_token_objects(TSS_HCONTEXT);
981
982CK_RV object_mgr_remove_from_map(CK_OBJECT_HANDLE);
983
984CK_RV object_mgr_restore_obj(CK_BYTE *, OBJECT *);
985
986CK_RV object_mgr_set_attribute_values(SESSION *,
987	CK_OBJECT_HANDLE,
988	CK_ATTRIBUTE *,
989	CK_ULONG);
990
991CK_BBOOL object_mgr_purge_map(SESSION *, SESS_OBJ_TYPE);
992
993CK_RV object_create(CK_ATTRIBUTE *, CK_ULONG, OBJECT **);
994
995CK_RV object_create_skel(CK_ATTRIBUTE *,
996	CK_ULONG,
997	CK_ULONG,
998	CK_ULONG,
999	CK_ULONG,
1000	OBJECT **);
1001
1002CK_RV object_copy(CK_ATTRIBUTE *,
1003	CK_ULONG,
1004	OBJECT *,
1005	OBJECT **);
1006
1007CK_RV object_flatten(OBJECT *,
1008	CK_BYTE **,
1009	CK_ULONG_32 *);
1010
1011CK_BBOOL object_free(OBJECT *);
1012
1013CK_RV object_get_attribute_values(OBJECT *,
1014	CK_ATTRIBUTE *,
1015	CK_ULONG);
1016
1017CK_ULONG object_get_size(OBJECT *);
1018
1019CK_RV object_restore(CK_BYTE *,
1020	OBJECT **,
1021	CK_BBOOL replace);
1022
1023CK_RV object_set_attribute_values(OBJECT *,
1024	CK_ATTRIBUTE *,
1025	CK_ULONG);
1026
1027CK_BBOOL object_is_modifiable(OBJECT *);
1028CK_BBOOL object_is_private(OBJECT *);
1029CK_BBOOL object_is_public(OBJECT *);
1030CK_BBOOL object_is_token_object(OBJECT *);
1031CK_BBOOL object_is_session_object(OBJECT *);
1032
1033CK_BBOOL is_attribute_defined(CK_ATTRIBUTE_TYPE);
1034
1035CK_RV template_add_attributes(TEMPLATE *,
1036	CK_ATTRIBUTE *, CK_ULONG);
1037
1038CK_RV template_add_default_attributes(TEMPLATE *,
1039	CK_ULONG,
1040	CK_ULONG,
1041	CK_ULONG);
1042
1043CK_BBOOL template_attribute_find(TEMPLATE *,
1044	CK_ATTRIBUTE_TYPE, CK_ATTRIBUTE **);
1045
1046void template_attribute_find_multiple(TEMPLATE *,
1047	ATTRIBUTE_PARSE_LIST *,
1048	CK_ULONG);
1049
1050CK_BBOOL template_check_exportability(TEMPLATE *, CK_ATTRIBUTE_TYPE type);
1051
1052CK_RV template_check_required_attributes(TEMPLATE *,
1053	CK_ULONG, CK_ULONG, CK_ULONG);
1054
1055CK_RV template_check_required_base_attributes(TEMPLATE *,
1056	CK_ULONG);
1057
1058CK_BBOOL template_compare(CK_ATTRIBUTE *,
1059	CK_ULONG, TEMPLATE *);
1060
1061CK_RV template_copy(TEMPLATE *, TEMPLATE *);
1062
1063CK_RV template_flatten(TEMPLATE *, CK_BYTE *);
1064
1065CK_RV template_free(TEMPLATE *);
1066
1067CK_BBOOL template_get_class(TEMPLATE *, CK_ULONG *, CK_ULONG *);
1068
1069CK_ULONG template_get_count(TEMPLATE *);
1070
1071CK_ULONG template_get_size(TEMPLATE *);
1072CK_ULONG template_get_compressed_size(TEMPLATE *);
1073
1074CK_RV template_set_default_common_attributes(TEMPLATE *);
1075
1076CK_RV template_merge(TEMPLATE *, TEMPLATE **);
1077
1078CK_RV template_update_attribute(TEMPLATE *, CK_ATTRIBUTE *);
1079
1080CK_RV template_unflatten(TEMPLATE **, CK_BYTE *, CK_ULONG);
1081
1082CK_RV template_validate_attribute(TEMPLATE *,
1083	CK_ATTRIBUTE *, CK_ULONG, CK_ULONG, CK_ULONG);
1084
1085CK_RV template_validate_attributes(TEMPLATE *,
1086	CK_ULONG, CK_ULONG, CK_ULONG);
1087
1088CK_RV template_validate_base_attribute(TEMPLATE *,
1089	CK_ATTRIBUTE *, CK_ULONG);
1090
1091
1092// DATA OBJECT ROUTINES
1093//
1094CK_RV data_object_check_required_attributes(TEMPLATE *, CK_ULONG);
1095CK_RV data_object_set_default_attributes(TEMPLATE *, CK_ULONG);
1096CK_RV data_object_validate_attribute(TEMPLATE *, CK_ATTRIBUTE *, CK_ULONG);
1097
1098// CERTIFICATE ROUTINES
1099CK_RV cert_validate_attribute(TEMPLATE *, CK_ATTRIBUTE *, CK_ULONG);
1100
1101CK_RV cert_x509_check_required_attributes(TEMPLATE *, CK_ULONG);
1102CK_RV cert_x509_set_default_attributes(TEMPLATE *, CK_ULONG);
1103CK_RV cert_x509_validate_attribute(TEMPLATE *, CK_ATTRIBUTE *, CK_ULONG);
1104CK_RV cert_vendor_check_required_attributes(TEMPLATE *, CK_ULONG);
1105CK_RV cert_vendor_validate_attribute(TEMPLATE *, CK_ATTRIBUTE *, CK_ULONG);
1106
1107//
1108// KEY ROUTINES
1109//
1110CK_RV key_object_check_required_attributes(TEMPLATE *, CK_ULONG);
1111CK_RV key_object_set_default_attributes(TEMPLATE *, CK_ULONG);
1112CK_RV key_object_validate_attribute(TEMPLATE *, CK_ATTRIBUTE *, CK_ULONG);
1113
1114CK_RV publ_key_check_required_attributes(TEMPLATE *, CK_ULONG);
1115CK_RV publ_key_set_default_attributes(TEMPLATE *, CK_ULONG);
1116CK_RV publ_key_validate_attribute(TEMPLATE *, CK_ATTRIBUTE *, CK_ULONG);
1117
1118CK_RV priv_key_check_required_attributes(TEMPLATE *, CK_ULONG);
1119CK_RV priv_key_set_default_attributes(TEMPLATE *, CK_ULONG);
1120CK_RV priv_key_unwrap(TEMPLATE *, CK_ULONG, CK_BYTE *, CK_ULONG);
1121CK_RV priv_key_validate_attribute(TEMPLATE *, CK_ATTRIBUTE *, CK_ULONG);
1122
1123	CK_BBOOL secret_key_check_exportability(CK_ATTRIBUTE_TYPE type);
1124CK_RV secret_key_check_required_attributes(TEMPLATE *, CK_ULONG);
1125CK_RV secret_key_set_default_attributes(TEMPLATE *, CK_ULONG);
1126CK_RV secret_key_unwrap(TEMPLATE *, CK_ULONG, CK_BYTE *, CK_ULONG,
1127	CK_BBOOL fromend);
1128CK_RV secret_key_validate_attribute(TEMPLATE *, CK_ATTRIBUTE *,
1129	CK_ULONG);
1130
1131// rsa routines
1132//
1133CK_RV rsa_publ_check_required_attributes(TEMPLATE *, CK_ULONG);
1134CK_RV rsa_publ_validate_attribute(TEMPLATE *, CK_ATTRIBUTE *, CK_ULONG);
1135CK_RV rsa_publ_set_default_attributes(TEMPLATE *, CK_ULONG);
1136	CK_BBOOL rsa_priv_check_exportability(CK_ATTRIBUTE_TYPE type);
1137CK_RV rsa_priv_check_required_attributes(TEMPLATE *, CK_ULONG);
1138CK_RV rsa_priv_set_default_attributes(TEMPLATE *, CK_ULONG);
1139CK_RV rsa_priv_validate_attribute(TEMPLATE *, CK_ATTRIBUTE *, CK_ULONG);
1140CK_RV rsa_priv_wrap_get_data(TEMPLATE *, CK_BBOOL, CK_BYTE **, CK_ULONG *);
1141CK_RV rsa_priv_unwrap(TEMPLATE *, CK_BYTE *, CK_ULONG);
1142
1143// Generic secret key routines
1144CK_RV generic_secret_check_required_attributes(TEMPLATE *, CK_ULONG);
1145CK_RV generic_secret_set_default_attributes(TEMPLATE *, CK_ULONG);
1146CK_RV generic_secret_validate_attribute(TEMPLATE *, CK_ATTRIBUTE *, CK_ULONG);
1147CK_RV generic_secret_wrap_get_data(TEMPLATE *, CK_BBOOL,
1148	CK_BYTE **, CK_ULONG *);
1149
1150CK_RV generic_secret_unwrap(TEMPLATE *, CK_BYTE *, CK_ULONG, CK_BBOOL fromend);
1151
1152CK_RV tpm_encrypt_data(TSS_HCONTEXT,
1153	TSS_HKEY, CK_BYTE *, CK_ULONG, CK_BYTE *, CK_ULONG *);
1154
1155CK_RV tpm_decrypt_data(TSS_HCONTEXT,
1156	TSS_HKEY, CK_BYTE *, CK_ULONG, CK_BYTE *, CK_ULONG *);
1157
1158CK_ULONG ber_encode_INTEGER(CK_BBOOL,
1159	CK_BYTE **, CK_ULONG *, CK_BYTE *, CK_ULONG);
1160
1161CK_RV ber_decode_INTEGER(CK_BYTE *,
1162	CK_BYTE **, CK_ULONG *, CK_ULONG *);
1163
1164CK_RV ber_encode_OCTET_STRING(CK_BBOOL,
1165	CK_BYTE **, CK_ULONG *, CK_BYTE *, CK_ULONG);
1166
1167CK_RV ber_decode_OCTET_STRING(CK_BYTE *,
1168	CK_BYTE **, CK_ULONG *, CK_ULONG *);
1169
1170CK_RV ber_encode_SEQUENCE(CK_BBOOL,
1171	CK_BYTE **, CK_ULONG *, CK_BYTE *, CK_ULONG);
1172
1173CK_RV ber_decode_SEQUENCE(CK_BYTE *,
1174	CK_BYTE **, CK_ULONG *, CK_ULONG *);
1175
1176CK_RV ber_encode_PrivateKeyInfo(CK_BBOOL,
1177	CK_BYTE **, CK_ULONG *, CK_BYTE *,
1178	CK_ULONG, CK_BYTE *, CK_ULONG);
1179
1180CK_RV ber_decode_PrivateKeyInfo(CK_BYTE *,
1181	CK_ULONG, CK_BYTE **, CK_ULONG *, CK_BYTE **);
1182
1183CK_RV ber_encode_RSAPrivateKey(CK_BBOOL,
1184	CK_BYTE **, CK_ULONG *, CK_ATTRIBUTE *,
1185	CK_ATTRIBUTE *, CK_ATTRIBUTE *, CK_ATTRIBUTE *,
1186	CK_ATTRIBUTE *, CK_ATTRIBUTE *, CK_ATTRIBUTE *,
1187	CK_ATTRIBUTE *);
1188
1189CK_RV ber_decode_RSAPrivateKey(CK_BYTE *,
1190	CK_ULONG, CK_ATTRIBUTE **, CK_ATTRIBUTE **,
1191	CK_ATTRIBUTE **, CK_ATTRIBUTE **, CK_ATTRIBUTE **,
1192	CK_ATTRIBUTE **, CK_ATTRIBUTE **, CK_ATTRIBUTE **);
1193
1194
1195CK_RV ber_encode_DSAPrivateKey(CK_BBOOL,
1196	CK_BYTE **, CK_ULONG *, CK_ATTRIBUTE *,
1197	CK_ATTRIBUTE *, CK_ATTRIBUTE *, CK_ATTRIBUTE *);
1198
1199CK_RV ber_decode_DSAPrivateKey(CK_BYTE *,
1200	CK_ULONG, CK_ATTRIBUTE **, CK_ATTRIBUTE **,
1201	CK_ATTRIBUTE **, CK_ATTRIBUTE **);
1202
1203#define	APPID	"TPM_STDLL"
1204
1205/* log to stdout */
1206#define	LogMessage(dest, priority, layer, fmt, ...) \
1207	(void) fprintf(dest, "%s %s %s:%d " fmt "\n", (char *)priority, \
1208		(char *)layer, (char *)__FILE__,\
1209		(int)__LINE__, __VA_ARGS__);
1210
1211#define	LogMessage1(dest, priority, layer, data) \
1212	(void) fprintf(dest, "%s %s %s:%d %s\n", priority, layer, __FILE__, \
1213	__LINE__, data);
1214
1215/* Debug logging */
1216#ifdef DEBUG
1217#define	LogDebug(fmt, ...) LogMessage(stdout, "LOG_DEBUG", APPID, \
1218	fmt, __VA_ARGS__)
1219
1220#define	LogDebug1(data) LogMessage1(stdout, "LOG_DEBUG", APPID, data)
1221
1222/* Error logging */
1223#define	LogError(fmt, ...) LogMessage(stderr, "LOG_ERR", APPID,\
1224	"ERROR: " fmt, __VA_ARGS__)
1225
1226#define	LogError1(data) LogMessage1(stderr, "LOG_ERR", APPID,\
1227	"ERROR: " data)
1228
1229/* Warn logging */
1230#define	LogWarn(fmt, ...) LogMessage(stdout, "LOG_WARNING", APPID,\
1231	"WARNING: " fmt, __VA_ARGS__)
1232
1233#define	LogWarn1(data) LogMessage1(stdout, "LOG_WARNING", APPID,\
1234	"WARNING: " data)
1235
1236/* Info Logging */
1237#define	LogInfo(fmt, ...) LogMessage(stdout, "LOG_INFO", APPID,\
1238	fmt, __VA_ARGS__)
1239
1240#define	LogInfo1(data) LogMessage1(stdout, "LOG_INFO", APPID, data)
1241
1242#define	st_err_log(...) LogMessage(stderr, "ST MSG", APPID,\
1243	"", __VA_ARGS__)
1244#else
1245#define	LogDebug(...)
1246#define	LogDebug1(...)
1247#define	LogBlob(...)
1248#define	LogError(...)
1249#define	LogError1(...)
1250#define	LogWarn(...)
1251#define	LogWarn1(...)
1252#define	LogInfo(...)
1253#define	LogInfo1(...)
1254#define	st_err_log(...)
1255#endif
1256
1257/*
1258 * CK_FUNCTION_LIST is a structure holding a Cryptoki spec
1259 * version and pointers of appropriate types to all the
1260 * Cryptoki functions
1261 */
1262
1263/* CK_FUNCTION_LIST is new for v2.0 */
1264
1265typedef CK_RV
1266	(CK_PTR ST_C_Initialize)
1267	(void *ppFunctionList, CK_SLOT_ID slotID, CK_CHAR_PTR pCorrelator);
1268typedef CK_RV
1269	(CK_PTR  ST_C_Finalize)
1270	(CK_VOID_PTR pReserved);
1271typedef CK_RV
1272	(CK_PTR  ST_C_Terminate)();
1273typedef CK_RV
1274	(CK_PTR  ST_C_GetInfo)
1275	(CK_INFO_PTR pInfo);
1276typedef CK_RV
1277	(CK_PTR  ST_C_GetFunctionList)
1278	(CK_FUNCTION_LIST_PTR_PTR ppFunctionList);
1279typedef CK_RV
1280	(CK_PTR  ST_C_GetSlotList)
1281	(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList,
1282	CK_ULONG_PTR pusCount);
1283typedef CK_RV
1284	(CK_PTR  ST_C_GetSlotInfo)
1285	(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo);
1286typedef CK_RV
1287	(CK_PTR  ST_C_GetTokenInfo)
1288	(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo);
1289typedef CK_RV
1290	(CK_PTR  ST_C_GetMechanismList)
1291	(CK_SLOT_ID slotID, CK_MECHANISM_TYPE_PTR pMechanismList,
1292	CK_ULONG_PTR pusCount);
1293typedef CK_RV
1294	(CK_PTR  ST_C_GetMechanismInfo)
1295	(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type,
1296	CK_MECHANISM_INFO_PTR pInfo);
1297typedef CK_RV
1298	(CK_PTR  ST_C_InitToken)
1299	(CK_SLOT_ID slotID, CK_CHAR_PTR pPin, CK_ULONG usPinLen,
1300	CK_CHAR_PTR pLabel);
1301typedef CK_RV
1302	(CK_PTR  ST_C_InitPIN)
1303	(ST_SESSION_T hSession, CK_CHAR_PTR pPin,
1304	CK_ULONG usPinLen);
1305typedef CK_RV
1306	(CK_PTR  ST_C_SetPIN)
1307	(ST_SESSION_T hSession, CK_CHAR_PTR pOldPin,
1308	CK_ULONG usOldLen, CK_CHAR_PTR pNewPin,
1309	CK_ULONG usNewLen);
1310
1311typedef CK_RV
1312	(CK_PTR  ST_C_OpenSession)
1313	(CK_SLOT_ID slotID, CK_FLAGS flags,
1314	CK_SESSION_HANDLE_PTR phSession);
1315
1316typedef CK_RV
1317	(CK_PTR  ST_C_CloseSession)
1318	(ST_SESSION_T hSession);
1319typedef CK_RV
1320	(CK_PTR  ST_C_CloseAllSessions)
1321	(CK_SLOT_ID slotID);
1322typedef CK_RV
1323	(CK_PTR  ST_C_GetSessionInfo)
1324	(ST_SESSION_T hSession, CK_SESSION_INFO_PTR pInfo);
1325typedef CK_RV
1326	(CK_PTR  ST_C_GetOperationState)
1327	(ST_SESSION_T hSession, CK_BYTE_PTR pOperationState,
1328	CK_ULONG_PTR pulOperationStateLen);
1329typedef CK_RV
1330	(CK_PTR  ST_C_SetOperationState)
1331	(ST_SESSION_T hSession, CK_BYTE_PTR pOperationState,
1332	CK_ULONG ulOperationStateLen,
1333	CK_OBJECT_HANDLE hEncryptionKey,
1334	CK_OBJECT_HANDLE hAuthenticationKey);
1335typedef CK_RV
1336	(CK_PTR  ST_C_Login)(ST_SESSION_T hSession,
1337	CK_USER_TYPE userType, CK_CHAR_PTR pPin,
1338	CK_ULONG usPinLen);
1339typedef CK_RV
1340	(CK_PTR  ST_C_Logout)(ST_SESSION_T hSession);
1341typedef CK_RV
1342	(CK_PTR  ST_C_CreateObject)
1343	(ST_SESSION_T hSession, CK_ATTRIBUTE_PTR pTemplate,
1344	CK_ULONG usCount, CK_OBJECT_HANDLE_PTR phObject);
1345
1346typedef CK_RV
1347	(CK_PTR  ST_C_CopyObject)
1348	(ST_SESSION_T hSession, CK_OBJECT_HANDLE hObject,
1349	CK_ATTRIBUTE_PTR pTemplate, CK_ULONG usCount,
1350	CK_OBJECT_HANDLE_PTR phNewObject);
1351typedef CK_RV
1352	(CK_PTR  ST_C_DestroyObject)
1353	(ST_SESSION_T hSession, CK_OBJECT_HANDLE hObject);
1354typedef CK_RV
1355	(CK_PTR  ST_C_GetObjectSize)
1356	(ST_SESSION_T hSession, CK_OBJECT_HANDLE hObject,
1357	CK_ULONG_PTR pusSize);
1358typedef CK_RV
1359	(CK_PTR  ST_C_GetAttributeValue)
1360	(ST_SESSION_T hSession, CK_OBJECT_HANDLE hObject,
1361	CK_ATTRIBUTE_PTR pTemplate, CK_ULONG usCount);
1362typedef CK_RV
1363	(CK_PTR  ST_C_SetAttributeValue)
1364	(ST_SESSION_T hSession, CK_OBJECT_HANDLE hObject,
1365	CK_ATTRIBUTE_PTR pTemplate, CK_ULONG usCount);
1366typedef CK_RV
1367	(CK_PTR  ST_C_FindObjectsInit)
1368	(ST_SESSION_T hSession, CK_ATTRIBUTE_PTR pTemplate,
1369	CK_ULONG usCount);
1370typedef CK_RV
1371	(CK_PTR  ST_C_FindObjects)
1372	(ST_SESSION_T hSession,
1373	CK_OBJECT_HANDLE_PTR phObject, CK_ULONG usMaxObjectCount,
1374	CK_ULONG_PTR pusObjectCount);
1375typedef CK_RV
1376	(CK_PTR  ST_C_FindObjectsFinal)
1377	(ST_SESSION_T hSession);
1378typedef CK_RV
1379	(CK_PTR  ST_C_EncryptInit)
1380	(ST_SESSION_T hSession, CK_MECHANISM_PTR pMechanism,
1381	CK_OBJECT_HANDLE hKey);
1382typedef CK_RV
1383	(CK_PTR  ST_C_Encrypt)
1384	(ST_SESSION_T hSession, CK_BYTE_PTR pData,
1385	CK_ULONG usDataLen, CK_BYTE_PTR pEncryptedData,
1386	CK_ULONG_PTR pusEncryptedDataLen);
1387typedef CK_RV
1388	(CK_PTR  ST_C_EncryptUpdate)
1389	(ST_SESSION_T hSession, CK_BYTE_PTR pPart,
1390	CK_ULONG usPartLen, CK_BYTE_PTR pEncryptedPart,
1391	CK_ULONG_PTR pusEncryptedPartLen);
1392typedef CK_RV
1393	(CK_PTR  ST_C_EncryptFinal)
1394	(ST_SESSION_T hSession,
1395	CK_BYTE_PTR pLastEncryptedPart,
1396	CK_ULONG_PTR pusLastEncryptedPartLen);
1397typedef CK_RV
1398	(CK_PTR  ST_C_DecryptInit)
1399	(ST_SESSION_T hSession, CK_MECHANISM_PTR pMechanism,
1400	CK_OBJECT_HANDLE hKey);
1401typedef CK_RV
1402	(CK_PTR  ST_C_Decrypt)
1403	(ST_SESSION_T hSession, CK_BYTE_PTR pEncryptedData,
1404	CK_ULONG usEncryptedDataLen, CK_BYTE_PTR pData,
1405	CK_ULONG_PTR pusDataLen);
1406typedef CK_RV
1407	(CK_PTR  ST_C_DecryptUpdate)
1408	(ST_SESSION_T hSession, CK_BYTE_PTR pEncryptedPart,
1409	CK_ULONG usEncryptedPartLen, CK_BYTE_PTR pPart,
1410	CK_ULONG_PTR pusPartLen);
1411typedef CK_RV
1412	(CK_PTR  ST_C_DecryptFinal)
1413	(ST_SESSION_T hSession, CK_BYTE_PTR pLastPart,
1414	CK_ULONG_PTR pusLastPartLen);
1415typedef CK_RV
1416	(CK_PTR  ST_C_DigestInit)
1417	(ST_SESSION_T hSession,
1418	CK_MECHANISM_PTR pMechanism);
1419typedef CK_RV
1420	(CK_PTR  ST_C_Digest)
1421	(ST_SESSION_T hSession, CK_BYTE_PTR pData,
1422	CK_ULONG usDataLen, CK_BYTE_PTR pDigest,
1423	CK_ULONG_PTR pusDigestLen);
1424typedef CK_RV
1425	(CK_PTR  ST_C_DigestUpdate)
1426	(ST_SESSION_T hSession, CK_BYTE_PTR pPart,
1427	CK_ULONG usPartLen);
1428typedef CK_RV
1429	(CK_PTR  ST_C_DigestKey)
1430	(ST_SESSION_T hSession, CK_OBJECT_HANDLE hKey);
1431typedef CK_RV
1432	(CK_PTR  ST_C_DigestFinal)
1433	(ST_SESSION_T hSession, CK_BYTE_PTR pDigest,
1434	CK_ULONG_PTR pusDigestLen);
1435typedef CK_RV
1436	(CK_PTR  ST_C_SignInit)
1437	(ST_SESSION_T hSession, CK_MECHANISM_PTR pMechanism,
1438	CK_OBJECT_HANDLE hKey);
1439typedef CK_RV
1440	(CK_PTR  ST_C_Sign)
1441	(ST_SESSION_T hSession, CK_BYTE_PTR pData,
1442	CK_ULONG usDataLen, CK_BYTE_PTR pSignature,
1443	CK_ULONG_PTR pusSignatureLen);
1444typedef CK_RV
1445	(CK_PTR  ST_C_SignUpdate)
1446	(ST_SESSION_T hSession, CK_BYTE_PTR pPart,
1447	CK_ULONG usPartLen);
1448typedef CK_RV
1449	(CK_PTR  ST_C_SignFinal)
1450	(ST_SESSION_T hSession, CK_BYTE_PTR pSignature,
1451	CK_ULONG_PTR pusSignatureLen);
1452typedef CK_RV
1453	(CK_PTR  ST_C_SignRecoverInit)
1454	(ST_SESSION_T hSession, CK_MECHANISM_PTR pMechanism,
1455	CK_OBJECT_HANDLE hKey);
1456typedef CK_RV
1457	(CK_PTR  ST_C_SignRecover)
1458	(ST_SESSION_T hSession, CK_BYTE_PTR pData,
1459	CK_ULONG usDataLen, CK_BYTE_PTR pSignature,
1460	CK_ULONG_PTR pusSignatureLen);
1461typedef CK_RV
1462	(CK_PTR  ST_C_VerifyInit)
1463	(ST_SESSION_T hSession, CK_MECHANISM_PTR pMechanism,
1464	CK_OBJECT_HANDLE hKey);
1465typedef CK_RV
1466	(CK_PTR  ST_C_Verify)
1467	(ST_SESSION_T hSession, CK_BYTE_PTR pData,
1468	CK_ULONG usDataLen, CK_BYTE_PTR pSignature,
1469	CK_ULONG usSignatureLen);
1470typedef CK_RV
1471	(CK_PTR  ST_C_VerifyUpdate)
1472	(ST_SESSION_T hSession, CK_BYTE_PTR pPart,
1473	CK_ULONG usPartLen);
1474typedef CK_RV
1475	(CK_PTR  ST_C_VerifyFinal)
1476	(ST_SESSION_T hSession, CK_BYTE_PTR pSignature,
1477	CK_ULONG usSignatureLen);
1478typedef CK_RV
1479	(CK_PTR  ST_C_VerifyRecoverInit)
1480	(ST_SESSION_T hSession, CK_MECHANISM_PTR pMechanism,
1481	CK_OBJECT_HANDLE hKey);
1482typedef CK_RV
1483	(CK_PTR  ST_C_VerifyRecover)
1484	(ST_SESSION_T hSession, CK_BYTE_PTR pSignature,
1485	CK_ULONG usSignatureLen, CK_BYTE_PTR pData,
1486	CK_ULONG_PTR pusDataLen);
1487typedef CK_RV
1488	(CK_PTR  ST_C_DigestEncryptUpdate)
1489	(ST_SESSION_T hSession, CK_BYTE_PTR pPart,
1490	CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart,
1491	CK_ULONG_PTR pulEncryptedPartLen);
1492typedef CK_RV
1493	(CK_PTR  ST_C_DecryptDigestUpdate)
1494	(ST_SESSION_T hSession, CK_BYTE_PTR pEncryptedPart,
1495	CK_ULONG ulEncryptedPartLen, CK_BYTE_PTR pPart,
1496	CK_ULONG_PTR pulPartLen);
1497typedef CK_RV
1498	(CK_PTR  ST_C_SignEncryptUpdate)
1499	(ST_SESSION_T hSession, CK_BYTE_PTR pPart,
1500	CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart,
1501	CK_ULONG_PTR pulEncryptedPartLen);
1502typedef CK_RV
1503	(CK_PTR  ST_C_DecryptVerifyUpdate)
1504	(ST_SESSION_T hSession, CK_BYTE_PTR pEncryptedPart,
1505	CK_ULONG ulEncryptedPartLen, CK_BYTE_PTR pPart,
1506	CK_ULONG_PTR pulPartLen);
1507typedef CK_RV
1508	(CK_PTR  ST_C_GenerateKey)
1509	(ST_SESSION_T hSession, CK_MECHANISM_PTR pMechanism,
1510	CK_ATTRIBUTE_PTR pTemplate, CK_ULONG usCount,
1511	CK_OBJECT_HANDLE_PTR phKey);
1512typedef CK_RV
1513	(CK_PTR  ST_C_GenerateKeyPair)
1514	(ST_SESSION_T hSession, CK_MECHANISM_PTR pMechanism,
1515	CK_ATTRIBUTE_PTR pPublicKeyTemplate,
1516	CK_ULONG usPublicKeyAttributeCount,
1517	CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
1518	CK_ULONG usPrivateKeyAttributeCount,
1519	CK_OBJECT_HANDLE_PTR phPrivateKey,
1520	CK_OBJECT_HANDLE_PTR phPublicKey);
1521typedef CK_RV
1522	(CK_PTR  ST_C_WrapKey)
1523	(ST_SESSION_T hSession, CK_MECHANISM_PTR pMechanism,
1524	CK_OBJECT_HANDLE hWrappingKey, CK_OBJECT_HANDLE hKey,
1525	CK_BYTE_PTR pWrappedKey, CK_ULONG_PTR pusWrappedKeyLen);
1526typedef CK_RV
1527	(CK_PTR  ST_C_UnwrapKey)
1528	(ST_SESSION_T hSession, CK_MECHANISM_PTR pMechanism,
1529	CK_OBJECT_HANDLE hUnwrappingKey, CK_BYTE_PTR pWrappedKey,
1530	CK_ULONG usWrappedKeyLen, CK_ATTRIBUTE_PTR pTemplate,
1531	CK_ULONG usAttributeCount, CK_OBJECT_HANDLE_PTR phKey);
1532typedef CK_RV
1533	(CK_PTR  ST_C_DeriveKey)
1534	(ST_SESSION_T hSession, CK_MECHANISM_PTR pMechanism,
1535	CK_OBJECT_HANDLE hBaseKey, CK_ATTRIBUTE_PTR pTemplate,
1536	CK_ULONG usAttributeCount, CK_OBJECT_HANDLE_PTR phKey);
1537typedef CK_RV
1538	(CK_PTR  ST_C_SeedRandom)
1539	(ST_SESSION_T hSession, CK_BYTE_PTR pSeed,
1540	CK_ULONG usSeedLen);
1541typedef CK_RV
1542	(CK_PTR  ST_C_GenerateRandom)
1543	(ST_SESSION_T hSession, CK_BYTE_PTR pRandomData,
1544	CK_ULONG usRandomLen);
1545typedef CK_RV
1546	(CK_PTR  ST_C_GetFunctionStatus)
1547	(ST_SESSION_T hSession);
1548typedef CK_RV
1549	(CK_PTR  ST_C_CancelFunction)
1550	(ST_SESSION_T hSession);
1551typedef CK_RV
1552	(CK_PTR  ST_Notify)
1553	(ST_SESSION_T hSession, CK_NOTIFICATION event,
1554	CK_VOID_PTR pApplication);
1555typedef CK_RV
1556	(CK_PTR  ST_C_WaitForSlotEvent)
1557	(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot,
1558	CK_VOID_PTR pReserved);
1559
1560
1561
1562struct ST_FCN_LIST {
1563
1564	ST_C_Initialize ST_Initialize;
1565	ST_C_Finalize ST_Finalize;
1566
1567	ST_C_GetTokenInfo ST_GetTokenInfo;
1568	ST_C_GetMechanismList ST_GetMechanismList;
1569	ST_C_GetMechanismInfo ST_GetMechanismInfo;
1570	ST_C_InitToken ST_InitToken;
1571	ST_C_InitPIN ST_InitPIN;
1572	ST_C_SetPIN ST_SetPIN;
1573
1574	ST_C_OpenSession ST_OpenSession;
1575	ST_C_CloseSession ST_CloseSession;
1576	ST_C_GetSessionInfo ST_GetSessionInfo;
1577	ST_C_GetOperationState ST_GetOperationState;
1578	ST_C_SetOperationState ST_SetOperationState;
1579	ST_C_Login ST_Login;
1580	ST_C_Logout ST_Logout;
1581
1582	ST_C_CreateObject ST_CreateObject;
1583	ST_C_CopyObject ST_CopyObject;
1584	ST_C_DestroyObject ST_DestroyObject;
1585	ST_C_GetObjectSize ST_GetObjectSize;
1586	ST_C_GetAttributeValue ST_GetAttributeValue;
1587	ST_C_SetAttributeValue ST_SetAttributeValue;
1588	ST_C_FindObjectsInit ST_FindObjectsInit;
1589	ST_C_FindObjects ST_FindObjects;
1590	ST_C_FindObjectsFinal ST_FindObjectsFinal;
1591
1592
1593	ST_C_EncryptInit ST_EncryptInit;
1594	ST_C_Encrypt ST_Encrypt;
1595	ST_C_EncryptUpdate ST_EncryptUpdate;
1596	ST_C_EncryptFinal ST_EncryptFinal;
1597	ST_C_DecryptInit ST_DecryptInit;
1598	ST_C_Decrypt ST_Decrypt;
1599	ST_C_DecryptUpdate ST_DecryptUpdate;
1600	ST_C_DecryptFinal ST_DecryptFinal;
1601	ST_C_DigestInit ST_DigestInit;
1602	ST_C_Digest ST_Digest;
1603	ST_C_DigestUpdate ST_DigestUpdate;
1604	ST_C_DigestKey ST_DigestKey;
1605	ST_C_DigestFinal ST_DigestFinal;
1606	ST_C_SignInit ST_SignInit;
1607	ST_C_Sign ST_Sign;
1608	ST_C_SignUpdate ST_SignUpdate;
1609	ST_C_SignFinal ST_SignFinal;
1610	ST_C_SignRecoverInit ST_SignRecoverInit;
1611	ST_C_SignRecover ST_SignRecover;
1612	ST_C_VerifyInit ST_VerifyInit;
1613	ST_C_Verify ST_Verify;
1614	ST_C_VerifyUpdate ST_VerifyUpdate;
1615	ST_C_VerifyFinal ST_VerifyFinal;
1616	ST_C_VerifyRecoverInit ST_VerifyRecoverInit;
1617	ST_C_VerifyRecover ST_VerifyRecover;
1618	ST_C_DigestEncryptUpdate ST_DigestEncryptUpdate;
1619	ST_C_DecryptDigestUpdate ST_DecryptDigestUpdate;
1620	ST_C_SignEncryptUpdate ST_SignEncryptUpdate;
1621	ST_C_DecryptVerifyUpdate ST_DecryptVerifyUpdate;
1622	ST_C_GenerateKey ST_GenerateKey;
1623	ST_C_GenerateKeyPair ST_GenerateKeyPair;
1624	ST_C_WrapKey ST_WrapKey;
1625	ST_C_UnwrapKey ST_UnwrapKey;
1626	ST_C_DeriveKey ST_DeriveKey;
1627	ST_C_SeedRandom ST_SeedRandom;
1628	ST_C_GenerateRandom ST_GenerateRandom;
1629	ST_C_GetFunctionStatus ST_GetFunctionStatus;
1630	ST_C_CancelFunction ST_CancelFunction;
1631};
1632
1633typedef struct ST_FCN_LIST  STDLL_FcnList_t;
1634
1635#endif /* _TPMTOK_INT_H */
1636