1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #ifndef _META_ATTRMASTERS_H
27 #define	_META_ATTRMASTERS_H
28 
29 #ifdef	__cplusplus
30 extern "C" {
31 #endif
32 
33 /*
34  * Master object templates
35  *
36  * [This file should only be included by a single source file. This is a
37  * non-traditional header file in that it simply contains a bunch of large,
38  * preinitialized static const structures. They're stored here to keep them
39  * "out of the way."]
40  *
41  * In PKCS#11, each object is well-defined... Each object type has an exact
42  * set of attributes, and each attribute always has some value. Some
43  * attribute values must be specificed when the object is created, others
44  * are optional (ie, a default value exisits). Thus, the template an
45  * application provides when creating a new object may be a subset of the
46  * allowed attributes. The "master" templates presented here, however,
47  * are complete.
48  */
49 
50 
51 /*
52  * Aliases for some field values in generic_attr_t, so that the initialization
53  * below isn't just a confusing mess of B_TRUE and B_FALSE. Lint
54  * complaints about using "!Foo" in const initializers,
55  * so we #define each value.
56  */
57 
58 #define	unused		0
59 #define	Mallocd		B_TRUE
60 #define	Clone		B_TRUE
61 #define	EmptyValue	B_TRUE
62 #define	NotMallocd	B_FALSE
63 #define	NotClone	B_FALSE
64 #define	NotEmptyValue	B_FALSE
65 #define	EMPTYDATE	' ', ' ', ' ', ' ', ' ', ' ', ' ', ' '
66 #define	EMPTY		'\0'
67 
68 /*
69  * A note regarding CKA_CLASS and sub-type (eg CKA_KEY_TYPE)
70  *
71  * These two attributes have been moved to the top of the master template
72  * definitions. All the metaslot code assumes that CKA_CLASS resides in index=0,
73  * and the sub-type resides in index=1.
74  */
75 
76 
77 /*
78  * Common storage object attributes, Table 19 (p81) of PKCS#11 2.11r1 spec.
79  */
80 #define	COMMON_STORAGE_ATTRIBUTES					\
81 	{ { CKA_TOKEN, NULL, sizeof (CK_BBOOL) },			\
82 		NotMallocd, Clone, NotEmptyValue, B_FALSE,		\
83 		CK_FALSE, unused, { unused } },				\
84 	{ { CKA_PRIVATE, NULL, sizeof (CK_BBOOL) },			\
85 		NotMallocd, Clone, NotEmptyValue, B_FALSE,		\
86 		CK_FALSE, unused, { unused } },				\
87 	{ { CKA_MODIFIABLE, NULL, sizeof (CK_BBOOL) },			\
88 		NotMallocd, Clone, NotEmptyValue, B_FALSE,		\
89 		CK_TRUE, unused, { unused } },				\
90 	{ { CKA_LABEL, NULL, 0 },					\
91 		NotMallocd, Clone, EmptyValue, B_FALSE,			\
92 		unused, unused, { EMPTY } }
93 
94 /*
95  * Common certificate attributes, Table 21 (p83) of PKCS#11 2.11r1 spec.
96  * (CKA_CERTIFICATE_TYPE has been moved, to place at top of template)
97  *
98  */
99 #define	COMMON_CERTIFICATE_ATTRIBUTES					\
100 	{ { CKA_TRUSTED, NULL, sizeof (CK_BBOOL) },			\
101 		NotMallocd, NotClone, NotEmptyValue, B_FALSE,		\
102 		CK_FALSE, unused, { unused } }
103 
104 /*
105  * Common key attributes, Table 25 (p89) of PKCS#11 2.11r1 spec.
106  * (CKA_KEY_TYPE has been moved, to place at top of template)
107  *
108  */
109 #define	COMMON_KEY_ATTRIBUTES						\
110 	{ { CKA_ID, NULL, 0 },						\
111 		NotMallocd, Clone, EmptyValue, B_FALSE,			\
112 		unused, unused, { EMPTY } },				\
113 	{ { CKA_START_DATE, NULL, sizeof (CK_DATE) },			\
114 		NotMallocd, Clone, EmptyValue, B_FALSE,			\
115 		unused, unused, { EMPTYDATE } },			\
116 	{ { CKA_END_DATE, NULL, sizeof (CK_DATE) },			\
117 		NotMallocd, Clone, EmptyValue, B_FALSE,			\
118 		unused, unused, { EMPTYDATE } },			\
119 	{ { CKA_DERIVE, NULL, sizeof (CK_BBOOL) },			\
120 		NotMallocd, Clone, NotEmptyValue, B_FALSE,		\
121 		CK_FALSE, unused, { unused } },				\
122 	{ { CKA_LOCAL, NULL, sizeof (CK_BBOOL) },			\
123 		NotMallocd, NotClone, NotEmptyValue, B_FALSE,		\
124 		CK_FALSE, unused, { unused } },				\
125 	{ { CKA_KEY_GEN_MECHANISM, NULL, sizeof (CK_MECHANISM_TYPE) },	\
126 		NotMallocd, NotClone, EmptyValue, B_FALSE,		\
127 		unused, CK_UNAVAILABLE_INFORMATION, { unused } }
128 
129 /*
130  * Common public-key attributes, Table 26 (p90) of PKCS#11 2.11r1 spec.
131  *
132  * CKA_SUBJECT has the PKCS#11-specified default. The object-usage attributes
133  * are token-specific defaults.
134  *
135  */
136 #define	COMMON_PUBKEY_ATTRIBUTES					\
137 	{ { CKA_SUBJECT, NULL, 0 },					\
138 		NotMallocd, Clone, EmptyValue, B_FALSE,			\
139 		unused, unused, { EMPTY } },				\
140 	{ { CKA_ENCRYPT, NULL, sizeof (CK_BBOOL) },			\
141 		NotMallocd, Clone, NotEmptyValue, B_FALSE,		\
142 		CK_TRUE, unused, { unused } },				\
143 	{ { CKA_VERIFY, NULL, sizeof (CK_BBOOL) },			\
144 		NotMallocd, Clone, NotEmptyValue, B_FALSE,		\
145 		CK_TRUE, unused, { unused } },				\
146 	{ { CKA_VERIFY_RECOVER, NULL, sizeof (CK_BBOOL) },		\
147 		NotMallocd, Clone, NotEmptyValue, B_FALSE,		\
148 		CK_TRUE, unused, { unused } },				\
149 	{ { CKA_WRAP, NULL, sizeof (CK_BBOOL) },			\
150 		NotMallocd, Clone, NotEmptyValue, B_FALSE,		\
151 		CK_TRUE, unused, { unused } },				\
152 	{ { CKA_TRUSTED, NULL, sizeof (CK_BBOOL) },			\
153 		NotMallocd, NotClone, NotEmptyValue, B_FALSE,		\
154 		CK_FALSE, unused, { unused } }
155 
156 /*
157  * Common private-key attributes, Table 34 (p97) of PKCS#11 2.11r1 spec.
158  */
159 #define	COMMON_PRIVKEY_ATTRIBUTES					\
160 	{ { CKA_SUBJECT, NULL, 0 },					\
161 		NotMallocd, Clone, EmptyValue, B_FALSE,			\
162 		unused, unused, { EMPTY } },				\
163 	{ { CKA_SENSITIVE, NULL, sizeof (CK_BBOOL) },			\
164 		NotMallocd, Clone, NotEmptyValue, B_FALSE,		\
165 		CK_FALSE, unused, { unused } },				\
166 	{ { CKA_SECONDARY_AUTH, NULL, sizeof (CK_BBOOL) },		\
167 		NotMallocd, Clone, EmptyValue, B_FALSE,			\
168 		CK_FALSE, unused, { unused } },				\
169 	{ { CKA_DECRYPT, NULL, sizeof (CK_BBOOL) },			\
170 		NotMallocd, Clone, NotEmptyValue, B_FALSE,		\
171 		CK_TRUE, unused, { unused } },				\
172 	{ { CKA_SIGN, NULL, sizeof (CK_BBOOL) },			\
173 		NotMallocd, Clone, NotEmptyValue, B_FALSE,		\
174 		CK_TRUE, unused, { unused } },				\
175 	{ { CKA_SIGN_RECOVER, NULL, sizeof (CK_BBOOL) },		\
176 		NotMallocd, Clone, NotEmptyValue, B_FALSE,		\
177 		CK_TRUE, unused, { unused } },				\
178 	{ { CKA_UNWRAP, NULL, sizeof (CK_BBOOL) },			\
179 		NotMallocd, Clone, NotEmptyValue, B_FALSE,		\
180 		CK_TRUE, unused, { unused } },				\
181 	{ { CKA_EXTRACTABLE, NULL, sizeof (CK_BBOOL) },			\
182 		NotMallocd, Clone, NotEmptyValue, B_FALSE,		\
183 		CK_TRUE, unused, { unused } },				\
184 	{ { CKA_ALWAYS_SENSITIVE, NULL, sizeof (CK_BBOOL) },		\
185 		NotMallocd, NotClone, NotEmptyValue, B_FALSE,		\
186 		CK_FALSE, unused, { unused } },				\
187 	{ { CKA_NEVER_EXTRACTABLE, NULL, sizeof (CK_BBOOL) },		\
188 		NotMallocd, NotClone, NotEmptyValue, B_FALSE,		\
189 		CK_FALSE, unused, { unused } }
190 
191 
192 /*
193  * Common secret-key attributes, Table 42 (p108) of PKCS#11 2.11r1 spec.
194  */
195 #define	COMMON_SECKEY_ATTRIBUTES					\
196 	{ { CKA_SENSITIVE, NULL, sizeof (CK_BBOOL) },			\
197 		NotMallocd, Clone, NotEmptyValue, B_FALSE,		\
198 		CK_FALSE, unused, { unused } },				\
199 	{ { CKA_ENCRYPT, NULL, sizeof (CK_BBOOL) },			\
200 		NotMallocd, Clone, NotEmptyValue, B_FALSE,		\
201 		CK_TRUE, unused, { unused } },				\
202 	{ { CKA_DECRYPT, NULL, sizeof (CK_BBOOL) },			\
203 		NotMallocd, Clone, NotEmptyValue, B_FALSE,		\
204 		CK_TRUE, unused, { unused } },				\
205 	{ { CKA_SIGN, NULL, sizeof (CK_BBOOL) },			\
206 		NotMallocd, Clone, NotEmptyValue, B_FALSE,		\
207 		CK_TRUE, unused, { unused } },				\
208 	{ { CKA_VERIFY, NULL, sizeof (CK_BBOOL) },			\
209 		NotMallocd, Clone, NotEmptyValue, B_FALSE,		\
210 		CK_TRUE, unused, { unused } },				\
211 	{ { CKA_WRAP, NULL, sizeof (CK_BBOOL) },			\
212 		NotMallocd, Clone, NotEmptyValue, B_FALSE,		\
213 		CK_TRUE, unused, { unused } },				\
214 	{ { CKA_UNWRAP, NULL, sizeof (CK_BBOOL) },			\
215 		NotMallocd, Clone, NotEmptyValue, B_FALSE,		\
216 		CK_TRUE, unused, { unused } },				\
217 	{ { CKA_EXTRACTABLE, NULL, sizeof (CK_BBOOL) },			\
218 		NotMallocd, Clone, NotEmptyValue, B_FALSE,		\
219 		CK_TRUE, unused, { unused } },				\
220 	{ { CKA_ALWAYS_SENSITIVE, NULL, sizeof (CK_BBOOL) },		\
221 		NotMallocd, NotClone, NotEmptyValue, B_FALSE,		\
222 		CK_FALSE, unused, { unused } },				\
223 	{ { CKA_NEVER_EXTRACTABLE, NULL, sizeof (CK_BBOOL) },		\
224 		NotMallocd, NotClone, NotEmptyValue, B_FALSE,		\
225 		CK_FALSE, unused, { unused } }
226 
227 /*
228  * Common domain-paramaters attributes, Table 60 (p123) of PKCS#11 2.11r1 spec.
229  * (CKA_KEY_TYPE has been removed, to place elsewhere)
230  */
231 #define	COMMON_DOMAIN_ATTRIBUTES					\
232 	{ { CKA_LOCAL, NULL, sizeof (CK_BBOOL) },			\
233 		NotMallocd, Clone, NotEmptyValue, B_FALSE,		\
234 		CK_FALSE, unused, { unused } }
235 
236 
237 /* ========================= HW Objects ========================= */
238 
239 
240 /*
241  * Master template for: CKO_HW_FEATURE + CKH_CLOCK
242  */
243 static const generic_attr_t OBJ_HW_CLOCK[] =
244 {
245 	{ { CKA_CLASS, NULL, sizeof (CK_OBJECT_CLASS) },
246 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
247 		unused, CKO_HW_FEATURE, { unused } },
248 	{ { CKA_HW_FEATURE_TYPE, NULL, sizeof (CK_HW_FEATURE_TYPE) },
249 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
250 		unused, CKH_CLOCK, { unused } },
251 	{ { CKA_VALUE, NULL, 16 },
252 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
253 		unused, unused, { EMPTYDATE, EMPTYDATE } }
254 };
255 
256 
257 /*
258  * Master template for: CKO_HW_FEATURE + CKH_MONOTONIC_COUNTER
259  *
260  * NOTE: no sub-type for this class!
261  */
262 static const generic_attr_t OBJ_HW_MONOTONIC[] =
263 {
264 	{ { CKA_CLASS, NULL, sizeof (CK_OBJECT_CLASS) },
265 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
266 		unused, CKO_HW_FEATURE, { unused } },
267 	{ { CKA_HW_FEATURE_TYPE, NULL, sizeof (CK_HW_FEATURE_TYPE) },
268 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
269 		unused, CKH_MONOTONIC_COUNTER, { unused } },
270 	{ { CKA_VALUE, NULL, 0 },
271 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
272 		unused, unused, { EMPTY } },
273 	{ { CKA_RESET_ON_INIT, NULL, sizeof (CK_BBOOL) },
274 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
275 		CK_FALSE, unused, { unused } },
276 	{ { CKA_HAS_RESET, NULL, sizeof (CK_BBOOL) },
277 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
278 		CK_FALSE, unused, { unused } }
279 };
280 
281 
282 /* ========================= Data Objects ========================= */
283 
284 
285 /*
286  * Master template for CKO_DATA + (no subtypes for this class)
287  *
288  * Defaults are according to PKCS#11.
289  *
290  * NOTE: no sub-type for this class!
291  */
292 static const generic_attr_t OBJ_DATA[] =
293 {
294 	{ { CKA_CLASS, NULL, sizeof (CK_OBJECT_CLASS) },
295 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
296 		unused, CKO_DATA, { unused } },
297 	COMMON_STORAGE_ATTRIBUTES,
298 	{ { CKA_APPLICATION, NULL, 0 },
299 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
300 		unused, unused, { EMPTY } },
301 	{ { CKA_OBJECT_ID, NULL, 0 },
302 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
303 		unused, unused, { EMPTY } },
304 	{ { CKA_VALUE, NULL, 0 },
305 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
306 		unused, unused, { EMPTY } }
307 };
308 
309 
310 /* ========================= Certificate Objects ========================= */
311 
312 
313 /*
314  * Master template for CKO_CERTIFICATE + CKC_X_509
315  *
316  * Defaults are according to PKCS#11.
317  */
318 static const generic_attr_t OBJ_CERT_X509[] =
319 {
320 	{ { CKA_CLASS, NULL, sizeof (CK_OBJECT_CLASS) },
321 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
322 		unused, CKO_CERTIFICATE, { unused } },
323 	{ { CKA_CERTIFICATE_TYPE, NULL, sizeof (CK_CERTIFICATE_TYPE) },
324 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
325 		unused, CKC_X_509, { unused } },
326 	COMMON_STORAGE_ATTRIBUTES,
327 	COMMON_CERTIFICATE_ATTRIBUTES,
328 	{ { CKA_SUBJECT, NULL, 0 },
329 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
330 		unused, unused, { EMPTY } },
331 	{ { CKA_ID, NULL, 0 },
332 		NotMallocd, Clone, EmptyValue, B_FALSE,
333 		unused, unused, { EMPTY } },
334 	{ { CKA_ISSUER, NULL, 0 },
335 		NotMallocd, Clone, EmptyValue, B_FALSE,
336 		unused, unused, { EMPTY } },
337 	{ { CKA_SERIAL_NUMBER, NULL, 0 },
338 		NotMallocd, Clone, EmptyValue, B_FALSE,
339 		unused, unused, { EMPTY } },
340 	{ { CKA_VALUE, NULL, 0 },
341 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
342 		unused, unused, { EMPTY } }
343 };
344 
345 
346 /*
347  * Master template for CKO_CERTIFICATE + CKC_X_509_ATTR_CERT
348  *
349  * Defaults are according to PKCS#11.
350  */
351 static const generic_attr_t OBJ_CERT_X509ATTR[] =
352 {
353 	{ { CKA_CLASS, NULL, sizeof (CK_OBJECT_CLASS) },
354 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
355 		unused, CKO_CERTIFICATE, { unused } },
356 	{ { CKA_CERTIFICATE_TYPE, NULL, sizeof (CK_CERTIFICATE_TYPE) },
357 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
358 		unused, CKC_X_509_ATTR_CERT, { unused } },
359 	COMMON_STORAGE_ATTRIBUTES,
360 	COMMON_CERTIFICATE_ATTRIBUTES,
361 	{ { CKA_OWNER, NULL, 0 },
362 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
363 		unused, unused, { EMPTY } },
364 	{ { CKA_AC_ISSUER, NULL, 0 },
365 		NotMallocd, Clone, EmptyValue, B_FALSE,
366 		unused, unused, { EMPTY } },
367 	{ { CKA_SERIAL_NUMBER, NULL, 0 },
368 		NotMallocd, Clone, EmptyValue, B_FALSE,
369 		unused, unused, { EMPTY } },
370 	{ { CKA_ATTR_TYPES, NULL, 0 },
371 		NotMallocd, Clone, EmptyValue, B_FALSE,
372 		unused, unused, { EMPTY } },
373 	{ { CKA_VALUE, NULL, 0 },
374 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
375 		unused, unused, { EMPTY } }
376 };
377 
378 
379 /* ========================= Public Keys ========================= */
380 
381 
382 /*
383  * Master template for CKO_PUBLIC_KEY + CKK_RSA
384  */
385 static const generic_attr_t OBJ_PUBKEY_RSA[] =
386 {
387 	{ { CKA_CLASS, NULL, sizeof (CK_OBJECT_CLASS) },
388 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
389 		unused, CKO_PUBLIC_KEY, { unused } },
390 	{ { CKA_KEY_TYPE, NULL, sizeof (CK_KEY_TYPE) },
391 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
392 		unused, CKK_RSA, { unused } },
393 	COMMON_STORAGE_ATTRIBUTES,
394 	COMMON_KEY_ATTRIBUTES,
395 	COMMON_PUBKEY_ATTRIBUTES,
396 	{ { CKA_MODULUS, NULL, 0 },
397 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
398 		unused, unused, { EMPTY } },
399 	{ { CKA_MODULUS_BITS, NULL, sizeof (CK_ULONG)},
400 		NotMallocd, NotClone, NotEmptyValue, B_FALSE,
401 		unused, 0, { unused } },
402 	{ { CKA_PUBLIC_EXPONENT, NULL, 0 },
403 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
404 		unused, unused, { EMPTY } }
405 };
406 
407 
408 /*
409  * Master template for CKO_PUBLIC_KEY + CKK_DSA
410  *
411  */
412 static const generic_attr_t OBJ_PUBKEY_DSA[] =
413 {
414 	{ { CKA_CLASS, NULL, sizeof (CK_OBJECT_CLASS) },
415 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
416 		unused, CKO_PUBLIC_KEY, { unused } },
417 	{ { CKA_KEY_TYPE, NULL, sizeof (CK_KEY_TYPE) },
418 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
419 		unused, CKK_DSA, { unused } },
420 	COMMON_STORAGE_ATTRIBUTES,
421 	COMMON_KEY_ATTRIBUTES,
422 	COMMON_PUBKEY_ATTRIBUTES,
423 	{ { CKA_PRIME, NULL, 0 },
424 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
425 		unused, unused, { EMPTY } },
426 	{ { CKA_SUBPRIME, NULL, 0 },
427 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
428 		unused, unused, { EMPTY } },
429 	{ { CKA_BASE, NULL, 0 },
430 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
431 		unused, unused, { EMPTY } },
432 	{ { CKA_VALUE, NULL, 0 },
433 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
434 		unused, unused, { EMPTY } }
435 };
436 
437 
438 /*
439  * Master template for CKO_PUBLIC_KEY + CKK_EC
440  *
441  */
442 static const generic_attr_t OBJ_PUBKEY_EC[] =
443 {
444 	{ { CKA_CLASS, NULL, sizeof (CK_OBJECT_CLASS) },
445 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
446 		unused, CKO_PUBLIC_KEY, { unused } },
447 	{ { CKA_KEY_TYPE, NULL, sizeof (CK_KEY_TYPE) },
448 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
449 		unused, CKK_EC, { unused } },
450 	COMMON_STORAGE_ATTRIBUTES,
451 	COMMON_KEY_ATTRIBUTES,
452 	COMMON_PUBKEY_ATTRIBUTES,
453 	{ { CKA_EC_PARAMS, NULL, 0 },
454 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
455 		unused, unused, { EMPTY } },
456 	{ { CKA_EC_POINT, NULL, 0 },
457 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
458 		unused, unused, { EMPTY } }
459 };
460 
461 
462 /*
463  * Master template for CKO_PUBLIC_KEY + CKK_DH
464  *
465  */
466 static const generic_attr_t OBJ_PUBKEY_DH[] =
467 {
468 	{ { CKA_CLASS, NULL, sizeof (CK_OBJECT_CLASS) },
469 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
470 		unused, CKO_PUBLIC_KEY, { unused } },
471 	{ { CKA_KEY_TYPE, NULL, sizeof (CK_KEY_TYPE) },
472 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
473 		unused, CKK_DH, { unused } },
474 	COMMON_STORAGE_ATTRIBUTES,
475 	COMMON_KEY_ATTRIBUTES,
476 	COMMON_PUBKEY_ATTRIBUTES,
477 	{ { CKA_PRIME, NULL, 0 },
478 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
479 		unused, unused, { EMPTY } },
480 	{ { CKA_BASE, NULL, 0 },
481 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
482 		unused, unused, { EMPTY } },
483 	{ { CKA_VALUE, NULL, 0 },
484 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
485 		unused, unused, { EMPTY } }
486 };
487 
488 
489 /*
490  * Master template for CKO_PUBLIC_KEY + CKK_X9_42_DH
491  *
492  */
493 static const generic_attr_t OBJ_PUBKEY_X942DH[] =
494 {
495 	{ { CKA_CLASS, NULL, sizeof (CK_OBJECT_CLASS) },
496 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
497 		unused, CKO_PUBLIC_KEY, { unused } },
498 	{ { CKA_KEY_TYPE, NULL, sizeof (CK_KEY_TYPE) },
499 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
500 		unused, CKK_X9_42_DH, { unused } },
501 	COMMON_STORAGE_ATTRIBUTES,
502 	COMMON_KEY_ATTRIBUTES,
503 	COMMON_PUBKEY_ATTRIBUTES,
504 	{ { CKA_PRIME, NULL, 0 },
505 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
506 		unused, unused, { EMPTY } },
507 	{ { CKA_BASE, NULL, 0 },
508 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
509 		unused, unused, { EMPTY } },
510 	{ { CKA_SUBPRIME, NULL, 0 },
511 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
512 		unused, unused, { EMPTY } },
513 	{ { CKA_VALUE, NULL, 0 },
514 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
515 		unused, unused, { EMPTY } }
516 };
517 
518 
519 /*
520  * Master template for CKO_PUBLIC_KEY + CKK_KEA
521  *
522  */
523 static const generic_attr_t OBJ_PUBKEY_KEA[] =
524 {
525 	{ { CKA_CLASS, NULL, sizeof (CK_OBJECT_CLASS) },
526 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
527 		unused, CKO_PUBLIC_KEY, { unused } },
528 	{ { CKA_KEY_TYPE, NULL, sizeof (CK_KEY_TYPE) },
529 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
530 		unused, CKK_KEA, { unused } },
531 	COMMON_STORAGE_ATTRIBUTES,
532 	COMMON_KEY_ATTRIBUTES,
533 	COMMON_PUBKEY_ATTRIBUTES,
534 	{ { CKA_PRIME, NULL, 0 },
535 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
536 		unused, unused, { EMPTY } },
537 	{ { CKA_BASE, NULL, 0 },
538 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
539 		unused, unused, { EMPTY } },
540 	{ { CKA_SUBPRIME, NULL, 0 },
541 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
542 		unused, unused, { EMPTY } },
543 	{ { CKA_VALUE, NULL, 0 },
544 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
545 		unused, unused, { EMPTY } }
546 };
547 
548 
549 /* ========================= Private Keys ========================= */
550 
551 
552 /*
553  * Master template for CKO_PRIVATE_KEY + CKK_RSA
554  *
555  */
556 static const generic_attr_t OBJ_PRIVKEY_RSA[] =
557 {
558 	{ { CKA_CLASS, NULL, sizeof (CK_OBJECT_CLASS) },
559 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
560 		unused, CKO_PRIVATE_KEY, { unused } },
561 	{ { CKA_KEY_TYPE, NULL, sizeof (CK_KEY_TYPE) },
562 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
563 		unused, CKK_RSA, { unused } },
564 	COMMON_STORAGE_ATTRIBUTES,
565 	COMMON_KEY_ATTRIBUTES,
566 	COMMON_PRIVKEY_ATTRIBUTES,
567 	{ { CKA_MODULUS, NULL, 0 },
568 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
569 		unused, unused, { EMPTY } },
570 	{ { CKA_PRIVATE_EXPONENT, NULL, 0 },
571 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
572 		unused, unused, { EMPTY } },
573 	{ { CKA_PUBLIC_EXPONENT, NULL, 0 },
574 		NotMallocd, Clone, EmptyValue, B_FALSE,
575 		unused, unused, { EMPTY } },
576 	{ { CKA_PRIME_1, NULL, 0 },
577 		NotMallocd, Clone, EmptyValue, B_FALSE,
578 		unused, unused, { EMPTY } },
579 	{ { CKA_PRIME_2, NULL, 0 },
580 		NotMallocd, Clone, EmptyValue, B_FALSE,
581 		unused, unused, { EMPTY } },
582 	{ { CKA_EXPONENT_1, NULL, 0 },
583 		NotMallocd, Clone, EmptyValue, B_FALSE,
584 		unused, unused, { EMPTY } },
585 	{ { CKA_EXPONENT_2, NULL, 0 },
586 		NotMallocd, Clone, EmptyValue, B_FALSE,
587 		unused, unused, { EMPTY } },
588 	{ { CKA_COEFFICIENT, NULL, 0 },
589 		NotMallocd, Clone, EmptyValue, B_FALSE,
590 		unused, unused, { EMPTY } }
591 };
592 
593 
594 /*
595  * Master template for CKO_PRIVATE_KEY + CKK_DSA
596  *
597  */
598 static const generic_attr_t OBJ_PRIVKEY_DSA[] =
599 {
600 	{ { CKA_CLASS, NULL, sizeof (CK_OBJECT_CLASS) },
601 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
602 		unused, CKO_PRIVATE_KEY, { unused } },
603 	{ { CKA_KEY_TYPE, NULL, sizeof (CK_KEY_TYPE) },
604 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
605 		unused, CKK_DSA, { unused } },
606 	COMMON_STORAGE_ATTRIBUTES,
607 	COMMON_KEY_ATTRIBUTES,
608 	COMMON_PRIVKEY_ATTRIBUTES,
609 	{ { CKA_PRIME, NULL, 0 },
610 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
611 		unused, unused, { EMPTY } },
612 	{ { CKA_SUBPRIME, NULL, 0 },
613 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
614 		unused, unused, { EMPTY } },
615 	{ { CKA_BASE, NULL, 0 },
616 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
617 		unused, unused, { EMPTY } },
618 	{ { CKA_VALUE, NULL, 0 },
619 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
620 		unused, unused, { EMPTY } }
621 };
622 
623 
624 /*
625  * Master template for CKO_PRIVATE_KEY + CKK_EC
626  *
627  */
628 static const generic_attr_t OBJ_PRIVKEY_EC[] =
629 {
630 	{ { CKA_CLASS, NULL, sizeof (CK_OBJECT_CLASS) },
631 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
632 		unused, CKO_PRIVATE_KEY, { unused } },
633 	{ { CKA_KEY_TYPE, NULL, sizeof (CK_KEY_TYPE) },
634 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
635 		unused, CKK_EC, { unused } },
636 	COMMON_STORAGE_ATTRIBUTES,
637 	COMMON_KEY_ATTRIBUTES,
638 	COMMON_PRIVKEY_ATTRIBUTES,
639 	{ { CKA_EC_PARAMS, NULL, 0 },
640 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
641 		unused, unused, { EMPTY } },
642 	{ { CKA_VALUE, NULL, 0 },
643 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
644 		unused, unused, { EMPTY } }
645 };
646 
647 
648 /*
649  * Master template for CKO_PRIVATE_KEY + CKK_DH
650  */
651 static const generic_attr_t OBJ_PRIVKEY_DH[] =
652 {
653 	{ { CKA_CLASS, NULL, sizeof (CK_OBJECT_CLASS) },
654 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
655 		unused, CKO_PRIVATE_KEY, { unused } },
656 	{ { CKA_KEY_TYPE, NULL, sizeof (CK_KEY_TYPE) },
657 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
658 		unused, CKK_DH, { unused } },
659 	COMMON_STORAGE_ATTRIBUTES,
660 	COMMON_KEY_ATTRIBUTES,
661 	COMMON_PRIVKEY_ATTRIBUTES,
662 	{ { CKA_PRIME, NULL, 0 },
663 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
664 		unused, unused, { EMPTY } },
665 	{ { CKA_BASE, NULL, 0 },
666 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
667 		unused, unused, { EMPTY } },
668 	{ { CKA_VALUE, NULL, 0 },
669 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
670 		unused, unused, { EMPTY } },
671 	{ { CKA_VALUE_BITS, NULL, sizeof (CK_ULONG) },
672 		NotMallocd, NotClone, NotEmptyValue, B_FALSE,
673 		unused, 0, { unused } }
674 };
675 
676 
677 /*
678  * Master template for CKO_PRIVATE_KEY + CKK_X9_42_DH
679  *
680  */
681 static const generic_attr_t OBJ_PRIVKEY_X942DH[] =
682 {
683 	{ { CKA_CLASS, NULL, sizeof (CK_OBJECT_CLASS) },
684 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
685 		unused, CKO_PRIVATE_KEY, { unused } },
686 	{ { CKA_KEY_TYPE, NULL, sizeof (CK_KEY_TYPE) },
687 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
688 		unused, CKK_X9_42_DH, { unused } },
689 	COMMON_STORAGE_ATTRIBUTES,
690 	COMMON_KEY_ATTRIBUTES,
691 	COMMON_PRIVKEY_ATTRIBUTES,
692 	{ { CKA_PRIME, NULL, 0 },
693 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
694 		unused, unused, { EMPTY } },
695 	{ { CKA_SUBPRIME, NULL, 0 },
696 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
697 		unused, unused, { EMPTY } },
698 	{ { CKA_BASE, NULL, 0 },
699 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
700 		unused, unused, { EMPTY } },
701 	{ { CKA_VALUE, NULL, 0 },
702 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
703 		unused, unused, { EMPTY } }
704 };
705 
706 
707 /*
708  * Master template for CKO_PRIVATE_KEY + CKK_KEA
709  *
710  */
711 static const generic_attr_t OBJ_PRIVKEY_KEA[] =
712 {
713 	{ { CKA_CLASS, NULL, sizeof (CK_OBJECT_CLASS) },
714 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
715 		unused, CKO_PRIVATE_KEY, { unused } },
716 	{ { CKA_KEY_TYPE, NULL, sizeof (CK_KEY_TYPE) },
717 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
718 		unused, CKK_KEA, { unused } },
719 	COMMON_STORAGE_ATTRIBUTES,
720 	COMMON_KEY_ATTRIBUTES,
721 	COMMON_PRIVKEY_ATTRIBUTES,
722 	{ { CKA_PRIME, NULL, 0 },
723 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
724 		unused, unused, { EMPTY } },
725 	{ { CKA_BASE, NULL, 0 },
726 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
727 		unused, unused, { EMPTY } },
728 	{ { CKA_SUBPRIME, NULL, 0 },
729 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
730 		unused, unused, { EMPTY } },
731 	{ { CKA_VALUE, NULL, 0 },
732 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
733 		unused, unused, { EMPTY } }
734 };
735 
736 
737 /* ========================= Secret Keys ========================= */
738 
739 
740 /*
741  * Master template for CKO_SECRET_KEY + (fixed-length keytype)
742  */
743 static const generic_attr_t OBJ_SECKEY[] =
744 {
745 	{ { CKA_CLASS, NULL, sizeof (CK_OBJECT_CLASS) },
746 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
747 		unused, CKO_SECRET_KEY, { unused } },
748 	{ { CKA_KEY_TYPE, NULL, sizeof (CK_KEY_TYPE) },
749 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
750 		unused, CKK_GENERIC_SECRET, { unused } },
751 	COMMON_STORAGE_ATTRIBUTES,
752 	COMMON_KEY_ATTRIBUTES,
753 	COMMON_SECKEY_ATTRIBUTES,
754 	{ { CKA_VALUE, NULL, 0 },
755 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
756 		unused, unused, { EMPTY } }
757 };
758 
759 
760 /*
761  * Master template for CKO_SECRET_KEY + (variable-length keytype)
762  *
763  */
764 static const generic_attr_t OBJ_SECKEY_WITHLEN[] =
765 {
766 	{ { CKA_CLASS, NULL, sizeof (CK_OBJECT_CLASS) },
767 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
768 		unused, CKO_SECRET_KEY, { unused } },
769 	{ { CKA_KEY_TYPE, NULL, sizeof (CK_KEY_TYPE) },
770 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
771 		unused, CKK_GENERIC_SECRET, { unused } },
772 	COMMON_STORAGE_ATTRIBUTES,
773 	COMMON_KEY_ATTRIBUTES,
774 	COMMON_SECKEY_ATTRIBUTES,
775 	{ { CKA_VALUE, NULL, 0 },
776 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
777 		unused, unused, { EMPTY } },
778 	{ { CKA_VALUE_LEN, NULL, sizeof (CK_ULONG) },
779 		NotMallocd, NotClone, NotEmptyValue, B_FALSE,
780 		unused, 0, { unused } }
781 };
782 
783 
784 /* ========================= Domain Parameters ========================= */
785 
786 
787 /*
788  * Master template for CKO_DOMAIN_PARAMETERS + CKK_DSA
789  *
790  */
791 static const generic_attr_t OBJ_DOM_DSA[] =
792 {
793 	{ { CKA_CLASS, NULL, sizeof (CK_OBJECT_CLASS) },
794 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
795 		unused, CKO_DOMAIN_PARAMETERS, { unused } },
796 	{ { CKA_KEY_TYPE, NULL, sizeof (CK_KEY_TYPE) },
797 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
798 		unused, CKK_DSA, { unused } },
799 	COMMON_STORAGE_ATTRIBUTES,
800 	COMMON_DOMAIN_ATTRIBUTES,
801 	{ { CKA_PRIME, NULL, 0 },
802 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
803 		unused, unused, { EMPTY } },
804 	{ { CKA_SUBPRIME, NULL, 0 },
805 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
806 		unused, unused, { EMPTY } },
807 	{ { CKA_BASE, NULL, 0 },
808 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
809 		unused, unused, { EMPTY } },
810 	{ { CKA_PRIME_BITS, NULL, sizeof (CK_ULONG) },
811 		NotMallocd, NotClone, NotEmptyValue, B_FALSE,
812 		unused, 0, { unused } }
813 };
814 
815 /*
816  * Master template for CKO_DOMAIN_PARAMETERS + CKK_DH
817  *
818  */
819 static const generic_attr_t OBJ_DOM_DH[] =
820 {
821 	{ { CKA_CLASS, NULL, sizeof (CK_OBJECT_CLASS) },
822 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
823 		unused, CKO_DOMAIN_PARAMETERS, { unused } },
824 	{ { CKA_KEY_TYPE, NULL, sizeof (CK_KEY_TYPE) },
825 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
826 		unused, CKK_DH, { unused } },
827 	COMMON_STORAGE_ATTRIBUTES,
828 	COMMON_DOMAIN_ATTRIBUTES,
829 	{ { CKA_PRIME, NULL, 0 },
830 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
831 		unused, unused, { EMPTY } },
832 	{ { CKA_BASE, NULL, 0 },
833 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
834 		unused, unused, { EMPTY } },
835 	{ { CKA_PRIME_BITS, NULL, sizeof (CK_ULONG) },
836 		NotMallocd, NotClone, NotEmptyValue, B_FALSE,
837 		unused, 0, { unused } }
838 };
839 
840 /*
841  * Master template for CKO_DOMAIN_PARAMETERS + CKK_X9_42_DH
842  *
843  */
844 static const generic_attr_t OBJ_DOM_X942DH[] =
845 {
846 	{ { CKA_CLASS, NULL, sizeof (CK_OBJECT_CLASS) },
847 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
848 		unused, CKO_DOMAIN_PARAMETERS, { unused } },
849 	{ { CKA_KEY_TYPE, NULL, sizeof (CK_KEY_TYPE) },
850 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
851 		unused, CKK_X9_42_DH, { unused } },
852 	COMMON_STORAGE_ATTRIBUTES,
853 	COMMON_DOMAIN_ATTRIBUTES,
854 	{ { CKA_PRIME, NULL, 0 },
855 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
856 		unused, unused, { EMPTY } },
857 	{ { CKA_BASE, NULL, 0 },
858 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
859 		unused, unused, { EMPTY } },
860 	{ { CKA_SUBPRIME, NULL, 0 },
861 		NotMallocd, Clone, NotEmptyValue, B_FALSE,
862 		unused, unused, { EMPTY } },
863 	{ { CKA_PRIME_BITS, NULL, sizeof (CK_ULONG) },
864 		NotMallocd, NotClone, NotEmptyValue, B_FALSE,
865 		unused, 0, { unused } },
866 	{ { CKA_SUBPRIME_BITS, NULL, sizeof (CK_ULONG) },
867 		NotMallocd, NotClone, NotEmptyValue, B_FALSE,
868 		unused, 0, { unused } }
869 };
870 
871 #ifdef	__cplusplus
872 }
873 #endif
874 
875 #endif /* _META_ATTRMASTERS_H */
876