1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #ifndef	_KERNELOBJECT_H
27 #define	_KERNELOBJECT_H
28 
29 #pragma ident	"%Z%%M%	%I%	%E% SMI"
30 
31 #ifdef __cplusplus
32 extern "C" {
33 #endif
34 
35 #include <security/pkcs11t.h>
36 #include "kernelSession.h"
37 #include "kernelSlot.h"
38 
39 #define	KERNELTOKEN_OBJECT_MAGIC	0xECF0B003
40 
41 #define	KERNEL_CREATE_OBJ	1
42 #define	KERNEL_GEN_KEY		2
43 
44 #define	RSA_PRI_ATTR_COUNT		7
45 #define	RSA_PUB_ATTR_COUNT		3
46 #define	DSA_ATTR_COUNT			4
47 #define	EC_ATTR_COUNT			1
48 
49 /*
50  * Secret key Struct
51  */
52 typedef struct secret_key_obj {
53 	CK_BYTE *sk_value;
54 	CK_ULONG sk_value_len;
55 } secret_key_obj_t;
56 
57 
58 /*
59  * This structure is used to hold the attributes in the
60  * Extra Attribute List.
61  */
62 typedef struct attribute_info {
63 	CK_ATTRIBUTE	attr;
64 	struct attribute_info *next;
65 } attribute_info_t;
66 
67 typedef attribute_info_t *CK_ATTRIBUTE_INFO_PTR;
68 
69 
70 /*
71  * biginteger Struct
72  */
73 typedef struct biginteger {
74 	CK_BYTE *big_value;
75 	CK_ULONG big_value_len;
76 } biginteger_t;
77 
78 
79 /*
80  * PKCS11: RSA Public Key Object Attributes
81  */
82 typedef struct rsa_pub_key {
83 	biginteger_t modulus;
84 	CK_ULONG modulus_bits;
85 	biginteger_t pub_exponent;
86 } rsa_pub_key_t;
87 
88 
89 /*
90  * PKCS11: DSA Public Key Object Attributes
91  */
92 typedef struct dsa_pub_key {
93 	biginteger_t prime;
94 	biginteger_t subprime;
95 	biginteger_t base;
96 	biginteger_t value;
97 } dsa_pub_key_t;
98 
99 /*
100  * PKCS11: Diffie-Hellman Public Key Object Attributes
101  */
102 typedef struct dh_pub_key {
103 	biginteger_t prime;
104 	biginteger_t base;
105 	biginteger_t value;
106 } dh_pub_key_t;
107 
108 /*
109  * PKCS11: EC Public Key Object Attributes
110  */
111 typedef struct ec_pub_key {
112 	biginteger_t point;
113 } ec_pub_key_t;
114 
115 
116 /*
117  * Public Key Main Struct
118  */
119 typedef struct public_key_obj {
120 	union {
121 		rsa_pub_key_t rsa_pub_key; /* RSA public key */
122 		dsa_pub_key_t dsa_pub_key; /* DSA public key */
123 		dh_pub_key_t dh_pub_key; /* DH public key */
124 		ec_pub_key_t ec_pub_key; /* EC public key */
125 	} key_type_u;
126 } public_key_obj_t;
127 
128 
129 /*
130  * PKCS11: RSA Private Key Object Attributes
131  */
132 typedef struct rsa_pri_key {
133 	biginteger_t modulus;
134 	biginteger_t pub_exponent;
135 	biginteger_t pri_exponent;
136 	biginteger_t prime_1;
137 	biginteger_t prime_2;
138 	biginteger_t exponent_1;
139 	biginteger_t exponent_2;
140 	biginteger_t coefficient;
141 } rsa_pri_key_t;
142 
143 
144 /*
145  * PKCS11: DSA Private Key Object Attributes
146  */
147 typedef struct dsa_pri_key {
148 	biginteger_t prime;
149 	biginteger_t subprime;
150 	biginteger_t base;
151 	biginteger_t value;
152 } dsa_pri_key_t;
153 
154 
155 /*
156  * PKCS11: Diffie-Hellman Private Key Object Attributes
157  */
158 typedef struct dh_pri_key {
159 	biginteger_t prime;
160 	biginteger_t base;
161 	biginteger_t value;
162 	CK_ULONG value_bits;
163 } dh_pri_key_t;
164 
165 
166 /*
167  * PKCS11: EC Private Key Object Attributes
168  */
169 typedef struct ec_pri_key {
170 	biginteger_t value;
171 } ec_pri_key_t;
172 
173 /*
174  * Private Key Main Struct
175  */
176 typedef struct private_key_obj {
177 	union {
178 		rsa_pri_key_t rsa_pri_key; /* RSA private key */
179 		dsa_pri_key_t dsa_pri_key; /* DSA private key */
180 		dh_pri_key_t dh_pri_key; /* DH private key */
181 		ec_pri_key_t ec_pri_key; /* EC private key */
182 	} key_type_u;
183 } private_key_obj_t;
184 
185 
186 /*
187  * This is the main structure of the Objects.
188  */
189 typedef struct object {
190 	boolean_t	is_lib_obj; /* default is TRUE */
191 	crypto_object_id_t	k_handle;
192 
193 	/* Generic common fields. Always present */
194 	CK_OBJECT_CLASS class;
195 	CK_KEY_TYPE key_type;
196 	CK_ULONG magic_marker;
197 	uint64_t bool_attr_mask;
198 	CK_MECHANISM_TYPE mechanism;
199 
200 	/* Fields for access and arbitration */
201 	pthread_mutex_t object_mutex;
202 	struct object *next;
203 	struct object *prev;
204 
205 	/* Extra non-boolean attribute list */
206 	CK_ATTRIBUTE_INFO_PTR extra_attrlistp;
207 	CK_ULONG extra_attrcount;
208 
209 	/* For each object, only one object class is presented */
210 	union {
211 		secret_key_obj_t  *secret_key;
212 		public_key_obj_t  *public_key;
213 		private_key_obj_t *private_key;
214 	} object_class_u;
215 
216 	/* Session handle that the object belongs to */
217 	CK_SESSION_HANDLE	session_handle;
218 	uint32_t	obj_refcnt;	/* object reference count */
219 	pthread_cond_t	obj_free_cond;	/* cond variable for signal and wait */
220 	uint32_t	obj_delete_sync;	/* object delete sync flags */
221 
222 } kernel_object_t;
223 
224 
225 typedef struct find_context {
226 	kernel_object_t **objs_found;
227 	CK_ULONG num_results;
228 	CK_ULONG next_result_index; /* next result object to return */
229 } find_context_t;
230 
231 /*
232  * The following structure is used to link the to-be-freed session
233  * objects into a linked list. The objects on this linked list have
234  * not yet been freed via free() after C_DestroyObject() call; instead
235  * they are added to this list. The actual free will take place when
236  * the number of objects queued reaches MAX_OBJ_TO_BE_FREED, at which
237  * time the first object in the list will be freed.
238  */
239 #define	MAX_OBJ_TO_BE_FREED		300
240 
241 typedef struct obj_to_be_freed_list {
242 	kernel_object_t	*first;	/* points to first obj in the list */
243 	kernel_object_t	*last;	/* points to last obj in the list */
244 	uint32_t	count;	/* current total objs in the list */
245 	pthread_mutex_t obj_to_be_free_mutex;
246 } object_to_be_freed_list_t;
247 
248 extern object_to_be_freed_list_t obj_delay_freed;
249 
250 
251 /*
252  * The following definitions are the shortcuts
253  */
254 
255 /*
256  * Secret Key Object Attributes
257  */
258 #define	OBJ_SEC(o) \
259 	(o->object_class_u.secret_key)
260 #define	OBJ_SEC_VALUE(o) \
261 	(o->object_class_u.secret_key->sk_value)
262 #define	OBJ_SEC_VALUE_LEN(o) \
263 	(o->object_class_u.secret_key->sk_value_len)
264 
265 /*
266  * RSA Public Key Object Attributes
267  */
268 #define	OBJ_PUB(o) \
269 	((o)->object_class_u.public_key)
270 #define	KEY_PUB_RSA(k) \
271 	&((k)->key_type_u.rsa_pub_key)
272 #define	OBJ_PUB_RSA_MOD(o) \
273 	&((o)->object_class_u.public_key->key_type_u.rsa_pub_key.modulus)
274 #define	KEY_PUB_RSA_MOD(k) \
275 	&((k)->key_type_u.rsa_pub_key.modulus)
276 #define	OBJ_PUB_RSA_PUBEXPO(o) \
277 	&((o)->object_class_u.public_key->key_type_u.rsa_pub_key.pub_exponent)
278 #define	KEY_PUB_RSA_PUBEXPO(k) \
279 	&((k)->key_type_u.rsa_pub_key.pub_exponent)
280 #define	OBJ_PUB_RSA_MOD_BITS(o) \
281 	((o)->object_class_u.public_key->key_type_u.rsa_pub_key.modulus_bits)
282 #define	KEY_PUB_RSA_MOD_BITS(k) \
283 	((k)->key_type_u.rsa_pub_key.modulus_bits)
284 
285 
286 /*
287  * DSA Public Key Object Attributes
288  */
289 #define	KEY_PUB_DSA(k) \
290 	&((k)->key_type_u.dsa_pub_key)
291 #define	OBJ_PUB_DSA_PRIME(o) \
292 	&((o)->object_class_u.public_key->key_type_u.dsa_pub_key.prime)
293 #define	KEY_PUB_DSA_PRIME(k) \
294 	&((k)->key_type_u.dsa_pub_key.prime)
295 #define	OBJ_PUB_DSA_SUBPRIME(o) \
296 	&((o)->object_class_u.public_key->key_type_u.dsa_pub_key.subprime)
297 #define	KEY_PUB_DSA_SUBPRIME(k) \
298 	&((k)->key_type_u.dsa_pub_key.subprime)
299 #define	OBJ_PUB_DSA_BASE(o) \
300 	&((o)->object_class_u.public_key->key_type_u.dsa_pub_key.base)
301 #define	KEY_PUB_DSA_BASE(k) \
302 	&((k)->key_type_u.dsa_pub_key.base)
303 #define	OBJ_PUB_DSA_VALUE(o) \
304 	&((o)->object_class_u.public_key->key_type_u.dsa_pub_key.value)
305 #define	KEY_PUB_DSA_VALUE(k) \
306 	&((k)->key_type_u.dsa_pub_key.value)
307 
308 
309 /*
310  * Diffie-Hellman Public Key Object Attributes
311  */
312 #define	KEY_PUB_DH(k) \
313 	&((k)->key_type_u.dh_pub_key)
314 #define	OBJ_PUB_DH_PRIME(o) \
315 	&((o)->object_class_u.public_key->key_type_u.dh_pub_key.prime)
316 #define	KEY_PUB_DH_PRIME(k) \
317 	&((k)->key_type_u.dh_pub_key.prime)
318 #define	OBJ_PUB_DH_BASE(o) \
319 	&((o)->object_class_u.public_key->key_type_u.dh_pub_key.base)
320 #define	KEY_PUB_DH_BASE(k) \
321 	&((k)->key_type_u.dh_pub_key.base)
322 #define	OBJ_PUB_DH_VALUE(o) \
323 	&((o)->object_class_u.public_key->key_type_u.dh_pub_key.value)
324 #define	KEY_PUB_DH_VALUE(k) \
325 	&((k)->key_type_u.dh_pub_key.value)
326 
327 
328 /*
329  * EC Public Key Object Attributes
330  */
331 #define	OBJ_PUB_EC_POINT(o) \
332 	&((o)->object_class_u.public_key->key_type_u.ec_pub_key.point)
333 #define	KEY_PUB_EC_POINT(k) \
334 	&((k)->key_type_u.ec_pub_key.point)
335 
336 
337 /*
338  * RSA Private Key Object Attributes
339  */
340 #define	OBJ_PRI(o) \
341 	((o)->object_class_u.private_key)
342 #define	KEY_PRI_RSA(k) \
343 	&((k)->key_type_u.rsa_pri_key)
344 #define	OBJ_PRI_RSA_MOD(o) \
345 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.modulus)
346 #define	KEY_PRI_RSA_MOD(k) \
347 	&((k)->key_type_u.rsa_pri_key.modulus)
348 #define	OBJ_PRI_RSA_PUBEXPO(o) \
349 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.pub_exponent)
350 #define	KEY_PRI_RSA_PUBEXPO(k) \
351 	&((k)->key_type_u.rsa_pri_key.pub_exponent)
352 #define	OBJ_PRI_RSA_PRIEXPO(o) \
353 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.pri_exponent)
354 #define	KEY_PRI_RSA_PRIEXPO(k) \
355 	&((k)->key_type_u.rsa_pri_key.pri_exponent)
356 #define	OBJ_PRI_RSA_PRIME1(o) \
357 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.prime_1)
358 #define	KEY_PRI_RSA_PRIME1(k) \
359 	&((k)->key_type_u.rsa_pri_key.prime_1)
360 #define	OBJ_PRI_RSA_PRIME2(o) \
361 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.prime_2)
362 #define	KEY_PRI_RSA_PRIME2(k) \
363 	&((k)->key_type_u.rsa_pri_key.prime_2)
364 #define	OBJ_PRI_RSA_EXPO1(o) \
365 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.exponent_1)
366 #define	KEY_PRI_RSA_EXPO1(k) \
367 	&((k)->key_type_u.rsa_pri_key.exponent_1)
368 #define	OBJ_PRI_RSA_EXPO2(o) \
369 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.exponent_2)
370 #define	KEY_PRI_RSA_EXPO2(k) \
371 	&((k)->key_type_u.rsa_pri_key.exponent_2)
372 #define	OBJ_PRI_RSA_COEF(o) \
373 	&((o)->object_class_u.private_key->key_type_u.rsa_pri_key.coefficient)
374 #define	KEY_PRI_RSA_COEF(k) \
375 	&((k)->key_type_u.rsa_pri_key.coefficient)
376 
377 /*
378  * DSA Private Key Object Attributes
379  */
380 #define	KEY_PRI_DSA(k) \
381 	&((k)->key_type_u.dsa_pri_key)
382 #define	OBJ_PRI_DSA_PRIME(o) \
383 	&((o)->object_class_u.private_key->key_type_u.dsa_pri_key.prime)
384 #define	KEY_PRI_DSA_PRIME(k) \
385 	&((k)->key_type_u.dsa_pri_key.prime)
386 #define	OBJ_PRI_DSA_SUBPRIME(o) \
387 	&((o)->object_class_u.private_key->key_type_u.dsa_pri_key.subprime)
388 #define	KEY_PRI_DSA_SUBPRIME(k) \
389 	&((k)->key_type_u.dsa_pri_key.subprime)
390 #define	OBJ_PRI_DSA_BASE(o) \
391 	&((o)->object_class_u.private_key->key_type_u.dsa_pri_key.base)
392 #define	KEY_PRI_DSA_BASE(k) \
393 	&((k)->key_type_u.dsa_pri_key.base)
394 #define	OBJ_PRI_DSA_VALUE(o) \
395 	&((o)->object_class_u.private_key->key_type_u.dsa_pri_key.value)
396 #define	KEY_PRI_DSA_VALUE(k) \
397 	&((k)->key_type_u.dsa_pri_key.value)
398 
399 /*
400  * Diffie-Hellman Private Key Object Attributes
401  */
402 #define	KEY_PRI_DH(k) \
403 	&((k)->key_type_u.dh_pri_key)
404 #define	OBJ_PRI_DH_PRIME(o) \
405 	&((o)->object_class_u.private_key->key_type_u.dh_pri_key.prime)
406 #define	KEY_PRI_DH_PRIME(k) \
407 	&((k)->key_type_u.dh_pri_key.prime)
408 #define	OBJ_PRI_DH_BASE(o) \
409 	&((o)->object_class_u.private_key->key_type_u.dh_pri_key.base)
410 #define	KEY_PRI_DH_BASE(k) \
411 	&((k)->key_type_u.dh_pri_key.base)
412 #define	OBJ_PRI_DH_VALUE(o) \
413 	&((o)->object_class_u.private_key->key_type_u.dh_pri_key.value)
414 #define	KEY_PRI_DH_VALUE(k) \
415 	&((k)->key_type_u.dh_pri_key.value)
416 #define	OBJ_PRI_DH_VAL_BITS(o) \
417 	((o)->object_class_u.private_key->key_type_u.dh_pri_key.value_bits)
418 #define	KEY_PRI_DH_VAL_BITS(k) \
419 	((k)->key_type_u.dh_pri_key.value_bits)
420 
421 /*
422  * EC Private Key Object Attributes
423  */
424 #define	OBJ_PRI_EC_VALUE(o) \
425 	&((o)->object_class_u.private_key->key_type_u.ec_pri_key.value)
426 #define	KEY_PRI_EC_VALUE(k) \
427 	&((k)->key_type_u.ec_pri_key.value)
428 
429 /*
430  * key related attributes with CK_BBOOL data type
431  */
432 #define	DERIVE_BOOL_ON			0x00000001
433 #define	LOCAL_BOOL_ON			0x00000002
434 #define	SENSITIVE_BOOL_ON		0x00000004
435 #define	SECONDARY_AUTH_BOOL_ON		0x00000008
436 #define	ENCRYPT_BOOL_ON			0x00000010
437 #define	DECRYPT_BOOL_ON			0x00000020
438 #define	SIGN_BOOL_ON			0x00000040
439 #define	SIGN_RECOVER_BOOL_ON		0x00000080
440 #define	VERIFY_BOOL_ON			0x00000100
441 #define	VERIFY_RECOVER_BOOL_ON		0x00000200
442 #define	WRAP_BOOL_ON			0x00000400
443 #define	UNWRAP_BOOL_ON			0x00000800
444 #define	TRUSTED_BOOL_ON			0x00001000
445 #define	EXTRACTABLE_BOOL_ON		0x00002000
446 #define	ALWAYS_SENSITIVE_BOOL_ON	0x00004000
447 #define	NEVER_EXTRACTABLE_BOOL_ON	0x00008000
448 #define	PRIVATE_BOOL_ON			0x00010000
449 #define	TOKEN_BOOL_ON			0x00020000
450 #define	MODIFIABLE_BOOL_ON		0x00040000
451 
452 #define	SECRET_KEY_DEFAULT	(ENCRYPT_BOOL_ON|\
453 				DECRYPT_BOOL_ON|\
454 				SIGN_BOOL_ON|\
455 				VERIFY_BOOL_ON|\
456 				EXTRACTABLE_BOOL_ON|\
457 				MODIFIABLE_BOOL_ON)
458 
459 #define	PUBLIC_KEY_DEFAULT	(ENCRYPT_BOOL_ON|\
460 				VERIFY_BOOL_ON|\
461 				VERIFY_RECOVER_BOOL_ON|\
462 				MODIFIABLE_BOOL_ON)
463 
464 #define	PRIVATE_KEY_DEFAULT	(DECRYPT_BOOL_ON|\
465 				SIGN_BOOL_ON|\
466 				SIGN_RECOVER_BOOL_ON|\
467 				EXTRACTABLE_BOOL_ON|\
468 				MODIFIABLE_BOOL_ON)
469 
470 /*
471  * Flag definitions for obj_delete_sync
472  */
473 #define	OBJECT_IS_DELETING	1	/* Object is in a deleting state */
474 #define	OBJECT_REFCNT_WAITING	2	/* Waiting for object reference */
475 					/* count to become zero */
476 
477 /*
478  * This macro is used to type cast an object handle to a pointer to
479  * the object struct. Also, it checks to see if the object struct
480  * is tagged with an object magic number. This is to detect when an
481  * application passes a bogus object pointer.
482  * Also, it checks to see if the object is in the deleting state that
483  * another thread is performing. If not, increment the object reference
484  * count by one. This is to prevent this object from being deleted by
485  * other thread.
486  */
487 #define	HANDLE2OBJECT_COMMON(hObject, object_p, rv, REFCNT_CODE) { \
488 	object_p = (kernel_object_t *)(hObject); \
489 	if ((object_p == NULL) || \
490 		(object_p->magic_marker != KERNELTOKEN_OBJECT_MAGIC)) {\
491 			rv = CKR_OBJECT_HANDLE_INVALID; \
492 	} else { \
493 		(void) pthread_mutex_lock(&object_p->object_mutex); \
494 		if (!(object_p->obj_delete_sync & OBJECT_IS_DELETING)) { \
495 			REFCNT_CODE; \
496 			rv = CKR_OK; \
497 		} else { \
498 			rv = CKR_OBJECT_HANDLE_INVALID; \
499 		} \
500 		(void) pthread_mutex_unlock(&object_p->object_mutex); \
501 	} \
502 }
503 
504 #define	HANDLE2OBJECT(hObject, object_p, rv) \
505 	HANDLE2OBJECT_COMMON(hObject, object_p, rv, object_p->obj_refcnt++)
506 
507 #define	HANDLE2OBJECT_DESTROY(hObject, object_p, rv) \
508 	HANDLE2OBJECT_COMMON(hObject, object_p, rv, /* no refcnt increment */)
509 
510 
511 #define	OBJ_REFRELE(object_p) { \
512 	(void) pthread_mutex_lock(&object_p->object_mutex); \
513 	if ((--object_p->obj_refcnt) == 0 && \
514 	    (object_p->obj_delete_sync & OBJECT_REFCNT_WAITING)) { \
515 		(void) pthread_cond_signal(&object_p->obj_free_cond); \
516 	} \
517 	(void) pthread_mutex_unlock(&object_p->object_mutex); \
518 }
519 
520 
521 /*
522  * Function Prototypes.
523  */
524 void kernel_cleanup_object(kernel_object_t *objp);
525 
526 CK_RV kernel_add_object(CK_ATTRIBUTE_PTR pTemplate,  CK_ULONG ulCount,
527     CK_ULONG *objecthandle_p, kernel_session_t *sp);
528 
529 CK_RV kernel_delete_session_object(kernel_session_t *sp, kernel_object_t *objp,
530     boolean_t lock_held, boolean_t wrapper_only);
531 
532 void kernel_cleanup_extra_attr(kernel_object_t *object_p);
533 
534 CK_RV kernel_copy_extra_attr(CK_ATTRIBUTE_INFO_PTR old_attrp,
535     kernel_object_t *object_p);
536 
537 void kernel_cleanup_object_bigint_attrs(kernel_object_t *object_p);
538 
539 CK_RV kernel_build_object(CK_ATTRIBUTE_PTR template, CK_ULONG ulAttrNum,
540     kernel_object_t *new_object, kernel_session_t *sp, uint_t);
541 
542 CK_RV kernel_copy_object(kernel_object_t *old_object,
543     kernel_object_t **new_object, boolean_t copy_everything,
544     kernel_session_t *sp);
545 
546 void kernel_merge_object(kernel_object_t *old_object,
547     kernel_object_t *new_object);
548 
549 CK_RV kernel_get_attribute(kernel_object_t *object_p,
550     CK_ATTRIBUTE_PTR template);
551 
552 CK_RV kernel_set_attribute(kernel_object_t *object_p,
553     CK_ATTRIBUTE_PTR template, boolean_t copy, kernel_session_t *sp);
554 
555 void copy_bigint_attr(biginteger_t *src, biginteger_t *dst);
556 
557 void kernel_add_object_to_session(kernel_object_t *objp, kernel_session_t *sp);
558 
559 CK_RV kernel_copy_public_key_attr(public_key_obj_t *old_pub_key_obj_p,
560     public_key_obj_t **new_pub_key_obj_p, CK_KEY_TYPE key_type);
561 
562 CK_RV kernel_copy_private_key_attr(private_key_obj_t *old_pri_key_obj_p,
563     private_key_obj_t **new_pri_key_obj_p, CK_KEY_TYPE key_type);
564 
565 CK_RV kernel_copy_secret_key_attr(secret_key_obj_t *old_secret_key_obj_p,
566     secret_key_obj_t **new_secret_key_obj_p);
567 
568 CK_RV kernel_validate_attr(CK_ATTRIBUTE_PTR template, CK_ULONG ulAttrNum,
569     CK_OBJECT_CLASS *class);
570 
571 CK_RV kernel_find_objects_init(kernel_session_t *sp,
572     CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount);
573 
574 void kernel_find_objects_final(kernel_session_t *sp);
575 
576 void kernel_find_objects(kernel_session_t *sp,
577     CK_OBJECT_HANDLE *obj_found, CK_ULONG max_obj_requested,
578     CK_ULONG *found_obj_count);
579 
580 void kernel_process_find_attr(CK_OBJECT_CLASS *pclasses,
581     CK_ULONG *num_result_pclasses, CK_ATTRIBUTE_PTR pTemplate,
582     CK_ULONG ulCount);
583 
584 boolean_t kernel_find_match_attrs(kernel_object_t *obj,
585     CK_OBJECT_CLASS *pclasses, CK_ULONG num_pclasses,
586     CK_ATTRIBUTE *tmpl_attr, CK_ULONG num_attr);
587 
588 CK_ATTRIBUTE_PTR get_extra_attr(CK_ATTRIBUTE_TYPE type, kernel_object_t *obj);
589 
590 CK_RV get_string_from_template(CK_ATTRIBUTE_PTR dest, CK_ATTRIBUTE_PTR src);
591 
592 void string_attr_cleanup(CK_ATTRIBUTE_PTR template);
593 
594 void kernel_add_token_object_to_slot(kernel_object_t *objp,
595     kernel_slot_t *pslot);
596 
597 void kernel_remove_token_object_from_slot(kernel_slot_t *pslot,
598     kernel_object_t *objp);
599 
600 CK_RV kernel_delete_token_object(kernel_slot_t *pslot, kernel_session_t *sp,
601     kernel_object_t *obj, boolean_t lock_held, boolean_t wrapper_only);
602 
603 void kernel_cleanup_pri_objects_in_slot(kernel_slot_t *pslot,
604     kernel_session_t *sp);
605 
606 CK_RV kernel_get_object_size(kernel_object_t *objp, CK_ULONG_PTR pulSize);
607 
608 void kernel_object_delay_free(kernel_object_t *objp);
609 
610 #ifdef	__cplusplus
611 }
612 #endif
613 
614 #endif /* _KERNELOBJECT_H */
615