kmsSession.h revision 12720:3db6e0082404
1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21/* 22 * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. 23 */ 24 25#ifndef _KMSSESSION_H 26#define _KMSSESSION_H 27 28#ifdef __cplusplus 29extern "C" { 30#endif 31 32#include <stdio.h> 33#include <pthread.h> 34#include <sys/avl.h> 35#include <security/pkcs11t.h> 36 37#define K_SOLARIS_PLATFORM 38#include "KMSAgent.h" 39 40#define KMSTOKEN_SESSION_MAGIC 0xECF00004 41 42#define CRYPTO_OPERATION_ACTIVE 0x01 43#define CRYPTO_OPERATION_UPDATE 0x02 44 45typedef struct { 46 CK_MECHANISM mech; 47 void *context; 48 uint32_t flags; 49} kms_active_op_t; 50 51typedef struct { 52 char *label; 53 avl_node_t nodep; 54} objlabel_t; 55 56#define KMSOFFSETOF(s, m) ((size_t)(&(((s *)0)->m))) 57 58/* 59 * Data stored in the KMS profile config file. 60 */ 61typedef struct { 62 char name[BUFSIZ]; 63 char agentId[BUFSIZ]; 64 char agentAddr[BUFSIZ]; 65 int transTimeout; 66 int failoverLimit; 67 int discoveryFreq; 68 int securityMode; 69} kms_cfg_info_t; 70 71typedef struct session { 72 CK_ULONG magic_marker; /* magic # be validated for integrity */ 73 pthread_mutex_t session_mutex; /* session's mutex lock */ 74 pthread_mutex_t ses_free_mutex; /* mutex used during closing session */ 75 pthread_cond_t ses_free_cond; /* cond variable for signal and wait */ 76 uint32_t ses_refcnt; /* session reference count */ 77 uint32_t ses_close_sync; /* session closing flags */ 78 boolean_t ses_RO; /* RO or RW session flag */ 79 CK_SLOT_ID ses_slotid; /* slotID saved from C_OpenSession() */ 80 81 /* Place holder for parameters passed in the C_OpenSession */ 82 CK_FLAGS flags; 83 CK_NOTIFY Notify; 84 CK_VOID_PTR pApplication; 85 86 /* Pointers to form the global session list */ 87 struct session *next; /* points to next session on the list */ 88 struct session *prev; /* points to prev session on the list */ 89 90 struct object *object_list; /* points to list of objects */ 91 92 kms_active_op_t find_objects; 93 kms_active_op_t encrypt; 94 kms_active_op_t decrypt; 95 96 kms_cfg_info_t configInfo; 97 98 avl_tree_t objlabel_tree; 99 KMSClientProfile kmsProfile; 100} kms_session_t; 101 102/* 103 * The following structure is used to link the to-be-freed sessions 104 * into a linked list. The sessions on this linked list have 105 * not yet been freed via free() after C_CloseSession() call; instead 106 * they are added to this list. The actual free will take place when 107 * the number of sessions queued reaches MAX_SES_TO_BE_FREED, at which 108 * time the first session in the list will be freed. 109 */ 110#define MAX_SES_TO_BE_FREED 300 111 112typedef struct ses_to_be_freed_list { 113 kms_session_t *first; /* points to the first session in the list */ 114 kms_session_t *last; /* points to the last session in the list */ 115 uint32_t count; /* current total sessions in the list */ 116 pthread_mutex_t ses_to_be_free_mutex; 117} ses_to_be_freed_list_t; 118 119extern ses_to_be_freed_list_t ses_delay_freed; 120extern CK_ULONG kms_session_cnt; 121extern CK_ULONG kms_session_rw_cnt; 122 123/* 124 * Flag definitions for ses_close_sync 125 */ 126#define SESSION_IS_CLOSING 1 /* Session is in a closing state */ 127#define SESSION_REFCNT_WAITING 2 /* Waiting for session reference */ 128 /* count to become zero */ 129/* 130 * This macro is used to decrement the session reference count by one. 131 * 132 * The caller of this macro uses the argument lock_held to indicate that 133 * whether the caller holds the lock on the session or not. 134 * 135 * REFRELE macro does the following: 136 * 1) Get the session lock if the caller does not hold it. 137 * 2) Decrement the session reference count by one. 138 * 3) If the session reference count becomes zero after being decremented, 139 * and there is a closing session thread in the wait state, then 140 * call pthread_cond_signal() to wake up that thread who is blocked 141 * in the session deletion routine due to non-zero reference ount. 142 * 4) Always release the session lock. 143 */ 144#define REFRELE(s, ses_lock_held) { \ 145 if (!ses_lock_held) \ 146 (void) pthread_mutex_lock(&s->session_mutex); \ 147 if ((--((s)->ses_refcnt) == 0) && \ 148 (s->ses_close_sync & SESSION_REFCNT_WAITING)) { \ 149 (void) pthread_mutex_unlock(&s->session_mutex); \ 150 (void) pthread_cond_signal(&s->ses_free_cond); \ 151 } else { \ 152 (void) pthread_mutex_unlock(&s->session_mutex); \ 153 } \ 154} 155 156 157/* 158 * Function Prototypes. 159 */ 160CK_RV 161handle2session(CK_SESSION_HANDLE hSession, kms_session_t **session_p); 162 163void 164kms_delete_all_sessions(boolean_t wrapper_only); 165 166void 167kms_delete_all_objects_in_session(kms_session_t *sp, 168 boolean_t wrapper_only); 169 170CK_RV 171kms_add_session(CK_SLOT_ID slotID, CK_FLAGS flags, 172 CK_VOID_PTR pApplication, CK_NOTIFY notify, CK_ULONG *phSession); 173 174void 175kms_delete_session(kms_session_t *sp, 176 boolean_t lock_held, boolean_t wrapper_only); 177 178void 179kms_session_delay_free(kms_session_t *sp); 180 181void kms_acquire_all_slots_mutexes(); 182void kms_release_all_slots_mutexes(); 183 184#ifdef __cplusplus 185} 186#endif 187 188#endif /* _KMSSESSION_H */ 189