| blob | e5172237b792998fe22668949da163ff96c242b3 |
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
28 /*
29 * Mechanism Manager - centralized knowledge of mechanisms.
30 *
31 * The core of the mechmanager is the "mechlist" data structure. It contains
32 * information about all mechanisms available from providers that have been
33 * exposed to the application.
34 *
35 * Each element in the array represents a particular mechanism type. The
36 * array is sorted by type, so that searching by mechanism can be done
37 * quickly. Each element also contains the mechanism data for each slot.
38 *
39 * The mechlist is constructed on an as-needed basis, entries are not added
40 * until the application triggers an action that requires an entry to be
41 * added (or updated).
42 *
43 */
45 #include <string.h>
46 #include <strings.h>
51 /* Global data... */
53 #define INITIAL_MECHLIST_SIZE 256
56 CK_MECHANISM_TYPE type;
66 /* Prototypes... */
76 /*
77 * meta_mechManager_initialize
78 *
79 * Called from C_Initialize. Allocates and initializes storage needed
80 * by the slot manager.
81 */
82 CK_RV
84 {
85 /* The mechlist can dynamically grow, but let's preallocate space. */
94 }
97 /*
98 * meta_mechManager_finalize
99 *
100 * Called from C_Finalize. Deallocates any storage held by the slot manager.
101 */
102 void
104 {
107 /* No need to lock list, we assume all sessions are closed. */
110 }
116 }
119 /*
120 * meta_mechManager_get_mechs
121 *
122 * Get list of all available mechanisms.
123 *
124 * Follows PKCS#11 semantics, where list may be NULL to only request a
125 * count of available mechanisms.
126 */
127 CK_RV
129 {
135 /* get number of slots */
138 /*
139 * Update slot info. Ignore any errors.
140 *
141 * NOTE: Due to the PKCS#11 convention of calling C_GetMechanismList
142 * twice (once to get the count, again to get the actual list), this
143 * is somewhat inefficient... However, I don't see an easy way to fix
144 * that without impacting other cases (eg, when the first call contains
145 * an "optimistic" pre-allocated buffer).
146 */
149 }
152 /*
153 * Count the number of mechanisms. We can't just use num_mechs,
154 * because some mechs may not currently be supported on any slot.
155 * Also, it may not be allowed based on the mechanism policy.
156 */
160 CK_ULONG j;
161 boolean_t supported;
165 /* skip mechs disabled by policy */
167 }
177 }
178 }
181 num_found++;
185 }
186 }
187 }
196 }
199 /*
200 * meta_mechManager_get_slots
201 *
202 * Get list of all slots supporting the specified mechanism.
203 *
204 * The "mech_support_info" argument should have allocated enough
205 * space to accomodate the list of slots that supports the
206 * specified mechanism. The "num_supporting_slots" field
207 * in the "mech_support_info" structure will indicate how
208 * many slots are found to support the mechanism.
209 *
210 * If any error occurred in getting the list, info in
211 * mech_support_info argument is not updated.
212 *
213 */
214 CK_RV
217 {
218 CK_RV rv;
219 boolean_t found;
222 CK_MECHANISM_INFO info;
225 force_update);
228 }
235 }
247 }
248 }
250 num_found++;
253 }
255 finish:
262 }
265 }
268 /*
269 * meta_mechManager_update_mech
270 *
271 * Updates a mechanism in the mechlist. If the mechanism is not
272 * listed, all providers will be queried. If the mechanism
273 * is present, but not initialized for some providers, those providers
274 * will be queried. Existing entries will not be updated unless the
275 * force_refresh flag is set.
276 *
277 * The force_refresh flag is used by C_GetMechanismInfo, to force an
278 * update. Updates are not forced during the common usage by operations
279 * [eg C_EncryptInit] to avoid poor performance.
280 */
281 static CK_RV
283 {
284 CK_RV rv;
287 boolean_t found;
289 /* Ensure list contains the mechanism. */
295 /*
296 * We didn't retain a lock after the first search, so it's possible
297 * that the mechlist was updated. Search again, but use the last
298 * index as a hint to quickly find the mechanism.
299 */
302 /* Shouldn't happen - entries are not removed from list. */
305 }
312 /* Ignore error and continue with next slot. */
314 }
315 }
316 }
318 finish:
322 }
325 /*
326 * meta_mechManager_update_slot
327 *
328 * Updates a slot in the mechlist. Called by C_GetMechanismList
329 * [by way of meta_mechManager_get_mechs()]. Unlike
330 * meta_mechManager_get_slots(), the context is always to force a refresh
331 * of the mechlist.
332 *
333 */
334 static CK_RV
336 {
340 CK_RV rv;
341 boolean_t found;
348 /* First, get the count. */
353 }
360 }
362 /* Next, get the actual list. */
367 }
369 /*
370 * filter the list of mechanisms returned by the underlying slot
371 * to remove any mechanisms that are explicitly disabled
372 * in the configuration file.
373 */
378 }
382 /* filter out the disabled mechanisms */
385 }
388 tmp_mechlistsize++;
389 }
392 /* Sort the mechanisms by value. */
394 qsort_mechtypes);
396 /* Ensure list contains the mechanisms. */
402 /* Update the mechanism info. */
407 /* This shouldn't happen. */
410 }
414 /* Ignore error, make best effort to finish update. */
417 }
418 }
421 finish:
424 }
428 }
431 }
434 /*
435 * update_slotmech
436 *
437 * Updates the information for a particular mechanism for a particular slot.
438 * (ie, slotlist[foo].slots[bar])
439 *
440 * It is assumed that the caller to this function (all of which are
441 * in this file) holds the write-lock to "mechlist_lock".
442 *
443 */
444 static CK_RV
447 {
449 CK_MECHANISM_INFO info;
456 /*
457 * Check if the specified mechanism is in the disabled list
458 * of the specified slot. If so, we can immediately conclude
459 * that it is not supported by the specified slot.
460 */
462 /*
463 * we mark this as initialized so that we won't try
464 * to do this check later
465 */
471 }
479 /* record that the mechanism isn't supported for the slot */
484 }
486 finish:
488 }
491 /*
492 * meta_mechManager_allocmechs
493 *
494 * Ensures that all of the specified mechanisms are present in the
495 * mechlist. If a mechanism is not present, an uninitialized entry is
496 * added for it.
497 *
498 * The returned index can be used by the caller as a hint to where the
499 * first mechanism was located.
500 */
501 static CK_RV
504 {
507 boolean_t found;
509 /* The optimistic assumption is that the mech is already present. */
519 }
524 }
526 /*
527 * We stopped searching when the first unknown mech was found. Now
528 * obtain a write-lock, and continue from where we left off, inserting
529 * unknown mechanisms.
530 */
544 }
546 /*
547 * If the current storage for the mechlist is too
548 * small, allocate a new list twice as large.
549 */
561 }
565 }
567 /* Shift existing entries to make space. */
570 num_mechs++;
574 }
575 }
577 finish:
581 }
584 /*
585 * find_mech_index
586 *
587 * Performs a search of mechlist for the specified mechanism, and
588 * returns if the mechanism was found or not. The value of the "index"
589 * argument will be where the mech is (if found), or where it should
590 * be (if not found).
591 *
592 * The current value of "index" will be used as a starting point, if the
593 * caller already knows where the mechanism is likely to be.
594 *
595 * The caller is assumed to have a lock on the mechlist, preventing it
596 * from being changed while searching (also to ensure the returned index
597 * will remain valid until the list is unlocked).
598 *
599 * FUTURE: convert to binary search [from O(N) to a O(log(N))].
600 *
601 * NOTES:
602 * 1) This function assumes that mechMap is a sorted list.
603 */
604 static boolean_t
606 {
615 }
619 }
624 }
626 static int
628 {
637 }
639 /*
640 * Check if the specified mechanism is supported by the specified slot.
641 * The result is returned in the "supports" argument. If the "slot_info"
642 * argument is not NULL, it will be filled with information about
643 * the slot.
644 */
645 CK_RV
649 {
651 boolean_t found;
652 CK_RV rv;
654 CK_MECHANISM_INFO info;
667 }
675 }
676 }
680 }
681 }
683 finish:
687 }