usr/src/lib/pkcs11/libpkcs11/common/metaSlotToken.c

   1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  */
  25
  26 #pragma ident   "%Z%%M% %I%     %E% SMI"
  27
  28 /*
  29  * Slot and Token Management functions
  30  * (as defined in PKCS#11 spec section 11.5)
  31  */
  32
  33 #include <stdio.h>
  34 #include <stdlib.h>
  35 #include <string.h>
  36 #include "metaGlobal.h"
  37
  38 extern CK_ULONG num_meta_sessions;
  39 extern CK_ULONG num_rw_meta_sessions;
  40
  41 /*
  42  * meta_GetSlotList
  43  *
  44  * For the metaslot, this is a trivial function. The metaslot module,
  45  * by defination, provides exactly one slot. The token is always present.
  46  *
  47  * This function is actually not called.
  48  */
  49 /* ARGSUSED */
  50 CK_RV
  51 meta_GetSlotList(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList,
  52     CK_ULONG_PTR pulCount)
  53 {
  54         CK_RV rv;
  55
  56         if (pulCount == NULL)
  57                 return (CKR_ARGUMENTS_BAD);
  58
  59         if (pSlotList == NULL) {
  60                 *pulCount = 1;
  61                 return (CKR_OK);
  62         }
  63
  64         if (*pulCount < 1) {
  65                 rv = CKR_BUFFER_TOO_SMALL;
  66         } else {
  67                 pSlotList[0] = METASLOT_SLOTID;
  68                 rv = CKR_OK;
  69         }
  70         *pulCount = 1;
  71
  72         return (rv);
  73 }
  74
  75
  76 /*
  77  * meta_GetSlotInfo
  78  *
  79  * Returns basic information about the metaslot.
  80  *
  81  * The slotID argument is ignored.
  82  */
  83 /*ARGSUSED*/
  84 CK_RV
  85 meta_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
  86 {
  87         CK_SLOT_INFO slotinfo;
  88         CK_SLOT_ID true_id;
  89         CK_RV rv;
  90
  91         if (!metaslot_enabled) {
  92                 return (CKR_SLOT_ID_INVALID);
  93         }
  94
  95         if (pInfo == NULL) {
  96                 return (CKR_ARGUMENTS_BAD);
  97         }
  98
  99         /* Provide information about the slot in the provided buffer */
 100         (void) memcpy(pInfo->slotDescription, METASLOT_SLOT_DESCRIPTION, 64);
 101         (void) memcpy(pInfo->manufacturerID, METASLOT_MANUFACTURER_ID, 32);
 102         pInfo->hardwareVersion.major = METASLOT_HARDWARE_VERSION_MAJOR;
 103         pInfo->hardwareVersion.minor = METASLOT_HARDWARE_VERSION_MINOR;
 104         pInfo->firmwareVersion.major = METASLOT_FIRMWARE_VERSION_MAJOR;
 105         pInfo->firmwareVersion.minor = METASLOT_FIRMWARE_VERSION_MINOR;
 106
 107         /* Find out token is present in the underlying keystore */
 108         true_id = TRUEID(metaslot_keystore_slotid);
 109
 110         rv = FUNCLIST(metaslot_keystore_slotid)->C_GetSlotInfo(true_id,
 111             &slotinfo);
 112         if ((rv == CKR_OK) && (slotinfo.flags & CKF_TOKEN_PRESENT)) {
 113                 /*
 114                  * store the token present flag if it is successfully
 115                  * received from the keystore slot.
 116                  * If not, this flag will not be set.
 117                  */
 118                 pInfo->flags = CKF_TOKEN_PRESENT;
 119         }
 120
 121         return (CKR_OK);
 122 }
 123
 124
 125 /*
 126  * meta_GetTokenInfo
 127  *
 128  * Returns basic information about the metaslot "token."
 129  *
 130  * The slotID argument is ignored.
 131  *
 132  */
 133 /*ARGSUSED*/
 134 CK_RV
 135 meta_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
 136 {
 137         CK_RV rv;
 138         CK_TOKEN_INFO metainfo;
 139         CK_SLOT_ID true_id;
 140
 141         if (!metaslot_enabled) {
 142                 return (CKR_SLOT_ID_INVALID);
 143         }
 144
 145         if (pInfo == NULL)
 146                 return (CKR_ARGUMENTS_BAD);
 147
 148         true_id = TRUEID(metaslot_keystore_slotid);
 149
 150         rv = FUNCLIST(metaslot_keystore_slotid)->C_GetTokenInfo(true_id,
 151             &metainfo);
 152
 153         /*
 154          * If we could not get information about the object token, use
 155          * default values. This allows metaslot to be used even if there
 156          * are problems with the object token (eg, it's not present).
 157          */
 158         if (rv != CKR_OK) {
 159                 metainfo.ulTotalPublicMemory    = CK_UNAVAILABLE_INFORMATION;
 160                 metainfo.ulFreePublicMemory     = CK_UNAVAILABLE_INFORMATION;
 161                 metainfo.ulTotalPrivateMemory   = CK_UNAVAILABLE_INFORMATION;
 162                 metainfo.ulFreePrivateMemory    = CK_UNAVAILABLE_INFORMATION;
 163
 164                 metainfo.flags = CKF_WRITE_PROTECTED;
 165
 166                 metainfo.ulMaxPinLen = 0;
 167                 metainfo.ulMinPinLen = 0;
 168                 metainfo.hardwareVersion.major =
 169                     METASLOT_HARDWARE_VERSION_MAJOR;
 170                 metainfo.hardwareVersion.minor =
 171                     METASLOT_HARDWARE_VERSION_MINOR;
 172                 metainfo.firmwareVersion.major =
 173                     METASLOT_FIRMWARE_VERSION_MAJOR;
 174                 metainfo.firmwareVersion.minor =
 175                     METASLOT_FIRMWARE_VERSION_MINOR;
 176         }
 177
 178         /*
 179          * Override some values that the object token may have set. They
 180          * can be inappropriate/misleading when used in the context of
 181          * metaslot.
 182          */
 183         (void) memcpy(metainfo.label, METASLOT_TOKEN_LABEL, 32);
 184         (void) memcpy(metainfo.manufacturerID,
 185             METASLOT_MANUFACTURER_ID, 32);
 186         (void) memcpy(metainfo.model, METASLOT_TOKEN_MODEL, 16);
 187         (void) memset(metainfo.serialNumber, ' ', 16);
 188
 189         metainfo.ulMaxSessionCount      = CK_EFFECTIVELY_INFINITE;
 190         metainfo.ulSessionCount         = num_meta_sessions;
 191         metainfo.ulMaxRwSessionCount    = CK_EFFECTIVELY_INFINITE;
 192         metainfo.ulRwSessionCount       = num_rw_meta_sessions;
 193
 194         metainfo.flags |= CKF_RNG;
 195         metainfo.flags &= ~CKF_RESTORE_KEY_NOT_NEEDED;
 196         metainfo.flags |= CKF_TOKEN_INITIALIZED;
 197         metainfo.flags &= ~CKF_SECONDARY_AUTHENTICATION;
 198
 199         /* Clear the time field if the token does not have a clock. */
 200         if (!(metainfo.flags & CKF_CLOCK_ON_TOKEN))
 201                 (void) memset(metainfo.utcTime, ' ', 16);
 202
 203         *pInfo = metainfo;
 204
 205         return (CKR_OK);
 206 }
 207
 208
 209 /*
 210  * meta_WaitForSlotEvent
 211  *
 212  * The metaslot never generates events, so this function doesn't do anything
 213  * useful. We do not pass on provider events because we want to hide details
 214  * of the providers.
 215  *
 216  * If CKF_DONT_BLOCK flag is turned on, CKR_NO_EVENT will be return.
 217  * Otherwise, return CKR_FUNCTION_FAILED.
 218  *
 219  */
 220 /* ARGSUSED */
 221 CK_RV
 222 meta_WaitForSlotEvent(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot,
 223     CK_VOID_PTR pReserved)
 224 {
 225         if (flags & CKF_DONT_BLOCK) {
 226                 return (CKR_NO_EVENT);
 227         } else {
 228                 return (CKR_FUNCTION_FAILED);
 229         }
 230 }
 231
 232
 233 /*
 234  * meta_GetMechanismList
 235  *
 236  * The slotID argument is not used.
 237  *
 238  */
 239 /*ARGSUSED*/
 240 CK_RV
 241 meta_GetMechanismList(CK_SLOT_ID slotID, CK_MECHANISM_TYPE_PTR pMechanismList,
 242     CK_ULONG_PTR pulCount)
 243 {
 244         CK_RV rv;
 245
 246         if (!metaslot_enabled) {
 247                 return (CKR_SLOT_ID_INVALID);
 248         }
 249
 250         if (pulCount == NULL)
 251                 return (CKR_ARGUMENTS_BAD);
 252
 253         rv = meta_mechManager_get_mechs(pMechanismList, pulCount);
 254
 255         if ((rv == CKR_BUFFER_TOO_SMALL) && (pMechanismList == NULL)) {
 256                 /*
 257                  * if pMechanismList is not provided, just need to
 258                  * return count
 259                  */
 260                 rv = CKR_OK;
 261         }
 262         return (rv);
 263 }
 264
 265
 266 /*
 267  * meta_GetMechanismInfo
 268  *
 269  * The slotID argument is not used.
 270  */
 271 /*ARGSUSED*/
 272 CK_RV
 273 meta_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type,
 274     CK_MECHANISM_INFO_PTR pInfo)
 275 {
 276         CK_RV rv;
 277         mechinfo_t **slots = NULL;
 278         unsigned long i, slotCount = 0;
 279         mech_support_info_t  mech_support_info;
 280
 281         if (!metaslot_enabled) {
 282                 return (CKR_SLOT_ID_INVALID);
 283         }
 284
 285         if (pInfo == NULL) {
 286                 return (CKR_ARGUMENTS_BAD);
 287         }
 288
 289         mech_support_info.supporting_slots =
 290             malloc(meta_slotManager_get_slotcount() * sizeof (mechinfo_t *));
 291         if (mech_support_info.supporting_slots == NULL) {
 292                 return (CKR_HOST_MEMORY);
 293         }
 294
 295         mech_support_info.mech = type;
 296
 297         rv = meta_mechManager_get_slots(&mech_support_info, TRUE, NULL);
 298         if (rv != CKR_OK) {
 299                 free(mech_support_info.supporting_slots);
 300                 return (rv);
 301         }
 302
 303         slotCount = mech_support_info.num_supporting_slots;
 304         slots = mech_support_info.supporting_slots;
 305
 306         /* Merge mechanism info from all slots. */
 307         (void) memcpy(pInfo, &(slots[0]->mechanism_info),
 308             sizeof (CK_MECHANISM_INFO));
 309
 310         /* no need to look at index 0, since that's what we started with */
 311         for (i = 1; i < slotCount; i++) {
 312                 CK_ULONG thisValue;
 313
 314                 /* MinKeySize should be smallest of all slots. */
 315                 thisValue = slots[i]->mechanism_info.ulMinKeySize;
 316                 if (thisValue < pInfo->ulMinKeySize) {
 317                         pInfo->ulMinKeySize = thisValue;
 318                 }
 319
 320                 /* MaxKeySize should be largest of all slots. */
 321                 thisValue = slots[i]->mechanism_info.ulMaxKeySize;
 322                 if (thisValue > pInfo->ulMaxKeySize) {
 323                         pInfo->ulMaxKeySize = thisValue;
 324                 }
 325
 326                 pInfo->flags |= slots[i]->mechanism_info.flags;
 327         }
 328
 329         /* Clear the CKF_HW flag. We might select a software provider later. */
 330         pInfo->flags &= ~CKF_HW;
 331
 332         /* Clear the extenstion flag. Spec says is should never even be set. */
 333         pInfo->flags &= ~CKF_EXTENSION;
 334
 335         free(mech_support_info.supporting_slots);
 336
 337         return (CKR_OK);
 338 }
 339
 340
 341 /*
 342  * meta_InitToken
 343  *
 344  * Not supported. The metaslot "token" is always initialized. The token object
 345  * token must already be initialized. Other vendors don't seem to support
 346  * this anyway.
 347  */
 348 /* ARGSUSED */
 349 CK_RV
 350 meta_InitToken(CK_SLOT_ID slotID, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen,
 351     CK_UTF8CHAR_PTR pLabel)
 352 {
 353         return (CKR_FUNCTION_NOT_SUPPORTED);
 354 }
 355
 356
 357 /*
 358  * meta_InitPIN
 359  *
 360  * Not supported. Same reason as C_InitToken.
 361  */
 362 /* ARGSUSED */
 363 CK_RV
 364 meta_InitPIN(CK_SESSION_HANDLE hSession,
 365     CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen)
 366 {
 367         return (CKR_FUNCTION_NOT_SUPPORTED);
 368 }
 369
 370
 371 /*
 372  * meta_SetPIN
 373  *
 374  * This is basically just a pass-thru to the object token. No need to
 375  * even check the arguments, since we don't use them.
 376  */
 377 CK_RV
 378 meta_SetPIN(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pOldPin,
 379     CK_ULONG ulOldPinLen, CK_UTF8CHAR_PTR pNewPin, CK_ULONG ulNewPinLen)
 380 {
 381         CK_RV rv;
 382         meta_session_t *session;
 383         slot_session_t *slot_session;
 384
 385         rv = meta_handle2session(hSession, &session);
 386         if (rv != CKR_OK)
 387                 return (rv);
 388
 389         if (IS_READ_ONLY_SESSION(session->session_flags)) {
 390                 REFRELEASE(session);
 391                 return (CKR_SESSION_READ_ONLY);
 392         }
 393
 394         rv = meta_get_slot_session(get_keystore_slotnum(), &slot_session,
 395             session->session_flags);
 396         if (rv != CKR_OK) {
 397                 REFRELEASE(session);
 398                 return (rv);
 399         }
 400
 401         rv = FUNCLIST(slot_session->fw_st_id)->C_SetPIN(slot_session->hSession,
 402             pOldPin, ulOldPinLen, pNewPin, ulNewPinLen);
 403
 404         meta_release_slot_session(slot_session);
 405
 406         REFRELEASE(session);
 407         return (rv);
 408 }