| blob | a4783c9a14f72b82d7a694afcfbf85e24fbe0021 |
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
26 #include <stdio.h>
27 #include <stdlib.h>
28 #include <pthread.h>
29 #include <time.h>
30 #include <security/cryptoki.h>
39 /*
40 * C_GetSlotList is implemented entirely within this framework,
41 * using the slottable that was created during the call to
42 * C_Initialize in pkcs11_slot_mapping(). The plugged in providers
43 * are only queried when tokenPresent is set.
44 *
45 * If metaslot is enabled, the slot that provides keystore support
46 * needs to be hidden. Therefore, even when fastpath is enabled,
47 * we can't go through fastpath because the slot needs to be
48 * hidden.
49 */
50 CK_RV
52 CK_ULONG_PTR pulCount)
53 {
55 CK_RV rv;
56 CK_RV prov_rv;
57 CK_SLOT_ID true_id;
58 CK_SLOT_INFO_PTR pinfo;
62 /* Check for a fastpath */
65 pulCount));
66 }
70 }
74 }
77 /* Need to allocate memory for pinfo */
81 }
82 }
84 /*
85 * Count the number of valid slots for returning to the application.
86 * If metaslot is enabled, the slot providing keystore support for
87 * metaslot is skipped. Therefore, we can't simply sequentially
88 * assign "i" as the slot id to be returned to the application.
89 * The variable "slot_id" is used for keeping track of the
90 * next slot id to be assigned.
91 */
97 /* Check if token present is required */
99 /* Check with provider */
106 }
107 }
108 /* Fill in the given buffer if it is sufficient */
111 slot_id++;
112 }
113 count++;
114 }
115 }
117 /* pSlotList set to NULL means caller only wants count */
122 }
128 }
131 }
133 CK_RV
135 {
137 CK_RV rv;
142 }
144 /* Check for a fastpath */
149 /* just need to get metaslot information */
151 }
153 /* Check that slotID is valid */
156 }
160 /* Present consistent interface to the application */
163 }
166 }
168 CK_RV
170 {
171 CK_RV rv;
176 }
178 /* Check for a fastpath */
183 /* just need to get metaslot information */
185 }
187 /* Check that slotID is valid */
190 }
194 /* Present consistent interface to the application */
197 }
200 }
202 /*
203 * C_WaitForSlotEvent cannot be a direct pass through to the underlying
204 * provider (except in the case of fastpath), due to the complex nature
205 * of this function. The calling application is asking to be alerted
206 * when an event has occurred on any of the slots in the framework, so
207 * we need to check with all underlying providers and ask for events
208 * on any of their slots. If this is called in blocking mode, we will
209 * need to start threads to wait for slot events for each provider
210 * plugged into the framework.
211 */
212 CK_RV
214 {
219 CK_SLOT_ID event_slot;
222 /* Check for a fastpath */
225 pReserved));
226 }
230 }
234 }
236 /*
237 * Check to see if we're already blocking on another threads
238 * call to this function. If so, behaviour is undefined so
239 * we should return to application.
240 */
248 }
250 /*
251 * Check first to see if any events have been recorded
252 * already on any of the slots, regardless of blocking or
253 * thread status.
254 */
261 /* found one, clear event and notify application */
268 /*
269 * This event has been captured, clear the function's
270 * active status. Other threads may now enter this
271 * function.
272 */
277 }
278 }
280 /*
281 * We could not find any existing event, so let's see
282 * if we can block and start threads to watch for events.
283 */
285 /*
286 * Application does not want us to block so check with
287 * underlying providers to see if any events have occurred.
288 * Not every provider will have implemented this function,
289 * so error codes or CKR_NO_EVENT can be ignored.
290 */
296 /*
297 * Only do process once per provider.
298 */
301 }
303 /*
304 * Check to make sure a child thread is not already
305 * running, due to another of the application's
306 * thread calling this function.
307 */
313 }
318 /*
319 * Release the hold on the slot's mutex while we
320 * are waiting for this function to complete.
321 */
333 /* See if we've found a slot with an event */
335 /*
336 * Try to map the returned slotid to a slot
337 * allocated by the framework. All slots from
338 * one provider are adjacent in the framework's
339 * slottable, so search for a mapping while
340 * the prov_id field is the same.
341 */
346 /* Find the slot, remap pSlot */
352 B_FALSE;
356 }
357 j++;
358 }
360 }
362 /*
363 * If we reach this part of the loop, this
364 * provider either had no events, did not support
365 * this function, or set pSlot to a value we
366 * could not find in the slots associated with
367 * this provider. Continue checking with remaining
368 * providers.
369 */
371 }
373 /* No provider had any events */
380 /*
381 * Application has asked us to block, but forbidden
382 * us from creating threads. This is too risky to perform
383 * with underlying providers (we may block indefinitely),
384 * so will return an error in this case.
385 */
390 }
392 /*
393 * Grab the st_start_mutex now, which will prevent the listener
394 * thread from signaling on st_start_cond before we're ready to
395 * wait for it.
396 */
399 /*
400 * Application allows us to create threads and has
401 * asked us to block. Create listener thread to wait for
402 * child threads to return.
403 */
411 }
415 /*
416 * Wait for the listening thread to get started before
417 * we spawn child threads.
418 */
423 /*
424 * Need to hold the mutex on the entire slottable for the
425 * entire setup of the child threads. Otherwise, the first
426 * child thread may complete before a later child thread is
427 * fully started, resulting in an inaccurate value of
428 * st_thr_count and a potential race condition.
429 */
432 /*
433 * Create child threads to check with the plugged in providers
434 * to check for events. Keep a count of the current open threads,
435 * so the listener thread knows when there are no more children
436 * to listen for. Also, make sure a thread is not already active
437 * for that provider.
438 */
443 /*
444 * Only do process once per provider.
445 */
448 }
450 /*
451 * Check to make sure a child thread is not already running,
452 * due to another of the application's threads calling
453 * this function. Also, check that the provider has actually
454 * implemented this function.
455 */
462 }
464 /* Set slot to active */
467 /*
468 * set up variable to pass arguments to child threads.
469 * Only need to set up once, as values will remain the
470 * same for each successive call.
471 */
482 }
486 }
488 /* Create child thread */
490 child_waitforslotevent,
494 }
498 /*
499 * This counter is decremented every time a
500 * child_waitforslotevent() wakes up the listener.
501 */
505 }
507 /* If no children are listening, kill the listener */
511 /* If there are no child threads, no event will occur */
515 }
519 /* Wait for listener thread to terminate */
522 /* Make sure C_Finalize has not been called */
528 }
530 /* See if any events actually occurred */
542 /* An event has occurred on this slot */
544 WFSE_CLEAR;
556 }
557 }
564 /* No provider reported any events, or no provider implemented this */
566 }
568 /*
569 * C_GetMechanismList cannot just be a direct pass through to the
570 * underlying provider, because we allow the administrator to
571 * disable certain mechanisms from specific providers. This affects
572 * both pulCount and pMechanismList. Only when the fastpath with
573 * no policy is in effect can we pass through directly to the
574 * underlying provider.
575 *
576 * It is necessary, for policy filtering, to get the actual list
577 * of mechanisms from the underlying provider, even if the calling
578 * application is just requesting a count. It is the only way to
579 * get an accurate count of the number of mechanisms actually available.
580 */
581 CK_RV
583 CK_ULONG_PTR pulCount)
584 {
586 CK_ULONG mech_count;
587 CK_ULONG tmpmech_count;
589 CK_SLOT_ID true_id;
591 CK_FUNCTION_LIST_PTR prov_funcs;
593 CK_ULONG i;
597 }
599 /* Check for a fastpath */
606 pulCount));
607 }
609 /* Check that slotID is valid */
612 }
621 }
626 /*
627 * Allocate memory for a mechanism list. We are assuming
628 * that most mechanism lists will be less than MECHLIST_SIZE.
629 * If that is not enough memory, we will try a second time
630 * with more memory allocated.
631 */
636 }
638 /*
639 * Attempt to get the mechanism list. PKCS11 supports
640 * removable media, so the mechanism list of a slot can vary
641 * over the life of the application.
642 */
647 /* Need to use more space */
655 }
657 /* Try again to get mechanism list. */
661 }
663 /*
664 * Present consistent face to calling application.
665 * If something strange has happened, or this function
666 * is not supported by this provider, return a count
667 * of zero mechanisms.
668 */
673 }
675 /*
676 * Process the mechanism list, removing any mechanisms
677 * that are disabled via the framework. Even if the
678 * application is only asking for a count, we must
679 * process the actual mechanisms being offered by this slot.
680 * We could not just subtract our stored count of disabled
681 * mechanisms, since it is not guaranteed that those
682 * mechanisms are actually supported by the slot.
683 */
685 /* Filter out the disabled mechanisms */
688 }
690 /*
691 * Only set pMechanismList if enough memory
692 * is available. If it was set to NULL
693 * originally, this loop will just be counting
694 * mechanims.
695 */
698 }
699 mech_count++;
700 }
702 /*
703 * Catch the case where pMechanismList was not set to NULL,
704 * yet the buffer was not large enough. If pMechanismList is
705 * set to NULL, this function will simply set pulCount and
706 * return CKR_OK.
707 */
712 }
718 }
721 CK_RV
723 CK_MECHANISM_INFO_PTR pInfo)
724 {
725 CK_RV rv;
726 CK_SLOT_ID true_id;
728 CK_FUNCTION_LIST_PTR prov_funcs;
732 }
734 /* Check for a fastpath */
739 /* just need to get metaslot information */
741 }
743 /* Check that slotID is valid */
746 }
755 }
757 /* Make sure this is not a disabled mechanism */
760 }
764 /* Present consistent interface to the application */
767 }
770 }
773 CK_RV
775 CK_UTF8CHAR_PTR pLabel)
776 {
777 CK_RV rv;
782 }
784 /* Check for a fastpath */
787 pLabel));
790 /* just need to get metaslot information */
792 pLabel));
793 }
795 /* Check that slotID is valid */
798 }
801 pLabel);
803 /* Present consistent interface to the application */
806 }
809 }
811 CK_RV
813 {
815 CK_RV rv;
818 /* Check for a fastpath */
821 }
825 }
827 /* Obtain the session pointer */
832 }
834 /* Initialize the PIN with the provider */
838 /* Present consistent interface to the application */
841 }
844 }
846 CK_RV
849 CK_ULONG ulNewPinLen)
850 {
851 CK_RV rv;
854 /* Check for a fastpath */
858 }
862 }
864 /* Obtain the session pointer */
869 }
871 /* Set the PIN with the provider */
875 /* Present consistent interface to the application */
878 }
882 }
884 /*
885 * listener_waitforslotevent is spawned by the main C_WaitForSlotEvent()
886 * to listen for events from any of the providers. It also watches the
887 * count of threads, which may go to zero with no recorded events, if
888 * none of the underlying providers have actually implemented this
889 * function.
890 */
891 /*ARGSUSED*/
895 CK_SLOT_ID eventID;
897 /* Mark slottable in state blocking */
901 /* alert calling thread that this thread has started */
906 /* wait for an event, or number of threads to reach zero */
909 /*
910 * Make sure we've really been signaled, and not waking
911 * for another reason.
912 */
916 }
920 /* See why we were woken up */
922 /* Another thread has called C_Finalize() */
925 }
927 /* A thread has finished, decrement counter */
942 /*
943 * st_event_slot is set to a valid value, event
944 * flag is set for that slot. The flag will
945 * be cleared by main C_WaitForSlotEvent().
946 */
954 }
955 }
959 /* No more threads, no events found */
961 }
962 }
964 /*NOTREACHED*/
966 }
968 /*
969 * child_waitforslotevent is used as a child thread to contact
970 * underlying provider's C_WaitForSlotEvent().
971 */
976 CK_SLOT_ID slot;
977 CK_RV rv;
979 CK_SLOT_ID i;
984 /*
985 * Need to hold the mutex while processing the results, to
986 * keep things synchronized with the listener thread and
987 * the slottable. Otherwise, due to the timing
988 * at which some underlying providers complete, the listener
989 * thread may not actually be blocking on st_wait_cond when
990 * this child signals. Holding the lock a bit longer prevents
991 * this from happening.
992 */
996 /*
997 * We've taken the mutex when the listener should have
998 * control. Release the mutex, thread scheduler should
999 * give control back to the listener.
1000 */
1004 }
1007 /* we've had an event, find slot and store it */
1010 /*
1011 * It is safe to unset active status now, since call to
1012 * underlying provider has already terminated, and we
1013 * hold the slottable wide mutex (st_mutex).
1014 */
1027 }
1044 st_wait_cond);
1045 }
1051 }
1052 }
1054 }
1059 /*
1060 * If the provider told us that it does not support
1061 * this function, we should mark it so we do not waste
1062 * time later with it. If an error returned, we'll clean
1063 * up this thread now and possibly try it again later.
1064 */
1067 }
1069 /*
1070 * It is safe to unset active status now, since call to
1071 * underlying provider has already terminated, and we
1072 * hold the slottable wide mutex (st_mutex).
1073 */
1082 }
1086 /* Manually exit the thread, since nobody will join to it */
1089 /*NOTREACHED*/
1091 }