metaSlotToken.c revision 7c478bd95313f5f23a4c958a745db2134aa03244
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2005 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* Slot and Token Management functions
* (as defined in PKCS#11 spec section 11.5)
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "metaGlobal.h"
extern CK_ULONG num_meta_sessions;
extern CK_ULONG num_rw_meta_sessions;
/*
* meta_GetSlotList
*
* For the metaslot, this is a trivial function. The metaslot module,
* by defination, provides exactly one slot. The token is always present.
*
* This function is actually not called.
*/
/* ARGSUSED */
CK_RV
meta_GetSlotList(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList,
CK_ULONG_PTR pulCount)
{
CK_RV rv;
if (pulCount == NULL)
return (CKR_ARGUMENTS_BAD);
if (pSlotList == NULL) {
*pulCount = 1;
return (CKR_OK);
}
if (*pulCount < 1) {
rv = CKR_BUFFER_TOO_SMALL;
} else {
pSlotList[0] = METASLOT_SLOTID;
rv = CKR_OK;
}
*pulCount = 1;
return (rv);
}
/*
* meta_GetSlotInfo
*
* Returns basic information about the metaslot.
*
* The slotID argument is ignored.
*/
/*ARGSUSED*/
CK_RV
meta_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
{
CK_SLOT_INFO slotinfo;
CK_SLOT_ID true_id;
CK_RV rv;
if (!metaslot_enabled) {
return (CKR_SLOT_ID_INVALID);
}
if (pInfo == NULL) {
return (CKR_ARGUMENTS_BAD);
}
/* Provide information about the slot in the provided buffer */
(void) memcpy(pInfo->slotDescription, METASLOT_SLOT_DESCRIPTION, 64);
(void) memcpy(pInfo->manufacturerID, METASLOT_MANUFACTURER_ID, 32);
pInfo->hardwareVersion.major = METASLOT_HARDWARE_VERSION_MAJOR;
pInfo->hardwareVersion.minor = METASLOT_HARDWARE_VERSION_MINOR;
pInfo->firmwareVersion.major = METASLOT_FIRMWARE_VERSION_MAJOR;
pInfo->firmwareVersion.minor = METASLOT_FIRMWARE_VERSION_MINOR;
/* Find out token is present in the underlying keystore */
true_id = TRUEID(metaslot_keystore_slotid);
rv = FUNCLIST(metaslot_keystore_slotid)->C_GetSlotInfo(true_id,
&slotinfo);
if ((rv == CKR_OK) && (slotinfo.flags & CKF_TOKEN_PRESENT)) {
/*
* store the token present flag if it is successfully
* received from the keystore slot.
* If not, this flag will not be set.
*/
pInfo->flags = CKF_TOKEN_PRESENT;
}
return (CKR_OK);
}
/*
* meta_GetTokenInfo
*
* Returns basic information about the metaslot "token."
*
* The slotID argument is ignored.
*
*/
/*ARGSUSED*/
CK_RV
meta_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
{
CK_RV rv;
CK_TOKEN_INFO metainfo;
CK_SLOT_ID true_id;
if (!metaslot_enabled) {
return (CKR_SLOT_ID_INVALID);
}
if (pInfo == NULL)
return (CKR_ARGUMENTS_BAD);
true_id = TRUEID(metaslot_keystore_slotid);
rv = FUNCLIST(metaslot_keystore_slotid)->C_GetTokenInfo(true_id,
&metainfo);
/*
* If we could not get information about the object token, use
* default values. This allows metaslot to be used even if there
* are problems with the object token (eg, it's not present).
*/
if (rv != CKR_OK) {
metainfo.ulTotalPublicMemory = CK_UNAVAILABLE_INFORMATION;
metainfo.ulFreePublicMemory = CK_UNAVAILABLE_INFORMATION;
metainfo.ulTotalPrivateMemory = CK_UNAVAILABLE_INFORMATION;
metainfo.ulFreePrivateMemory = CK_UNAVAILABLE_INFORMATION;
metainfo.flags = CKF_WRITE_PROTECTED;
metainfo.ulMaxPinLen = 0;
metainfo.ulMinPinLen = 0;
metainfo.hardwareVersion.major =
METASLOT_HARDWARE_VERSION_MAJOR;
metainfo.hardwareVersion.minor =
METASLOT_HARDWARE_VERSION_MINOR;
metainfo.firmwareVersion.major =
METASLOT_FIRMWARE_VERSION_MAJOR;
metainfo.firmwareVersion.minor =
METASLOT_FIRMWARE_VERSION_MINOR;
}
/*
* Override some values that the object token may have set. They
* can be inappropriate/misleading when used in the context of
* metaslot.
*/
(void) memcpy(metainfo.label, METASLOT_TOKEN_LABEL, 32);
(void) memcpy(metainfo.manufacturerID,
METASLOT_MANUFACTURER_ID, 32);
(void) memcpy(metainfo.model, METASLOT_TOKEN_MODEL, 16);
(void) memset(metainfo.serialNumber, ' ', 16);
metainfo.ulMaxSessionCount = CK_EFFECTIVELY_INFINITE;
metainfo.ulSessionCount = num_meta_sessions;
metainfo.ulMaxRwSessionCount = CK_EFFECTIVELY_INFINITE;
metainfo.ulRwSessionCount = num_rw_meta_sessions;
metainfo.flags |= CKF_RNG;
metainfo.flags &= ~CKF_RESTORE_KEY_NOT_NEEDED;
metainfo.flags |= CKF_TOKEN_INITIALIZED;
metainfo.flags &= ~CKF_SECONDARY_AUTHENTICATION;
/* Clear the time field if the token does not have a clock. */
if (!(metainfo.flags & CKF_CLOCK_ON_TOKEN))
(void) memset(metainfo.utcTime, ' ', 16);
*pInfo = metainfo;
return (CKR_OK);
}
/*
* meta_WaitForSlotEvent
*
* The metaslot never generates events, so this function doesn't do anything
* useful. We do not pass on provider events because we want to hide details
* of the providers.
*
* If CKF_DONT_BLOCK flag is turned on, CKR_NO_EVENT will be return.
* Otherwise, return CKR_FUNCTION_FAILED.
*
*/
/* ARGSUSED */
CK_RV
meta_WaitForSlotEvent(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot,
CK_VOID_PTR pReserved)
{
if (flags & CKF_DONT_BLOCK) {
return (CKR_NO_EVENT);
} else {
return (CKR_FUNCTION_FAILED);
}
}
/*
* meta_GetMechanismList
*
* The slotID argument is not used.
*
*/
/*ARGSUSED*/
CK_RV
meta_GetMechanismList(CK_SLOT_ID slotID, CK_MECHANISM_TYPE_PTR pMechanismList,
CK_ULONG_PTR pulCount)
{
CK_RV rv;
if (!metaslot_enabled) {
return (CKR_SLOT_ID_INVALID);
}
if (pulCount == NULL)
return (CKR_ARGUMENTS_BAD);
rv = meta_mechManager_get_mechs(pMechanismList, pulCount);
if ((rv == CKR_BUFFER_TOO_SMALL) && (pMechanismList == NULL)) {
/*
* if pMechanismList is not provided, just need to
* return count
*/
rv = CKR_OK;
}
return (rv);
}
/*
* meta_GetMechanismInfo
*
* The slotID argument is not used.
*/
/*ARGSUSED*/
CK_RV
meta_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type,
CK_MECHANISM_INFO_PTR pInfo)
{
CK_RV rv;
mechinfo_t **slots = NULL;
unsigned long i, slotCount = 0;
mech_support_info_t mech_support_info;
if (!metaslot_enabled) {
return (CKR_SLOT_ID_INVALID);
}
if (pInfo == NULL) {
return (CKR_ARGUMENTS_BAD);
}
mech_support_info.supporting_slots =
malloc(meta_slotManager_get_slotcount() * sizeof (mechinfo_t *));
if (mech_support_info.supporting_slots == NULL) {
return (CKR_HOST_MEMORY);
}
mech_support_info.mech = type;
rv = meta_mechManager_get_slots(&mech_support_info, TRUE);
if (rv != CKR_OK) {
free(mech_support_info.supporting_slots);
return (rv);
}
slotCount = mech_support_info.num_supporting_slots;
slots = mech_support_info.supporting_slots;
/* Merge mechanism info from all slots. */
(void) memcpy(pInfo, &(slots[0]->mechanism_info),
sizeof (CK_MECHANISM_INFO));
/* no need to look at index 0, since that's what we started with */
for (i = 1; i < slotCount; i++) {
CK_ULONG thisValue;
/* MinKeySize should be smallest of all slots. */
thisValue = slots[i]->mechanism_info.ulMinKeySize;
if (thisValue < pInfo->ulMinKeySize) {
pInfo->ulMinKeySize = thisValue;
}
/* MaxKeySize should be largest of all slots. */
thisValue = slots[i]->mechanism_info.ulMaxKeySize;
if (thisValue > pInfo->ulMaxKeySize) {
pInfo->ulMaxKeySize = thisValue;
}
pInfo->flags |= slots[i]->mechanism_info.flags;
}
/* Clear the CKF_HW flag. We might select a software provider later. */
pInfo->flags &= ~CKF_HW;
/* Clear the extenstion flag. Spec says is should never even be set. */
pInfo->flags &= ~CKF_EXTENSION;
free(mech_support_info.supporting_slots);
return (CKR_OK);
}
/*
* meta_InitToken
*
* Not supported. The metaslot "token" is always initialized. The token object
* token must already be initialized. Other vendors don't seem to support
* this anyway.
*/
/* ARGSUSED */
CK_RV
meta_InitToken(CK_SLOT_ID slotID, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen,
CK_UTF8CHAR_PTR pLabel)
{
return (CKR_FUNCTION_NOT_SUPPORTED);
}
/*
* meta_InitPIN
*
* Not supported. Same reason as C_InitToken.
*/
/* ARGSUSED */
CK_RV
meta_InitPIN(CK_SESSION_HANDLE hSession,
CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen)
{
return (CKR_FUNCTION_NOT_SUPPORTED);
}
/*
* meta_SetPIN
*
* This is basically just a pass-thru to the object token. No need to
* even check the arguments, since we don't use them.
*/
CK_RV
meta_SetPIN(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pOldPin,
CK_ULONG ulOldPinLen, CK_UTF8CHAR_PTR pNewPin, CK_ULONG ulNewPinLen)
{
CK_RV rv;
meta_session_t *session;
slot_session_t *slot_session;
rv = meta_handle2session(hSession, &session);
if (rv != CKR_OK)
return (rv);
if (IS_READ_ONLY_SESSION(session->session_flags)) {
REFRELEASE(session);
return (CKR_SESSION_READ_ONLY);
}
rv = meta_get_slot_session(get_keystore_slotnum(), &slot_session,
session->session_flags);
if (rv != CKR_OK) {
REFRELEASE(session);
return (rv);
}
rv = FUNCLIST(slot_session->fw_st_id)->C_SetPIN(slot_session->hSession,
pOldPin, ulOldPinLen, pNewPin, ulNewPinLen);
meta_release_slot_session(slot_session);
REFRELEASE(session);
return (rv);
}