1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 /* 29 * Slot and Token Management functions 30 * (as defined in PKCS#11 spec section 11.5) 31 */ 32 33 #include <stdio.h> 34 #include <stdlib.h> 35 #include <string.h> 36 #include "metaGlobal.h" 37 38 extern CK_ULONG num_meta_sessions; 39 extern CK_ULONG num_rw_meta_sessions; 40 41 /* 42 * meta_GetSlotList 43 * 44 * For the metaslot, this is a trivial function. The metaslot module, 45 * by defination, provides exactly one slot. The token is always present. 46 * 47 * This function is actually not called. 48 */ 49 /* ARGSUSED */ 50 CK_RV 51 meta_GetSlotList(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, 52 CK_ULONG_PTR pulCount) 53 { 54 CK_RV rv; 55 56 if (pulCount == NULL) 57 return (CKR_ARGUMENTS_BAD); 58 59 if (pSlotList == NULL) { 60 *pulCount = 1; 61 return (CKR_OK); 62 } 63 64 if (*pulCount < 1) { 65 rv = CKR_BUFFER_TOO_SMALL; 66 } else { 67 pSlotList[0] = METASLOT_SLOTID; 68 rv = CKR_OK; 69 } 70 *pulCount = 1; 71 72 return (rv); 73 } 74 75 76 /* 77 * meta_GetSlotInfo 78 * 79 * Returns basic information about the metaslot. 80 * 81 * The slotID argument is ignored. 82 */ 83 /*ARGSUSED*/ 84 CK_RV 85 meta_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) 86 { 87 CK_SLOT_INFO slotinfo; 88 CK_SLOT_ID true_id; 89 CK_RV rv; 90 91 if (!metaslot_enabled) { 92 return (CKR_SLOT_ID_INVALID); 93 } 94 95 if (pInfo == NULL) { 96 return (CKR_ARGUMENTS_BAD); 97 } 98 99 /* Provide information about the slot in the provided buffer */ 100 (void) memcpy(pInfo->slotDescription, METASLOT_SLOT_DESCRIPTION, 64); 101 (void) memcpy(pInfo->manufacturerID, METASLOT_MANUFACTURER_ID, 32); 102 pInfo->hardwareVersion.major = METASLOT_HARDWARE_VERSION_MAJOR; 103 pInfo->hardwareVersion.minor = METASLOT_HARDWARE_VERSION_MINOR; 104 pInfo->firmwareVersion.major = METASLOT_FIRMWARE_VERSION_MAJOR; 105 pInfo->firmwareVersion.minor = METASLOT_FIRMWARE_VERSION_MINOR; 106 107 /* Find out token is present in the underlying keystore */ 108 true_id = TRUEID(metaslot_keystore_slotid); 109 110 rv = FUNCLIST(metaslot_keystore_slotid)->C_GetSlotInfo(true_id, 111 &slotinfo); 112 if ((rv == CKR_OK) && (slotinfo.flags & CKF_TOKEN_PRESENT)) { 113 /* 114 * store the token present flag if it is successfully 115 * received from the keystore slot. 116 * If not, this flag will not be set. 117 */ 118 pInfo->flags = CKF_TOKEN_PRESENT; 119 } 120 121 return (CKR_OK); 122 } 123 124 125 /* 126 * meta_GetTokenInfo 127 * 128 * Returns basic information about the metaslot "token." 129 * 130 * The slotID argument is ignored. 131 * 132 */ 133 /*ARGSUSED*/ 134 CK_RV 135 meta_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo) 136 { 137 CK_RV rv; 138 CK_TOKEN_INFO metainfo; 139 CK_SLOT_ID true_id; 140 141 if (!metaslot_enabled) { 142 return (CKR_SLOT_ID_INVALID); 143 } 144 145 if (pInfo == NULL) 146 return (CKR_ARGUMENTS_BAD); 147 148 true_id = TRUEID(metaslot_keystore_slotid); 149 150 rv = FUNCLIST(metaslot_keystore_slotid)->C_GetTokenInfo(true_id, 151 &metainfo); 152 153 /* 154 * If we could not get information about the object token, use 155 * default values. This allows metaslot to be used even if there 156 * are problems with the object token (eg, it's not present). 157 */ 158 if (rv != CKR_OK) { 159 metainfo.ulTotalPublicMemory = CK_UNAVAILABLE_INFORMATION; 160 metainfo.ulFreePublicMemory = CK_UNAVAILABLE_INFORMATION; 161 metainfo.ulTotalPrivateMemory = CK_UNAVAILABLE_INFORMATION; 162 metainfo.ulFreePrivateMemory = CK_UNAVAILABLE_INFORMATION; 163 164 metainfo.flags = CKF_WRITE_PROTECTED; 165 166 metainfo.ulMaxPinLen = 0; 167 metainfo.ulMinPinLen = 0; 168 metainfo.hardwareVersion.major = 169 METASLOT_HARDWARE_VERSION_MAJOR; 170 metainfo.hardwareVersion.minor = 171 METASLOT_HARDWARE_VERSION_MINOR; 172 metainfo.firmwareVersion.major = 173 METASLOT_FIRMWARE_VERSION_MAJOR; 174 metainfo.firmwareVersion.minor = 175 METASLOT_FIRMWARE_VERSION_MINOR; 176 } 177 178 /* 179 * Override some values that the object token may have set. They 180 * can be inappropriate/misleading when used in the context of 181 * metaslot. 182 */ 183 (void) memcpy(metainfo.label, METASLOT_TOKEN_LABEL, 32); 184 (void) memcpy(metainfo.manufacturerID, 185 METASLOT_MANUFACTURER_ID, 32); 186 (void) memcpy(metainfo.model, METASLOT_TOKEN_MODEL, 16); 187 (void) memset(metainfo.serialNumber, ' ', 16); 188 189 metainfo.ulMaxSessionCount = CK_EFFECTIVELY_INFINITE; 190 metainfo.ulSessionCount = num_meta_sessions; 191 metainfo.ulMaxRwSessionCount = CK_EFFECTIVELY_INFINITE; 192 metainfo.ulRwSessionCount = num_rw_meta_sessions; 193 194 metainfo.flags |= CKF_RNG; 195 metainfo.flags &= ~CKF_RESTORE_KEY_NOT_NEEDED; 196 metainfo.flags |= CKF_TOKEN_INITIALIZED; 197 metainfo.flags &= ~CKF_SECONDARY_AUTHENTICATION; 198 199 /* Clear the time field if the token does not have a clock. */ 200 if (!(metainfo.flags & CKF_CLOCK_ON_TOKEN)) 201 (void) memset(metainfo.utcTime, ' ', 16); 202 203 *pInfo = metainfo; 204 205 return (CKR_OK); 206 } 207 208 209 /* 210 * meta_WaitForSlotEvent 211 * 212 * The metaslot never generates events, so this function doesn't do anything 213 * useful. We do not pass on provider events because we want to hide details 214 * of the providers. 215 * 216 * If CKF_DONT_BLOCK flag is turned on, CKR_NO_EVENT will be return. 217 * Otherwise, return CKR_FUNCTION_FAILED. 218 * 219 */ 220 /* ARGSUSED */ 221 CK_RV 222 meta_WaitForSlotEvent(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot, 223 CK_VOID_PTR pReserved) 224 { 225 if (flags & CKF_DONT_BLOCK) { 226 return (CKR_NO_EVENT); 227 } else { 228 return (CKR_FUNCTION_FAILED); 229 } 230 } 231 232 233 /* 234 * meta_GetMechanismList 235 * 236 * The slotID argument is not used. 237 * 238 */ 239 /*ARGSUSED*/ 240 CK_RV 241 meta_GetMechanismList(CK_SLOT_ID slotID, CK_MECHANISM_TYPE_PTR pMechanismList, 242 CK_ULONG_PTR pulCount) 243 { 244 CK_RV rv; 245 246 if (!metaslot_enabled) { 247 return (CKR_SLOT_ID_INVALID); 248 } 249 250 if (pulCount == NULL) 251 return (CKR_ARGUMENTS_BAD); 252 253 rv = meta_mechManager_get_mechs(pMechanismList, pulCount); 254 255 if ((rv == CKR_BUFFER_TOO_SMALL) && (pMechanismList == NULL)) { 256 /* 257 * if pMechanismList is not provided, just need to 258 * return count 259 */ 260 rv = CKR_OK; 261 } 262 return (rv); 263 } 264 265 266 /* 267 * meta_GetMechanismInfo 268 * 269 * The slotID argument is not used. 270 */ 271 /*ARGSUSED*/ 272 CK_RV 273 meta_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, 274 CK_MECHANISM_INFO_PTR pInfo) 275 { 276 CK_RV rv; 277 mechinfo_t **slots = NULL; 278 unsigned long i, slotCount = 0; 279 mech_support_info_t mech_support_info; 280 281 if (!metaslot_enabled) { 282 return (CKR_SLOT_ID_INVALID); 283 } 284 285 if (pInfo == NULL) { 286 return (CKR_ARGUMENTS_BAD); 287 } 288 289 mech_support_info.supporting_slots = 290 malloc(meta_slotManager_get_slotcount() * sizeof (mechinfo_t *)); 291 if (mech_support_info.supporting_slots == NULL) { 292 return (CKR_HOST_MEMORY); 293 } 294 295 mech_support_info.mech = type; 296 297 rv = meta_mechManager_get_slots(&mech_support_info, TRUE, NULL); 298 if (rv != CKR_OK) { 299 free(mech_support_info.supporting_slots); 300 return (rv); 301 } 302 303 slotCount = mech_support_info.num_supporting_slots; 304 slots = mech_support_info.supporting_slots; 305 306 /* Merge mechanism info from all slots. */ 307 (void) memcpy(pInfo, &(slots[0]->mechanism_info), 308 sizeof (CK_MECHANISM_INFO)); 309 310 /* no need to look at index 0, since that's what we started with */ 311 for (i = 1; i < slotCount; i++) { 312 CK_ULONG thisValue; 313 314 /* MinKeySize should be smallest of all slots. */ 315 thisValue = slots[i]->mechanism_info.ulMinKeySize; 316 if (thisValue < pInfo->ulMinKeySize) { 317 pInfo->ulMinKeySize = thisValue; 318 } 319 320 /* MaxKeySize should be largest of all slots. */ 321 thisValue = slots[i]->mechanism_info.ulMaxKeySize; 322 if (thisValue > pInfo->ulMaxKeySize) { 323 pInfo->ulMaxKeySize = thisValue; 324 } 325 326 pInfo->flags |= slots[i]->mechanism_info.flags; 327 } 328 329 /* Clear the CKF_HW flag. We might select a software provider later. */ 330 pInfo->flags &= ~CKF_HW; 331 332 /* Clear the extenstion flag. Spec says is should never even be set. */ 333 pInfo->flags &= ~CKF_EXTENSION; 334 335 free(mech_support_info.supporting_slots); 336 337 return (CKR_OK); 338 } 339 340 341 /* 342 * meta_InitToken 343 * 344 * Not supported. The metaslot "token" is always initialized. The token object 345 * token must already be initialized. Other vendors don't seem to support 346 * this anyway. 347 */ 348 /* ARGSUSED */ 349 CK_RV 350 meta_InitToken(CK_SLOT_ID slotID, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen, 351 CK_UTF8CHAR_PTR pLabel) 352 { 353 return (CKR_FUNCTION_NOT_SUPPORTED); 354 } 355 356 357 /* 358 * meta_InitPIN 359 * 360 * Not supported. Same reason as C_InitToken. 361 */ 362 /* ARGSUSED */ 363 CK_RV 364 meta_InitPIN(CK_SESSION_HANDLE hSession, 365 CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen) 366 { 367 return (CKR_FUNCTION_NOT_SUPPORTED); 368 } 369 370 371 /* 372 * meta_SetPIN 373 * 374 * This is basically just a pass-thru to the object token. No need to 375 * even check the arguments, since we don't use them. 376 */ 377 CK_RV 378 meta_SetPIN(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pOldPin, 379 CK_ULONG ulOldPinLen, CK_UTF8CHAR_PTR pNewPin, CK_ULONG ulNewPinLen) 380 { 381 CK_RV rv; 382 meta_session_t *session; 383 slot_session_t *slot_session; 384 385 rv = meta_handle2session(hSession, &session); 386 if (rv != CKR_OK) 387 return (rv); 388 389 if (IS_READ_ONLY_SESSION(session->session_flags)) { 390 REFRELEASE(session); 391 return (CKR_SESSION_READ_ONLY); 392 } 393 394 rv = meta_get_slot_session(get_keystore_slotnum(), &slot_session, 395 session->session_flags); 396 if (rv != CKR_OK) { 397 REFRELEASE(session); 398 return (rv); 399 } 400 401 rv = FUNCLIST(slot_session->fw_st_id)->C_SetPIN(slot_session->hSession, 402 pOldPin, ulOldPinLen, pNewPin, ulNewPinLen); 403 404 meta_release_slot_session(slot_session); 405 406 REFRELEASE(session); 407 return (rv); 408 } 409
Indexes created Thu Nov 26 17:05:41 UTC 2009
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
Copyright © 1995-2008 Sun Microsystems, Inc.