xref: /onnv-gate/usr/src/lib/pkcs11/pkcs11_tpm/common/utility.c (revision 10346:9f0b25e42dc5)

/*
 * The Initial Developer of the Original Code is International
 * Business Machines Corporation. Portions created by IBM
 * Corporation are Copyright (C) 2005 International Business
 * Machines Corporation. All Rights Reserved.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the Common Public License as published by
 * IBM Corporation; either version 1 of the License, or (at your option)
 * any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * Common Public License for more details.
 *
 * You should have received a copy of the Common Public License
 * along with this program; if not, a copy can be viewed at
 * http://www.opensource.org/licenses/cpl1.0.php.
 */

/* (C) COPYRIGHT International Business Machines Corp. 2001, 2002, 2005 */
/*
 * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

#include "tpmtok_int.h"

static CK_SLOT_INFO    slot_info;

// Function:  dlist_add_as_first()
//
// Adds the specified node to the start of the list
//
// Returns:  pointer to the start of the list
//
DL_NODE *
dlist_add_as_first(DL_NODE *list, void *data)
{
	DL_NODE *node = NULL;

	if (! data)
		return (list);
	node = (DL_NODE *)malloc(sizeof (DL_NODE));
	if (! node)
		return (NULL);
	node->data = data;
	node->prev = NULL;
	node->next = list;
	if (list)
		list->prev = node;

	return (node);
}


// Function:  dlist_add_as_last()
//
// Adds the specified node to the end of the list
//
// Returns:  pointer to the start of the list
//
DL_NODE *
dlist_add_as_last(DL_NODE *list, void *data) {
	DL_NODE *node = NULL;

	if (! data)
		return (list);
	node = (DL_NODE *)malloc(sizeof (DL_NODE));
	if (! node)
		return (NULL);
	node->data = data;
	node->next = NULL;

	if (! list) {
		node->prev = NULL;
		return (node);
	} else {
		DL_NODE *temp = dlist_get_last(list);
		temp->next = node;
		node->prev = temp;

		return (list);
	}
}


// Function:  dlist_find()
//
DL_NODE *
dlist_find(DL_NODE *list, void *data)
{
	DL_NODE *node = list;

	while (node && node->data != data)
	node = node->next;

	return (node);
}


// Function:  dlist_get_first()
//
// Returns the last node in the list or NULL if list is empty
//
DL_NODE *
dlist_get_first(DL_NODE *list) {
	DL_NODE *temp = list;

	if (! list)
		return (NULL);
	while (temp->prev != NULL)
	temp = temp->prev;

	return (temp);
}


// Function:  dlist_get_last()
//
// Returns the last node in the list or NULL if list is empty
//
DL_NODE *
dlist_get_last(DL_NODE *list) {
	DL_NODE *temp = list;

	if (! list)
		return (NULL);
	while (temp->next != NULL)
	temp = temp->next;

	return (temp);
}


//
//
CK_ULONG
dlist_length(DL_NODE *list) {
	DL_NODE  *temp = list;
	CK_ULONG  len  = 0;

	while (temp) {
		len++;
		temp = temp->next;
	}

	return (len);
}


//
//
DL_NODE *
dlist_next(DL_NODE *node)
{
	if (! node)
		return (NULL);
	return (node->next);
}


//
//
DL_NODE *
dlist_prev(DL_NODE *node) {
	if (! node)
		return (NULL);
	return (node->prev);
}


//
//
void
dlist_purge(DL_NODE *list) {
	DL_NODE *node;

	if (! list)
		return;
	do {
		node = list->next;
		free(list);
		list = node;
	} while (list);
}

// Function:  dlist_remove_node()
//
// Attempts to remove the specified node from the list.  The caller is
// responsible for freeing the data associated with the node prior to
// calling this routine
//
DL_NODE *
dlist_remove_node(DL_NODE *list, DL_NODE *node) {
	DL_NODE *temp  = list;

	if (! list || ! node)
		return (NULL);
	// special case:  removing head of the list
	//
	if (list == node) {
		temp = list->next;
		if (temp)
			temp->prev = NULL;

		free(list);
		return (temp);
	}

	// we have no guarantee that the node is in the list
	// so search through the list to find it
	//
	while ((temp != NULL) && (temp->next != node))
	temp = temp->next;

	if (temp != NULL) {
		DL_NODE *next = node->next;

		temp->next = next;
		if (next)
			next->prev = temp;

		free(node);
	}

	return (list);
}

extern void set_perm(int);

void
CreateXProcLock(void *xproc)
{
	pthread_mutexattr_t  mtxattr;

	(void) pthread_mutexattr_init(&mtxattr);
	(void) pthread_mutexattr_setpshared(&mtxattr, PTHREAD_PROCESS_SHARED);
	(void) pthread_mutex_init((pthread_mutex_t *)xproc, &mtxattr);
}

int
DestroyXProcLock(void *xproc)
{
	return (pthread_mutex_destroy((pthread_mutex_t *)xproc));
}

int
XProcLock(void *xproc)
{
	return (pthread_mutex_lock((pthread_mutex_t *)xproc));
}

int
XProcUnLock(void *xproc)
{
	return (pthread_mutex_unlock((pthread_mutex_t *)xproc));
}

//
//
// is_attribute_defined()
//
// determine whether the specified attribute is defined by Cryptoki
//
CK_BBOOL
is_attribute_defined(CK_ATTRIBUTE_TYPE type)
{
	if (type >= CKA_VENDOR_DEFINED)
		return (TRUE);
	switch (type) {
		case  CKA_CLASS:
		case  CKA_TOKEN:
		case  CKA_PRIVATE:
		case  CKA_LABEL:
		case  CKA_APPLICATION:
		case  CKA_VALUE:
		case  CKA_CERTIFICATE_TYPE:
		case  CKA_ISSUER:
		case  CKA_SERIAL_NUMBER:
		case  CKA_KEY_TYPE:
		case  CKA_SUBJECT:
		case  CKA_ID:
		case  CKA_SENSITIVE:
		case  CKA_ENCRYPT:
		case  CKA_DECRYPT:
		case  CKA_WRAP:
		case  CKA_UNWRAP:
		case  CKA_SIGN:
		case  CKA_SIGN_RECOVER:
		case  CKA_VERIFY:
		case  CKA_VERIFY_RECOVER:
		case  CKA_DERIVE:
		case  CKA_START_DATE:
		case  CKA_END_DATE:
		case  CKA_MODULUS:
		case  CKA_MODULUS_BITS:
		case  CKA_PUBLIC_EXPONENT:
		case  CKA_PRIVATE_EXPONENT:
		case  CKA_PRIME_1:
		case  CKA_PRIME_2:
		case  CKA_EXPONENT_1:
		case  CKA_EXPONENT_2:
		case  CKA_COEFFICIENT:
		case  CKA_PRIME:
		case  CKA_SUBPRIME:
		case  CKA_BASE:
		case  CKA_VALUE_BITS:
		case  CKA_VALUE_LEN:
		case  CKA_EXTRACTABLE:
		case  CKA_LOCAL:
		case  CKA_NEVER_EXTRACTABLE:
		case  CKA_ALWAYS_SENSITIVE:
		case  CKA_MODIFIABLE:
		case  CKA_ECDSA_PARAMS:
		case  CKA_EC_POINT:
		case  CKA_HW_FEATURE_TYPE:
		case  CKA_HAS_RESET:
		case  CKA_RESET_ON_INIT:
		case  CKA_KEY_GEN_MECHANISM:
		case  CKA_PRIME_BITS:
		case  CKA_SUBPRIME_BITS:
		case  CKA_OBJECT_ID:
		case  CKA_AC_ISSUER:
		case  CKA_OWNER:
		case  CKA_ATTR_TYPES:
		case  CKA_TRUSTED:
		return (TRUE);
	}

	return (FALSE);
}

void
init_slot_info(TOKEN_DATA *td)
{
	/*
	 * Much of the token info is pulled from the TPM itself when
	 * C_Initialize is called.
	 */
	(void) (void) memset(&slot_info.slotDescription, ' ',
	    sizeof (slot_info.slotDescription) - 1);
	(void) (void) memset(&slot_info.manufacturerID,  ' ',
	    sizeof (slot_info.manufacturerID) - 1);

	(void) (void) memcpy(&slot_info.slotDescription,
	    "PKCS#11 Interface for TPM",
	    strlen("PKCS#11 Interface for TPM"));

	(void) (void) memcpy(&slot_info.manufacturerID,
	    td->token_info.manufacturerID,
	    strlen((char *)td->token_info.manufacturerID));

	slot_info.hardwareVersion = nv_token_data->token_info.hardwareVersion;
	slot_info.firmwareVersion = nv_token_data->token_info.firmwareVersion;
	slot_info.flags = CKF_TOKEN_PRESENT | CKF_HW_SLOT;
}

/*ARGSUSED*/
void
copy_slot_info(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR sinfo)
{
	if (sinfo != NULL)
		(void) memcpy(sinfo, &slot_info, sizeof (slot_info));
}

static void
init_token_info(TOKEN_DATA *td)
{
	CK_TOKEN_INFO    *token_info = NULL;

	token_info = &td->token_info;

	(void) memset(token_info->model, ' ',
	    sizeof (token_info->model));
	(void) memset(token_info->serialNumber, ' ',
	    sizeof (token_info->serialNumber));

	//
	// I don't see any API support for changing the clock so
	// we will use the system clock for the token's clock.
	//
	token_info->flags = CKF_RNG | CKF_LOGIN_REQUIRED | CKF_CLOCK_ON_TOKEN |
	    CKF_SO_PIN_TO_BE_CHANGED;

	if (memcmp(td->user_pin_sha, "00000000000000000000",
	    SHA1_DIGEST_LENGTH) != 0)
		token_info->flags |= CKF_USER_PIN_INITIALIZED;
	else
		token_info->flags |= CKF_USER_PIN_TO_BE_CHANGED;

	// For the release, we made these
	// values as CK_UNAVAILABLE_INFORMATION
	//
	token_info->ulMaxSessionCount    = (CK_ULONG)CK_UNAVAILABLE_INFORMATION;
	token_info->ulSessionCount	= (CK_ULONG)CK_UNAVAILABLE_INFORMATION;
	token_info->ulMaxRwSessionCount  = (CK_ULONG)CK_UNAVAILABLE_INFORMATION;
	token_info->ulRwSessionCount	= (CK_ULONG)CK_UNAVAILABLE_INFORMATION;
	token_info->ulMaxPinLen	  = MAX_PIN_LEN;
	token_info->ulMinPinLen	  = MIN_PIN_LEN;
	token_info->ulTotalPublicMemory  = (CK_ULONG)CK_UNAVAILABLE_INFORMATION;
	token_info->ulFreePublicMemory   = (CK_ULONG)CK_UNAVAILABLE_INFORMATION;
	token_info->ulTotalPrivateMemory = (CK_ULONG)CK_UNAVAILABLE_INFORMATION;
	token_info->ulFreePrivateMemory  = (CK_ULONG)CK_UNAVAILABLE_INFORMATION;

	(void) memset(token_info->utcTime, ' ', sizeof (token_info->utcTime));
}

CK_RV
init_token_data(TSS_HCONTEXT hContext, TOKEN_DATA *td) {
	CK_RV rc;

	(void) memset((char *)td, 0, sizeof (nv_token_data));
	//
	// the normal USER pin is not set when the token is initialized
	//
	(void) memcpy(td->user_pin_sha, "00000000000000000000",
	    SHA1_DIGEST_LENGTH);
	(void) memcpy(td->so_pin_sha, default_so_pin_sha,
	    SHA1_DIGEST_LENGTH);

	(void) memset(user_pin_md5, 0x0, MD5_DIGEST_LENGTH);
	(void) memcpy(so_pin_md5, default_so_pin_md5, MD5_DIGEST_LENGTH);

	(void) memcpy(td->next_token_object_name, "00000000", 8);

	td->tweak_vector.allow_key_mods   = TRUE;

	init_token_info(td);

	rc = token_get_tpm_info(hContext, td);
	if (rc != CKR_OK)
		return (rc);

	rc = save_token_data(td);

	return (rc);
}

// Function:  compute_next_token_obj_name()
//
// Given a token object name (8 bytes in the range [0 - 9A - Z])
// increment by one adjusting as necessary
//
// This gives us a namespace of 36^8 = 2, 821, 109, 907, 456
// objects before wrapping around.
//
CK_RV
compute_next_token_obj_name(CK_BYTE *current, CK_BYTE *next) {
	int val[8];
	int i;

	if (! current || ! next) {
		return (CKR_FUNCTION_FAILED);
	}
	// Convert to integral base 36
	//
	for (i = 0; i < 8; i++) {
		if (current[i] >= '0' && current[i] <= '9')
			val[i] = current[i] - '0';

		if (current[i] >= 'A' && current[i] <= 'Z')
			val[i] = current[i] - 'A' + 10;
	}

	val[0]++;

	i = 0;

	while (val[i] > 35) {
		val[i] = 0;

		if (i + 1 < 8) {
			val[i + 1]++;
			i++;
		} else {
			val[0]++;
			i = 0;   // start pass 2
		}
	}

	// now, convert back to [0 - 9A - Z]
	//
	for (i = 0; i < 8; i++) {
		if (val[i] < 10)
			next[i] = '0' + val[i];
		else
			next[i] = 'A' + val[i] - 10;
	}

	return (CKR_OK);
}


//
//
CK_RV
build_attribute(CK_ATTRIBUTE_TYPE  type,
	CK_BYTE	   *data,
	CK_ULONG	   data_len,
	CK_ATTRIBUTE	**attrib) {
	CK_ATTRIBUTE *attr = NULL;

	attr = (CK_ATTRIBUTE *)malloc(sizeof (CK_ATTRIBUTE) + data_len);
	if (! attr) {
		return (CKR_DEVICE_MEMORY);
	}
	attr->type  = type;
	attr->ulValueLen = data_len;

	if (data_len > 0) {
		attr->pValue = (CK_BYTE *)attr + sizeof (CK_ATTRIBUTE);
		(void) memcpy(attr->pValue, data, data_len);
	}
	else
		attr->pValue = NULL;

	 *attrib = attr;

	return (CKR_OK);
}

CK_RV
add_pkcs_padding(CK_BYTE  * ptr,
	UINT32   block_size,
	UINT32   data_len,
	UINT32   total_len)
{
	UINT32 i, pad_len;
	CK_BYTE  pad_value;

	pad_len = block_size - (data_len % block_size);
	pad_value = (CK_BYTE)pad_len;

	if (data_len + pad_len > total_len) {
		return (CKR_FUNCTION_FAILED);
	}
	for (i = 0; i < pad_len; i++)
		ptr[i] = pad_value;

	return (CKR_OK);
}

CK_RV
strip_pkcs_padding(
	CK_BYTE *ptr,
	UINT32  total_len,
	UINT32  *data_len)
{
	CK_BYTE  pad_value;

	pad_value = ptr[total_len - 1];

	/* We have 'pad_value' bytes of 'pad_value' appended to the end */
	*data_len = total_len - pad_value;

	return (CKR_OK);
}

CK_RV
remove_leading_zeros(CK_ATTRIBUTE *attr)
{
	CK_BYTE   *ptr = NULL;
	CK_ULONG   new_len, i;

	ptr = attr->pValue;

	for (i = 0; i < attr->ulValueLen; i++) {
		if (ptr[i] != 0x0)
			break;
	}

	new_len = attr->ulValueLen - i;

	(void) memcpy(ptr, ptr + i, new_len);
	attr->ulValueLen = new_len;

	return (CKR_OK);
}

CK_RV
parity_is_odd(CK_BYTE b) {
	b = ((b >> 4) ^ b) & 0x0f;
	b = ((b >> 2) ^ b) & 0x03;
	b = ((b >> 1) ^ b) & 0x01;

	if (b == 1)
		return (TRUE);
	else
		return (FALSE);
}

CK_RV
attach_shm() {
	if (global_shm != NULL)
		return (CKR_OK);

	global_shm = (LW_SHM_TYPE *)calloc(1, sizeof (LW_SHM_TYPE));
	if (global_shm == NULL) {
		return (CKR_HOST_MEMORY);
	}
	CreateXProcLock(&global_shm->mutex);

	xproclock = (void *)&global_shm->mutex;

	return (CKR_OK);
}

CK_RV
detach_shm()
{
	if (global_shm != NULL) {
		free(global_shm);
		global_shm = NULL;
	}

	return (CKR_OK);
}

CK_RV
compute_sha(CK_BYTE  *data,
	CK_ULONG_32   len,
	CK_BYTE  * hash)
{
	SHA1_CTX	ctx;

	SHA1Init(&ctx);

	SHA1Update(&ctx, data, len);

	SHA1Final(hash, &ctx);
	return (CKR_OK);
}