#include <string.h>
#include "metaGlobal.h"
extern meta_session_t *meta_sessionlist_head;
extern pthread_rwlock_t meta_sessionlist_lock;
extern CK_ULONG num_meta_sessions;
extern CK_ULONG num_rw_meta_sessions;
CK_RV
meta_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags, CK_VOID_PTR pApplication,
CK_NOTIFY Notify, CK_SESSION_HANDLE_PTR phSession)
{
meta_session_t *new_session;
CK_RV rv;
if (!metaslot_enabled) {
return (CKR_SLOT_ID_INVALID);
}
if (phSession == NULL) {
return (CKR_ARGUMENTS_BAD);
}
if (flags & ~(CKF_SERIAL_SESSION | CKF_RW_SESSION)) {
return (CKR_ARGUMENTS_BAD);
}
if (!(flags & CKF_SERIAL_SESSION)) {
return (CKR_SESSION_PARALLEL_NOT_SUPPORTED);
}
if (meta_slotManager_token_write_protected() &&
(flags & CKF_RW_SESSION)) {
return (CKR_TOKEN_WRITE_PROTECTED);
}
rv = meta_session_alloc(&new_session);
if (rv != CKR_OK)
return (rv);
new_session->session_flags = flags;
rv = meta_session_activate(new_session);
if (rv != CKR_OK) {
meta_session_dealloc(new_session);
return (rv);
}
*phSession = (CK_SESSION_HANDLE) new_session;
num_meta_sessions++;
if (flags & CKF_RW_SESSION) {
num_rw_meta_sessions++;
}
return (CKR_OK);
}
CK_RV
meta_CloseSession(CK_SESSION_HANDLE hSession)
{
CK_RV rv;
meta_session_t *session;
CK_FLAGS flags;
rv = meta_handle2session(hSession, &session);
if (rv != CKR_OK)
return (rv);
flags = session->session_flags;
rv = meta_session_deactivate(session, B_FALSE);
if (rv == CKR_OK)
meta_session_dealloc(session);
num_meta_sessions--;
if (flags & CKF_RW_SESSION) {
num_rw_meta_sessions--;
}
return (rv);
}
CK_RV
meta_CloseAllSessions(CK_SLOT_ID slotID)
{
CK_RV rv;
meta_session_t *session;
if (!metaslot_enabled) {
return (CKR_SLOT_ID_INVALID);
}
if (slotID != METASLOT_SLOTID)
return (CKR_SLOT_ID_INVALID);
(void) pthread_rwlock_wrlock(&meta_sessionlist_lock);
while ((session = meta_sessionlist_head) != NULL) {
rv = meta_handle2session((CK_SESSION_HANDLE)session, &session);
if (rv != CKR_OK) {
(void) pthread_rwlock_unlock(&meta_sessionlist_lock);
return (CKR_FUNCTION_FAILED);
}
(void) meta_session_deactivate(session, B_TRUE);
meta_session_dealloc(session);
}
(void) pthread_rwlock_unlock(&meta_sessionlist_lock);
num_meta_sessions = 0;
num_rw_meta_sessions = 0;
return (CKR_OK);
}
CK_RV
meta_GetSessionInfo(CK_SESSION_HANDLE hSession, CK_SESSION_INFO_PTR pInfo)
{
CK_RV rv;
meta_session_t *session;
if (pInfo == NULL)
return (CKR_ARGUMENTS_BAD);
rv = meta_handle2session(hSession, &session);
if (rv != CKR_OK)
return (rv);
pInfo->slotID = METASLOT_SLOTID;
pInfo->flags = session->session_flags;
if (metaslot_logged_in()) {
if (IS_READ_ONLY_SESSION(session->session_flags)) {
pInfo->state = CKS_RO_USER_FUNCTIONS;
} else {
pInfo->state = CKS_RW_USER_FUNCTIONS;
}
} else {
if (IS_READ_ONLY_SESSION(session->session_flags)) {
pInfo->state = CKS_RO_PUBLIC_SESSION;
} else {
pInfo->state = CKS_RW_PUBLIC_SESSION;
}
}
pInfo->ulDeviceError = 0;
REFRELEASE(session);
return (CKR_OK);
}
CK_RV
meta_getopstatelen(meta_session_t *session, CK_ULONG *out_length)
{
CK_RV rv = CKR_OK;
slot_session_t *slot_session;
CK_ULONG length;
*out_length = sizeof (meta_opstate_t);
if (session->op1.type != 0) {
slot_session = session->op1.session;
rv = FUNCLIST(slot_session->fw_st_id)->C_GetOperationState(
slot_session->hSession, NULL, &length);
if (rv == CKR_OK)
*out_length += length;
}
return (rv);
}
CK_RV
meta_GetOperationState(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pOperationState,
CK_ULONG_PTR pulOperationStateLen)
{
CK_RV rv;
meta_session_t *session;
slot_session_t *slot_session = NULL;
meta_opstate_t opstate;
if (pulOperationStateLen == NULL)
return (CKR_ARGUMENTS_BAD);
rv = meta_handle2session(hSession, &session);
if (rv != CKR_OK)
return (rv);
if (session->op1.type == 0) {
rv = CKR_OPERATION_NOT_INITIALIZED;
goto endgetopstate;
}
if (pOperationState == NULL) {
rv = meta_getopstatelen(session, pulOperationStateLen);
REFRELEASE(session);
return (rv);
}
if (*pulOperationStateLen < sizeof (meta_opstate_t)) {
rv = meta_getopstatelen(session, pulOperationStateLen);
if (rv == CKR_OK)
rv = CKR_BUFFER_TOO_SMALL;
goto endgetopstate;
}
(void) memset(&opstate, 0, sizeof (meta_opstate_t));
opstate.magic_marker = METASLOT_OPSTATE_MAGIC;
if (session->op1.type != 0) {
slot_session = session->op1.session;
opstate.state[0].op_type = session->op1.type;
opstate.state[0].op_slotnum = slot_session->slotnum;
opstate.state[0].op_state_len = *pulOperationStateLen -
sizeof (meta_opstate_t);
opstate.state[0].op_init_app = session->init.app;
opstate.state[0].op_init_done = session->init.done;
rv = FUNCLIST(slot_session->fw_st_id)->C_GetOperationState(
slot_session->hSession,
pOperationState + sizeof (meta_opstate_t),
&(opstate.state[0].op_state_len));
if (rv == CKR_BUFFER_TOO_SMALL) {
rv = meta_getopstatelen(session, pulOperationStateLen);
if (rv == CKR_OK)
rv = CKR_BUFFER_TOO_SMALL;
}
if (rv != CKR_OK)
goto endgetopstate;
}
endgetopstate:
if (rv == CKR_OK && pOperationState != NULL) {
(void) memcpy(pOperationState, (void *)&opstate,
sizeof (meta_opstate_t));
*pulOperationStateLen = sizeof (meta_opstate_t) +
opstate.state[0].op_state_len;
}
REFRELEASE(session);
return (rv);
}
static CK_RV
meta_set_opstate(slot_session_t *slot_session,
meta_object_t *meta_enc_key,
meta_object_t *meta_auth_key,
struct opstate_data *state,
CK_BYTE *databuf)
{
CK_RV rv;
static CK_ULONG encrypt_optypes = (CKF_ENCRYPT | CKF_DECRYPT);
static CK_ULONG sign_optypes = (CKF_SIGN | CKF_VERIFY |
CKF_SIGN_RECOVER | CKF_VERIFY_RECOVER);
slot_object_t *enc_key_obj = NULL, *auth_key_obj = NULL;
if (state->op_type & encrypt_optypes) {
rv = meta_object_get_clone(meta_enc_key, slot_session->slotnum,
slot_session, &enc_key_obj);
if (rv != CKR_OK) {
return (rv);
}
}
if (state->op_type & sign_optypes) {
rv = meta_object_get_clone(meta_auth_key, slot_session->slotnum,
slot_session, &auth_key_obj);
if (rv != CKR_OK) {
return (rv);
}
}
rv = FUNCLIST(slot_session->fw_st_id)->C_SetOperationState(
slot_session->hSession, databuf, state->op_state_len,
enc_key_obj ? enc_key_obj->hObject : CK_INVALID_HANDLE,
auth_key_obj ? auth_key_obj->hObject : CK_INVALID_HANDLE);
if (rv == CKR_KEY_NOT_NEEDED) {
rv = FUNCLIST(slot_session->fw_st_id)->C_SetOperationState(
slot_session->hSession, databuf, state->op_state_len,
CK_INVALID_HANDLE, CK_INVALID_HANDLE);
if (rv == CKR_KEY_NEEDED) {
rv = CKR_KEY_NOT_NEEDED;
}
}
return (rv);
}
CK_RV
meta_SetOperationState(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pOperationState,
CK_ULONG ulOperationStateLen, CK_OBJECT_HANDLE hEncryptionKey,
CK_OBJECT_HANDLE hAuthenticationKey)
{
CK_RV rv = CKR_OK;
meta_session_t *session;
slot_session_t *slot_session = NULL;
meta_opstate_t opstate;
meta_object_t *meta_enc_key = NULL, *meta_auth_key = NULL;
if (ulOperationStateLen < sizeof (meta_opstate_t) ||
pOperationState == NULL)
return (CKR_ARGUMENTS_BAD);
(void) memcpy(&opstate, pOperationState, sizeof (meta_opstate_t));
if (opstate.magic_marker != METASLOT_OPSTATE_MAGIC)
return (CKR_SAVED_STATE_INVALID);
if (ulOperationStateLen != (sizeof (meta_opstate_t) +
opstate.state[0].op_state_len))
return (CKR_SAVED_STATE_INVALID);
rv = meta_handle2session(hSession, &session);
if (rv != CKR_OK)
return (rv);
if (hEncryptionKey != CK_INVALID_HANDLE) {
rv = meta_handle2object(hEncryptionKey, &meta_enc_key);
if (rv != CKR_OK)
goto cleanup;
}
if (hAuthenticationKey != CK_INVALID_HANDLE) {
rv = meta_handle2object(hAuthenticationKey, &meta_auth_key);
if (rv != CKR_OK)
goto cleanup;
}
if (opstate.state[0].op_type != 0) {
if (session->op1.type != 0)
meta_operation_cleanup(session, session->op1.type,
B_FALSE);
if (session->op1.session != NULL) {
slot_session = session->op1.session;
} else {
rv = meta_get_slot_session(opstate.state[0].op_slotnum,
&slot_session, session->session_flags);
if (rv != CKR_OK)
goto cleanup;
}
session->op1.type = opstate.state[0].op_type;
session->op1.session = slot_session;
session->init.app = opstate.state[0].op_init_app;
session->init.done = opstate.state[0].op_init_done;
rv = meta_set_opstate(slot_session, meta_enc_key,
meta_auth_key, &(opstate.state[0]),
pOperationState + sizeof (meta_opstate_t));
if (rv != CKR_OK) {
meta_operation_cleanup(session, session->op1.type,
FALSE);
goto cleanup;
}
}
cleanup:
if (meta_enc_key != NULL)
OBJRELEASE(meta_enc_key);
if (meta_auth_key != NULL)
OBJRELEASE(meta_auth_key);
REFRELEASE(session);
return (rv);
}
CK_RV
meta_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType,
CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen)
{
CK_RV rv;
meta_session_t *session;
slot_session_t *login_session = NULL;
CK_TOKEN_INFO token_info;
CK_SLOT_ID true_id, fw_st_id;
rv = meta_handle2session(hSession, &session);
if (rv != CKR_OK)
return (rv);
if (metaslot_logged_in()) {
rv = CKR_USER_ALREADY_LOGGED_IN;
goto finish;
}
if (userType != CKU_USER) {
rv = CKR_USER_TYPE_INVALID;
goto finish;
}
rv = meta_get_slot_session(get_keystore_slotnum(), &login_session,
session->session_flags);
if (rv != CKR_OK)
goto finish;
fw_st_id = login_session->fw_st_id;
rv = FUNCLIST(fw_st_id)->C_Login(login_session->hSession, userType,
pPin, ulPinLen);
if (rv != CKR_OK) {
goto finish;
}
true_id = TRUEID(fw_st_id);
rv = FUNCLIST(fw_st_id)->C_GetTokenInfo(true_id, &token_info);
if (rv != CKR_OK) {
goto finish;
}
metaslot_set_logged_in_flag(B_TRUE);
if (token_info.flags & CKF_USER_PIN_TO_BE_CHANGED) {
metaslot_set_logged_in_flag(B_FALSE);
}
finish:
if (login_session)
meta_release_slot_session(login_session);
REFRELEASE(session);
return (rv);
}
CK_RV
meta_Logout(CK_SESSION_HANDLE hSession)
{
CK_RV rv = CKR_OK;
meta_session_t *session;
slot_session_t *logout_session = NULL;
rv = meta_handle2session(hSession, &session);
if (rv != CKR_OK)
return (rv);
if (!metaslot_logged_in()) {
rv = CKR_USER_NOT_LOGGED_IN;
goto finish;
}
rv = meta_get_slot_session(get_keystore_slotnum(), &logout_session,
session->session_flags);
if (rv != CKR_OK)
goto finish;
rv = FUNCLIST(logout_session->fw_st_id)->C_Logout(
logout_session->hSession);
metaslot_set_logged_in_flag(B_FALSE);
(void) meta_token_object_deactivate(PRIVATE_TOKEN);
finish:
if (logout_session)
meta_release_slot_session(logout_session);
REFRELEASE(session);
return (rv);
}
