/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
 */

#include <errno.h>
#include <security/cryptoki.h>
#include <strings.h>
#include <sys/crypto/ioctl.h>
#include "kernelGlobal.h"
#include "kernelSlot.h"

CK_ULONG        slot_count = 0;
kernel_slot_t   **slot_table;

static CK_RV
kernel_get_slot_number()
{
        CK_RV rv;
        crypto_get_provider_list_t *pl;
        int r;

        pl = malloc(sizeof (crypto_get_provider_list_t));
        if (pl == NULL)
                return (CKR_HOST_MEMORY);

        pl->pl_count = 0;
        while ((r = ioctl(kernel_fd, CRYPTO_GET_PROVIDER_LIST, pl)) < 0) {
                if (errno != EINTR)
                        break;
        }
        if (r < 0) {
                rv = CKR_FUNCTION_FAILED;
        } else {
                if (pl->pl_return_value != CRYPTO_SUCCESS) {
                        rv = crypto2pkcs11_error_number(pl->pl_return_value);
                } else {
                        rv = CKR_OK;
                }
        }

        if (rv == CKR_OK) {
                slot_count = pl->pl_count;
        }

        (void) free(pl);
        return (rv);
}

/*
 * This function will be used by metaslot to get the kernel
 * provider's threshold value for the supported mechanisms.
 */
void
_SUNW_GetThreshold(void *thresholdp)
{

        cipher_mechs_threshold_t *tp = (cipher_mechs_threshold_t *)thresholdp;
        kernel_slot_t *pslot;
        int i;

        /*
         * We alway use the 1st slot in the kernel to
         * get the threshold because all the kernel
         * slots will have the same threshold value
         * with the same mechanism.
         */
        pslot = slot_table[0];

        for (i = 0; i < pslot->total_threshold_count; i++) {
                tp[i].mech_type =
                    pslot->sl_mechs_threshold[i].mech_type;
                tp[i].mech_threshold =
                    pslot->sl_mechs_threshold[i].mech_threshold;
        }
}

/*
 * To retrieve the crypto_function_list structure with boolean entries
 * indicating which functions are supported by the hardware provider which
 * is specified by the slot ID.
 */
static CK_RV
kernel_get_func_list(kernel_slot_t *pslot)
{
        CK_RV rv = CKR_OK;
        crypto_get_function_list_t  fl;
        int r;
        int i;

        (void) memset(&fl, 0, sizeof (fl));
        fl.fl_provider_id = pslot->sl_provider_id;

        while ((r = ioctl(kernel_fd, CRYPTO_GET_FUNCTION_LIST, &fl)) < 0) {
                if (errno != EINTR)
                        break;
        }
        if (r < 0) {
                rv = CKR_FUNCTION_FAILED;
        } else {
                if (fl.fl_return_value == 0) {
                        rv = CKR_OK;
                } else {
                        rv = crypto2pkcs11_error_number(fl.fl_return_value);
                }
        }

        if (rv != CKR_OK) {
                return (rv);
        }

        /* copy data structure received from kernel */
        pslot->sl_func_list = fl.fl_list;

        pslot->sl_flags = 0;
        if (fl.fl_list.prov_is_hash_limited) {
                pslot->sl_flags |= CRYPTO_LIMITED_HASH_SUPPORT;
                pslot->sl_hash_max_inlen = fl.fl_list.prov_hash_limit;
        }

        if (fl.fl_list.prov_is_hmac_limited) {
                pslot->sl_flags |= CRYPTO_LIMITED_HMAC_SUPPORT;
                pslot->sl_hmac_max_inlen = fl.fl_list.prov_hmac_limit;
        }

        if (fl.fl_list.prov_is_hash_limited | fl.fl_list.prov_is_hmac_limited) {
                pslot->sl_threshold = fl.fl_list.prov_hash_threshold;
        }

        pslot->total_threshold_count = fl.fl_list.total_threshold_count;

        for (i = 0; i < pslot->total_threshold_count; i++) {
                pslot->sl_mechs_threshold[i].mech_type =
                    fl.fl_list.fl_threshold[i].mech_type;
                pslot->sl_mechs_threshold[i].mech_threshold =
                    fl.fl_list.fl_threshold[i].mech_threshold;
        }

        return (CKR_OK);
}

/*
 * Initialize the slot table.
 *
 * This function is called from C_Initialize() only.  Since C_Initialize()
 * holds the global mutex lock, there is no need to acquire another lock
 * in this routine to protect the slot table.
 */
CK_RV
kernel_slottable_init()
{
        int i, cur_slot_num = 0;
        CK_RV rv = CKR_OK;
        crypto_get_provider_list_t *pl = NULL;
        int r;

        /*
         * Find out how many slots are presented from kernel hardware
         * providers. If there is no slot presented, just return.
         */
        rv = kernel_get_slot_number();
        if (rv != CKR_OK || slot_count == 0) {
                return (rv);
        }

        /* Allocate space for the slot table */
        slot_table = malloc(sizeof (kernel_slot_t *) * slot_count);
        if (slot_table == NULL) {
                return (CKR_HOST_MEMORY);
        }

        /* For each slot, allocate space and initialize the slot's mutex. */
        for (i = 0; i < slot_count; i++) {
                slot_table[i] = malloc(sizeof (kernel_slot_t));
                if (slot_table[i] == NULL) {
                        rv = CKR_HOST_MEMORY;
                        goto failed;
                }

                slot_table[i]->sl_sess_list = NULL;
                slot_table[i]->sl_tobj_list = NULL;
                slot_table[i]->sl_state = CKU_PUBLIC;

                /* Initialize this slot's mutex */
                if (pthread_mutex_init(&slot_table[i]->sl_mutex, NULL) != 0) {
                        rv = CKR_FUNCTION_FAILED;
                        (void) free(slot_table[i]);
                        goto failed;
                }

                cur_slot_num = i;
        }

        /*
         * Get the provider ID for each slot from kernel and save it in the
         * slot table.
         */
        pl = malloc(slot_count * sizeof (crypto_get_provider_list_t));
        if (pl == NULL) {
                rv = CKR_HOST_MEMORY;
                goto failed;
        }

        pl->pl_count = slot_count;
        while ((r = ioctl(kernel_fd, CRYPTO_GET_PROVIDER_LIST, pl)) < 0) {
                if (errno != EINTR)
                        break;
        }
        if (r < 0) {
                rv = CKR_FUNCTION_FAILED;
                goto failed;
        } else {
                if (pl->pl_return_value != CRYPTO_SUCCESS) {
                        rv = crypto2pkcs11_error_number(pl->pl_return_value);
                        goto failed;
                } else {
                        rv = CKR_OK;
                }
        }

        for (i = 0; i < slot_count; i++) {
                slot_table[i]->sl_provider_id = pl->pl_list[i].pe_provider_id;
        }

        /*
         * Get the function list for each slot from kernel and save it in
         * the slot table.
         */
        for (i = 0; i < slot_count; i++) {
                rv = kernel_get_func_list(slot_table[i]);
                if (rv != CKR_OK) {
                        goto failed;
                }
        }

        (void) free(pl);
        return (CKR_OK);

failed:
        for (i = 0; i < cur_slot_num; i++) {
                (void) pthread_mutex_destroy(&slot_table[i]->sl_mutex);
                (void) free(slot_table[i]);
        }

        (void) free(slot_table);
        (void) free(pl);
        return (rv);
}