1*c84ccd0aSEtienne Carriere /* SPDX-License-Identifier: BSD-2-Clause */ 2*c84ccd0aSEtienne Carriere /* 3*c84ccd0aSEtienne Carriere * Copyright (c) 2017-2020, Linaro Limited 4*c84ccd0aSEtienne Carriere */ 5*c84ccd0aSEtienne Carriere #ifndef PKCS11_TA_PKCS11_TOKEN_H 6*c84ccd0aSEtienne Carriere #define PKCS11_TA_PKCS11_TOKEN_H 7*c84ccd0aSEtienne Carriere 8*c84ccd0aSEtienne Carriere #include <sys/queue.h> 9*c84ccd0aSEtienne Carriere #include <tee_api_types.h> 10*c84ccd0aSEtienne Carriere #include <tee_internal_api.h> 11*c84ccd0aSEtienne Carriere 12*c84ccd0aSEtienne Carriere enum pkcs11_token_state { 13*c84ccd0aSEtienne Carriere PKCS11_TOKEN_RESET = 0, 14*c84ccd0aSEtienne Carriere PKCS11_TOKEN_READ_WRITE, 15*c84ccd0aSEtienne Carriere PKCS11_TOKEN_READ_ONLY, 16*c84ccd0aSEtienne Carriere }; 17*c84ccd0aSEtienne Carriere 18*c84ccd0aSEtienne Carriere #define PKCS11_MAX_USERS 2 19*c84ccd0aSEtienne Carriere #define PKCS11_TOKEN_PIN_SIZE 128 20*c84ccd0aSEtienne Carriere 21*c84ccd0aSEtienne Carriere /* 22*c84ccd0aSEtienne Carriere * Persistent state of the token 23*c84ccd0aSEtienne Carriere * 24*c84ccd0aSEtienne Carriere * @version - currently unused... 25*c84ccd0aSEtienne Carriere * @label - pkcs11 formatted token label, set by client 26*c84ccd0aSEtienne Carriere * @flags - pkcs11 token flags 27*c84ccd0aSEtienne Carriere * @so_pin_count - counter on security officer login failure 28*c84ccd0aSEtienne Carriere * @so_pin_size - byte size of the provisioned SO PIN 29*c84ccd0aSEtienne Carriere * @so_pin - stores the SO PIN 30*c84ccd0aSEtienne Carriere * @user_pin_count - counter on user login failure 31*c84ccd0aSEtienne Carriere * @user_pin_size - byte size of the provisioned user PIN 32*c84ccd0aSEtienne Carriere * @user_pin - stores the user PIN 33*c84ccd0aSEtienne Carriere */ 34*c84ccd0aSEtienne Carriere struct token_persistent_main { 35*c84ccd0aSEtienne Carriere uint32_t version; 36*c84ccd0aSEtienne Carriere uint8_t label[PKCS11_TOKEN_LABEL_SIZE]; 37*c84ccd0aSEtienne Carriere uint32_t flags; 38*c84ccd0aSEtienne Carriere uint32_t so_pin_count; 39*c84ccd0aSEtienne Carriere uint32_t so_pin_size; 40*c84ccd0aSEtienne Carriere uint8_t so_pin[PKCS11_TOKEN_PIN_SIZE]; 41*c84ccd0aSEtienne Carriere uint32_t user_pin_count; 42*c84ccd0aSEtienne Carriere uint32_t user_pin_size; 43*c84ccd0aSEtienne Carriere uint8_t user_pin[PKCS11_TOKEN_PIN_SIZE]; 44*c84ccd0aSEtienne Carriere }; 45*c84ccd0aSEtienne Carriere 46*c84ccd0aSEtienne Carriere /* 47*c84ccd0aSEtienne Carriere * Runtime state of the token, complies with pkcs11 48*c84ccd0aSEtienne Carriere * 49*c84ccd0aSEtienne Carriere * @state - Pkcs11 login is public, user, SO or custom 50*c84ccd0aSEtienne Carriere * @session_count - Counter for opened Pkcs11 sessions 51*c84ccd0aSEtienne Carriere * @rw_session_count - Count for opened Pkcs11 read/write sessions 52*c84ccd0aSEtienne Carriere * @db_main - Volatile copy of the persistent main database 53*c84ccd0aSEtienne Carriere */ 54*c84ccd0aSEtienne Carriere struct ck_token { 55*c84ccd0aSEtienne Carriere enum pkcs11_token_state state; 56*c84ccd0aSEtienne Carriere uint32_t session_count; 57*c84ccd0aSEtienne Carriere uint32_t rw_session_count; 58*c84ccd0aSEtienne Carriere /* Copy in RAM of the persistent database */ 59*c84ccd0aSEtienne Carriere struct token_persistent_main *db_main; 60*c84ccd0aSEtienne Carriere }; 61*c84ccd0aSEtienne Carriere 62*c84ccd0aSEtienne Carriere /* Initialize static token instance(s) from default/persistent database */ 63*c84ccd0aSEtienne Carriere TEE_Result pkcs11_init(void); 64*c84ccd0aSEtienne Carriere void pkcs11_deinit(void); 65*c84ccd0aSEtienne Carriere 66*c84ccd0aSEtienne Carriere /* Return token instance from token identifier */ 67*c84ccd0aSEtienne Carriere struct ck_token *get_token(unsigned int token_id); 68*c84ccd0aSEtienne Carriere 69*c84ccd0aSEtienne Carriere /* Return token identified from token instance address */ 70*c84ccd0aSEtienne Carriere unsigned int get_token_id(struct ck_token *token); 71*c84ccd0aSEtienne Carriere 72*c84ccd0aSEtienne Carriere /* Access to persistent database */ 73*c84ccd0aSEtienne Carriere struct ck_token *init_persistent_db(unsigned int token_id); 74*c84ccd0aSEtienne Carriere void close_persistent_db(struct ck_token *token); 75*c84ccd0aSEtienne Carriere 76*c84ccd0aSEtienne Carriere #endif /*PKCS11_TA_PKCS11_TOKEN_H*/ 77