xref: /optee_os/ta/pkcs11/src/pkcs11_token.h (revision 37c672344730143717046b64e5ebce2e01e5d278) 
1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*
3  * Copyright (c) 2017-2020, Linaro Limited
4  */
5 #ifndef PKCS11_TA_PKCS11_TOKEN_H
6 #define PKCS11_TA_PKCS11_TOKEN_H
7 
8 #include <sys/queue.h>
9 #include <tee_api_types.h>
10 #include <tee_internal_api.h>
11 
12 enum pkcs11_token_state {
13 	PKCS11_TOKEN_RESET = 0,
14 	PKCS11_TOKEN_READ_WRITE,
15 	PKCS11_TOKEN_READ_ONLY,
16 };
17 
18 #define PKCS11_MAX_USERS		2
19 #define PKCS11_TOKEN_PIN_SIZE		128
20 
21 /*
22  * Persistent state of the token
23  *
24  * @version - currently unused...
25  * @label - pkcs11 formatted token label, set by client
26  * @flags - pkcs11 token flags
27  * @so_pin_count - counter on security officer login failure
28  * @so_pin_size - byte size of the provisioned SO PIN
29  * @so_pin - stores the SO PIN
30  * @user_pin_count - counter on user login failure
31  * @user_pin_size - byte size of the provisioned user PIN
32  * @user_pin - stores the user PIN
33  */
34 struct token_persistent_main {
35 	uint32_t version;
36 	uint8_t label[PKCS11_TOKEN_LABEL_SIZE];
37 	uint32_t flags;
38 	uint32_t so_pin_count;
39 	uint32_t so_pin_size;
40 	uint8_t so_pin[PKCS11_TOKEN_PIN_SIZE];
41 	uint32_t user_pin_count;
42 	uint32_t user_pin_size;
43 	uint8_t user_pin[PKCS11_TOKEN_PIN_SIZE];
44 };
45 
46 /*
47  * Runtime state of the token, complies with pkcs11
48  *
49  * @state - Pkcs11 login is public, user, SO or custom
50  * @session_count - Counter for opened Pkcs11 sessions
51  * @rw_session_count - Count for opened Pkcs11 read/write sessions
52  * @db_main - Volatile copy of the persistent main database
53  */
54 struct ck_token {
55 	enum pkcs11_token_state state;
56 	uint32_t session_count;
57 	uint32_t rw_session_count;
58 	/* Copy in RAM of the persistent database */
59 	struct token_persistent_main *db_main;
60 };
61 
62 /* Initialize static token instance(s) from default/persistent database */
63 TEE_Result pkcs11_init(void);
64 void pkcs11_deinit(void);
65 
66 /* Return token instance from token identifier */
67 struct ck_token *get_token(unsigned int token_id);
68 
69 /* Return token identified from token instance address */
70 unsigned int get_token_id(struct ck_token *token);
71 
72 /* Access to persistent database */
73 struct ck_token *init_persistent_db(unsigned int token_id);
74 void close_persistent_db(struct ck_token *token);
75 
76 #endif /*PKCS11_TA_PKCS11_TOKEN_H*/
77