xref: /optee_os/ta/pkcs11/src/pkcs11_token.h (revision ce94efefb619f4d10aa95e81c2fe02a7dd03b753) 
1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*
3  * Copyright (c) 2017-2020, Linaro Limited
4  */
5 #ifndef PKCS11_TA_PKCS11_TOKEN_H
6 #define PKCS11_TA_PKCS11_TOKEN_H
7 
8 #include <sys/queue.h>
9 #include <tee_api_types.h>
10 #include <tee_internal_api.h>
11 
12 /* Hard coded description */
13 #define PKCS11_SLOT_DESCRIPTION		"OP-TEE PKCS11 TA"
14 #define PKCS11_SLOT_MANUFACTURER	"Linaro"
15 #define PKCS11_SLOT_HW_VERSION		{ 0, 0 }
16 #define PKCS11_SLOT_FW_VERSION		{ PKCS11_TA_VERSION_MAJOR, \
17 					  PKCS11_TA_VERSION_MINOR }
18 
19 enum pkcs11_token_state {
20 	PKCS11_TOKEN_RESET = 0,
21 	PKCS11_TOKEN_READ_WRITE,
22 	PKCS11_TOKEN_READ_ONLY,
23 };
24 
25 #define PKCS11_MAX_USERS		2
26 #define PKCS11_TOKEN_PIN_SIZE		128
27 
28 /*
29  * Persistent state of the token
30  *
31  * @version - currently unused...
32  * @label - pkcs11 formatted token label, set by client
33  * @flags - pkcs11 token flags
34  * @so_pin_count - counter on security officer login failure
35  * @so_pin_size - byte size of the provisioned SO PIN
36  * @so_pin - stores the SO PIN
37  * @user_pin_count - counter on user login failure
38  * @user_pin_size - byte size of the provisioned user PIN
39  * @user_pin - stores the user PIN
40  */
41 struct token_persistent_main {
42 	uint32_t version;
43 	uint8_t label[PKCS11_TOKEN_LABEL_SIZE];
44 	uint32_t flags;
45 	uint32_t so_pin_count;
46 	uint32_t so_pin_size;
47 	uint8_t so_pin[PKCS11_TOKEN_PIN_SIZE];
48 	uint32_t user_pin_count;
49 	uint32_t user_pin_size;
50 	uint8_t user_pin[PKCS11_TOKEN_PIN_SIZE];
51 };
52 
53 /*
54  * Runtime state of the token, complies with pkcs11
55  *
56  * @state - Pkcs11 login is public, user, SO or custom
57  * @session_count - Counter for opened Pkcs11 sessions
58  * @rw_session_count - Count for opened Pkcs11 read/write sessions
59  * @db_main - Volatile copy of the persistent main database
60  */
61 struct ck_token {
62 	enum pkcs11_token_state state;
63 	uint32_t session_count;
64 	uint32_t rw_session_count;
65 	/* Copy in RAM of the persistent database */
66 	struct token_persistent_main *db_main;
67 };
68 
69 /* Initialize static token instance(s) from default/persistent database */
70 TEE_Result pkcs11_init(void);
71 void pkcs11_deinit(void);
72 
73 /* Speculation safe lookup of token instance from token identifier */
74 struct ck_token *get_token(unsigned int token_id);
75 
76 /* Return token identified from token instance address */
77 unsigned int get_token_id(struct ck_token *token);
78 
79 /* Access to persistent database */
80 struct ck_token *init_persistent_db(unsigned int token_id);
81 void close_persistent_db(struct ck_token *token);
82 
83 /* Entry point for the TA commands */
84 uint32_t entry_ck_slot_list(uint32_t ptypes, TEE_Param *params);
85 uint32_t entry_ck_slot_info(uint32_t ptypes, TEE_Param *params);
86 
87 #endif /*PKCS11_TA_PKCS11_TOKEN_H*/
88