1 /*
2  * Copyright (c) 2005-2018 Alon Bar-Lev <alon.barlev@gmail.com>
3  *
4  * This software is available to you under a choice of one of two
5  * licenses.  You may choose to be licensed under the terms of the GNU
6  * General Public License (GPL) Version 2, or the BSD license.
7  *
8  * GNU General Public License (GPL) Version 2
9  * ===========================================
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License
20  * along with this program (see the file COPYING.GPL included with this
21  * distribution); if not, write to the Free Software Foundation, Inc.,
22  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23  *
24  * BSD License
25  * ============
26  * Redistribution and use in source and binary forms, with or without
27  * modification, are permitted provided that the following conditions are met:
28  *
29  *     o Redistributions of source code must retain the above copyright notice,
30  *       this list of conditions and the following disclaimer.
31  *     o Redistributions in binary form must reproduce the above copyright
32  *       notice, this list of conditions and the following disclaimer in the
33  *       documentation and/or other materials provided with the distribution.
34  *     o Neither the name of the Alon Bar-Lev nor the names of its
35  *       contributors may be used to endorse or promote products derived from
36  *       this software without specific prior written permission.
37  *
38  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
39  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
40  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
41  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
42  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
43  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
44  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
45  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
46  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
48  * POSSIBILITY OF SUCH DAMAGE.
49  */
50 
51 #ifndef ___PKCS11H_BASE_H
52 #define ___PKCS11H_BASE_H
53 
54 #include "common.h"
55 
56 #include <pkcs11-helper-1.0/pkcs11h-core.h>
57 #include <pkcs11-helper-1.0/pkcs11h-certificate.h>
58 #include "_pkcs11h-threading.h"
59 
60 #if !defined(_WIN32)
61 #include <unistd.h>
62 #endif
63 
64 #define _PKCS11H_INVALID_SLOT_ID		((CK_SLOT_ID)-1)
65 #define _PKCS11H_INVALID_SESSION_HANDLE		((CK_SESSION_HANDLE)-1)
66 #define _PKCS11H_INVALID_OBJECT_HANDLE		((CK_OBJECT_HANDLE)-1)
67 
68 #define _PKCS11H_DEFAULT_SLOTEVENT_POLL		5000
69 #define _PKCS11H_DEFAULT_MAX_LOGIN_RETRY	3
70 #define _PKCS11H_DEFAULT_PIN_CACHE_PERIOD	PKCS11H_PIN_CACHE_INFINITE
71 
72 /*===========================================
73  * Macros
74  */
75 
76 #define __PKCS11H_MSG_LEVEL_TEST(flags) (((unsigned int)flags) <= _g_pkcs11h_loglevel)
77 
78 #if defined(HAVE_CPP_VARARG_MACRO_ISO) && !defined(__LCLINT__)
79 # define _PKCS11H_LOG(flags, ...) do { if (__PKCS11H_MSG_LEVEL_TEST(flags)) _pkcs11h_log((flags), __VA_ARGS__); } while (FALSE)
80 # ifdef ENABLE_PKCS11H_DEBUG
81 #  define _PKCS11H_DEBUG(flags, ...) do { if (__PKCS11H_MSG_LEVEL_TEST(flags)) _pkcs11h_log((flags), __VA_ARGS__); } while (FALSE)
82 # else
83 #  define _PKCS11H_DEBUG(flags, ...)
84 # endif
85 #elif defined(HAVE_CPP_VARARG_MACRO_GCC) && !defined(__LCLINT__)
86 # define _PKCS11H_LOG(flags, args...) do { if (__PKCS11H_MSG_LEVEL_TEST(flags)) _pkcs11h_log((flags), args); } while (FALSE)
87 # ifdef ENABLE_PKCS11H_DEBUG
88 #  define _PKCS11H_DEBUG(flags, args...) do { if (__PKCS11H_MSG_LEVEL_TEST(flags)) _pkcs11h_log((flags), args); } while (FALSE)
89 # else
90 #  define _PKCS11H_DEBUG(flags, args...)
91 # endif
92 #else
93 # define _PKCS11H_LOG _pkcs11h_log
94 # define _PKCS11H_DEBUG _pkcs11h_log
95 #endif
96 
97 /*===========================================
98  * Types
99  */
100 
101 struct _pkcs11h_provider_s;
102 struct _pkcs11h_session_s;
103 struct _pkcs11h_data_s;
104 typedef struct _pkcs11h_provider_s *_pkcs11h_provider_t;
105 typedef struct _pkcs11h_session_s *_pkcs11h_session_t;
106 typedef struct _pkcs11h_data_s *_pkcs11h_data_t;
107 
108 struct _pkcs11h_provider_s {
109 	_pkcs11h_provider_t next;
110 
111 	PKCS11H_BOOL enabled;
112 	char reference[1024];
113 	char manufacturerID[sizeof (((CK_TOKEN_INFO *)NULL)->manufacturerID)+1];
114 
115 #if defined(_WIN32)
116 	HANDLE handle;
117 #else
118 	void *handle;
119 #endif
120 
121 	CK_FUNCTION_LIST_PTR f;
122 	PKCS11H_BOOL should_finalize;
123 	PKCS11H_BOOL allow_protected_auth;
124 	PKCS11H_BOOL cert_is_private;
125 	unsigned mask_private_mode;
126 	unsigned mask_decrypt_mode;
127 	unsigned slot_event_method;
128 	unsigned slot_poll_interval;
129 
130 #if defined(ENABLE_PKCS11H_SLOTEVENT)
131 	_pkcs11h_thread_t slotevent_thread;
132 #endif
133 };
134 
135 struct _pkcs11h_session_s {
136 	_pkcs11h_session_t next;
137 
138 	int reference_count;
139 	PKCS11H_BOOL valid;
140 
141 	_pkcs11h_provider_t provider;
142 
143 	pkcs11h_token_id_t token_id;
144 
145 	CK_SESSION_HANDLE session_handle;
146 
147 	PKCS11H_BOOL allow_protected_auth_supported;
148 	int pin_cache_period;
149 	time_t pin_expire_time;
150 
151 #if defined(ENABLE_PKCS11H_CERTIFICATE)
152 	pkcs11h_certificate_id_list_t cached_certs;
153 	PKCS11H_BOOL touch;
154 #endif
155 
156 #if defined(ENABLE_PKCS11H_THREADING)
157 	_pkcs11h_mutex_t mutex;
158 #endif
159 };
160 
161 struct _pkcs11h_data_s {
162 	PKCS11H_BOOL initialized;
163 	int pin_cache_period;
164 
165 	_pkcs11h_provider_t providers;
166 	_pkcs11h_session_t sessions;
167 
168 	struct {
169 		void * log_data;
170 		void * slotevent_data;
171 		void * token_prompt_data;
172 		void * pin_prompt_data;
173 		pkcs11h_hook_log_t log;
174 		pkcs11h_hook_slotevent_t slotevent;
175 		pkcs11h_hook_token_prompt_t token_prompt;
176 		pkcs11h_hook_pin_prompt_t pin_prompt;
177 	} hooks;
178 
179 	PKCS11H_BOOL allow_protected_auth;
180 	unsigned max_retries;
181 
182 #if defined(ENABLE_PKCS11H_THREADING)
183 	struct {
184 		_pkcs11h_mutex_t global;
185 		_pkcs11h_mutex_t session;
186 		_pkcs11h_mutex_t cache;
187 	} mutexes;
188 #endif
189 #if !defined(_WIN32)
190 	PKCS11H_BOOL safefork;
191 #endif
192 
193 #if defined(ENABLE_PKCS11H_SLOTEVENT)
194 	struct {
195 		PKCS11H_BOOL initialized;
196 		PKCS11H_BOOL should_terminate;
197 		PKCS11H_BOOL skip_event;
198 		_pkcs11h_cond_t cond_event;
199 		_pkcs11h_thread_t thread;
200 	} slotevent;
201 #endif
202 };
203 
204 void
205 _pkcs11h_log (
206 	IN const unsigned flags,
207 	IN const char * const format,
208 	IN ...
209 )
210 #ifdef __GNUC__
211 	__attribute__ ((format (printf, 2, 3)))
212 #endif
213 	;
214 
215 extern _pkcs11h_data_t _g_pkcs11h_data;
216 extern unsigned int _g_pkcs11h_loglevel;
217 
218 #endif
219