1 /* 2 * COPYRIGHT (c) International Business Machines Corp. 2011-2017 3 * 4 * This program is provided under the terms of the Common Public License, 5 * version 1.0 (CPL-1.0). Any use, reproduction or distribution for this 6 * software constitutes recipient's acceptance of CPL-1.0 terms which can be 7 * found in the file LICENSE file or at 8 * https://opensource.org/licenses/cpl1.0.php 9 */ 10 11 /*---------------------------------------------------------------------- 12 * IBM Research & Development 13 * Author: Gehrmann, Tobias (tobias.gehrmann@de.ibm.com) 14 *----------------------------------------------------------------------*/ 15 16 #if !defined(__EP11ADM_H__) 17 #define __EP11ADM_H__ 18 19 #if !defined(INT64_MIN) 20 #error "We need 32/64-bit <stdint.h> types, please include before this file." 21 #endif 22 23 // these numbers apply to current version, subject to change 24 // 25 #if !defined(EP11_SERIALNR_CHARS) 26 #define EP11_SERIALNR_CHARS 8 27 #endif 28 29 #if !defined(EP11_KEYCSUM_BYTES) 30 #define EP11_KEYCSUM_BYTES (256/8) /* full size of verific. pattern */ 31 #endif 32 33 #if !defined(EP11_ADMCTR_BYTES) 34 #define EP11_ADMCTR_BYTES (128/8) /* admin transaction ctrs */ 35 #endif 36 37 #if !defined(EP11_ADM_REENCRYPT) 38 #define EP11_ADM_REENCRYPT 25 /* transform blobs to next WK */ 39 #endif 40 41 #if !defined(CK_IBM_EP11Q_DOMAIN) 42 #define CK_IBM_EP11Q_DOMAIN 3 /* list domain's WK hashes */ 43 #endif 44 45 #if !defined(CK_IBM_DOM_COMMITTED_NWK) 46 #define CK_IBM_DOM_COMMITTED_NWK 8 /* next WK is active(committed) */ 47 #endif 48 49 50 typedef struct ep11_admresp { 51 uint32_t fn; 52 uint32_t domain; 53 uint32_t domainInst; 54 55 /* module ID || module instance */ 56 unsigned char module[EP11_SERIALNR_CHARS + EP11_SERIALNR_CHARS]; 57 unsigned char modNr[EP11_SERIALNR_CHARS]; 58 unsigned char modInst[EP11_SERIALNR_CHARS]; 59 60 unsigned char tctr[EP11_ADMCTR_BYTES]; /* transaction counter */ 61 62 CK_RV rv; 63 uint32_t reason; 64 65 // points to original response; NULL if no payload 66 // make sure it's copied if used after releasing response block 67 // 68 const unsigned char *payload; 69 size_t pllen; 70 } *ep11_admresp_t; 71 72 73 #if !defined(__XCP_H__) 74 typedef struct CK_IBM_DOMAIN_INFO { 75 CK_ULONG domain; 76 CK_BYTE wk[EP11_KEYCSUM_BYTES]; 77 CK_BYTE nextwk[EP11_KEYCSUM_BYTES]; 78 CK_ULONG flags; 79 CK_BYTE mode[8]; 80 } CK_IBM_DOMAIN_INFO; 81 #endif 82 83 84 /*---------------------------------------------------------------------- 85 * build a command block to (blk,blen), querying 'fn' 86 * (payload,plen) copied to query block if non-NULL 87 * 88 * returns written bytecount; size query if blk is NULL 89 * *minf used for module ID and transaction counter 90 * ignored for commands where those fields are ignored 91 */ 92 long ep11a_cmdblock(unsigned char *blk, 93 size_t blen, 94 unsigned int fn, 95 const struct ep11_admresp *minf, 96 const unsigned char *tctr, /* EP11_ADMCTR_BYTES */ 97 const unsigned char *payload, size_t plen); 98 99 100 /*---------------------------------------------------------------------- 101 * returns <0 if response is malformed, or contents invalid 102 * 103 * parse embedded return value from response, writes to *rv if non-NULL 104 * (outside envelope always reports CKR_OK, unless infrastructure 105 * failed) 106 */ 107 long ep11a_internal_rv(const unsigned char *rsp, size_t rlen, 108 struct ep11_admresp *rspblk, CK_RV *rv); 109 110 111 /*---------------------------------------------------------------------- 112 * in: [0] query type 113 * out: [0] packed info structure 114 * 115 * outputs are fixed size, except CK_IBM_XCPQ_DOMAINS, which returns a 116 * list therefore, infbytes is ignored by other types (we still check 117 * if present) 118 */ 119 CK_RV m_get_ep11_info(CK_VOID_PTR pinfo, CK_ULONG_PTR infbytes, 120 unsigned int query, 121 unsigned int subquery, uint64_t target); 122 123 124 #endif /* !defined(__EP11ADM_H__) */ 125