1 /*
2 * Common Public License Version 0.5
3 *
4 * THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF
5 * THIS COMMON PUBLIC LICENSE ("AGREEMENT"). ANY USE,
6 * REPRODUCTION OR DISTRIBUTION OF THE PROGRAM CONSTITUTES
7 * RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT.
8 *
9 * 1. DEFINITIONS
10 *
11 * "Contribution" means:
12 * a) in the case of the initial Contributor, the
13 * initial code and documentation distributed under
14 * this Agreement, and
15 *
16 * b) in the case of each subsequent Contributor:
17 * i) changes to the Program, and
18 * ii) additions to the Program;
19 *
20 * where such changes and/or additions to the Program
21 * originate from and are distributed by that
22 * particular Contributor. A Contribution 'originates'
23 * from a Contributor if it was added to the Program
24 * by such Contributor itself or anyone acting on such
25 * Contributor's behalf. Contributions do not include
26 * additions to the Program which: (i) are separate
27 * modules of software distributed in conjunction with
28 * the Program under their own license agreement, and
29 * (ii) are not derivative works of the Program.
30 *
31 *
32 * "Contributor" means any person or entity that distributes
33 * the Program.
34 *
35 * "Licensed Patents " mean patent claims licensable by a
36 * Contributor which are necessarily infringed by the use or
37 * sale of its Contribution alone or when combined with the
38 * Program.
39 *
40 * "Program" means the Contributions distributed in
41 * accordance with this Agreement.
42 *
43 * "Recipient" means anyone who receives the Program under
44 * this Agreement, including all Contributors.
45 *
46 * 2. GRANT OF RIGHTS
47 *
48 * a) Subject to the terms of this Agreement, each
49 * Contributor hereby grants Recipient a
50 * no - exclusive, worldwide, royalt - free copyright
51 * license to reproduce, prepare derivative works of,
52 * publicly display, publicly perform, distribute and
53 * sublicense the Contribution of such Contributor, if
54 * any, and such derivative works, in source code and
55 * object code form.
56 *
57 * b) Subject to the terms of this Agreement, each
58 * Contributor hereby grants Recipient a
59 * no - exclusive, worldwide, royalt - free patent
60 * license under Licensed Patents to make, use, sell,
61 * offer to sell, import and otherwise transfer the
62 * Contribution of such Contributor, if any, in source
63 * code and object code form. This patent license
64 * shall apply to the combination of the Contribution
65 * and the Program if, at the time the Contribution is
66 * added by the Contributor, such addition of the
67 * Contribution causes such combination to be covered
68 * by the Licensed Patents. The patent license shall
69 * not apply to any other combinations which include
70 * the Contribution. No hardware per se is licensed
71 * hereunder.
72 *
73 * c) Recipient understands that although each
74 * Contributor grants the licenses to its
75 * Contributions set forth herein, no assurances are
76 * provided by any Contributor that the Program does
77 * not infringe the patent or other intellectual
78 * property rights of any other entity. Each
79 * Contributor disclaims any liability to Recipient
80 * for claims brought by any other entity based on
81 * infringement of intellectual property rights or
82 * otherwise. As a condition to exercising the rights
83 * and licenses granted hereunder, each Recipient
84 * hereby assumes sole responsibility to secure any
85 * other intellectual property rights needed, if any.
86 *
87 * For example, if a third party patent license is
88 * required to allow Recipient to distribute the
89 * Program, it is Recipient's responsibility to
90 * acquire that license before distributing the
91 * Program.
92 *
93 * d) Each Contributor represents that to its
94 * knowledge it has sufficient copyright rights in its
95 * Contribution, if any, to grant the copyright
96 * license set forth in this Agreement.
97 *
98 * 3. REQUIREMENTS
99 *
100 * A Contributor may choose to distribute the Program in
101 * object code form under its own license agreement, provided
102 * that:
103 * a) it complies with the terms and conditions of
104 * this Agreement; and
105 *
106 * b) its license agreement:
107 * i) effectively disclaims on behalf of all
108 * Contributors all warranties and conditions, express
109 * and implied, including warranties or conditions of
110 * title and no - infringement, and implied warranties
111 * or conditions of merchantability and fitness for a
112 * particular purpose;
113 *
114 * ii) effectively excludes on behalf of all
115 * Contributors all liability for damages, including
116 * direct, indirect, special, incidental and
117 * consequential damages, such as lost profits;
118 *
119 * iii) states that any provisions which differ from
120 * this Agreement are offered by that Contributor
121 * alone and not by any other party; and
122 *
123 * iv) states that source code for the Program is
124 * available from such Contributor, and informs
125 * licensees how to obtain it in a reasonable manner
126 * on or through a medium customarily used for
127 * software exchange.
128 *
129 * When the Program is made available in source code form:
130 * a) it must be made available under this Agreement;
131 * and
132 * b) a copy of this Agreement must be included with
133 * each copy of the Program.
134 *
135 * Contributors may not remove or alter any copyright notices
136 * contained within the Program.
137 *
138 * Each Contributor must identify itself as the originator of
139 * its Contribution, if any, in a manner that reasonably
140 * allows subsequent Recipients to identify the originator of
141 * the Contribution.
142 *
143 *
144 * 4. COMMERCIAL DISTRIBUTION
145 *
146 * Commercial distributors of software may accept certain
147 * responsibilities with respect to end users, business
148 * partners and the like. While this license is intended to
149 * facilitate the commercial use of the Program, the
150 * Contributor who includes the Program in a commercial
151 * product offering should do so in a manner which does not
152 * create potential liability for other Contributors.
153 * Therefore, if a Contributor includes the Program in a
154 * commercial product offering, such Contributor ("Commercial
155 * Contributor") hereby agrees to defend and indemnify every
156 * other Contributor ("Indemnified Contributor") against any
157 * losses, damages and costs (collectively "Losses") arising
158 * from claims, lawsuits and other legal actions brought by a
159 * third party against the Indemnified Contributor to the
160 * extent caused by the acts or omissions of such Commercial
161 * Contributor in connection with its distribution of the
162 * Program in a commercial product offering. The obligations
163 * in this section do not apply to any claims or Losses
164 * relating to any actual or alleged intellectual property
165 * infringement. In order to qualify, an Indemnified
166 * Contributor must: a) promptly notify the Commercial
167 * Contributor in writing of such claim, and b) allow the
168 * Commercial Contributor to control, and cooperate with the
169 * Commercial Contributor in, the defense and any related
170 * settlement negotiations. The Indemnified Contributor may
171 * participate in any such claim at its own expense.
172 *
173 *
174 * For example, a Contributor might include the Program in a
175 * commercial product offering, Product X. That Contributor
176 * is then a Commercial Contributor. If that Commercial
177 * Contributor then makes performance claims, or offers
178 * warranties related to Product X, those performance claims
179 * and warranties are such Commercial Contributor's
180 * responsibility alone. Under this section, the Commercial
181 * Contributor would have to defend claims against the other
182 * Contributors related to those performance claims and
183 * warranties, and if a court requires any other Contributor
184 * to pay any damages as a result, the Commercial Contributor
185 * must pay those damages.
186 *
187 *
188 * 5. NO WARRANTY
189 *
190 * EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE
191 * PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT
192 * WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR
193 * IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR
194 * CONDITIONS OF TITLE, NO - INFRINGEMENT, MERCHANTABILITY OR
195 * FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is solely
196 * responsible for determining the appropriateness of using
197 * and distributing the Program and assumes all risks
198 * associated with its exercise of rights under this
199 * Agreement, including but not limited to the risks and
200 * costs of program errors, compliance with applicable laws,
201 * damage to or loss of data, programs or equipment, and
202 * unavailability or interruption of operations.
203 *
204 * 6. DISCLAIMER OF LIABILITY
205 * EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER
206 * RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY
207 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
208 * OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION
209 * LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF
210 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
211 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
212 * OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE
213 * OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE
214 * POSSIBILITY OF SUCH DAMAGES.
215 *
216 * 7. GENERAL
217 *
218 * If any provision of this Agreement is invalid or
219 * unenforceable under applicable law, it shall not affect
220 * the validity or enforceability of the remainder of the
221 * terms of this Agreement, and without further action by the
222 * parties hereto, such provision shall be reformed to the
223 * minimum extent necessary to make such provision valid and
224 * enforceable.
225 *
226 *
227 * If Recipient institutes patent litigation against a
228 * Contributor with respect to a patent applicable to
229 * software (including a cros - claim or counterclaim in a
230 * lawsuit), then any patent licenses granted by that
231 * Contributor to such Recipient under this Agreement shall
232 * terminate as of the date such litigation is filed. In
233 * addition, If Recipient institutes patent litigation
234 * against any entity (including a cros - claim or
235 * counterclaim in a lawsuit) alleging that the Program
236 * itself (excluding combinations of the Program with other
237 * software or hardware) infringes such Recipient's
238 * patent(s), then such Recipient's rights granted under
239 * Section 2(b) shall terminate as of the date such
240 * litigation is filed.
241 *
242 * All Recipient's rights under this Agreement shall
243 * terminate if it fails to comply with any of the material
244 * terms or conditions of this Agreement and does not cure
245 * such failure in a reasonable period of time after becoming
246 * aware of such noncompliance. If all Recipient's rights
247 * under this Agreement terminate, Recipient agrees to cease
248 * use and distribution of the Program as soon as reasonably
249 * practicable. However, Recipient's obligations under this
250 * Agreement and any licenses granted by Recipient relating
251 * to the Program shall continue and survive.
252 *
253 * Everyone is permitted to copy and distribute copies of
254 * this Agreement, but in order to avoid inconsistency the
255 * Agreement is copyrighted and may only be modified in the
256 * following manner. The Agreement Steward reserves the right
257 * to publish new versions (including revisions) of this
258 * Agreement from time to time. No one other than the
259 * Agreement Steward has the right to modify this Agreement.
260 *
261 * IBM is the initial Agreement Steward. IBM may assign the
262 * responsibility to serve as the Agreement Steward to a
263 * suitable separate entity. Each new version of the
264 * Agreement will be given a distinguishing version number.
265 * The Program (including Contributions) may always be
266 * distributed subject to the version of the Agreement under
267 * which it was received. In addition, after a new version of
268 * the Agreement is published, Contributor may elect to
269 * distribute the Program (including its Contributions) under
270 * the new version. Except as expressly stated in Sections
271 * 2(a) and 2(b) above, Recipient receives no rights or
272 * licenses to the intellectual property of any Contributor
273 * under this Agreement, whether expressly, by implication,
274 * estoppel or otherwise. All rights in the Program not
275 * expressly granted under this Agreement are reserved.
276 *
277 *
278 * This Agreement is governed by the laws of the State of New
279 * York and the intellectual property laws of the United
280 * States of America. No party to this Agreement will bring a
281 * legal action under this Agreement more than one year after
282 * the cause of action arose. Each party waives its rights to
283 * a jury trial in any resulting litigation.
284 *
285 *
286 *
287 * (C) COPYRIGHT International Business Machines Corp. 2001, 2002
288 */
289 /*
290 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
291 * Use is subject to license terms.
292 */
293
294 #include "tpmtok_int.h"
295
296 #define LOG(x) logit(LOG_DEBUG, x)
297
298 /*
299 * NOTES:
300 * In many cases the specificaiton does not allow returns
301 * of CKR_ARGUMENTSB_BAD. We break the spec, since validation of parameters
302 * to the function are best represented by this return code (where
303 * specific RC's such as CKR_INVALID_SESSION do not exist).
304 * NOTE NOTE NOTE NOTE
305 * The parameter checking on the update operations may need to be
306 * modified (as well as the encrypt/decrypt) to call the std API
307 * anyway with sanatized parameters since on error, the encrypt/decrypt
308 * sign operations are all supposed to complete.
309 * Therefor the parameter checking here might need to be done in
310 * the STDLL instead of the API.
311 * This would affect ALL the Multipart operations which have
312 * an init followed by one or more operations.
313 *
314 * Globals for the API
315 */
316 API_Proc_Struct_t *Anchor = NULL;
317 static unsigned int Initialized = 0;
318 static pthread_mutex_t global_mutex = PTHREAD_MUTEX_INITIALIZER;
319 struct ST_FCN_LIST FuncList;
320 CK_FUNCTION_LIST PK11_Functions;
321 extern pthread_rwlock_t obj_list_rw_mutex;
322
323
324 static void
325 tpmtoken_fork_prepare()
326 {
327 (void) pthread_mutex_lock(&global_mutex);
328 (void) pthread_mutex_lock(&pkcs_mutex);
329 (void) pthread_mutex_lock(&obj_list_mutex);
330 (void) pthread_rwlock_wrlock(&obj_list_rw_mutex);
331 (void) pthread_mutex_lock(&sess_list_mutex);
332 (void) pthread_mutex_lock(&login_mutex);
333 if (Anchor) {
334 (void) pthread_mutex_lock(&Anchor->ProcMutex);
335 (void) pthread_mutex_lock(&Anchor->SessListMutex);
336 }
337 }
338
339 static void
340 tpmtoken_fork_parent()
341 {
342 if (Anchor) {
343 (void) pthread_mutex_unlock(&Anchor->SessListMutex);
344 (void) pthread_mutex_unlock(&Anchor->ProcMutex);
345 }
346 (void) pthread_mutex_unlock(&login_mutex);
347 (void) pthread_mutex_unlock(&sess_list_mutex);
348 (void) pthread_rwlock_unlock(&obj_list_rw_mutex);
349 (void) pthread_mutex_unlock(&obj_list_mutex);
350 (void) pthread_mutex_unlock(&pkcs_mutex);
351 (void) pthread_mutex_unlock(&global_mutex);
352 }
353
354 static void
355 tpmtoken_fork_child()
356 {
357 if (Anchor) {
358 (void) pthread_mutex_unlock(&Anchor->SessListMutex);
359 (void) pthread_mutex_unlock(&Anchor->ProcMutex);
360 }
361
362 (void) pthread_mutex_unlock(&login_mutex);
363 (void) pthread_mutex_unlock(&sess_list_mutex);
364 (void) pthread_rwlock_unlock(&obj_list_rw_mutex);
365 (void) pthread_mutex_unlock(&obj_list_mutex);
366 (void) pthread_mutex_unlock(&pkcs_mutex);
367 (void) pthread_mutex_unlock(&global_mutex);
368
369 if (Anchor) {
370 Terminate_All_Process_Sessions();
371 free(Anchor);
372 Anchor = NULL;
373 }
374 if (FuncList.ST_Finalize)
375 FuncList.ST_Finalize(0);
376
377 logterm();
378 loginit();
379 }
380
381 /*ARGSUSED*/
382 CK_RV
383 C_CancelFunction(CK_SESSION_HANDLE hSession)
384 {
385 LOG("C_CancelFunction");
386 if (API_Initialized() == FALSE) {
387 return (CKR_CRYPTOKI_NOT_INITIALIZED);
388 }
389 return (CKR_FUNCTION_NOT_PARALLEL);
390 }
391
392 CK_RV
393 C_CloseAllSessions(CK_SLOT_ID slotID)
394 {
395 Session_Struct_t *pCur, *pPrev;
396 CK_RV rv;
397 /*
398 * Although why does modutil do a close all sessions. It is a single
399 * application it can only close its sessions...
400 * And all sessions should be closed anyhow.
401 */
402 LOG("CloseAllSessions");
403 if (API_Initialized() == FALSE)
404 return (CKR_CRYPTOKI_NOT_INITIALIZED);
405
406 if (!global_shm->token_available || (slotID > NUMBER_SLOTS_MANAGED))
407 return (CKR_SLOT_ID_INVALID);
408 /*
409 * Proc Mutex is locked when we remove from the seesion list in
410 * Close SEssion. Therefore we don't need to do any locking
411 * the atomic operations are controled when we use the linked list
412 */
413 pCur = (Anchor ? Anchor->SessListBeg : NULL);
414 while (pCur) {
415 /*
416 * Session owned by the slot we are working on
417 * There is a basic problem here. We are using th pCur
418 * to point to the current one, however we delete it from
419 * the linked list and can no longer go Forward. So we
420 * have to use the fact that this is a doubly linked list
421 * and get the previous pointer. After deletion, the next
422 * pointer of this block will point to the next one in the
423 * list.
424 * If the value is Null, then this was the first one in
425 * the list and we just set pCur to the SessListBeg.
426 */
427 if (pCur->SltId == slotID) {
428 pPrev = pCur->Previous;
429 rv = C_CloseSession((CK_SESSION_HANDLE)pCur);
430 if (rv == CKR_OK ||
431 rv == CKR_SESSION_CLOSED ||
432 rv == CKR_SESSION_HANDLE_INVALID) {
433 if (pPrev == NULL) {
434 pCur = Anchor->SessListBeg;
435 } else {
436 pCur = pPrev->Next;
437 }
438 } else {
439 return (rv);
440 }
441 } else {
442 pCur = pCur->Next;
443 }
444 }
445 LOG("CloseAllSessions OK");
446 return (CKR_OK);
447 }
448 CK_RV
449 C_CloseSession(CK_SESSION_HANDLE hSession)
450 {
451 CK_RV rv;
452 Session_Struct_t *sessp;
453 ST_SESSION_T rSession;
454 LOG("C_CloseSession");
455 if (API_Initialized() == FALSE) {
456 return (CKR_CRYPTOKI_NOT_INITIALIZED);
457 }
458 /* Validate Session */
459 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
460 return (CKR_SESSION_HANDLE_INVALID);
461 }
462
463 if (FuncList.ST_CloseSession) {
464 /* Map the Session to the slot session */
465 rv = FuncList.ST_CloseSession(rSession);
466
467 if (rv == CKR_OK) {
468 sessp = (Session_Struct_t *)hSession;
469 RemoveFromSessionList(sessp);
470 }
471 } else {
472 rv = CKR_FUNCTION_NOT_SUPPORTED;
473 }
474 return (rv);
475 }
476
477 CK_RV
478 C_CopyObject(
479 CK_SESSION_HANDLE hSession,
480 CK_OBJECT_HANDLE hObject,
481 CK_ATTRIBUTE_PTR pTemplate,
482 CK_ULONG ulCount,
483 CK_OBJECT_HANDLE_PTR phNewObject)
484 {
485 CK_RV rv;
486 ST_SESSION_T rSession;
487 LOG("C_CopyObject");
488 if (API_Initialized() == FALSE) {
489 return (CKR_CRYPTOKI_NOT_INITIALIZED);
490 }
491 if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) {
492 return (CKR_SESSION_HANDLE_INVALID);
493 }
494 if (!phNewObject) {
495 return (CKR_ARGUMENTS_BAD);
496 }
497 /*
498 * A null template with a count will cause the lower layer
499 * to have problems.
500 * Template with 0 count is not a problem.
501 */
502 if (!pTemplate && ulCount) {
503 return (CKR_ARGUMENTS_BAD);
504 }
505 if (FuncList.ST_CopyObject) {
506 rv = FuncList.ST_CopyObject(rSession, hObject, pTemplate,
507 ulCount, phNewObject);
508 } else {
509 rv = CKR_FUNCTION_NOT_SUPPORTED;
510 }
511 return (rv);
512 }
513
514 CK_RV
515 C_CreateObject(
516 CK_SESSION_HANDLE hSession,
517 CK_ATTRIBUTE_PTR pTemplate,
518 CK_ULONG ulCount,
519 CK_OBJECT_HANDLE_PTR phObject)
520 {
521 CK_RV rv;
522 ST_SESSION_T rSession;
523
524 if (API_Initialized() == FALSE) {
525 return (CKR_CRYPTOKI_NOT_INITIALIZED);
526 }
527 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
528 return (CKR_SESSION_HANDLE_INVALID);
529 }
530 if (! pTemplate) {
531 return (CKR_TEMPLATE_INCOMPLETE);
532 }
533 if (ulCount == 0) {
534 return (CKR_TEMPLATE_INCOMPLETE);
535 }
536 if (! phObject) {
537 return (CKR_ARGUMENTS_BAD);
538 }
539 if (FuncList.ST_CreateObject) {
540 // Map the Session to the slot session
541 rv = FuncList.ST_CreateObject(rSession, pTemplate,
542 ulCount, phObject);
543 } else {
544 rv = CKR_FUNCTION_NOT_SUPPORTED;
545 }
546 return (rv);
547 }
548
549 CK_RV
550 C_Decrypt(CK_SESSION_HANDLE hSession,
551 CK_BYTE_PTR pEncryptedData,
552 CK_ULONG ulEncryptedDataLen,
553 CK_BYTE_PTR pData,
554 CK_ULONG_PTR pulDataLen)
555 {
556 CK_RV rv;
557 ST_SESSION_T rSession;
558
559 if (API_Initialized() == FALSE) {
560 return (CKR_CRYPTOKI_NOT_INITIALIZED);
561 }
562 if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) {
563 return (CKR_SESSION_HANDLE_INVALID);
564 }
565 if (FuncList.ST_Decrypt) {
566 rv = FuncList.ST_Decrypt(rSession, pEncryptedData,
567 ulEncryptedDataLen, pData, pulDataLen);
568 } else {
569 rv = CKR_FUNCTION_NOT_SUPPORTED;
570 }
571 return (rv);
572 }
573
574 CK_RV
575 C_DecryptDigestUpdate(
576 CK_SESSION_HANDLE hSession,
577 CK_BYTE_PTR pEncryptedPart,
578 CK_ULONG ulEncryptedPartLen,
579 CK_BYTE_PTR pPart,
580 CK_ULONG_PTR pulPartLen)
581 {
582 CK_RV rv;
583 ST_SESSION_T rSession;
584
585 if (API_Initialized() == FALSE) {
586 return (CKR_CRYPTOKI_NOT_INITIALIZED);
587 }
588 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
589 return (CKR_SESSION_HANDLE_INVALID);
590 }
591 if (! pEncryptedPart || ! pulPartLen) {
592 return (CKR_ARGUMENTS_BAD);
593 }
594 if (FuncList.ST_DecryptDigestUpdate) {
595 rv = FuncList.ST_DecryptDigestUpdate(rSession, pEncryptedPart,
596 ulEncryptedPartLen, pPart, pulPartLen);
597 } else {
598 rv = CKR_FUNCTION_NOT_SUPPORTED;
599 }
600 return (rv);
601 }
602
603 CK_RV
604 C_DecryptFinal(CK_SESSION_HANDLE hSession,
605 CK_BYTE_PTR pLastPart,
606 CK_ULONG_PTR pulLastPartLen)
607 {
608 CK_RV rv;
609 ST_SESSION_T rSession;
610
611 if (API_Initialized() == FALSE) {
612 return (CKR_CRYPTOKI_NOT_INITIALIZED);
613 }
614 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
615 return (CKR_SESSION_HANDLE_INVALID);
616 }
617 /*
618 * It is acceptable to have a Null pointer for the data since
619 * it is trying to get the length of the last part....
620 * The spec is unclear if a second call to Final is needed
621 * if there is no data in the last part.
622 */
623 if (! pulLastPartLen) {
624 return (CKR_ARGUMENTS_BAD);
625 }
626 if (FuncList.ST_DecryptFinal) {
627 rv = FuncList.ST_DecryptFinal(rSession, pLastPart,
628 pulLastPartLen);
629 } else {
630 rv = CKR_FUNCTION_NOT_SUPPORTED;
631 }
632 return (rv);
633 }
634
635 CK_RV
636 C_DecryptInit(CK_SESSION_HANDLE hSession,
637 CK_MECHANISM_PTR pMechanism,
638 CK_OBJECT_HANDLE hKey)
639 {
640 CK_RV rv;
641 ST_SESSION_T rSession;
642
643 if (API_Initialized() == FALSE) {
644 return (CKR_CRYPTOKI_NOT_INITIALIZED);
645 }
646 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
647 return (CKR_SESSION_HANDLE_INVALID);
648 }
649 if (! pMechanism) {
650 return (CKR_MECHANISM_INVALID);
651 }
652 if (FuncList.ST_DecryptInit) {
653 rv = FuncList.ST_DecryptInit(rSession, pMechanism, hKey);
654 } else {
655 rv = CKR_FUNCTION_NOT_SUPPORTED;
656 }
657 return (rv);
658 }
659
660 CK_RV
661 C_DecryptUpdate(CK_SESSION_HANDLE hSession,
662 CK_BYTE_PTR pEncryptedPart,
663 CK_ULONG ulEncryptedPartLen,
664 CK_BYTE_PTR pPart,
665 CK_ULONG_PTR pulPartLen)
666 {
667 CK_RV rv;
668 ST_SESSION_T rSession;
669
670 if (API_Initialized() == FALSE) {
671 return (CKR_CRYPTOKI_NOT_INITIALIZED);
672 }
673 if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) {
674 return (CKR_SESSION_HANDLE_INVALID);
675 }
676 if (!pEncryptedPart || !pulPartLen) {
677 return (CKR_ARGUMENTS_BAD);
678 }
679 if (FuncList.ST_DecryptUpdate) {
680 rv = FuncList.ST_DecryptUpdate(rSession, pEncryptedPart,
681 ulEncryptedPartLen, pPart, pulPartLen);
682 } else {
683 rv = CKR_FUNCTION_NOT_SUPPORTED;
684 }
685 return (rv);
686 }
687
688 CK_RV
689 C_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession,
690 CK_BYTE_PTR pEncryptedPart,
691 CK_ULONG ulEncryptedPartLen,
692 CK_BYTE_PTR pPart,
693 CK_ULONG_PTR pulPartLen)
694 {
695 CK_RV rv;
696 ST_SESSION_T rSession;
697
698 if (API_Initialized() == FALSE) {
699 return (CKR_CRYPTOKI_NOT_INITIALIZED);
700 }
701 // Validate Session
702 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
703 return (CKR_SESSION_HANDLE_INVALID);
704 }
705 // May have to let these go through and let the STDLL handle them
706 if (! pEncryptedPart || ! pulPartLen) {
707 return (CKR_ARGUMENTS_BAD);
708 }
709 // Get local pointers to session
710 if (FuncList.ST_DecryptVerifyUpdate) {
711 // Map the Session to the slot session
712 rv = FuncList.ST_DecryptVerifyUpdate(rSession,
713 pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen);
714 } else {
715 rv = CKR_FUNCTION_NOT_SUPPORTED;
716 }
717 return (rv);
718 }
719
720 CK_RV
721 C_DeriveKey(CK_SESSION_HANDLE hSession,
722 CK_MECHANISM_PTR pMechanism,
723 CK_OBJECT_HANDLE hBaseKey,
724 CK_ATTRIBUTE_PTR pTemplate,
725 CK_ULONG ulAttributeCount,
726 CK_OBJECT_HANDLE_PTR phKey)
727 {
728 CK_RV rv;
729 ST_SESSION_T rSession;
730
731 if (API_Initialized() == FALSE) {
732 return (CKR_CRYPTOKI_NOT_INITIALIZED);
733 }
734 if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) {
735 return (CKR_SESSION_HANDLE_INVALID);
736 }
737
738 if (!pMechanism) {
739 return (CKR_MECHANISM_INVALID);
740 }
741 if (!pTemplate && ulAttributeCount) {
742 return (CKR_ARGUMENTS_BAD);
743 }
744 if (FuncList.ST_DeriveKey) {
745 rv = FuncList.ST_DeriveKey(rSession, pMechanism,
746 hBaseKey, pTemplate, ulAttributeCount, phKey);
747 } else {
748 rv = CKR_FUNCTION_NOT_SUPPORTED;
749 }
750 return (rv);
751 }
752
753 CK_RV
754 C_DestroyObject(CK_SESSION_HANDLE hSession,
755 CK_OBJECT_HANDLE hObject)
756 {
757 CK_RV rv;
758 ST_SESSION_T rSession;
759
760 if (API_Initialized() == FALSE) {
761 return (CKR_CRYPTOKI_NOT_INITIALIZED);
762 }
763 if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) {
764 return (CKR_SESSION_HANDLE_INVALID);
765 }
766 if (FuncList.ST_DestroyObject) {
767 rv = FuncList.ST_DestroyObject(rSession, hObject);
768 } else {
769 rv = CKR_FUNCTION_NOT_SUPPORTED;
770 }
771 return (rv);
772 }
773
774 CK_RV
775 C_Digest(CK_SESSION_HANDLE hSession,
776 CK_BYTE_PTR pData,
777 CK_ULONG ulDataLen,
778 CK_BYTE_PTR pDigest,
779 CK_ULONG_PTR pulDigestLen)
780 {
781 CK_RV rv;
782 ST_SESSION_T rSession;
783
784 if (API_Initialized() == FALSE) {
785 return (CKR_CRYPTOKI_NOT_INITIALIZED);
786 }
787 if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) {
788 return (CKR_SESSION_HANDLE_INVALID);
789 }
790 if (FuncList.ST_Digest) {
791 rv = FuncList.ST_Digest(rSession, pData, ulDataLen,
792 pDigest, pulDigestLen);
793 } else {
794 rv = CKR_FUNCTION_NOT_SUPPORTED;
795 }
796 return (rv);
797 }
798
799 CK_RV
800 C_DigestEncryptUpdate(CK_SESSION_HANDLE hSession,
801 CK_BYTE_PTR pPart,
802 CK_ULONG ulPartLen,
803 CK_BYTE_PTR pEncryptedPart,
804 CK_ULONG_PTR pulEncryptedPartLen)
805 {
806 CK_RV rv;
807 ST_SESSION_T rSession;
808
809 if (API_Initialized() == FALSE) {
810 return (CKR_CRYPTOKI_NOT_INITIALIZED);
811 }
812 if (! pPart || ! pulEncryptedPartLen) {
813 return (CKR_ARGUMENTS_BAD);
814 }
815 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
816 return (CKR_SESSION_HANDLE_INVALID);
817 }
818 if (FuncList.ST_DigestEncryptUpdate) {
819 rv = FuncList.ST_DigestEncryptUpdate(rSession, pPart,
820 ulPartLen, pEncryptedPart, pulEncryptedPartLen);
821 } else {
822 rv = CKR_FUNCTION_NOT_SUPPORTED;
823 }
824 return (rv);
825 }
826
827 CK_RV
828 C_DigestFinal(CK_SESSION_HANDLE hSession,
829 CK_BYTE_PTR pDigest,
830 CK_ULONG_PTR pulDigestLen)
831 {
832 CK_RV rv;
833 ST_SESSION_T rSession;
834
835 if (API_Initialized() == FALSE) {
836 return (CKR_CRYPTOKI_NOT_INITIALIZED);
837 }
838 if (! pulDigestLen) {
839 return (CKR_ARGUMENTS_BAD);
840 }
841 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
842 return (CKR_SESSION_HANDLE_INVALID);
843 }
844 if (FuncList.ST_DigestFinal) {
845 rv = FuncList.ST_DigestFinal(rSession, pDigest, pulDigestLen);
846 } else {
847 rv = CKR_FUNCTION_NOT_SUPPORTED;
848 }
849 return (rv);
850 }
851
852 CK_RV
853 C_DigestInit(CK_SESSION_HANDLE hSession,
854 CK_MECHANISM_PTR pMechanism)
855 {
856 CK_RV rv;
857 ST_SESSION_T rSession;
858
859 if (API_Initialized() == FALSE) {
860 return (CKR_CRYPTOKI_NOT_INITIALIZED);
861 }
862 if (! pMechanism) {
863 return (CKR_MECHANISM_INVALID);
864 }
865 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
866 return (CKR_SESSION_HANDLE_INVALID);
867 }
868 if (FuncList.ST_DigestInit) {
869 rv = FuncList.ST_DigestInit(rSession, pMechanism);
870 } else {
871 rv = CKR_FUNCTION_NOT_SUPPORTED;
872 }
873 return (rv);
874 }
875
876 CK_RV
877 C_DigestKey(CK_SESSION_HANDLE hSession,
878 CK_OBJECT_HANDLE hKey)
879 {
880 CK_RV rv;
881 ST_SESSION_T rSession;
882
883 if (API_Initialized() == FALSE) {
884 return (CKR_CRYPTOKI_NOT_INITIALIZED);
885 }
886 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
887 return (CKR_SESSION_HANDLE_INVALID);
888 }
889 if (FuncList.ST_DigestKey) {
890 rv = FuncList.ST_DigestKey(rSession, hKey);
891 } else {
892 rv = CKR_FUNCTION_NOT_SUPPORTED;
893 }
894 return (rv);
895 }
896
897 CK_RV
898 C_DigestUpdate(CK_SESSION_HANDLE hSession,
899 CK_BYTE_PTR pPart,
900 CK_ULONG ulPartLen)
901 {
902 CK_RV rv;
903 ST_SESSION_T rSession;
904 if (API_Initialized() == FALSE) {
905 return (CKR_CRYPTOKI_NOT_INITIALIZED);
906 }
907 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
908 return (CKR_SESSION_HANDLE_INVALID);
909 }
910 if (FuncList.ST_DigestUpdate) {
911 rv = FuncList.ST_DigestUpdate(rSession, pPart, ulPartLen);
912 } else {
913 rv = CKR_FUNCTION_NOT_SUPPORTED;
914 }
915 return (rv);
916 }
917
918 CK_RV
919 C_Encrypt(CK_SESSION_HANDLE hSession,
920 CK_BYTE_PTR pData,
921 CK_ULONG ulDataLen,
922 CK_BYTE_PTR pEncryptedData,
923 CK_ULONG_PTR pulEncryptedDataLen)
924 {
925 CK_RV rv;
926 ST_SESSION_T rSession;
927
928 if (API_Initialized() == FALSE) {
929 return (CKR_CRYPTOKI_NOT_INITIALIZED);
930 }
931 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
932 return (CKR_SESSION_HANDLE_INVALID);
933 }
934 // Get local pointers to session
935 if (FuncList.ST_Encrypt) {
936 // Map the Session to the slot session
937 rv = FuncList.ST_Encrypt(rSession, pData, ulDataLen,
938 pEncryptedData, pulEncryptedDataLen);
939 } else {
940 rv = CKR_FUNCTION_NOT_SUPPORTED;
941 }
942 return (rv);
943 }
944
945 CK_RV
946 C_EncryptFinal(CK_SESSION_HANDLE hSession,
947 CK_BYTE_PTR pLastEncryptedPart,
948 CK_ULONG_PTR pulLastEncryptedPartLen)
949 {
950 CK_RV rv;
951 ST_SESSION_T rSession;
952
953 if (API_Initialized() == FALSE) {
954 return (CKR_CRYPTOKI_NOT_INITIALIZED);
955 }
956 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
957 return (CKR_SESSION_HANDLE_INVALID);
958 }
959 if (FuncList.ST_EncryptFinal) {
960 rv = FuncList.ST_EncryptFinal(rSession,
961 pLastEncryptedPart, pulLastEncryptedPartLen);
962 } else {
963 rv = CKR_FUNCTION_NOT_SUPPORTED;
964 }
965 return (rv);
966 }
967
968 CK_RV
969 C_EncryptInit(CK_SESSION_HANDLE hSession,
970 CK_MECHANISM_PTR pMechanism,
971 CK_OBJECT_HANDLE hKey)
972 {
973 CK_RV rv;
974 ST_SESSION_T rSession;
975
976 if (API_Initialized() == FALSE) {
977 return (CKR_CRYPTOKI_NOT_INITIALIZED);
978 }
979 if (! pMechanism) {
980 return (CKR_MECHANISM_INVALID);
981 }
982 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
983 return (CKR_SESSION_HANDLE_INVALID);
984 }
985 if (FuncList.ST_EncryptInit) {
986 rv = FuncList.ST_EncryptInit(rSession, pMechanism, hKey);
987 } else {
988 rv = CKR_FUNCTION_NOT_SUPPORTED;
989 }
990 return (rv);
991 }
992
993 CK_RV
994 C_EncryptUpdate(CK_SESSION_HANDLE hSession,
995 CK_BYTE_PTR pPart,
996 CK_ULONG ulPartLen,
997 CK_BYTE_PTR pEncryptedPart,
998 CK_ULONG_PTR pulEncryptedPartLen)
999 {
1000 CK_RV rv;
1001 ST_SESSION_T rSession;
1002
1003 if (API_Initialized() == FALSE) {
1004 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1005 }
1006 if (!pPart || !pulEncryptedPartLen) {
1007 return (CKR_ARGUMENTS_BAD);
1008 }
1009 if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1010 return (CKR_SESSION_HANDLE_INVALID);
1011 }
1012 if (FuncList.ST_EncryptUpdate) {
1013 rv = FuncList.ST_EncryptUpdate(rSession, pPart, ulPartLen,
1014 pEncryptedPart, pulEncryptedPartLen);
1015 } else {
1016 rv = CKR_FUNCTION_NOT_SUPPORTED;
1017 }
1018 return (rv);
1019 }
1020
1021 CK_RV
1022 do_finalize(CK_VOID_PTR pReserved)
1023 {
1024 if (API_Initialized() == FALSE) {
1025 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1026 }
1027 if (pReserved != NULL) {
1028 return (CKR_ARGUMENTS_BAD);
1029 }
1030 (void) pthread_mutex_lock(&global_mutex);
1031 if (Anchor)
1032 Terminate_All_Process_Sessions();
1033
1034 if (FuncList.ST_Finalize)
1035 FuncList.ST_Finalize(0);
1036
1037 free(Anchor);
1038 Anchor = NULL;
1039
1040 (void) pthread_mutex_unlock(&global_mutex);
1041 return (CKR_OK);
1042 }
1043
1044 CK_RV
1045 C_Finalize(CK_VOID_PTR pReserved) {
1046 return (do_finalize(pReserved));
1047 }
1048
1049 CK_RV
1050 C_FindObjects(CK_SESSION_HANDLE hSession,
1051 CK_OBJECT_HANDLE_PTR phObject,
1052 CK_ULONG ulMaxObjectCount,
1053 CK_ULONG_PTR pulObjectCount)
1054 {
1055 CK_RV rv;
1056 ST_SESSION_T rSession;
1057
1058 if (API_Initialized() == FALSE) {
1059 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1060 }
1061 if (! phObject || ! pulObjectCount) {
1062 return (CKR_ARGUMENTS_BAD);
1063 }
1064 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1065 return (CKR_SESSION_HANDLE_INVALID);
1066 }
1067 if (FuncList.ST_FindObjects) {
1068 rv = FuncList.ST_FindObjects(rSession, phObject,
1069 ulMaxObjectCount, pulObjectCount);
1070 } else {
1071 rv = CKR_FUNCTION_NOT_SUPPORTED;
1072 }
1073 return (rv);
1074 }
1075
1076 CK_RV
1077 C_FindObjectsFinal(CK_SESSION_HANDLE hSession)
1078 {
1079 CK_RV rv;
1080 ST_SESSION_T rSession;
1081
1082 if (API_Initialized() == FALSE) {
1083 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1084 }
1085 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1086 return (CKR_SESSION_HANDLE_INVALID);
1087 }
1088 if (FuncList.ST_FindObjectsFinal) {
1089 rv = FuncList.ST_FindObjectsFinal(rSession);
1090 } else {
1091 rv = CKR_FUNCTION_NOT_SUPPORTED;
1092 }
1093 return (rv);
1094 }
1095
1096 CK_RV
1097 C_FindObjectsInit(CK_SESSION_HANDLE hSession,
1098 CK_ATTRIBUTE_PTR pTemplate,
1099 CK_ULONG ulCount)
1100 {
1101 CK_RV rv;
1102 ST_SESSION_T rSession;
1103
1104 if (API_Initialized() == FALSE) {
1105 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1106 }
1107 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1108 return (CKR_SESSION_HANDLE_INVALID);
1109 }
1110 if (FuncList.ST_FindObjectsInit) {
1111 rv = FuncList.ST_FindObjectsInit(rSession, pTemplate, ulCount);
1112 } else {
1113 rv = CKR_FUNCTION_NOT_SUPPORTED;
1114 }
1115 return (rv);
1116 }
1117
1118 CK_RV
1119 C_GenerateKey(CK_SESSION_HANDLE hSession,
1120 CK_MECHANISM_PTR pMechanism,
1121 CK_ATTRIBUTE_PTR pTemplate,
1122 CK_ULONG ulCount,
1123 CK_OBJECT_HANDLE_PTR phKey)
1124 {
1125 CK_RV rv;
1126 ST_SESSION_T rSession;
1127
1128 if (API_Initialized() == FALSE) {
1129 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1130 }
1131 if (! pMechanism) {
1132 return (CKR_MECHANISM_INVALID);
1133 }
1134 if (! phKey) {
1135 return (CKR_ARGUMENTS_BAD);
1136 }
1137 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1138 return (CKR_SESSION_HANDLE_INVALID);
1139 }
1140 if (FuncList.ST_GenerateKey) {
1141 rv = FuncList.ST_GenerateKey(rSession, pMechanism,
1142 pTemplate, ulCount, phKey);
1143 } else {
1144 rv = CKR_FUNCTION_NOT_SUPPORTED;
1145 }
1146 return (rv);
1147 }
1148
1149 CK_RV
1150 C_GenerateKeyPair(CK_SESSION_HANDLE hSession,
1151 CK_MECHANISM_PTR pMechanism,
1152 CK_ATTRIBUTE_PTR pPublicKeyTemplate,
1153 CK_ULONG ulPublicKeyAttributeCount,
1154 CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
1155 CK_ULONG ulPrivateKeyAttributeCount,
1156 CK_OBJECT_HANDLE_PTR phPublicKey,
1157 CK_OBJECT_HANDLE_PTR phPrivateKey)
1158 {
1159 CK_RV rv;
1160 ST_SESSION_T rSession;
1161
1162 if (API_Initialized() == FALSE) {
1163 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1164 }
1165 if (! pMechanism) {
1166 return (CKR_MECHANISM_INVALID);
1167 }
1168 if (! phPublicKey || ! phPrivateKey) {
1169 return (CKR_ARGUMENTS_BAD);
1170 }
1171 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1172 return (CKR_SESSION_HANDLE_INVALID);
1173 }
1174 if (FuncList.ST_GenerateKeyPair) {
1175 rv = FuncList.ST_GenerateKeyPair(rSession,
1176 pMechanism, pPublicKeyTemplate,
1177 ulPublicKeyAttributeCount, pPrivateKeyTemplate,
1178 ulPrivateKeyAttributeCount, phPublicKey, phPrivateKey);
1179 } else {
1180 rv = CKR_FUNCTION_NOT_SUPPORTED;
1181 }
1182 return (rv);
1183 }
1184
1185 CK_RV
1186 C_GenerateRandom(CK_SESSION_HANDLE hSession,
1187 CK_BYTE_PTR RandomData,
1188 CK_ULONG ulRandomLen)
1189 {
1190 CK_RV rv;
1191 ST_SESSION_T rSession;
1192
1193 if (API_Initialized() == FALSE) {
1194 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1195 }
1196 if (! RandomData)
1197 return (CKR_ARGUMENTS_BAD);
1198
1199 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1200 return (CKR_SESSION_HANDLE_INVALID);
1201 }
1202 if (FuncList.ST_GenerateRandom) {
1203 rv = FuncList.ST_GenerateRandom(rSession, RandomData,
1204 ulRandomLen);
1205 } else {
1206 rv = CKR_FUNCTION_NOT_SUPPORTED;
1207 }
1208 return (rv);
1209 }
1210
1211 CK_RV
1212 C_GetAttributeValue(CK_SESSION_HANDLE hSession,
1213 CK_OBJECT_HANDLE hObject,
1214 CK_ATTRIBUTE_PTR pTemplate,
1215 CK_ULONG ulCount)
1216 {
1217 CK_RV rv;
1218 ST_SESSION_T rSession;
1219
1220 if (API_Initialized() == FALSE) {
1221 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1222 }
1223 if (! pTemplate) {
1224 return (CKR_TEMPLATE_INCOMPLETE);
1225 }
1226 if (ulCount == 0) {
1227 return (CKR_TEMPLATE_INCOMPLETE);
1228 }
1229 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1230 return (CKR_SESSION_HANDLE_INVALID);
1231 }
1232 if (FuncList.ST_GetAttributeValue) {
1233 rv = FuncList.ST_GetAttributeValue(rSession, hObject,
1234 pTemplate, ulCount);
1235 } else {
1236 rv = CKR_FUNCTION_NOT_SUPPORTED;
1237 }
1238 return (rv);
1239 }
1240
1241 CK_RV
1242 C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList)
1243 {
1244 PK11_Functions.version.major = VERSION_MAJOR;
1245 PK11_Functions.version.minor = VERSION_MINOR;
1246 PK11_Functions.C_Initialize = C_Initialize;
1247 PK11_Functions.C_Finalize = C_Finalize;
1248 PK11_Functions.C_GetInfo = C_GetInfo;
1249 PK11_Functions.C_GetFunctionList = C_GetFunctionList;
1250 PK11_Functions.C_GetSlotList = C_GetSlotList;
1251 PK11_Functions.C_GetSlotInfo = C_GetSlotInfo;
1252 PK11_Functions.C_GetTokenInfo = C_GetTokenInfo;
1253 PK11_Functions.C_GetMechanismList = C_GetMechanismList;
1254 PK11_Functions.C_GetMechanismInfo = C_GetMechanismInfo;
1255 PK11_Functions.C_InitToken = C_InitToken;
1256 PK11_Functions.C_InitPIN = C_InitPIN;
1257 PK11_Functions.C_SetPIN = C_SetPIN;
1258 PK11_Functions.C_OpenSession = C_OpenSession;
1259 PK11_Functions.C_CloseSession = C_CloseSession;
1260 PK11_Functions.C_CloseAllSessions = C_CloseAllSessions;
1261 PK11_Functions.C_GetSessionInfo = C_GetSessionInfo;
1262 PK11_Functions.C_GetOperationState = C_GetOperationState;
1263 PK11_Functions.C_SetOperationState = C_SetOperationState;
1264 PK11_Functions.C_Login = C_Login;
1265 PK11_Functions.C_Logout = C_Logout;
1266 PK11_Functions.C_CreateObject = C_CreateObject;
1267 PK11_Functions.C_CopyObject = C_CopyObject;
1268 PK11_Functions.C_DestroyObject = C_DestroyObject;
1269 PK11_Functions.C_GetObjectSize = C_GetObjectSize;
1270 PK11_Functions.C_GetAttributeValue = C_GetAttributeValue;
1271 PK11_Functions.C_SetAttributeValue = C_SetAttributeValue;
1272 PK11_Functions.C_FindObjectsInit = C_FindObjectsInit;
1273 PK11_Functions.C_FindObjects = C_FindObjects;
1274 PK11_Functions.C_FindObjectsFinal = C_FindObjectsFinal;
1275 PK11_Functions.C_EncryptInit = C_EncryptInit;
1276 PK11_Functions.C_Encrypt = C_Encrypt;
1277 PK11_Functions.C_EncryptUpdate = C_EncryptUpdate;
1278 PK11_Functions.C_EncryptFinal = C_EncryptFinal;
1279 PK11_Functions.C_DecryptInit = C_DecryptInit;
1280 PK11_Functions.C_Decrypt = C_Decrypt;
1281 PK11_Functions.C_DecryptUpdate = C_DecryptUpdate;
1282 PK11_Functions.C_DecryptFinal = C_DecryptFinal;
1283 PK11_Functions.C_DigestInit = C_DigestInit;
1284 PK11_Functions.C_Digest = C_Digest;
1285 PK11_Functions.C_DigestUpdate = C_DigestUpdate;
1286 PK11_Functions.C_DigestKey = C_DigestKey;
1287 PK11_Functions.C_DigestFinal = C_DigestFinal;
1288 PK11_Functions.C_SignInit = C_SignInit;
1289 PK11_Functions.C_Sign = C_Sign;
1290 PK11_Functions.C_SignUpdate = C_SignUpdate;
1291 PK11_Functions.C_SignFinal = C_SignFinal;
1292 PK11_Functions.C_SignRecoverInit = C_SignRecoverInit;
1293 PK11_Functions.C_SignRecover = C_SignRecover;
1294 PK11_Functions.C_VerifyInit = C_VerifyInit;
1295 PK11_Functions.C_Verify = C_Verify;
1296 PK11_Functions.C_VerifyUpdate = C_VerifyUpdate;
1297 PK11_Functions.C_VerifyFinal = C_VerifyFinal;
1298 PK11_Functions.C_VerifyRecoverInit = C_VerifyRecoverInit;
1299 PK11_Functions.C_VerifyRecover = C_VerifyRecover;
1300 PK11_Functions.C_DigestEncryptUpdate = C_DigestEncryptUpdate;
1301 PK11_Functions.C_DecryptDigestUpdate = C_DecryptDigestUpdate;
1302 PK11_Functions.C_SignEncryptUpdate = C_SignEncryptUpdate;
1303 PK11_Functions.C_DecryptVerifyUpdate = C_DecryptVerifyUpdate;
1304 PK11_Functions.C_GenerateKey = C_GenerateKey;
1305 PK11_Functions.C_GenerateKeyPair = C_GenerateKeyPair;
1306 PK11_Functions.C_WrapKey = C_WrapKey;
1307 PK11_Functions.C_UnwrapKey = C_UnwrapKey;
1308 PK11_Functions.C_DeriveKey = C_DeriveKey;
1309 PK11_Functions.C_SeedRandom = C_SeedRandom;
1310 PK11_Functions.C_GenerateRandom = C_GenerateRandom;
1311 PK11_Functions.C_GetFunctionStatus = C_GetFunctionStatus;
1312 PK11_Functions.C_CancelFunction = C_CancelFunction;
1313 PK11_Functions.C_WaitForSlotEvent = C_WaitForSlotEvent;
1314 if (ppFunctionList) {
1315 (*ppFunctionList) = &PK11_Functions;
1316 return (CKR_OK);
1317 } else {
1318 return (CKR_ARGUMENTS_BAD);
1319 }
1320 }
1321
1322 /*ARGSUSED*/
1323 CK_RV
1324 C_GetFunctionStatus(CK_SESSION_HANDLE hSession)
1325 {
1326 if (API_Initialized() == FALSE) {
1327 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1328 }
1329 return (CKR_FUNCTION_NOT_PARALLEL); // PER Specification PG 170
1330 }
1331
1332 CK_RV
1333 C_GetInfo(CK_INFO_PTR pInfo)
1334 {
1335 TOKEN_DATA td;
1336 TSS_HCONTEXT hContext;
1337
1338 if (! API_Initialized()) {
1339 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1340 }
1341 if (! pInfo) {
1342 return (CKR_FUNCTION_FAILED);
1343 }
1344 (void) memset(pInfo, 0, sizeof (*pInfo));
1345 pInfo->cryptokiVersion.major = 2;
1346 pInfo->cryptokiVersion.minor = 20;
1347
1348 if (open_tss_context(&hContext) == 0) {
1349 /*
1350 * Only populate the TPM info if we can establish
1351 * a context, but don't return failure because
1352 * the framework needs to know some of the info.
1353 */
1354 (void) token_get_tpm_info(hContext, &td);
1355
1356 (void) Tspi_Context_Close(hContext);
1357
1358 (void) memcpy(pInfo->manufacturerID,
1359 &(td.token_info.manufacturerID),
1360 sizeof (pInfo->manufacturerID) - 1);
1361
1362 pInfo->flags = td.token_info.flags;
1363 }
1364 (void) strcpy((char *)pInfo->libraryDescription,
1365 "PKCS11 Interface for TPM");
1366
1367 pInfo->libraryVersion.major = 1;
1368 pInfo->libraryVersion.minor = 0;
1369
1370 return (CKR_OK);
1371 }
1372
1373 CK_RV
1374 C_GetMechanismInfo(CK_SLOT_ID slotID,
1375 CK_MECHANISM_TYPE type,
1376 CK_MECHANISM_INFO_PTR pInfo)
1377 {
1378 CK_RV rv;
1379 if (API_Initialized() == FALSE)
1380 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1381
1382 if (!global_shm->token_available || (slotID > NUMBER_SLOTS_MANAGED))
1383 return (CKR_SLOT_ID_INVALID);
1384
1385 if (FuncList.ST_GetMechanismInfo) {
1386 rv = FuncList.ST_GetMechanismInfo(slotID, type, pInfo);
1387 } else {
1388 rv = CKR_FUNCTION_NOT_SUPPORTED;
1389 }
1390 return (rv);
1391 }
1392
1393 CK_RV
1394 C_GetMechanismList(CK_SLOT_ID slotID,
1395 CK_MECHANISM_TYPE_PTR pMechanismList,
1396 CK_ULONG_PTR pulCount)
1397 {
1398 CK_RV rv;
1399
1400 if (API_Initialized() == FALSE)
1401 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1402
1403 if (! pulCount)
1404 return (CKR_ARGUMENTS_BAD);
1405
1406 if (!global_shm->token_available || (slotID > NUMBER_SLOTS_MANAGED))
1407 return (CKR_SLOT_ID_INVALID);
1408
1409 if (FuncList.ST_GetMechanismList) {
1410 rv = FuncList.ST_GetMechanismList(slotID,
1411 pMechanismList, pulCount);
1412 } else {
1413 rv = CKR_FUNCTION_NOT_SUPPORTED;
1414 }
1415 if (rv == CKR_OK) {
1416 if (pMechanismList) {
1417 unsigned long i;
1418 for (i = 0; i < *pulCount; i++) {
1419 logit(LOG_DEBUG, "Mechanism[%d] 0x%08X ",
1420 i, pMechanismList[i]);
1421 }
1422 }
1423 }
1424 return (rv);
1425 }
1426
1427 CK_RV
1428 C_GetObjectSize(CK_SESSION_HANDLE hSession,
1429 CK_OBJECT_HANDLE hObject,
1430 CK_ULONG_PTR pulSize)
1431 {
1432 CK_RV rv;
1433 ST_SESSION_T rSession;
1434
1435 if (API_Initialized() == FALSE) {
1436 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1437 }
1438 if (! pulSize) {
1439 return (CKR_ARGUMENTS_BAD);
1440 }
1441 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1442 return (CKR_SESSION_HANDLE_INVALID);
1443 }
1444 if (FuncList.ST_GetObjectSize) {
1445 rv = FuncList.ST_GetObjectSize(rSession, hObject, pulSize);
1446 } else {
1447 rv = CKR_FUNCTION_NOT_SUPPORTED;
1448 }
1449 return (rv);
1450 }
1451
1452 CK_RV
1453 C_GetOperationState(CK_SESSION_HANDLE hSession,
1454 CK_BYTE_PTR pOperationState,
1455 CK_ULONG_PTR pulOperationStateLen)
1456 {
1457 CK_RV rv;
1458 ST_SESSION_T rSession;
1459
1460 if (API_Initialized() == FALSE) {
1461 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1462 }
1463 if (! pulOperationStateLen) {
1464 return (CKR_ARGUMENTS_BAD);
1465 }
1466 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1467 return (CKR_SESSION_HANDLE_INVALID);
1468 }
1469 if (FuncList.ST_GetOperationState) {
1470 rv = FuncList.ST_GetOperationState(rSession,
1471 pOperationState, pulOperationStateLen);
1472 } else {
1473 rv = CKR_FUNCTION_NOT_SUPPORTED;
1474 }
1475 return (rv);
1476 }
1477
1478 CK_RV
1479 C_GetSessionInfo(CK_SESSION_HANDLE hSession,
1480 CK_SESSION_INFO_PTR pInfo)
1481 {
1482 CK_RV rv;
1483 ST_SESSION_T rSession;
1484
1485 if (API_Initialized() == FALSE) {
1486 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1487 }
1488 if (! pInfo) {
1489 return (CKR_ARGUMENTS_BAD);
1490 }
1491 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1492 return (CKR_SESSION_HANDLE_INVALID);
1493 }
1494 if (FuncList.ST_GetSessionInfo) {
1495 rv = FuncList.ST_GetSessionInfo(rSession, pInfo);
1496 } else {
1497 rv = CKR_FUNCTION_NOT_SUPPORTED;
1498 }
1499 return (rv);
1500 }
1501
1502 CK_RV
1503 C_GetSlotInfo(CK_SLOT_ID slotID,
1504 CK_SLOT_INFO_PTR pInfo)
1505 {
1506 if (API_Initialized() == FALSE)
1507 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1508
1509 if (!pInfo)
1510 return (CKR_FUNCTION_FAILED);
1511
1512 if (!global_shm->token_available || (slotID > NUMBER_SLOTS_MANAGED))
1513 return (CKR_SLOT_ID_INVALID);
1514
1515 copy_slot_info(slotID, pInfo);
1516 return (CKR_OK);
1517 }
1518
1519 /*ARGSUSED*/
1520 CK_RV
1521 C_GetSlotList(CK_BBOOL tokenPresent,
1522 CK_SLOT_ID_PTR pSlotList,
1523 CK_ULONG_PTR pulCount)
1524 {
1525 CK_ULONG count;
1526 CK_SLOT_INFO slotInfo;
1527
1528 if (API_Initialized() == FALSE)
1529 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1530
1531 if (pulCount == NULL)
1532 return (CKR_FUNCTION_FAILED);
1533
1534 count = 0;
1535 /*
1536 * If we can't talk to the TPM, present no slots
1537 */
1538 if (!global_shm->token_available) {
1539 *pulCount = 0;
1540 return (CKR_OK);
1541 }
1542
1543 copy_slot_info(TPM_SLOTID, &slotInfo);
1544 if ((slotInfo.flags & CKF_TOKEN_PRESENT))
1545 count++;
1546
1547 *pulCount = count;
1548
1549 if (pSlotList == NULL) {
1550 return (CKR_OK);
1551 } else {
1552 if (*pulCount < count)
1553 return (CKR_BUFFER_TOO_SMALL);
1554 pSlotList[0] = TPM_SLOTID;
1555 }
1556 return (CKR_OK);
1557 }
1558
1559 CK_RV
1560 C_GetTokenInfo(CK_SLOT_ID slotID,
1561 CK_TOKEN_INFO_PTR pInfo)
1562 {
1563 CK_RV rv;
1564
1565 if (API_Initialized() == FALSE)
1566 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1567
1568 if (!pInfo)
1569 return (CKR_ARGUMENTS_BAD);
1570
1571 if (!global_shm->token_available || (slotID > NUMBER_SLOTS_MANAGED))
1572 return (CKR_SLOT_ID_INVALID);
1573
1574 slotID = TPM_SLOTID;
1575 if (FuncList.ST_GetTokenInfo) {
1576 rv = FuncList.ST_GetTokenInfo(slotID, pInfo);
1577 } else {
1578 rv = CKR_FUNCTION_NOT_SUPPORTED;
1579 }
1580 return (rv);
1581 }
1582
1583 CK_RV
1584 C_Initialize(CK_VOID_PTR pVoid)
1585 {
1586 CK_RV rv = CKR_OK;
1587 CK_C_INITIALIZE_ARGS *pArg;
1588 extern CK_RV ST_Initialize(void *,
1589 CK_SLOT_ID, unsigned char *);
1590
1591 (void) pthread_mutex_lock(&global_mutex);
1592 if (! Anchor) {
1593 Anchor = (API_Proc_Struct_t *)malloc(
1594 sizeof (API_Proc_Struct_t));
1595 if (Anchor == NULL) {
1596 (void) pthread_mutex_unlock(&global_mutex);
1597 return (CKR_HOST_MEMORY);
1598 }
1599 } else {
1600 (void) pthread_mutex_unlock(&global_mutex);
1601 return (CKR_CRYPTOKI_ALREADY_INITIALIZED);
1602 }
1603 /*
1604 * if pVoid is NULL, then everything is OK. The applicaiton
1605 * will not be doing multi thread accesses. We can use the OS
1606 * locks anyhow.
1607 */
1608 if (pVoid != NULL) {
1609 int supplied_ok;
1610 pArg = (CK_C_INITIALIZE_ARGS *)pVoid;
1611
1612 /*
1613 * ALL supplied function pointers need to have the value
1614 * either NULL or no - NULL.
1615 */
1616 supplied_ok = (pArg->CreateMutex == NULL &&
1617 pArg->DestroyMutex == NULL &&
1618 pArg->LockMutex == NULL &&
1619 pArg->UnlockMutex == NULL) ||
1620 (pArg->CreateMutex != NULL &&
1621 pArg->DestroyMutex != NULL &&
1622 pArg->LockMutex != NULL &&
1623 pArg->UnlockMutex != NULL);
1624
1625 if (!supplied_ok) {
1626 (void) pthread_mutex_unlock(&global_mutex);
1627 return (CKR_ARGUMENTS_BAD);
1628 }
1629 /* Check for a pReserved set */
1630 if (pArg->pReserved != NULL) {
1631 free(Anchor);
1632 Anchor = NULL;
1633 (void) pthread_mutex_unlock(&global_mutex);
1634 return (CKR_ARGUMENTS_BAD);
1635 }
1636 /*
1637 * When the CKF_OS_LOCKING_OK flag isn't set and mutex
1638 * function pointers are supplied by an application,
1639 * return (an error. We must be able to use our own primitives.
1640 */
1641 if (!(pArg->flags & CKF_OS_LOCKING_OK) &&
1642 (pArg->CreateMutex != NULL)) {
1643 (void) pthread_mutex_unlock(&global_mutex);
1644 return (CKR_CANT_LOCK);
1645 }
1646 }
1647 (void) memset((char *)Anchor, 0, sizeof (API_Proc_Struct_t));
1648 (void) pthread_mutex_init(&(Anchor->ProcMutex), NULL);
1649 (void) pthread_mutex_init(&(Anchor->SessListMutex), NULL);
1650 Anchor->Pid = getpid();
1651
1652 rv = ST_Initialize((void *)&FuncList, 0, NULL);
1653 (void) pthread_mutex_unlock(&global_mutex);
1654 return (rv);
1655 }
1656
1657 CK_RV
1658 C_InitPIN(CK_SESSION_HANDLE hSession,
1659 CK_CHAR_PTR pPin,
1660 CK_ULONG ulPinLen)
1661 {
1662 CK_RV rv;
1663 ST_SESSION_T rSession;
1664
1665 if (API_Initialized() == FALSE)
1666 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1667
1668 if (! pPin && ulPinLen)
1669 return (CKR_ARGUMENTS_BAD);
1670
1671 if (! Valid_Session((Session_Struct_t *)hSession, &rSession))
1672 return (CKR_SESSION_HANDLE_INVALID);
1673
1674 if (rSession.slotID > NUMBER_SLOTS_MANAGED)
1675 return (CKR_SLOT_ID_INVALID);
1676
1677 if (FuncList.ST_InitPIN)
1678 rv = FuncList.ST_InitPIN(rSession, pPin, ulPinLen);
1679 else
1680 rv = CKR_FUNCTION_NOT_SUPPORTED;
1681
1682 return (rv);
1683 }
1684
1685 CK_RV
1686 C_InitToken(CK_SLOT_ID slotID,
1687 CK_CHAR_PTR pPin,
1688 CK_ULONG ulPinLen,
1689 CK_CHAR_PTR pLabel)
1690 {
1691 CK_RV rv;
1692
1693 if (API_Initialized() == FALSE)
1694 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1695
1696 if (! pPin && ulPinLen)
1697 return (CKR_ARGUMENTS_BAD);
1698
1699 if (! pLabel)
1700 return (CKR_ARGUMENTS_BAD);
1701
1702 if (!global_shm->token_available)
1703 return (CKR_SLOT_ID_INVALID);
1704
1705 if (FuncList.ST_InitToken)
1706 rv = FuncList.ST_InitToken(slotID, pPin, ulPinLen, pLabel);
1707 else
1708 rv = CKR_FUNCTION_NOT_SUPPORTED;
1709
1710 return (rv);
1711 }
1712
1713 CK_RV
1714 C_Login(CK_SESSION_HANDLE hSession,
1715 CK_USER_TYPE userType,
1716 CK_CHAR_PTR pPin,
1717 CK_ULONG ulPinLen)
1718 {
1719 CK_RV rv;
1720 ST_SESSION_T rSession;
1721
1722 if (API_Initialized() == FALSE) {
1723 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1724 }
1725 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1726 return (CKR_SESSION_HANDLE_INVALID);
1727 }
1728 if (FuncList.ST_Login) {
1729 rv = FuncList.ST_Login(rSession, userType, pPin, ulPinLen);
1730 } else {
1731 rv = CKR_FUNCTION_NOT_SUPPORTED;
1732 }
1733 return (rv);
1734 }
1735
1736 CK_RV
1737 C_Logout(CK_SESSION_HANDLE hSession)
1738 {
1739 CK_RV rv;
1740 ST_SESSION_T rSession;
1741
1742 if (API_Initialized() == FALSE) {
1743 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1744 }
1745 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1746 return (CKR_SESSION_HANDLE_INVALID);
1747 }
1748 if (FuncList.ST_Logout) {
1749 rv = FuncList.ST_Logout(rSession);
1750 } else {
1751 rv = CKR_FUNCTION_NOT_SUPPORTED;
1752 }
1753 return (rv);
1754 }
1755
1756 /*ARGSUSED*/
1757 CK_RV
1758 C_OpenSession(
1759 CK_SLOT_ID slotID,
1760 CK_FLAGS flags,
1761 CK_VOID_PTR pApplication,
1762 CK_NOTIFY Notify,
1763 CK_SESSION_HANDLE_PTR phSession)
1764 {
1765 CK_RV rv;
1766 Session_Struct_t *apiSessp;
1767
1768 if (API_Initialized() == FALSE)
1769 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1770
1771 if (!global_shm->token_available || (slotID > NUMBER_SLOTS_MANAGED))
1772 return (CKR_SLOT_ID_INVALID);
1773
1774 if (! phSession)
1775 return (CKR_FUNCTION_FAILED);
1776
1777 if ((flags & CKF_SERIAL_SESSION) == 0)
1778 return (CKR_SESSION_PARALLEL_NOT_SUPPORTED);
1779
1780 if ((apiSessp = (Session_Struct_t *)malloc(
1781 sizeof (Session_Struct_t))) == NULL)
1782 return (CKR_HOST_MEMORY);
1783
1784 if (FuncList.ST_OpenSession) {
1785 rv = FuncList.ST_OpenSession(slotID, flags,
1786 &(apiSessp->RealHandle));
1787
1788 if (rv == CKR_OK) {
1789 *phSession = (CK_SESSION_HANDLE)apiSessp;
1790 apiSessp->SltId = slotID;
1791
1792 AddToSessionList(apiSessp);
1793 } else {
1794 free(apiSessp);
1795 }
1796 } else {
1797 rv = CKR_FUNCTION_NOT_SUPPORTED;
1798 }
1799 return (rv);
1800 }
1801
1802 CK_RV
1803 C_SeedRandom(CK_SESSION_HANDLE hSession,
1804 CK_BYTE_PTR pSeed,
1805 CK_ULONG ulSeedLen)
1806 {
1807 CK_RV rv;
1808 ST_SESSION_T rSession;
1809
1810 if (API_Initialized() == FALSE) {
1811 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1812 }
1813 if (! pSeed && ulSeedLen) {
1814 return (CKR_ARGUMENTS_BAD);
1815 }
1816 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1817 return (CKR_SESSION_HANDLE_INVALID);
1818 }
1819 if (FuncList.ST_SeedRandom) {
1820 rv = FuncList.ST_SeedRandom(rSession, pSeed, ulSeedLen);
1821 } else {
1822 rv = CKR_FUNCTION_NOT_SUPPORTED;
1823 }
1824 return (rv);
1825 }
1826
1827 CK_RV
1828 C_SetAttributeValue(CK_SESSION_HANDLE hSession,
1829 CK_OBJECT_HANDLE hObject,
1830 CK_ATTRIBUTE_PTR pTemplate,
1831 CK_ULONG ulCount)
1832 {
1833 CK_RV rv;
1834 ST_SESSION_T rSession;
1835
1836 if (API_Initialized() == FALSE) {
1837 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1838 }
1839 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1840 return (CKR_SESSION_HANDLE_INVALID);
1841 }
1842 if (! pTemplate) {
1843 return (CKR_TEMPLATE_INCOMPLETE);
1844 }
1845 if (! ulCount) {
1846 return (CKR_TEMPLATE_INCOMPLETE);
1847 }
1848 // Get local pointers to session
1849 if (FuncList.ST_SetAttributeValue) {
1850 rv = FuncList.ST_SetAttributeValue(rSession, hObject,
1851 pTemplate, ulCount);
1852 } else {
1853 rv = CKR_FUNCTION_NOT_SUPPORTED;
1854 }
1855 return (rv);
1856 }
1857
1858 CK_RV
1859 C_SetOperationState(CK_SESSION_HANDLE hSession,
1860 CK_BYTE_PTR pOperationState,
1861 CK_ULONG ulOperationStateLen,
1862 CK_OBJECT_HANDLE hEncryptionKey,
1863 CK_OBJECT_HANDLE hAuthenticationKey)
1864 {
1865 CK_RV rv;
1866 ST_SESSION_T rSession;
1867
1868 if (API_Initialized() == FALSE) {
1869 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1870 }
1871 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1872 return (CKR_SESSION_HANDLE_INVALID);
1873 }
1874 if (! pOperationState || ulOperationStateLen == 0) {
1875 return (CKR_ARGUMENTS_BAD);
1876 }
1877 if (FuncList.ST_SetOperationState) {
1878 rv = FuncList.ST_SetOperationState(rSession, pOperationState,
1879 ulOperationStateLen, hEncryptionKey, hAuthenticationKey);
1880 } else {
1881 rv = CKR_FUNCTION_NOT_SUPPORTED;
1882 }
1883 return (rv);
1884 }
1885
1886 CK_RV
1887 C_SetPIN(CK_SESSION_HANDLE hSession,
1888 CK_CHAR_PTR pOldPin,
1889 CK_ULONG ulOldLen,
1890 CK_CHAR_PTR pNewPin,
1891 CK_ULONG ulNewLen)
1892 {
1893 CK_RV rv;
1894 ST_SESSION_T rSession;
1895
1896 if (API_Initialized() == FALSE) {
1897 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1898 }
1899 if (! pOldPin || ! pNewPin)
1900 return (CKR_PIN_INVALID);
1901 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1902 return (CKR_SESSION_HANDLE_INVALID);
1903 }
1904 if (FuncList.ST_SetPIN) {
1905 rv = FuncList.ST_SetPIN(rSession, pOldPin, ulOldLen,
1906 pNewPin, ulNewLen);
1907 } else {
1908 rv = CKR_FUNCTION_NOT_SUPPORTED;
1909 }
1910 return (rv);
1911 }
1912
1913 CK_RV
1914 C_Sign(CK_SESSION_HANDLE hSession,
1915 CK_BYTE_PTR pData,
1916 CK_ULONG ulDataLen,
1917 CK_BYTE_PTR pSignature,
1918 CK_ULONG_PTR pulSignatureLen)
1919 {
1920 CK_RV rv;
1921 ST_SESSION_T rSession;
1922
1923 if (API_Initialized() == FALSE) {
1924 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1925 }
1926 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1927 return (CKR_SESSION_HANDLE_INVALID);
1928 }
1929 if (FuncList.ST_Sign) {
1930 rv = FuncList.ST_Sign(rSession, pData, ulDataLen,
1931 pSignature, pulSignatureLen);
1932 } else {
1933 rv = CKR_FUNCTION_NOT_SUPPORTED;
1934 }
1935 return (rv);
1936 }
1937
1938 CK_RV
1939 C_SignEncryptUpdate(CK_SESSION_HANDLE hSession,
1940 CK_BYTE_PTR pPart,
1941 CK_ULONG ulPartLen,
1942 CK_BYTE_PTR pEncryptedPart,
1943 CK_ULONG_PTR pulEncryptedPartLen)
1944 {
1945 CK_RV rv;
1946 ST_SESSION_T rSession;
1947 if (API_Initialized() == FALSE) {
1948 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1949 }
1950 if (! pPart || ! pulEncryptedPartLen) {
1951 return (CKR_ARGUMENTS_BAD);
1952 }
1953 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1954 return (CKR_SESSION_HANDLE_INVALID);
1955 }
1956 if (FuncList.ST_SignEncryptUpdate) {
1957 rv = FuncList.ST_SignEncryptUpdate(rSession, pPart,
1958 ulPartLen, pEncryptedPart, pulEncryptedPartLen);
1959 } else {
1960 rv = CKR_FUNCTION_NOT_SUPPORTED;
1961 }
1962 return (rv);
1963 }
1964
1965 CK_RV
1966 C_SignFinal(CK_SESSION_HANDLE hSession,
1967 CK_BYTE_PTR pSignature,
1968 CK_ULONG_PTR pulSignatureLen)
1969 {
1970 CK_RV rv;
1971 ST_SESSION_T rSession;
1972
1973 if (API_Initialized() == FALSE) {
1974 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1975 }
1976 if (! pulSignatureLen) {
1977 return (CKR_ARGUMENTS_BAD);
1978 }
1979 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1980 return (CKR_SESSION_HANDLE_INVALID);
1981 }
1982 if (FuncList.ST_SignFinal) {
1983 rv = FuncList.ST_SignFinal(rSession, pSignature,
1984 pulSignatureLen);
1985 } else {
1986 rv = CKR_FUNCTION_NOT_SUPPORTED;
1987 }
1988 return (rv);
1989 }
1990
1991 CK_RV
1992 C_SignInit(CK_SESSION_HANDLE hSession,
1993 CK_MECHANISM_PTR pMechanism,
1994 CK_OBJECT_HANDLE hKey)
1995 {
1996 CK_RV rv;
1997 ST_SESSION_T rSession;
1998
1999 if (API_Initialized() == FALSE) {
2000 return (CKR_CRYPTOKI_NOT_INITIALIZED);
2001 }
2002 if (! pMechanism) {
2003 return (CKR_MECHANISM_INVALID);
2004 }
2005 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
2006 return (CKR_SESSION_HANDLE_INVALID);
2007 }
2008 if (FuncList.ST_SignInit) {
2009 rv = FuncList.ST_SignInit(rSession, pMechanism, hKey);
2010 } else {
2011 rv = CKR_FUNCTION_NOT_SUPPORTED;
2012 }
2013 return (rv);
2014 }
2015
2016 CK_RV
2017 C_SignRecover(CK_SESSION_HANDLE hSession,
2018 CK_BYTE_PTR pData,
2019 CK_ULONG ulDataLen,
2020 CK_BYTE_PTR pSignature,
2021 CK_ULONG_PTR pulSignatureLen)
2022 {
2023 CK_RV rv;
2024 ST_SESSION_T rSession;
2025
2026 if (API_Initialized() == FALSE) {
2027 return (CKR_CRYPTOKI_NOT_INITIALIZED);
2028 }
2029 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
2030 return (CKR_SESSION_HANDLE_INVALID);
2031 }
2032 if (FuncList.ST_SignRecover) {
2033 rv = FuncList.ST_SignRecover(rSession, pData,
2034 ulDataLen, pSignature, pulSignatureLen);
2035 } else {
2036 rv = CKR_FUNCTION_NOT_SUPPORTED;
2037 }
2038 return (rv);
2039 }
2040
2041 CK_RV
2042 C_SignRecoverInit(CK_SESSION_HANDLE hSession,
2043 CK_MECHANISM_PTR pMechanism,
2044 CK_OBJECT_HANDLE hKey)
2045 {
2046 CK_RV rv;
2047 ST_SESSION_T rSession;
2048
2049 if (API_Initialized() == FALSE) {
2050 return (CKR_CRYPTOKI_NOT_INITIALIZED);
2051 }
2052 if (! pMechanism) {
2053 return (CKR_MECHANISM_INVALID);
2054 }
2055 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
2056 return (CKR_SESSION_HANDLE_INVALID);
2057 }
2058 if (FuncList.ST_SignRecoverInit) {
2059 rv = FuncList.ST_SignRecoverInit(rSession, pMechanism, hKey);
2060 } else {
2061 rv = CKR_FUNCTION_NOT_SUPPORTED;
2062 }
2063 return (rv);
2064 }
2065
2066 CK_RV
2067 C_SignUpdate(CK_SESSION_HANDLE hSession,
2068 CK_BYTE_PTR pPart,
2069 CK_ULONG ulPartLen)
2070 {
2071 CK_RV rv;
2072 ST_SESSION_T rSession;
2073
2074 if (API_Initialized() == FALSE) {
2075 return (CKR_CRYPTOKI_NOT_INITIALIZED);
2076 }
2077 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
2078 return (CKR_SESSION_HANDLE_INVALID);
2079 }
2080 if (FuncList.ST_SignUpdate) {
2081 rv = FuncList.ST_SignUpdate(rSession, pPart, ulPartLen);
2082 } else {
2083 rv = CKR_FUNCTION_NOT_SUPPORTED;
2084 }
2085 return (rv);
2086 }
2087
2088 CK_RV
2089 C_UnwrapKey(CK_SESSION_HANDLE hSession,
2090 CK_MECHANISM_PTR pMechanism,
2091 CK_OBJECT_HANDLE hUnwrappingKey,
2092 CK_BYTE_PTR pWrappedKey,
2093 CK_ULONG ulWrappedKeyLen,
2094 CK_ATTRIBUTE_PTR pTemplate,
2095 CK_ULONG ulAttributeCount,
2096 CK_OBJECT_HANDLE_PTR phKey)
2097 {
2098 CK_RV rv;
2099 ST_SESSION_T rSession;
2100
2101 if (API_Initialized() == FALSE) {
2102 return (CKR_CRYPTOKI_NOT_INITIALIZED);
2103 }
2104 if (!pMechanism) {
2105 return (CKR_MECHANISM_INVALID);
2106 }
2107 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
2108 return (CKR_SESSION_HANDLE_INVALID);
2109 }
2110 if (FuncList.ST_UnwrapKey) {
2111 rv = FuncList.ST_UnwrapKey(rSession, pMechanism,
2112 hUnwrappingKey, pWrappedKey, ulWrappedKeyLen,
2113 pTemplate, ulAttributeCount, phKey);
2114 } else {
2115 rv = CKR_FUNCTION_NOT_SUPPORTED;
2116 }
2117 return (rv);
2118 }
2119
2120 CK_RV
2121 C_Verify(CK_SESSION_HANDLE hSession,
2122 CK_BYTE_PTR pData,
2123 CK_ULONG ulDataLen,
2124 CK_BYTE_PTR pSignature,
2125 CK_ULONG ulSignatureLen)
2126 {
2127 CK_RV rv;
2128 ST_SESSION_T rSession;
2129
2130 if (API_Initialized() == FALSE) {
2131 return (CKR_CRYPTOKI_NOT_INITIALIZED);
2132 }
2133 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
2134 return (CKR_SESSION_HANDLE_INVALID);
2135 }
2136 if (FuncList.ST_Verify) {
2137 rv = FuncList.ST_Verify(rSession, pData, ulDataLen,
2138 pSignature, ulSignatureLen);
2139 } else {
2140 rv = CKR_FUNCTION_NOT_SUPPORTED;
2141 }
2142 return (rv);
2143 }
2144
2145 CK_RV
2146 C_VerifyFinal(CK_SESSION_HANDLE hSession,
2147 CK_BYTE_PTR pSignature,
2148 CK_ULONG ulSignatureLen)
2149 {
2150 CK_RV rv;
2151 ST_SESSION_T rSession;
2152
2153 if (API_Initialized() == FALSE) {
2154 return (CKR_CRYPTOKI_NOT_INITIALIZED);
2155 }
2156 if (! pSignature) {
2157 return (CKR_ARGUMENTS_BAD);
2158 }
2159
2160 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
2161 return (CKR_SESSION_HANDLE_INVALID);
2162 }
2163 if (FuncList.ST_VerifyFinal) {
2164 rv = FuncList.ST_VerifyFinal(rSession, pSignature,
2165 ulSignatureLen);
2166 } else {
2167 rv = CKR_FUNCTION_NOT_SUPPORTED;
2168 }
2169 return (rv);
2170 }
2171
2172 CK_RV
2173 C_VerifyInit(CK_SESSION_HANDLE hSession,
2174 CK_MECHANISM_PTR pMechanism,
2175 CK_OBJECT_HANDLE hKey)
2176 {
2177 CK_RV rv;
2178 ST_SESSION_T rSession;
2179
2180 if (API_Initialized() == FALSE) {
2181 return (CKR_CRYPTOKI_NOT_INITIALIZED);
2182 }
2183 if (! pMechanism) {
2184 return (CKR_MECHANISM_INVALID);
2185 }
2186 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
2187 return (CKR_SESSION_HANDLE_INVALID);
2188 }
2189
2190 if (FuncList.ST_VerifyInit) {
2191 rv = FuncList.ST_VerifyInit(rSession, pMechanism, hKey);
2192 } else {
2193 rv = CKR_FUNCTION_NOT_SUPPORTED;
2194 }
2195 return (rv);
2196 }
2197
2198 CK_RV
2199 C_VerifyRecover(CK_SESSION_HANDLE hSession,
2200 CK_BYTE_PTR pSignature,
2201 CK_ULONG ulSignatureLen,
2202 CK_BYTE_PTR pData,
2203 CK_ULONG_PTR pulDataLen)
2204 {
2205 CK_RV rv;
2206 ST_SESSION_T rSession;
2207
2208 if (API_Initialized() == FALSE) {
2209 return (CKR_CRYPTOKI_NOT_INITIALIZED);
2210 }
2211 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
2212 return (CKR_SESSION_HANDLE_INVALID);
2213 }
2214 if (FuncList.ST_VerifyRecover) {
2215 rv = FuncList.ST_VerifyRecover(rSession, pSignature,
2216 ulSignatureLen, pData, pulDataLen);
2217 } else {
2218 rv = CKR_FUNCTION_NOT_SUPPORTED;
2219 }
2220 return (rv);
2221 }
2222
2223 CK_RV
2224 C_VerifyRecoverInit(CK_SESSION_HANDLE hSession,
2225 CK_MECHANISM_PTR pMechanism,
2226 CK_OBJECT_HANDLE hKey)
2227 {
2228 CK_RV rv;
2229 ST_SESSION_T rSession;
2230
2231 if (API_Initialized() == FALSE) {
2232 return (CKR_CRYPTOKI_NOT_INITIALIZED);
2233 }
2234 if (! pMechanism) {
2235 return (CKR_MECHANISM_INVALID);
2236 }
2237 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
2238 return (CKR_SESSION_HANDLE_INVALID);
2239 }
2240 if (FuncList.ST_VerifyRecoverInit) {
2241 rv = FuncList.ST_VerifyRecoverInit(rSession, pMechanism, hKey);
2242 } else {
2243 rv = CKR_FUNCTION_NOT_SUPPORTED;
2244 }
2245 return (rv);
2246 }
2247
2248 CK_RV
2249 C_VerifyUpdate(CK_SESSION_HANDLE hSession,
2250 CK_BYTE_PTR pPart,
2251 CK_ULONG ulPartLen)
2252 {
2253 CK_RV rv;
2254 ST_SESSION_T rSession;
2255
2256 if (API_Initialized() == FALSE) {
2257 return (CKR_CRYPTOKI_NOT_INITIALIZED);
2258 }
2259 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
2260 return (CKR_SESSION_HANDLE_INVALID);
2261 }
2262 if (FuncList.ST_VerifyUpdate) {
2263 rv = FuncList.ST_VerifyUpdate(rSession, pPart, ulPartLen);
2264 } else {
2265 rv = CKR_FUNCTION_NOT_SUPPORTED;
2266 }
2267 return (rv);
2268 }
2269
2270 /*ARGSUSED*/
2271 CK_RV
2272 C_WaitForSlotEvent(CK_FLAGS flags,
2273 CK_SLOT_ID_PTR pSlot,
2274 CK_VOID_PTR pReserved)
2275 {
2276 if (API_Initialized() == FALSE) {
2277 return (CKR_CRYPTOKI_NOT_INITIALIZED);
2278 }
2279 return (CKR_FUNCTION_NOT_SUPPORTED);
2280 }
2281
2282 CK_RV
2283 C_WrapKey(CK_SESSION_HANDLE hSession,
2284 CK_MECHANISM_PTR pMechanism,
2285 CK_OBJECT_HANDLE hWrappingKey,
2286 CK_OBJECT_HANDLE hKey,
2287 CK_BYTE_PTR pWrappedKey,
2288 CK_ULONG_PTR pulWrappedKeyLen)
2289 {
2290 CK_RV rv;
2291 ST_SESSION_T rSession;
2292
2293 if (API_Initialized() == FALSE) {
2294 return (CKR_CRYPTOKI_NOT_INITIALIZED);
2295 }
2296 if (! pMechanism) {
2297 return (CKR_MECHANISM_INVALID);
2298 }
2299 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
2300 return (CKR_SESSION_HANDLE_INVALID);
2301 }
2302 if (FuncList.ST_WrapKey) {
2303 rv = FuncList.ST_WrapKey(rSession, pMechanism, hWrappingKey,
2304 hKey, pWrappedKey, pulWrappedKeyLen);
2305 } else {
2306 rv = CKR_FUNCTION_NOT_SUPPORTED;
2307 }
2308 return (rv);
2309 }
2310
2311 #pragma init(api_init)
2312 #pragma fini(api_fini)
2313
2314 static void
2315 api_init(void)
2316 {
2317 loginit();
2318 if (! Initialized) {
2319 (void) pthread_atfork(tpmtoken_fork_prepare,
2320 tpmtoken_fork_parent, tpmtoken_fork_child);
2321 Initialized = 1;
2322 }
2323 }
2324
2325 static void
2326 api_fini()
2327 {
2328 logterm();
2329 if (API_Initialized() == TRUE) {
2330 (void) do_finalize(NULL);
2331 }
2332 }