Print this page 
9642 PKCS#11 softtoken should use explicit_bzero
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Alex Wilson <alex.wilson@joyent.com>


   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 
  22 /*
  23  * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.

  24  */
  25 
  26 #include <strings.h>
  27 #include <cryptoutil.h>
  28 #include <security/cryptoki.h>
  29 #include <sys/crypto/common.h>
  30 #include <arcfour.h>
  31 #include "softGlobal.h"
  32 #include "softSession.h"
  33 #include <aes_impl.h>
  34 #include <blowfish_impl.h>
  35 #include <des_impl.h>
  36 #include <ecc_impl.h>
  37 #include "softDH.h"
  38 #include "softObject.h"
  39 #include "softKeystore.h"
  40 #include "softKeystoreUtil.h"
  41 
  42 
  43 static CK_MECHANISM_TYPE soft_mechanisms[] = {


 320         /* Make sure the slot ID is valid */
 321         if (slotID != SOFTTOKEN_SLOTID)
 322                 return (CKR_SLOT_ID_INVALID);
 323 
 324         if (pInfo == NULL)
 325                 return (CKR_ARGUMENTS_BAD);
 326 
 327         /*
 328          * It is intentional that we don't forward the error code
 329          * returned from soft_keystore_pin_initialized() to the caller
 330          */
 331         pInfo->flags = SOFT_TOKEN_FLAGS;
 332         if (soft_slot.keystore_load_status == KEYSTORE_UNAVAILABLE) {
 333                 pInfo->flags |= CKF_WRITE_PROTECTED;
 334         } else {
 335                 if ((soft_keystore_pin_initialized(&pin_initialized,
 336                     &ks_cryptpin, B_FALSE) == CKR_OK) && !pin_initialized)
 337                         pInfo->flags |= CKF_USER_PIN_TO_BE_CHANGED;
 338         }
 339 
 340         if (ks_cryptpin)
 341                 free(ks_cryptpin);
 342 



 343         /* Provide information about a token in the provided buffer */
 344         (void) strncpy((char *)pInfo->label, SOFT_TOKEN_LABEL, 32);
 345         (void) strncpy((char *)pInfo->manufacturerID, SOFT_MANUFACTURER_ID, 32);
 346         (void) strncpy((char *)pInfo->model, TOKEN_MODEL, 16);
 347         (void) strncpy((char *)pInfo->serialNumber, SOFT_TOKEN_SERIAL, 16);
 348 
 349         pInfo->ulMaxSessionCount = CK_EFFECTIVELY_INFINITE;
 350         pInfo->ulSessionCount = soft_session_cnt;
 351         pInfo->ulMaxRwSessionCount = CK_EFFECTIVELY_INFINITE;
 352         pInfo->ulRwSessionCount = soft_session_rw_cnt;
 353         pInfo->ulMaxPinLen = MAX_PIN_LEN;
 354         pInfo->ulMinPinLen = MIN_PIN_LEN;
 355         pInfo->ulTotalPublicMemory = CK_UNAVAILABLE_INFORMATION;
 356         pInfo->ulFreePublicMemory = CK_UNAVAILABLE_INFORMATION;
 357         pInfo->ulTotalPrivateMemory = CK_UNAVAILABLE_INFORMATION;
 358         pInfo->ulFreePrivateMemory = CK_UNAVAILABLE_INFORMATION;
 359         pInfo->hardwareVersion.major = HARDWARE_VERSION_MAJOR;
 360         pInfo->hardwareVersion.minor = HARDWARE_VERSION_MINOR;
 361         pInfo->firmwareVersion.major = FIRMWARE_VERSION_MAJOR;
 362         pInfo->firmwareVersion.minor = FIRMWARE_VERSION_MINOR;




   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 
  22 /*
  23  * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
  24  * Copyright 2018, Joyent, Inc.
  25  */
  26 
  27 #include <strings.h>
  28 #include <cryptoutil.h>
  29 #include <security/cryptoki.h>
  30 #include <sys/crypto/common.h>
  31 #include <arcfour.h>
  32 #include "softGlobal.h"
  33 #include "softSession.h"
  34 #include <aes_impl.h>
  35 #include <blowfish_impl.h>
  36 #include <des_impl.h>
  37 #include <ecc_impl.h>
  38 #include "softDH.h"
  39 #include "softObject.h"
  40 #include "softKeystore.h"
  41 #include "softKeystoreUtil.h"
  42 
  43 
  44 static CK_MECHANISM_TYPE soft_mechanisms[] = {


 321         /* Make sure the slot ID is valid */
 322         if (slotID != SOFTTOKEN_SLOTID)
 323                 return (CKR_SLOT_ID_INVALID);
 324 
 325         if (pInfo == NULL)
 326                 return (CKR_ARGUMENTS_BAD);
 327 
 328         /*
 329          * It is intentional that we don't forward the error code
 330          * returned from soft_keystore_pin_initialized() to the caller
 331          */
 332         pInfo->flags = SOFT_TOKEN_FLAGS;
 333         if (soft_slot.keystore_load_status == KEYSTORE_UNAVAILABLE) {
 334                 pInfo->flags |= CKF_WRITE_PROTECTED;
 335         } else {
 336                 if ((soft_keystore_pin_initialized(&pin_initialized,
 337                     &ks_cryptpin, B_FALSE) == CKR_OK) && !pin_initialized)
 338                         pInfo->flags |= CKF_USER_PIN_TO_BE_CHANGED;
 339         }
 340 
 341         if (ks_cryptpin != NULL) {
 342                 size_t cplen = strlen(ks_cryptpin) + 1;
 343 
 344                 freezero(ks_cryptpin, cplen);
 345         }
 346 
 347         /* Provide information about a token in the provided buffer */
 348         (void) strncpy((char *)pInfo->label, SOFT_TOKEN_LABEL, 32);
 349         (void) strncpy((char *)pInfo->manufacturerID, SOFT_MANUFACTURER_ID, 32);
 350         (void) strncpy((char *)pInfo->model, TOKEN_MODEL, 16);
 351         (void) strncpy((char *)pInfo->serialNumber, SOFT_TOKEN_SERIAL, 16);
 352 
 353         pInfo->ulMaxSessionCount = CK_EFFECTIVELY_INFINITE;
 354         pInfo->ulSessionCount = soft_session_cnt;
 355         pInfo->ulMaxRwSessionCount = CK_EFFECTIVELY_INFINITE;
 356         pInfo->ulRwSessionCount = soft_session_rw_cnt;
 357         pInfo->ulMaxPinLen = MAX_PIN_LEN;
 358         pInfo->ulMinPinLen = MIN_PIN_LEN;
 359         pInfo->ulTotalPublicMemory = CK_UNAVAILABLE_INFORMATION;
 360         pInfo->ulFreePublicMemory = CK_UNAVAILABLE_INFORMATION;
 361         pInfo->ulTotalPrivateMemory = CK_UNAVAILABLE_INFORMATION;
 362         pInfo->ulFreePrivateMemory = CK_UNAVAILABLE_INFORMATION;
 363         pInfo->hardwareVersion.major = HARDWARE_VERSION_MAJOR;
 364         pInfo->hardwareVersion.minor = HARDWARE_VERSION_MINOR;
 365         pInfo->firmwareVersion.major = FIRMWARE_VERSION_MAJOR;
 366         pInfo->firmwareVersion.minor = FIRMWARE_VERSION_MINOR;