Print this page
9642 PKCS#11 softtoken should use explicit_bzero
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Alex Wilson <alex.wilson@joyent.com>
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSlotToken.c
+++ new/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSlotToken.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
|
↓ open down ↓ |
13 lines elided |
↑ open up ↑ |
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21
22 22 /*
23 23 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
24 + * Copyright 2018, Joyent, Inc.
24 25 */
25 26
26 27 #include <strings.h>
27 28 #include <cryptoutil.h>
28 29 #include <security/cryptoki.h>
29 30 #include <sys/crypto/common.h>
30 31 #include <arcfour.h>
31 32 #include "softGlobal.h"
32 33 #include "softSession.h"
33 34 #include <aes_impl.h>
34 35 #include <blowfish_impl.h>
35 36 #include <des_impl.h>
36 37 #include <ecc_impl.h>
37 38 #include "softDH.h"
38 39 #include "softObject.h"
39 40 #include "softKeystore.h"
40 41 #include "softKeystoreUtil.h"
41 42
42 43
43 44 static CK_MECHANISM_TYPE soft_mechanisms[] = {
44 45 CKM_DES_CBC,
45 46 CKM_DES_CBC_PAD,
46 47 CKM_DES_ECB,
47 48 CKM_DES_KEY_GEN,
48 49 CKM_DES_MAC_GENERAL,
49 50 CKM_DES_MAC,
50 51 CKM_DES3_CBC,
51 52 CKM_DES3_CBC_PAD,
52 53 CKM_DES3_ECB,
53 54 CKM_DES2_KEY_GEN,
54 55 CKM_DES3_KEY_GEN,
55 56 CKM_AES_CBC,
56 57 CKM_AES_CBC_PAD,
57 58 CKM_AES_CTR,
58 59 CKM_AES_CMAC_GENERAL,
59 60 CKM_AES_CMAC,
60 61 CKM_AES_ECB,
61 62 CKM_AES_KEY_GEN,
62 63 CKM_BLOWFISH_CBC,
63 64 CKM_BLOWFISH_KEY_GEN,
64 65 CKM_SHA_1,
65 66 CKM_SHA_1_HMAC,
66 67 CKM_SHA_1_HMAC_GENERAL,
67 68 CKM_SHA256,
68 69 CKM_SHA256_HMAC,
69 70 CKM_SHA256_HMAC_GENERAL,
70 71 CKM_SHA384,
71 72 CKM_SHA384_HMAC,
72 73 CKM_SHA384_HMAC_GENERAL,
73 74 CKM_SHA512,
74 75 CKM_SHA512_HMAC,
75 76 CKM_SHA512_HMAC_GENERAL,
76 77 CKM_SSL3_SHA1_MAC,
77 78 CKM_MD5,
78 79 CKM_MD5_HMAC,
79 80 CKM_MD5_HMAC_GENERAL,
80 81 CKM_SSL3_MD5_MAC,
81 82 CKM_RC4,
82 83 CKM_RC4_KEY_GEN,
83 84 CKM_DSA,
84 85 CKM_DSA_SHA1,
85 86 CKM_DSA_KEY_PAIR_GEN,
86 87 CKM_RSA_PKCS,
87 88 CKM_RSA_PKCS_KEY_PAIR_GEN,
88 89 CKM_RSA_X_509,
89 90 CKM_MD5_RSA_PKCS,
90 91 CKM_SHA1_RSA_PKCS,
91 92 CKM_SHA256_RSA_PKCS,
92 93 CKM_SHA384_RSA_PKCS,
93 94 CKM_SHA512_RSA_PKCS,
94 95 CKM_DH_PKCS_KEY_PAIR_GEN,
95 96 CKM_DH_PKCS_DERIVE,
96 97 CKM_MD5_KEY_DERIVATION,
97 98 CKM_SHA1_KEY_DERIVATION,
98 99 CKM_SHA256_KEY_DERIVATION,
99 100 CKM_SHA384_KEY_DERIVATION,
100 101 CKM_SHA512_KEY_DERIVATION,
101 102 CKM_PBE_SHA1_RC4_128,
102 103 CKM_PKCS5_PBKD2,
103 104 CKM_SSL3_PRE_MASTER_KEY_GEN,
104 105 CKM_TLS_PRE_MASTER_KEY_GEN,
105 106 CKM_SSL3_MASTER_KEY_DERIVE,
106 107 CKM_TLS_MASTER_KEY_DERIVE,
107 108 CKM_SSL3_MASTER_KEY_DERIVE_DH,
108 109 CKM_TLS_MASTER_KEY_DERIVE_DH,
109 110 CKM_SSL3_KEY_AND_MAC_DERIVE,
110 111 CKM_TLS_KEY_AND_MAC_DERIVE,
111 112 CKM_TLS_PRF,
112 113 CKM_EC_KEY_PAIR_GEN,
113 114 CKM_ECDSA,
114 115 CKM_ECDSA_SHA1,
115 116 CKM_ECDH1_DERIVE
116 117 };
117 118
118 119 /*
119 120 * This is the table of CK_MECHANISM_INFO structs for the supported mechanisms.
120 121 * The index for this table is the same as the one above for the same
121 122 * mechanism.
122 123 * The minimum and maximum sizes of the key for the mechanism can be measured
123 124 * in bits or in bytes (i.e. mechanism-dependent). This table specifies the
124 125 * supported range of key sizes in bytes; unless noted as in bits.
125 126 */
126 127 static CK_MECHANISM_INFO soft_mechanism_info[] = {
127 128 {DES_MINBYTES, DES_MAXBYTES,
128 129 CKF_ENCRYPT|CKF_DECRYPT|
129 130 CKF_WRAP|CKF_UNWRAP}, /* CKM_DES_CBC */
130 131 {DES_MINBYTES, DES_MAXBYTES,
131 132 CKF_ENCRYPT|CKF_DECRYPT|
132 133 CKF_WRAP|CKF_UNWRAP}, /* CKM_DES_CBC_PAD */
133 134 {DES_MINBYTES, DES_MAXBYTES,
134 135 CKF_ENCRYPT|CKF_DECRYPT|
135 136 CKF_WRAP|CKF_UNWRAP}, /* CKM_DES_ECB */
136 137 {DES_MINBYTES, DES_MAXBYTES,
137 138 CKF_GENERATE}, /* CKM_DES_KEY_GEN */
138 139 {DES_MINBYTES, DES_MAXBYTES,
139 140 CKF_SIGN|CKF_VERIFY}, /* CKM_DES_MAC_GENERAL */
140 141 {DES_MINBYTES, DES_MAXBYTES,
141 142 CKF_SIGN|CKF_VERIFY}, /* CKM_DES_MAC */
142 143 {DES3_MINBYTES, DES3_MAXBYTES,
143 144 CKF_ENCRYPT|CKF_DECRYPT|
144 145 CKF_WRAP|CKF_UNWRAP}, /* CKM_DES3_CBC */
145 146 {DES3_MINBYTES, DES3_MAXBYTES,
146 147 CKF_ENCRYPT|CKF_DECRYPT|
147 148 CKF_WRAP|CKF_UNWRAP}, /* CKM_DES3_CBC_PAD */
148 149 {DES3_MINBYTES, DES3_MAXBYTES,
149 150 CKF_ENCRYPT|CKF_DECRYPT|
150 151 CKF_WRAP|CKF_UNWRAP}, /* CKM_DES3_ECB */
151 152 {DES2_MAXBYTES, DES2_MAXBYTES,
152 153 CKF_GENERATE}, /* CKM_DES2_KEY_GEN */
153 154 {DES3_MAXBYTES, DES3_MAXBYTES, /* CKK_DES3 only */
154 155 CKF_GENERATE}, /* CKM_DES3_KEY_GEN */
155 156 {AES_MINBYTES, AES_MAXBYTES,
156 157 CKF_ENCRYPT|CKF_DECRYPT|
157 158 CKF_WRAP|CKF_UNWRAP}, /* CKM_AES_CBC */
158 159 {AES_MINBYTES, AES_MAXBYTES,
159 160 CKF_ENCRYPT|CKF_DECRYPT|
160 161 CKF_WRAP|CKF_UNWRAP}, /* CKM_AES_CBC_PAD */
161 162 {AES_MINBYTES, AES_MAXBYTES,
162 163 CKF_ENCRYPT|CKF_DECRYPT|
163 164 CKF_WRAP|CKF_UNWRAP}, /* CKM_AES_CTR */
164 165 {AES_MINBYTES, AES_MAXBYTES,
165 166 CKF_SIGN|CKF_VERIFY}, /* CKM_AES_CMAC_GENERAL */
166 167 {AES_MINBYTES, AES_MAXBYTES,
167 168 CKF_SIGN|CKF_VERIFY}, /* CKM_AES_CMAC */
168 169 {AES_MINBYTES, AES_MAXBYTES,
169 170 CKF_ENCRYPT|CKF_DECRYPT|
170 171 CKF_WRAP|CKF_UNWRAP}, /* CKM_AES_ECB */
171 172 {AES_MINBYTES, AES_MAXBYTES,
172 173 CKF_GENERATE}, /* CKM_AES_KEY_GEN */
173 174 {BLOWFISH_MINBYTES, BLOWFISH_MAXBYTES,
174 175 CKF_ENCRYPT|CKF_DECRYPT|
175 176 CKF_WRAP|CKF_UNWRAP}, /* CKM_BLOWFISH_ECB */
176 177 {BLOWFISH_MINBYTES, BLOWFISH_MAXBYTES,
177 178 CKF_GENERATE}, /* CKM_BLOWFISH_KEY_GEN */
178 179 {0, 0, CKF_DIGEST}, /* CKM_SHA_1 */
179 180 {1, 64, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA_1_HMAC */
180 181 {1, 64, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA_1_HMAC_GENERAL */
181 182 {0, 0, CKF_DIGEST}, /* CKM_SHA256 */
182 183 {1, 64, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA256_HMAC */
183 184 {1, 64, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA256_HMAC_GENERAL */
184 185 {0, 0, CKF_DIGEST}, /* CKM_SHA384 */
185 186 {1, 128, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA384_HMAC */
186 187 {1, 128, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA384_HMAC_GENERAL */
187 188 {0, 0, CKF_DIGEST}, /* CKM_SHA512 */
188 189 {1, 128, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA512_HMAC */
189 190 {1, 128, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA512_HMAC_GENERAL */
190 191 {1, 512, CKF_SIGN|CKF_VERIFY}, /* CKM_SSL3_SHA1_MAC */
191 192 {0, 0, CKF_DIGEST}, /* CKM_MD5 */
192 193 {1, 64, CKF_SIGN|CKF_VERIFY}, /* CKM_MD5_HMAC */
193 194 {1, 64, CKF_SIGN|CKF_VERIFY}, /* CKM_MD5_HMAC_GENERAL */
194 195 {1, 512, CKF_SIGN|CKF_VERIFY}, /* CKM_SSL3_MD5_MAC */
195 196 {8, ARCFOUR_MAX_KEY_BITS, CKF_ENCRYPT|CKF_DECRYPT}, /* CKM_RC4; */
196 197 /* in bits */
197 198 {8, ARCFOUR_MAX_KEY_BITS, CKF_GENERATE }, /* CKM_RC4_KEY_GEN; in bits */
198 199 {512, 1024, CKF_SIGN|CKF_VERIFY}, /* CKM_DSA; in bits */
199 200 {512, 1024, CKF_SIGN|CKF_VERIFY}, /* CKM_DSA_SHA1; in bits */
200 201 {512, 1024, CKF_GENERATE_KEY_PAIR}, /* CKM_DSA_KEY_PAIR_GEN; */
201 202 /* in bits */
202 203 {256, 4096, CKF_ENCRYPT|CKF_DECRYPT|
203 204 CKF_SIGN|CKF_SIGN_RECOVER|
204 205 CKF_WRAP|CKF_UNWRAP|
205 206 CKF_VERIFY|CKF_VERIFY_RECOVER}, /* CKM_RSA_PKCS; in bits */
206 207 {256, 4096, CKF_GENERATE_KEY_PAIR}, /* CKM_RSA_PKCS_KEY_PAIR_GEN; */
207 208 /* in bits */
208 209 {256, 4096, CKF_ENCRYPT|CKF_DECRYPT|
209 210 CKF_SIGN|CKF_SIGN_RECOVER|
210 211 CKF_WRAP|CKF_UNWRAP|
211 212 CKF_VERIFY|CKF_VERIFY_RECOVER}, /* CKM_RSA_X_509 in bits */
212 213 {256, 4096, CKF_SIGN|CKF_VERIFY}, /* CKM_MD5_RSA_PKCS in bits */
213 214 {256, 4096, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA1_RSA_PKCS in bits */
214 215 {256, 4096, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA256_RSA_PKCS in bits */
215 216 {256, 4096, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA384_RSA_PKCS in bits */
216 217 {256, 4096, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA512_RSA_PKCS in bits */
217 218 {DH_MIN_KEY_LEN, DH_MAX_KEY_LEN, CKF_GENERATE_KEY_PAIR},
218 219 /* CKM_DH_PKCS_KEY_PAIR_GEN */
219 220 /* in bits */
220 221 {DH_MIN_KEY_LEN, DH_MAX_KEY_LEN, CKF_DERIVE},
221 222 /* CKM_DH_PKCS_DERIVE; */
222 223 /* in bits */
223 224 {1, 16, CKF_DERIVE}, /* CKM_MD5_KEY_DERIVATION */
224 225 {1, 20, CKF_DERIVE}, /* CKM_SHA1_KEY_DERIVATION */
225 226 {1, 32, CKF_DERIVE}, /* CKM_SHA256_KEY_DERIVATION */
226 227 {1, 48, CKF_DERIVE}, /* CKM_SHA384_KEY_DERIVATION */
227 228 {1, 64, CKF_DERIVE}, /* CKM_SHA512_KEY_DERIVATION */
228 229 {0, 0, CKF_GENERATE}, /* CKM_PBE_SHA1_RC4_128 */
229 230 {0, 0, CKF_GENERATE}, /* CKM_PKCS5_PBKD2 */
230 231 {48, 48, CKF_GENERATE}, /* CKM_SSL3_PRE_MASTER_KEY_GEN */
231 232 {48, 48, CKF_GENERATE}, /* CKM_TLS_PRE_MASTER_KEY_GEN */
232 233 {48, 48, CKF_DERIVE}, /* CKM_SSL3_MASTER_KEY_DERIVE */
233 234 {48, 48, CKF_DERIVE}, /* CKM_TLS_MASTER_KEY_DERIVE */
234 235 {48, 48, CKF_DERIVE}, /* CKM_SSL3_MASTER_KEY_DERIVE_DH */
235 236 {48, 48, CKF_DERIVE}, /* CKM_TLS_MASTER_KEY_DERIVE_DH */
236 237 {0, 0, CKF_DERIVE}, /* CKM_SSL3_KEY_AND_MAC_DERIVE */
237 238 {0, 0, CKF_DERIVE}, /* CKM_TLS_KEY_AND_MAC_DERIVE */
238 239 {0, 0, CKF_DERIVE}, /* CKM_TLS_PRF */
239 240 {EC_MIN_KEY_LEN, EC_MAX_KEY_LEN, CKF_GENERATE_KEY_PAIR},
240 241 {EC_MIN_KEY_LEN, EC_MAX_KEY_LEN, CKF_SIGN|CKF_VERIFY},
241 242 {EC_MIN_KEY_LEN, EC_MAX_KEY_LEN, CKF_SIGN|CKF_VERIFY},
242 243 {EC_MIN_KEY_LEN, EC_MAX_KEY_LEN, CKF_DERIVE}
243 244 };
244 245
245 246 /*
246 247 * Slot ID for softtoken is always 1. tokenPresent is ignored.
247 248 * Also, only one slot is used.
248 249 */
249 250 /*ARGSUSED*/
250 251 CK_RV
251 252 C_GetSlotList(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList,
252 253 CK_ULONG_PTR pulCount)
253 254 {
254 255
255 256 CK_RV rv;
256 257
257 258 if (!softtoken_initialized)
258 259 return (CKR_CRYPTOKI_NOT_INITIALIZED);
259 260
260 261 if (pulCount == NULL) {
261 262 return (CKR_ARGUMENTS_BAD);
262 263 }
263 264
264 265 if (pSlotList == NULL) {
265 266 /*
266 267 * Application only wants to know the number of slots.
267 268 */
268 269 *pulCount = 1;
269 270 return (CKR_OK);
270 271 }
271 272
272 273 if ((*pulCount < 1) && (pSlotList != NULL)) {
273 274 rv = CKR_BUFFER_TOO_SMALL;
274 275 } else {
275 276 pSlotList[0] = SOFTTOKEN_SLOTID;
276 277 rv = CKR_OK;
277 278 }
278 279
279 280 *pulCount = 1;
280 281 return (rv);
281 282 }
282 283
283 284
284 285 CK_RV
285 286 C_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
286 287 {
287 288
288 289 if (!softtoken_initialized)
289 290 return (CKR_CRYPTOKI_NOT_INITIALIZED);
290 291
291 292 if (pInfo == NULL)
292 293 return (CKR_ARGUMENTS_BAD);
293 294
294 295 /* Make sure the slot ID is valid */
295 296 if (slotID != SOFTTOKEN_SLOTID)
296 297 return (CKR_SLOT_ID_INVALID);
297 298
298 299 /* Provide information about the slot in the provided buffer */
299 300 (void) strncpy((char *)pInfo->slotDescription, SOFT_SLOT_DESCRIPTION,
300 301 64);
301 302 (void) strncpy((char *)pInfo->manufacturerID, SOFT_MANUFACTURER_ID, 32);
302 303 pInfo->flags = CKF_TOKEN_PRESENT;
303 304 pInfo->hardwareVersion.major = HARDWARE_VERSION_MAJOR;
304 305 pInfo->hardwareVersion.minor = HARDWARE_VERSION_MINOR;
305 306 pInfo->firmwareVersion.major = FIRMWARE_VERSION_MAJOR;
306 307 pInfo->firmwareVersion.minor = FIRMWARE_VERSION_MINOR;
307 308
308 309 return (CKR_OK);
309 310 }
310 311
311 312 CK_RV
312 313 C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
313 314 {
314 315 boolean_t pin_initialized = B_FALSE;
315 316 char *ks_cryptpin = NULL;
316 317
317 318 if (!softtoken_initialized)
318 319 return (CKR_CRYPTOKI_NOT_INITIALIZED);
319 320
320 321 /* Make sure the slot ID is valid */
321 322 if (slotID != SOFTTOKEN_SLOTID)
322 323 return (CKR_SLOT_ID_INVALID);
323 324
324 325 if (pInfo == NULL)
325 326 return (CKR_ARGUMENTS_BAD);
326 327
327 328 /*
328 329 * It is intentional that we don't forward the error code
329 330 * returned from soft_keystore_pin_initialized() to the caller
|
↓ open down ↓ |
296 lines elided |
↑ open up ↑ |
330 331 */
331 332 pInfo->flags = SOFT_TOKEN_FLAGS;
332 333 if (soft_slot.keystore_load_status == KEYSTORE_UNAVAILABLE) {
333 334 pInfo->flags |= CKF_WRITE_PROTECTED;
334 335 } else {
335 336 if ((soft_keystore_pin_initialized(&pin_initialized,
336 337 &ks_cryptpin, B_FALSE) == CKR_OK) && !pin_initialized)
337 338 pInfo->flags |= CKF_USER_PIN_TO_BE_CHANGED;
338 339 }
339 340
340 - if (ks_cryptpin)
341 - free(ks_cryptpin);
341 + if (ks_cryptpin != NULL) {
342 + size_t cplen = strlen(ks_cryptpin) + 1;
342 343
344 + freezero(ks_cryptpin, cplen);
345 + }
346 +
343 347 /* Provide information about a token in the provided buffer */
344 348 (void) strncpy((char *)pInfo->label, SOFT_TOKEN_LABEL, 32);
345 349 (void) strncpy((char *)pInfo->manufacturerID, SOFT_MANUFACTURER_ID, 32);
346 350 (void) strncpy((char *)pInfo->model, TOKEN_MODEL, 16);
347 351 (void) strncpy((char *)pInfo->serialNumber, SOFT_TOKEN_SERIAL, 16);
348 352
349 353 pInfo->ulMaxSessionCount = CK_EFFECTIVELY_INFINITE;
350 354 pInfo->ulSessionCount = soft_session_cnt;
351 355 pInfo->ulMaxRwSessionCount = CK_EFFECTIVELY_INFINITE;
352 356 pInfo->ulRwSessionCount = soft_session_rw_cnt;
353 357 pInfo->ulMaxPinLen = MAX_PIN_LEN;
354 358 pInfo->ulMinPinLen = MIN_PIN_LEN;
355 359 pInfo->ulTotalPublicMemory = CK_UNAVAILABLE_INFORMATION;
356 360 pInfo->ulFreePublicMemory = CK_UNAVAILABLE_INFORMATION;
357 361 pInfo->ulTotalPrivateMemory = CK_UNAVAILABLE_INFORMATION;
358 362 pInfo->ulFreePrivateMemory = CK_UNAVAILABLE_INFORMATION;
359 363 pInfo->hardwareVersion.major = HARDWARE_VERSION_MAJOR;
360 364 pInfo->hardwareVersion.minor = HARDWARE_VERSION_MINOR;
361 365 pInfo->firmwareVersion.major = FIRMWARE_VERSION_MAJOR;
362 366 pInfo->firmwareVersion.minor = FIRMWARE_VERSION_MINOR;
363 367 (void) memset(pInfo->utcTime, ' ', 16);
364 368
365 369 return (CKR_OK);
366 370 }
367 371
368 372 /*ARGSUSED*/
369 373 CK_RV
370 374 C_WaitForSlotEvent(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot, CK_VOID_PTR pReserved)
371 375 {
372 376 if (!softtoken_initialized)
373 377 return (CKR_CRYPTOKI_NOT_INITIALIZED);
374 378
375 379 /*
376 380 * This is currently not implemented, however we could cause this
377 381 * to wait for the token files to appear if soft_token_present is
378 382 * false.
379 383 * However there is currently no polite and portable way to do that
380 384 * because we might not even be able to get to an fd to the
381 385 * parent directory, so instead we don't support any slot events.
382 386 */
383 387 return (CKR_FUNCTION_NOT_SUPPORTED);
384 388 }
385 389
386 390
387 391 CK_RV
388 392 C_GetMechanismList(CK_SLOT_ID slotID, CK_MECHANISM_TYPE_PTR pMechanismList,
389 393 CK_ULONG_PTR pulCount)
390 394 {
391 395
392 396 ulong_t i;
393 397 ulong_t mechnum;
394 398
395 399 if (!softtoken_initialized)
396 400 return (CKR_CRYPTOKI_NOT_INITIALIZED);
397 401
398 402 if (slotID != SOFTTOKEN_SLOTID)
399 403 return (CKR_SLOT_ID_INVALID);
400 404
401 405 mechnum = sizeof (soft_mechanisms) / sizeof (CK_MECHANISM_TYPE);
402 406
403 407 if (pMechanismList == NULL) {
404 408 /*
405 409 * Application only wants to know the number of
406 410 * supported mechanism types.
407 411 */
408 412 *pulCount = mechnum;
409 413 return (CKR_OK);
410 414 }
411 415
412 416 if (*pulCount < mechnum) {
413 417 *pulCount = mechnum;
414 418 return (CKR_BUFFER_TOO_SMALL);
415 419 }
416 420
417 421 for (i = 0; i < mechnum; i++) {
418 422 pMechanismList[i] = soft_mechanisms[i];
419 423 }
420 424
421 425 *pulCount = mechnum;
422 426
423 427 return (CKR_OK);
424 428 }
425 429
426 430
427 431 CK_RV
428 432 C_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type,
429 433 CK_MECHANISM_INFO_PTR pInfo)
430 434 {
431 435
432 436 ulong_t i;
433 437 ulong_t mechnum;
434 438
435 439 if (!softtoken_initialized)
436 440 return (CKR_CRYPTOKI_NOT_INITIALIZED);
437 441
438 442 if (slotID != SOFTTOKEN_SLOTID)
439 443 return (CKR_SLOT_ID_INVALID);
440 444
441 445 if (pInfo == NULL) {
442 446 return (CKR_ARGUMENTS_BAD);
443 447 }
444 448
445 449 mechnum = sizeof (soft_mechanisms) / sizeof (CK_MECHANISM_TYPE);
446 450 for (i = 0; i < mechnum; i++) {
447 451 if (soft_mechanisms[i] == type)
448 452 break;
449 453 }
450 454
451 455 if (i == mechnum)
452 456 /* unsupported mechanism */
453 457 return (CKR_MECHANISM_INVALID);
454 458
455 459 pInfo->ulMinKeySize = soft_mechanism_info[i].ulMinKeySize;
456 460 pInfo->ulMaxKeySize = soft_mechanism_info[i].ulMaxKeySize;
457 461 pInfo->flags = soft_mechanism_info[i].flags;
458 462
459 463 return (CKR_OK);
460 464 }
461 465
462 466
463 467 /*ARGSUSED*/
464 468 CK_RV
465 469 C_InitToken(CK_SLOT_ID slotID, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen,
466 470 CK_UTF8CHAR_PTR pLabel)
467 471 {
468 472 if (!softtoken_initialized)
469 473 return (CKR_CRYPTOKI_NOT_INITIALIZED);
470 474
471 475 if (create_keystore() != 0)
472 476 return (CKR_FUNCTION_FAILED);
473 477
474 478 return (CKR_OK);
475 479 }
476 480
477 481 /*ARGSUSED*/
478 482 CK_RV
479 483 C_InitPIN(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen)
480 484 {
481 485 if (!softtoken_initialized)
482 486 return (CKR_CRYPTOKI_NOT_INITIALIZED);
483 487
484 488 return (CKR_FUNCTION_NOT_SUPPORTED);
485 489 }
486 490
487 491
488 492 CK_RV
489 493 C_SetPIN(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pOldPin,
490 494 CK_ULONG ulOldPinLen, CK_UTF8CHAR_PTR pNewPin, CK_ULONG ulNewPinLen)
491 495 {
492 496
493 497 soft_session_t *session_p;
494 498 CK_RV rv;
495 499 boolean_t lock_held = B_FALSE;
496 500
497 501 if (!softtoken_initialized)
498 502 return (CKR_CRYPTOKI_NOT_INITIALIZED);
499 503
500 504 /*
501 505 * Obtain the session pointer. Also, increment the session
502 506 * reference count.
503 507 */
504 508 rv = handle2session(hSession, &session_p);
505 509 if (rv != CKR_OK)
506 510 return (rv);
507 511
508 512 if (!soft_keystore_status(KEYSTORE_LOAD)) {
509 513 SES_REFRELE(session_p, lock_held);
510 514 return (CKR_DEVICE_REMOVED);
511 515 }
512 516
513 517 if ((ulOldPinLen < MIN_PIN_LEN) || (ulOldPinLen > MAX_PIN_LEN) ||
514 518 (ulNewPinLen < MIN_PIN_LEN) ||(ulNewPinLen > MAX_PIN_LEN)) {
515 519 SES_REFRELE(session_p, lock_held);
516 520 return (CKR_PIN_LEN_RANGE);
517 521 }
518 522
519 523 if ((pOldPin == NULL_PTR) || (pNewPin == NULL_PTR)) {
520 524 /*
521 525 * We don't support CKF_PROTECTED_AUTHENTICATION_PATH
522 526 */
523 527 SES_REFRELE(session_p, lock_held);
524 528 return (CKR_ARGUMENTS_BAD);
525 529 }
526 530
527 531 /* check the state of the session */
528 532 if ((session_p->state != CKS_RW_PUBLIC_SESSION) &&
529 533 (session_p->state != CKS_RW_USER_FUNCTIONS)) {
530 534 SES_REFRELE(session_p, lock_held);
531 535 return (CKR_SESSION_READ_ONLY);
532 536 }
533 537
534 538 rv = soft_setpin(pOldPin, ulOldPinLen, pNewPin, ulNewPinLen);
535 539
536 540 SES_REFRELE(session_p, lock_held);
537 541 return (rv);
538 542 }
|
↓ open down ↓ |
186 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX