Print this page
4215 pkcs11_tpm botches shared library initialization, murders its friends
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/lib/pkcs11/pkcs11_tpm/common/api_interface.c
+++ new/usr/src/lib/pkcs11/pkcs11_tpm/common/api_interface.c
1 1 /*
2 2 * Common Public License Version 0.5
3 3 *
4 4 * THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF
5 5 * THIS COMMON PUBLIC LICENSE ("AGREEMENT"). ANY USE,
6 6 * REPRODUCTION OR DISTRIBUTION OF THE PROGRAM CONSTITUTES
7 7 * RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT.
8 8 *
9 9 * 1. DEFINITIONS
10 10 *
11 11 * "Contribution" means:
12 12 * a) in the case of the initial Contributor, the
13 13 * initial code and documentation distributed under
14 14 * this Agreement, and
15 15 *
16 16 * b) in the case of each subsequent Contributor:
17 17 * i) changes to the Program, and
18 18 * ii) additions to the Program;
19 19 *
20 20 * where such changes and/or additions to the Program
21 21 * originate from and are distributed by that
22 22 * particular Contributor. A Contribution 'originates'
23 23 * from a Contributor if it was added to the Program
24 24 * by such Contributor itself or anyone acting on such
25 25 * Contributor's behalf. Contributions do not include
26 26 * additions to the Program which: (i) are separate
27 27 * modules of software distributed in conjunction with
28 28 * the Program under their own license agreement, and
29 29 * (ii) are not derivative works of the Program.
30 30 *
31 31 *
32 32 * "Contributor" means any person or entity that distributes
33 33 * the Program.
34 34 *
35 35 * "Licensed Patents " mean patent claims licensable by a
36 36 * Contributor which are necessarily infringed by the use or
37 37 * sale of its Contribution alone or when combined with the
38 38 * Program.
39 39 *
40 40 * "Program" means the Contributions distributed in
41 41 * accordance with this Agreement.
42 42 *
43 43 * "Recipient" means anyone who receives the Program under
44 44 * this Agreement, including all Contributors.
45 45 *
46 46 * 2. GRANT OF RIGHTS
47 47 *
48 48 * a) Subject to the terms of this Agreement, each
49 49 * Contributor hereby grants Recipient a
50 50 * no - exclusive, worldwide, royalt - free copyright
51 51 * license to reproduce, prepare derivative works of,
52 52 * publicly display, publicly perform, distribute and
53 53 * sublicense the Contribution of such Contributor, if
54 54 * any, and such derivative works, in source code and
55 55 * object code form.
56 56 *
57 57 * b) Subject to the terms of this Agreement, each
58 58 * Contributor hereby grants Recipient a
59 59 * no - exclusive, worldwide, royalt - free patent
60 60 * license under Licensed Patents to make, use, sell,
61 61 * offer to sell, import and otherwise transfer the
62 62 * Contribution of such Contributor, if any, in source
63 63 * code and object code form. This patent license
64 64 * shall apply to the combination of the Contribution
65 65 * and the Program if, at the time the Contribution is
66 66 * added by the Contributor, such addition of the
67 67 * Contribution causes such combination to be covered
68 68 * by the Licensed Patents. The patent license shall
69 69 * not apply to any other combinations which include
70 70 * the Contribution. No hardware per se is licensed
71 71 * hereunder.
72 72 *
73 73 * c) Recipient understands that although each
74 74 * Contributor grants the licenses to its
75 75 * Contributions set forth herein, no assurances are
76 76 * provided by any Contributor that the Program does
77 77 * not infringe the patent or other intellectual
78 78 * property rights of any other entity. Each
79 79 * Contributor disclaims any liability to Recipient
80 80 * for claims brought by any other entity based on
81 81 * infringement of intellectual property rights or
82 82 * otherwise. As a condition to exercising the rights
83 83 * and licenses granted hereunder, each Recipient
84 84 * hereby assumes sole responsibility to secure any
85 85 * other intellectual property rights needed, if any.
86 86 *
87 87 * For example, if a third party patent license is
88 88 * required to allow Recipient to distribute the
89 89 * Program, it is Recipient's responsibility to
90 90 * acquire that license before distributing the
91 91 * Program.
92 92 *
93 93 * d) Each Contributor represents that to its
94 94 * knowledge it has sufficient copyright rights in its
95 95 * Contribution, if any, to grant the copyright
96 96 * license set forth in this Agreement.
97 97 *
98 98 * 3. REQUIREMENTS
99 99 *
100 100 * A Contributor may choose to distribute the Program in
101 101 * object code form under its own license agreement, provided
102 102 * that:
103 103 * a) it complies with the terms and conditions of
104 104 * this Agreement; and
105 105 *
106 106 * b) its license agreement:
107 107 * i) effectively disclaims on behalf of all
108 108 * Contributors all warranties and conditions, express
109 109 * and implied, including warranties or conditions of
110 110 * title and no - infringement, and implied warranties
111 111 * or conditions of merchantability and fitness for a
112 112 * particular purpose;
113 113 *
114 114 * ii) effectively excludes on behalf of all
115 115 * Contributors all liability for damages, including
116 116 * direct, indirect, special, incidental and
117 117 * consequential damages, such as lost profits;
118 118 *
119 119 * iii) states that any provisions which differ from
120 120 * this Agreement are offered by that Contributor
121 121 * alone and not by any other party; and
122 122 *
123 123 * iv) states that source code for the Program is
124 124 * available from such Contributor, and informs
125 125 * licensees how to obtain it in a reasonable manner
126 126 * on or through a medium customarily used for
127 127 * software exchange.
128 128 *
129 129 * When the Program is made available in source code form:
130 130 * a) it must be made available under this Agreement;
131 131 * and
132 132 * b) a copy of this Agreement must be included with
133 133 * each copy of the Program.
134 134 *
135 135 * Contributors may not remove or alter any copyright notices
136 136 * contained within the Program.
137 137 *
138 138 * Each Contributor must identify itself as the originator of
139 139 * its Contribution, if any, in a manner that reasonably
140 140 * allows subsequent Recipients to identify the originator of
141 141 * the Contribution.
142 142 *
143 143 *
144 144 * 4. COMMERCIAL DISTRIBUTION
145 145 *
146 146 * Commercial distributors of software may accept certain
147 147 * responsibilities with respect to end users, business
148 148 * partners and the like. While this license is intended to
149 149 * facilitate the commercial use of the Program, the
150 150 * Contributor who includes the Program in a commercial
151 151 * product offering should do so in a manner which does not
152 152 * create potential liability for other Contributors.
153 153 * Therefore, if a Contributor includes the Program in a
154 154 * commercial product offering, such Contributor ("Commercial
155 155 * Contributor") hereby agrees to defend and indemnify every
156 156 * other Contributor ("Indemnified Contributor") against any
157 157 * losses, damages and costs (collectively "Losses") arising
158 158 * from claims, lawsuits and other legal actions brought by a
159 159 * third party against the Indemnified Contributor to the
160 160 * extent caused by the acts or omissions of such Commercial
161 161 * Contributor in connection with its distribution of the
162 162 * Program in a commercial product offering. The obligations
163 163 * in this section do not apply to any claims or Losses
164 164 * relating to any actual or alleged intellectual property
165 165 * infringement. In order to qualify, an Indemnified
166 166 * Contributor must: a) promptly notify the Commercial
167 167 * Contributor in writing of such claim, and b) allow the
168 168 * Commercial Contributor to control, and cooperate with the
169 169 * Commercial Contributor in, the defense and any related
170 170 * settlement negotiations. The Indemnified Contributor may
171 171 * participate in any such claim at its own expense.
172 172 *
173 173 *
174 174 * For example, a Contributor might include the Program in a
175 175 * commercial product offering, Product X. That Contributor
176 176 * is then a Commercial Contributor. If that Commercial
177 177 * Contributor then makes performance claims, or offers
178 178 * warranties related to Product X, those performance claims
179 179 * and warranties are such Commercial Contributor's
180 180 * responsibility alone. Under this section, the Commercial
181 181 * Contributor would have to defend claims against the other
182 182 * Contributors related to those performance claims and
183 183 * warranties, and if a court requires any other Contributor
184 184 * to pay any damages as a result, the Commercial Contributor
185 185 * must pay those damages.
186 186 *
187 187 *
188 188 * 5. NO WARRANTY
189 189 *
190 190 * EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE
191 191 * PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT
192 192 * WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR
193 193 * IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR
194 194 * CONDITIONS OF TITLE, NO - INFRINGEMENT, MERCHANTABILITY OR
195 195 * FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is solely
196 196 * responsible for determining the appropriateness of using
197 197 * and distributing the Program and assumes all risks
198 198 * associated with its exercise of rights under this
199 199 * Agreement, including but not limited to the risks and
200 200 * costs of program errors, compliance with applicable laws,
201 201 * damage to or loss of data, programs or equipment, and
202 202 * unavailability or interruption of operations.
203 203 *
204 204 * 6. DISCLAIMER OF LIABILITY
205 205 * EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER
206 206 * RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY
207 207 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
208 208 * OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION
209 209 * LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF
210 210 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
211 211 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
212 212 * OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE
213 213 * OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE
214 214 * POSSIBILITY OF SUCH DAMAGES.
215 215 *
216 216 * 7. GENERAL
217 217 *
218 218 * If any provision of this Agreement is invalid or
219 219 * unenforceable under applicable law, it shall not affect
220 220 * the validity or enforceability of the remainder of the
221 221 * terms of this Agreement, and without further action by the
222 222 * parties hereto, such provision shall be reformed to the
223 223 * minimum extent necessary to make such provision valid and
224 224 * enforceable.
225 225 *
226 226 *
227 227 * If Recipient institutes patent litigation against a
228 228 * Contributor with respect to a patent applicable to
229 229 * software (including a cros - claim or counterclaim in a
230 230 * lawsuit), then any patent licenses granted by that
231 231 * Contributor to such Recipient under this Agreement shall
232 232 * terminate as of the date such litigation is filed. In
233 233 * addition, If Recipient institutes patent litigation
234 234 * against any entity (including a cros - claim or
235 235 * counterclaim in a lawsuit) alleging that the Program
236 236 * itself (excluding combinations of the Program with other
237 237 * software or hardware) infringes such Recipient's
238 238 * patent(s), then such Recipient's rights granted under
239 239 * Section 2(b) shall terminate as of the date such
240 240 * litigation is filed.
241 241 *
242 242 * All Recipient's rights under this Agreement shall
243 243 * terminate if it fails to comply with any of the material
244 244 * terms or conditions of this Agreement and does not cure
245 245 * such failure in a reasonable period of time after becoming
246 246 * aware of such noncompliance. If all Recipient's rights
247 247 * under this Agreement terminate, Recipient agrees to cease
248 248 * use and distribution of the Program as soon as reasonably
249 249 * practicable. However, Recipient's obligations under this
250 250 * Agreement and any licenses granted by Recipient relating
251 251 * to the Program shall continue and survive.
252 252 *
253 253 * Everyone is permitted to copy and distribute copies of
254 254 * this Agreement, but in order to avoid inconsistency the
255 255 * Agreement is copyrighted and may only be modified in the
256 256 * following manner. The Agreement Steward reserves the right
257 257 * to publish new versions (including revisions) of this
258 258 * Agreement from time to time. No one other than the
259 259 * Agreement Steward has the right to modify this Agreement.
260 260 *
261 261 * IBM is the initial Agreement Steward. IBM may assign the
262 262 * responsibility to serve as the Agreement Steward to a
263 263 * suitable separate entity. Each new version of the
264 264 * Agreement will be given a distinguishing version number.
265 265 * The Program (including Contributions) may always be
266 266 * distributed subject to the version of the Agreement under
267 267 * which it was received. In addition, after a new version of
268 268 * the Agreement is published, Contributor may elect to
269 269 * distribute the Program (including its Contributions) under
270 270 * the new version. Except as expressly stated in Sections
271 271 * 2(a) and 2(b) above, Recipient receives no rights or
272 272 * licenses to the intellectual property of any Contributor
273 273 * under this Agreement, whether expressly, by implication,
274 274 * estoppel or otherwise. All rights in the Program not
275 275 * expressly granted under this Agreement are reserved.
276 276 *
277 277 *
278 278 * This Agreement is governed by the laws of the State of New
279 279 * York and the intellectual property laws of the United
280 280 * States of America. No party to this Agreement will bring a
281 281 * legal action under this Agreement more than one year after
282 282 * the cause of action arose. Each party waives its rights to
283 283 * a jury trial in any resulting litigation.
284 284 *
285 285 *
286 286 *
287 287 * (C) COPYRIGHT International Business Machines Corp. 2001, 2002
288 288 */
289 289 /*
290 290 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
291 291 * Use is subject to license terms.
292 292 */
293 293
294 294 #include "tpmtok_int.h"
295 295
296 296 #define LOG(x) logit(LOG_DEBUG, x)
297 297
298 298 /*
299 299 * NOTES:
300 300 * In many cases the specificaiton does not allow returns
301 301 * of CKR_ARGUMENTSB_BAD. We break the spec, since validation of parameters
302 302 * to the function are best represented by this return code (where
303 303 * specific RC's such as CKR_INVALID_SESSION do not exist).
304 304 * NOTE NOTE NOTE NOTE
305 305 * The parameter checking on the update operations may need to be
306 306 * modified (as well as the encrypt/decrypt) to call the std API
307 307 * anyway with sanatized parameters since on error, the encrypt/decrypt
308 308 * sign operations are all supposed to complete.
309 309 * Therefor the parameter checking here might need to be done in
310 310 * the STDLL instead of the API.
311 311 * This would affect ALL the Multipart operations which have
312 312 * an init followed by one or more operations.
313 313 *
314 314 * Globals for the API
315 315 */
316 316 API_Proc_Struct_t *Anchor = NULL;
317 317 static unsigned int Initialized = 0;
318 318 static pthread_mutex_t global_mutex = PTHREAD_MUTEX_INITIALIZER;
319 319 struct ST_FCN_LIST FuncList;
320 320 CK_FUNCTION_LIST PK11_Functions;
321 321 extern pthread_rwlock_t obj_list_rw_mutex;
322 322
323 323
324 324 static void
325 325 tpmtoken_fork_prepare()
326 326 {
327 327 (void) pthread_mutex_lock(&global_mutex);
328 328 (void) pthread_mutex_lock(&pkcs_mutex);
329 329 (void) pthread_mutex_lock(&obj_list_mutex);
330 330 (void) pthread_rwlock_wrlock(&obj_list_rw_mutex);
331 331 (void) pthread_mutex_lock(&sess_list_mutex);
332 332 (void) pthread_mutex_lock(&login_mutex);
333 333 if (Anchor) {
334 334 (void) pthread_mutex_lock(&Anchor->ProcMutex);
335 335 (void) pthread_mutex_lock(&Anchor->SessListMutex);
336 336 }
337 337 }
338 338
339 339 static void
340 340 tpmtoken_fork_parent()
341 341 {
342 342 if (Anchor) {
343 343 (void) pthread_mutex_unlock(&Anchor->SessListMutex);
344 344 (void) pthread_mutex_unlock(&Anchor->ProcMutex);
345 345 }
346 346 (void) pthread_mutex_unlock(&login_mutex);
347 347 (void) pthread_mutex_unlock(&sess_list_mutex);
348 348 (void) pthread_rwlock_unlock(&obj_list_rw_mutex);
349 349 (void) pthread_mutex_unlock(&obj_list_mutex);
350 350 (void) pthread_mutex_unlock(&pkcs_mutex);
351 351 (void) pthread_mutex_unlock(&global_mutex);
352 352 }
353 353
354 354 static void
355 355 tpmtoken_fork_child()
356 356 {
357 357 if (Anchor) {
358 358 (void) pthread_mutex_unlock(&Anchor->SessListMutex);
359 359 (void) pthread_mutex_unlock(&Anchor->ProcMutex);
360 360 }
361 361
362 362 (void) pthread_mutex_unlock(&login_mutex);
363 363 (void) pthread_mutex_unlock(&sess_list_mutex);
364 364 (void) pthread_rwlock_unlock(&obj_list_rw_mutex);
365 365 (void) pthread_mutex_unlock(&obj_list_mutex);
366 366 (void) pthread_mutex_unlock(&pkcs_mutex);
367 367 (void) pthread_mutex_unlock(&global_mutex);
368 368
369 369 if (Anchor) {
370 370 Terminate_All_Process_Sessions();
371 371 free(Anchor);
372 372 Anchor = NULL;
373 373 }
374 374 if (FuncList.ST_Finalize)
375 375 FuncList.ST_Finalize(0);
376 376
377 377 logterm();
378 378 loginit();
379 379 }
380 380
381 381 /*ARGSUSED*/
382 382 CK_RV
383 383 C_CancelFunction(CK_SESSION_HANDLE hSession)
384 384 {
385 385 LOG("C_CancelFunction");
386 386 if (API_Initialized() == FALSE) {
387 387 return (CKR_CRYPTOKI_NOT_INITIALIZED);
388 388 }
389 389 return (CKR_FUNCTION_NOT_PARALLEL);
390 390 }
391 391
392 392 CK_RV
393 393 C_CloseAllSessions(CK_SLOT_ID slotID)
394 394 {
395 395 Session_Struct_t *pCur, *pPrev;
396 396 CK_RV rv;
397 397 /*
398 398 * Although why does modutil do a close all sessions. It is a single
399 399 * application it can only close its sessions...
400 400 * And all sessions should be closed anyhow.
401 401 */
402 402 LOG("CloseAllSessions");
403 403 if (API_Initialized() == FALSE)
404 404 return (CKR_CRYPTOKI_NOT_INITIALIZED);
405 405
406 406 if (!global_shm->token_available || (slotID > NUMBER_SLOTS_MANAGED))
407 407 return (CKR_SLOT_ID_INVALID);
408 408 /*
409 409 * Proc Mutex is locked when we remove from the seesion list in
410 410 * Close SEssion. Therefore we don't need to do any locking
411 411 * the atomic operations are controled when we use the linked list
412 412 */
413 413 pCur = (Anchor ? Anchor->SessListBeg : NULL);
414 414 while (pCur) {
415 415 /*
416 416 * Session owned by the slot we are working on
417 417 * There is a basic problem here. We are using th pCur
418 418 * to point to the current one, however we delete it from
419 419 * the linked list and can no longer go Forward. So we
420 420 * have to use the fact that this is a doubly linked list
421 421 * and get the previous pointer. After deletion, the next
422 422 * pointer of this block will point to the next one in the
423 423 * list.
424 424 * If the value is Null, then this was the first one in
425 425 * the list and we just set pCur to the SessListBeg.
426 426 */
427 427 if (pCur->SltId == slotID) {
428 428 pPrev = pCur->Previous;
429 429 rv = C_CloseSession((CK_SESSION_HANDLE)pCur);
430 430 if (rv == CKR_OK ||
431 431 rv == CKR_SESSION_CLOSED ||
432 432 rv == CKR_SESSION_HANDLE_INVALID) {
433 433 if (pPrev == NULL) {
434 434 pCur = Anchor->SessListBeg;
435 435 } else {
436 436 pCur = pPrev->Next;
437 437 }
438 438 } else {
439 439 return (rv);
440 440 }
441 441 } else {
442 442 pCur = pCur->Next;
443 443 }
444 444 }
445 445 LOG("CloseAllSessions OK");
446 446 return (CKR_OK);
447 447 }
448 448 CK_RV
449 449 C_CloseSession(CK_SESSION_HANDLE hSession)
450 450 {
451 451 CK_RV rv;
452 452 Session_Struct_t *sessp;
453 453 ST_SESSION_T rSession;
454 454 LOG("C_CloseSession");
455 455 if (API_Initialized() == FALSE) {
456 456 return (CKR_CRYPTOKI_NOT_INITIALIZED);
457 457 }
458 458 /* Validate Session */
459 459 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
460 460 return (CKR_SESSION_HANDLE_INVALID);
461 461 }
462 462
463 463 if (FuncList.ST_CloseSession) {
464 464 /* Map the Session to the slot session */
465 465 rv = FuncList.ST_CloseSession(rSession);
466 466
467 467 if (rv == CKR_OK) {
468 468 sessp = (Session_Struct_t *)hSession;
469 469 RemoveFromSessionList(sessp);
470 470 }
471 471 } else {
472 472 rv = CKR_FUNCTION_NOT_SUPPORTED;
473 473 }
474 474 return (rv);
475 475 }
476 476
477 477 CK_RV
478 478 C_CopyObject(
479 479 CK_SESSION_HANDLE hSession,
480 480 CK_OBJECT_HANDLE hObject,
481 481 CK_ATTRIBUTE_PTR pTemplate,
482 482 CK_ULONG ulCount,
483 483 CK_OBJECT_HANDLE_PTR phNewObject)
484 484 {
485 485 CK_RV rv;
486 486 ST_SESSION_T rSession;
487 487 LOG("C_CopyObject");
488 488 if (API_Initialized() == FALSE) {
489 489 return (CKR_CRYPTOKI_NOT_INITIALIZED);
490 490 }
491 491 if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) {
492 492 return (CKR_SESSION_HANDLE_INVALID);
493 493 }
494 494 if (!phNewObject) {
495 495 return (CKR_ARGUMENTS_BAD);
496 496 }
497 497 /*
498 498 * A null template with a count will cause the lower layer
499 499 * to have problems.
500 500 * Template with 0 count is not a problem.
501 501 */
502 502 if (!pTemplate && ulCount) {
503 503 return (CKR_ARGUMENTS_BAD);
504 504 }
505 505 if (FuncList.ST_CopyObject) {
506 506 rv = FuncList.ST_CopyObject(rSession, hObject, pTemplate,
507 507 ulCount, phNewObject);
508 508 } else {
509 509 rv = CKR_FUNCTION_NOT_SUPPORTED;
510 510 }
511 511 return (rv);
512 512 }
513 513
514 514 CK_RV
515 515 C_CreateObject(
516 516 CK_SESSION_HANDLE hSession,
517 517 CK_ATTRIBUTE_PTR pTemplate,
518 518 CK_ULONG ulCount,
519 519 CK_OBJECT_HANDLE_PTR phObject)
520 520 {
521 521 CK_RV rv;
522 522 ST_SESSION_T rSession;
523 523
524 524 if (API_Initialized() == FALSE) {
525 525 return (CKR_CRYPTOKI_NOT_INITIALIZED);
526 526 }
527 527 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
528 528 return (CKR_SESSION_HANDLE_INVALID);
529 529 }
530 530 if (! pTemplate) {
531 531 return (CKR_TEMPLATE_INCOMPLETE);
532 532 }
533 533 if (ulCount == 0) {
534 534 return (CKR_TEMPLATE_INCOMPLETE);
535 535 }
536 536 if (! phObject) {
537 537 return (CKR_ARGUMENTS_BAD);
538 538 }
539 539 if (FuncList.ST_CreateObject) {
540 540 // Map the Session to the slot session
541 541 rv = FuncList.ST_CreateObject(rSession, pTemplate,
542 542 ulCount, phObject);
543 543 } else {
544 544 rv = CKR_FUNCTION_NOT_SUPPORTED;
545 545 }
546 546 return (rv);
547 547 }
548 548
549 549 CK_RV
550 550 C_Decrypt(CK_SESSION_HANDLE hSession,
551 551 CK_BYTE_PTR pEncryptedData,
552 552 CK_ULONG ulEncryptedDataLen,
553 553 CK_BYTE_PTR pData,
554 554 CK_ULONG_PTR pulDataLen)
555 555 {
556 556 CK_RV rv;
557 557 ST_SESSION_T rSession;
558 558
559 559 if (API_Initialized() == FALSE) {
560 560 return (CKR_CRYPTOKI_NOT_INITIALIZED);
561 561 }
562 562 if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) {
563 563 return (CKR_SESSION_HANDLE_INVALID);
564 564 }
565 565 if (FuncList.ST_Decrypt) {
566 566 rv = FuncList.ST_Decrypt(rSession, pEncryptedData,
567 567 ulEncryptedDataLen, pData, pulDataLen);
568 568 } else {
569 569 rv = CKR_FUNCTION_NOT_SUPPORTED;
570 570 }
571 571 return (rv);
572 572 }
573 573
574 574 CK_RV
575 575 C_DecryptDigestUpdate(
576 576 CK_SESSION_HANDLE hSession,
577 577 CK_BYTE_PTR pEncryptedPart,
578 578 CK_ULONG ulEncryptedPartLen,
579 579 CK_BYTE_PTR pPart,
580 580 CK_ULONG_PTR pulPartLen)
581 581 {
582 582 CK_RV rv;
583 583 ST_SESSION_T rSession;
584 584
585 585 if (API_Initialized() == FALSE) {
586 586 return (CKR_CRYPTOKI_NOT_INITIALIZED);
587 587 }
588 588 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
589 589 return (CKR_SESSION_HANDLE_INVALID);
590 590 }
591 591 if (! pEncryptedPart || ! pulPartLen) {
592 592 return (CKR_ARGUMENTS_BAD);
593 593 }
594 594 if (FuncList.ST_DecryptDigestUpdate) {
595 595 rv = FuncList.ST_DecryptDigestUpdate(rSession, pEncryptedPart,
596 596 ulEncryptedPartLen, pPart, pulPartLen);
597 597 } else {
598 598 rv = CKR_FUNCTION_NOT_SUPPORTED;
599 599 }
600 600 return (rv);
601 601 }
602 602
603 603 CK_RV
604 604 C_DecryptFinal(CK_SESSION_HANDLE hSession,
605 605 CK_BYTE_PTR pLastPart,
606 606 CK_ULONG_PTR pulLastPartLen)
607 607 {
608 608 CK_RV rv;
609 609 ST_SESSION_T rSession;
610 610
611 611 if (API_Initialized() == FALSE) {
612 612 return (CKR_CRYPTOKI_NOT_INITIALIZED);
613 613 }
614 614 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
615 615 return (CKR_SESSION_HANDLE_INVALID);
616 616 }
617 617 /*
618 618 * It is acceptable to have a Null pointer for the data since
619 619 * it is trying to get the length of the last part....
620 620 * The spec is unclear if a second call to Final is needed
621 621 * if there is no data in the last part.
622 622 */
623 623 if (! pulLastPartLen) {
624 624 return (CKR_ARGUMENTS_BAD);
625 625 }
626 626 if (FuncList.ST_DecryptFinal) {
627 627 rv = FuncList.ST_DecryptFinal(rSession, pLastPart,
628 628 pulLastPartLen);
629 629 } else {
630 630 rv = CKR_FUNCTION_NOT_SUPPORTED;
631 631 }
632 632 return (rv);
633 633 }
634 634
635 635 CK_RV
636 636 C_DecryptInit(CK_SESSION_HANDLE hSession,
637 637 CK_MECHANISM_PTR pMechanism,
638 638 CK_OBJECT_HANDLE hKey)
639 639 {
640 640 CK_RV rv;
641 641 ST_SESSION_T rSession;
642 642
643 643 if (API_Initialized() == FALSE) {
644 644 return (CKR_CRYPTOKI_NOT_INITIALIZED);
645 645 }
646 646 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
647 647 return (CKR_SESSION_HANDLE_INVALID);
648 648 }
649 649 if (! pMechanism) {
650 650 return (CKR_MECHANISM_INVALID);
651 651 }
652 652 if (FuncList.ST_DecryptInit) {
653 653 rv = FuncList.ST_DecryptInit(rSession, pMechanism, hKey);
654 654 } else {
655 655 rv = CKR_FUNCTION_NOT_SUPPORTED;
656 656 }
657 657 return (rv);
658 658 }
659 659
660 660 CK_RV
661 661 C_DecryptUpdate(CK_SESSION_HANDLE hSession,
662 662 CK_BYTE_PTR pEncryptedPart,
663 663 CK_ULONG ulEncryptedPartLen,
664 664 CK_BYTE_PTR pPart,
665 665 CK_ULONG_PTR pulPartLen)
666 666 {
667 667 CK_RV rv;
668 668 ST_SESSION_T rSession;
669 669
670 670 if (API_Initialized() == FALSE) {
671 671 return (CKR_CRYPTOKI_NOT_INITIALIZED);
672 672 }
673 673 if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) {
674 674 return (CKR_SESSION_HANDLE_INVALID);
675 675 }
676 676 if (!pEncryptedPart || !pulPartLen) {
677 677 return (CKR_ARGUMENTS_BAD);
678 678 }
679 679 if (FuncList.ST_DecryptUpdate) {
680 680 rv = FuncList.ST_DecryptUpdate(rSession, pEncryptedPart,
681 681 ulEncryptedPartLen, pPart, pulPartLen);
682 682 } else {
683 683 rv = CKR_FUNCTION_NOT_SUPPORTED;
684 684 }
685 685 return (rv);
686 686 }
687 687
688 688 CK_RV
689 689 C_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession,
690 690 CK_BYTE_PTR pEncryptedPart,
691 691 CK_ULONG ulEncryptedPartLen,
692 692 CK_BYTE_PTR pPart,
693 693 CK_ULONG_PTR pulPartLen)
694 694 {
695 695 CK_RV rv;
696 696 ST_SESSION_T rSession;
697 697
698 698 if (API_Initialized() == FALSE) {
699 699 return (CKR_CRYPTOKI_NOT_INITIALIZED);
700 700 }
701 701 // Validate Session
702 702 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
703 703 return (CKR_SESSION_HANDLE_INVALID);
704 704 }
705 705 // May have to let these go through and let the STDLL handle them
706 706 if (! pEncryptedPart || ! pulPartLen) {
707 707 return (CKR_ARGUMENTS_BAD);
708 708 }
709 709 // Get local pointers to session
710 710 if (FuncList.ST_DecryptVerifyUpdate) {
711 711 // Map the Session to the slot session
712 712 rv = FuncList.ST_DecryptVerifyUpdate(rSession,
713 713 pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen);
714 714 } else {
715 715 rv = CKR_FUNCTION_NOT_SUPPORTED;
716 716 }
717 717 return (rv);
718 718 }
719 719
720 720 CK_RV
721 721 C_DeriveKey(CK_SESSION_HANDLE hSession,
722 722 CK_MECHANISM_PTR pMechanism,
723 723 CK_OBJECT_HANDLE hBaseKey,
724 724 CK_ATTRIBUTE_PTR pTemplate,
725 725 CK_ULONG ulAttributeCount,
726 726 CK_OBJECT_HANDLE_PTR phKey)
727 727 {
728 728 CK_RV rv;
729 729 ST_SESSION_T rSession;
730 730
731 731 if (API_Initialized() == FALSE) {
732 732 return (CKR_CRYPTOKI_NOT_INITIALIZED);
733 733 }
734 734 if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) {
735 735 return (CKR_SESSION_HANDLE_INVALID);
736 736 }
737 737
738 738 if (!pMechanism) {
739 739 return (CKR_MECHANISM_INVALID);
740 740 }
741 741 if (!pTemplate && ulAttributeCount) {
742 742 return (CKR_ARGUMENTS_BAD);
743 743 }
744 744 if (FuncList.ST_DeriveKey) {
745 745 rv = FuncList.ST_DeriveKey(rSession, pMechanism,
746 746 hBaseKey, pTemplate, ulAttributeCount, phKey);
747 747 } else {
748 748 rv = CKR_FUNCTION_NOT_SUPPORTED;
749 749 }
750 750 return (rv);
751 751 }
752 752
753 753 CK_RV
754 754 C_DestroyObject(CK_SESSION_HANDLE hSession,
755 755 CK_OBJECT_HANDLE hObject)
756 756 {
757 757 CK_RV rv;
758 758 ST_SESSION_T rSession;
759 759
760 760 if (API_Initialized() == FALSE) {
761 761 return (CKR_CRYPTOKI_NOT_INITIALIZED);
762 762 }
763 763 if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) {
764 764 return (CKR_SESSION_HANDLE_INVALID);
765 765 }
766 766 if (FuncList.ST_DestroyObject) {
767 767 rv = FuncList.ST_DestroyObject(rSession, hObject);
768 768 } else {
769 769 rv = CKR_FUNCTION_NOT_SUPPORTED;
770 770 }
771 771 return (rv);
772 772 }
773 773
774 774 CK_RV
775 775 C_Digest(CK_SESSION_HANDLE hSession,
776 776 CK_BYTE_PTR pData,
777 777 CK_ULONG ulDataLen,
778 778 CK_BYTE_PTR pDigest,
779 779 CK_ULONG_PTR pulDigestLen)
780 780 {
781 781 CK_RV rv;
782 782 ST_SESSION_T rSession;
783 783
784 784 if (API_Initialized() == FALSE) {
785 785 return (CKR_CRYPTOKI_NOT_INITIALIZED);
786 786 }
787 787 if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) {
788 788 return (CKR_SESSION_HANDLE_INVALID);
789 789 }
790 790 if (FuncList.ST_Digest) {
791 791 rv = FuncList.ST_Digest(rSession, pData, ulDataLen,
792 792 pDigest, pulDigestLen);
793 793 } else {
794 794 rv = CKR_FUNCTION_NOT_SUPPORTED;
795 795 }
796 796 return (rv);
797 797 }
798 798
799 799 CK_RV
800 800 C_DigestEncryptUpdate(CK_SESSION_HANDLE hSession,
801 801 CK_BYTE_PTR pPart,
802 802 CK_ULONG ulPartLen,
803 803 CK_BYTE_PTR pEncryptedPart,
804 804 CK_ULONG_PTR pulEncryptedPartLen)
805 805 {
806 806 CK_RV rv;
807 807 ST_SESSION_T rSession;
808 808
809 809 if (API_Initialized() == FALSE) {
810 810 return (CKR_CRYPTOKI_NOT_INITIALIZED);
811 811 }
812 812 if (! pPart || ! pulEncryptedPartLen) {
813 813 return (CKR_ARGUMENTS_BAD);
814 814 }
815 815 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
816 816 return (CKR_SESSION_HANDLE_INVALID);
817 817 }
818 818 if (FuncList.ST_DigestEncryptUpdate) {
819 819 rv = FuncList.ST_DigestEncryptUpdate(rSession, pPart,
820 820 ulPartLen, pEncryptedPart, pulEncryptedPartLen);
821 821 } else {
822 822 rv = CKR_FUNCTION_NOT_SUPPORTED;
823 823 }
824 824 return (rv);
825 825 }
826 826
827 827 CK_RV
828 828 C_DigestFinal(CK_SESSION_HANDLE hSession,
829 829 CK_BYTE_PTR pDigest,
830 830 CK_ULONG_PTR pulDigestLen)
831 831 {
832 832 CK_RV rv;
833 833 ST_SESSION_T rSession;
834 834
835 835 if (API_Initialized() == FALSE) {
836 836 return (CKR_CRYPTOKI_NOT_INITIALIZED);
837 837 }
838 838 if (! pulDigestLen) {
839 839 return (CKR_ARGUMENTS_BAD);
840 840 }
841 841 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
842 842 return (CKR_SESSION_HANDLE_INVALID);
843 843 }
844 844 if (FuncList.ST_DigestFinal) {
845 845 rv = FuncList.ST_DigestFinal(rSession, pDigest, pulDigestLen);
846 846 } else {
847 847 rv = CKR_FUNCTION_NOT_SUPPORTED;
848 848 }
849 849 return (rv);
850 850 }
851 851
852 852 CK_RV
853 853 C_DigestInit(CK_SESSION_HANDLE hSession,
854 854 CK_MECHANISM_PTR pMechanism)
855 855 {
856 856 CK_RV rv;
857 857 ST_SESSION_T rSession;
858 858
859 859 if (API_Initialized() == FALSE) {
860 860 return (CKR_CRYPTOKI_NOT_INITIALIZED);
861 861 }
862 862 if (! pMechanism) {
863 863 return (CKR_MECHANISM_INVALID);
864 864 }
865 865 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
866 866 return (CKR_SESSION_HANDLE_INVALID);
867 867 }
868 868 if (FuncList.ST_DigestInit) {
869 869 rv = FuncList.ST_DigestInit(rSession, pMechanism);
870 870 } else {
871 871 rv = CKR_FUNCTION_NOT_SUPPORTED;
872 872 }
873 873 return (rv);
874 874 }
875 875
876 876 CK_RV
877 877 C_DigestKey(CK_SESSION_HANDLE hSession,
878 878 CK_OBJECT_HANDLE hKey)
879 879 {
880 880 CK_RV rv;
881 881 ST_SESSION_T rSession;
882 882
883 883 if (API_Initialized() == FALSE) {
884 884 return (CKR_CRYPTOKI_NOT_INITIALIZED);
885 885 }
886 886 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
887 887 return (CKR_SESSION_HANDLE_INVALID);
888 888 }
889 889 if (FuncList.ST_DigestKey) {
890 890 rv = FuncList.ST_DigestKey(rSession, hKey);
891 891 } else {
892 892 rv = CKR_FUNCTION_NOT_SUPPORTED;
893 893 }
894 894 return (rv);
895 895 }
896 896
897 897 CK_RV
898 898 C_DigestUpdate(CK_SESSION_HANDLE hSession,
899 899 CK_BYTE_PTR pPart,
900 900 CK_ULONG ulPartLen)
901 901 {
902 902 CK_RV rv;
903 903 ST_SESSION_T rSession;
904 904 if (API_Initialized() == FALSE) {
905 905 return (CKR_CRYPTOKI_NOT_INITIALIZED);
906 906 }
907 907 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
908 908 return (CKR_SESSION_HANDLE_INVALID);
909 909 }
910 910 if (FuncList.ST_DigestUpdate) {
911 911 rv = FuncList.ST_DigestUpdate(rSession, pPart, ulPartLen);
912 912 } else {
913 913 rv = CKR_FUNCTION_NOT_SUPPORTED;
914 914 }
915 915 return (rv);
916 916 }
917 917
918 918 CK_RV
919 919 C_Encrypt(CK_SESSION_HANDLE hSession,
920 920 CK_BYTE_PTR pData,
921 921 CK_ULONG ulDataLen,
922 922 CK_BYTE_PTR pEncryptedData,
923 923 CK_ULONG_PTR pulEncryptedDataLen)
924 924 {
925 925 CK_RV rv;
926 926 ST_SESSION_T rSession;
927 927
928 928 if (API_Initialized() == FALSE) {
929 929 return (CKR_CRYPTOKI_NOT_INITIALIZED);
930 930 }
931 931 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
932 932 return (CKR_SESSION_HANDLE_INVALID);
933 933 }
934 934 // Get local pointers to session
935 935 if (FuncList.ST_Encrypt) {
936 936 // Map the Session to the slot session
937 937 rv = FuncList.ST_Encrypt(rSession, pData, ulDataLen,
938 938 pEncryptedData, pulEncryptedDataLen);
939 939 } else {
940 940 rv = CKR_FUNCTION_NOT_SUPPORTED;
941 941 }
942 942 return (rv);
943 943 }
944 944
945 945 CK_RV
946 946 C_EncryptFinal(CK_SESSION_HANDLE hSession,
947 947 CK_BYTE_PTR pLastEncryptedPart,
948 948 CK_ULONG_PTR pulLastEncryptedPartLen)
949 949 {
950 950 CK_RV rv;
951 951 ST_SESSION_T rSession;
952 952
953 953 if (API_Initialized() == FALSE) {
954 954 return (CKR_CRYPTOKI_NOT_INITIALIZED);
955 955 }
956 956 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
957 957 return (CKR_SESSION_HANDLE_INVALID);
958 958 }
959 959 if (FuncList.ST_EncryptFinal) {
960 960 rv = FuncList.ST_EncryptFinal(rSession,
961 961 pLastEncryptedPart, pulLastEncryptedPartLen);
962 962 } else {
963 963 rv = CKR_FUNCTION_NOT_SUPPORTED;
964 964 }
965 965 return (rv);
966 966 }
967 967
968 968 CK_RV
969 969 C_EncryptInit(CK_SESSION_HANDLE hSession,
970 970 CK_MECHANISM_PTR pMechanism,
971 971 CK_OBJECT_HANDLE hKey)
972 972 {
973 973 CK_RV rv;
974 974 ST_SESSION_T rSession;
975 975
976 976 if (API_Initialized() == FALSE) {
977 977 return (CKR_CRYPTOKI_NOT_INITIALIZED);
978 978 }
979 979 if (! pMechanism) {
980 980 return (CKR_MECHANISM_INVALID);
981 981 }
982 982 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
983 983 return (CKR_SESSION_HANDLE_INVALID);
984 984 }
985 985 if (FuncList.ST_EncryptInit) {
986 986 rv = FuncList.ST_EncryptInit(rSession, pMechanism, hKey);
987 987 } else {
988 988 rv = CKR_FUNCTION_NOT_SUPPORTED;
989 989 }
990 990 return (rv);
991 991 }
992 992
993 993 CK_RV
994 994 C_EncryptUpdate(CK_SESSION_HANDLE hSession,
995 995 CK_BYTE_PTR pPart,
996 996 CK_ULONG ulPartLen,
997 997 CK_BYTE_PTR pEncryptedPart,
998 998 CK_ULONG_PTR pulEncryptedPartLen)
999 999 {
1000 1000 CK_RV rv;
1001 1001 ST_SESSION_T rSession;
1002 1002
1003 1003 if (API_Initialized() == FALSE) {
1004 1004 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1005 1005 }
1006 1006 if (!pPart || !pulEncryptedPartLen) {
1007 1007 return (CKR_ARGUMENTS_BAD);
1008 1008 }
1009 1009 if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1010 1010 return (CKR_SESSION_HANDLE_INVALID);
1011 1011 }
1012 1012 if (FuncList.ST_EncryptUpdate) {
1013 1013 rv = FuncList.ST_EncryptUpdate(rSession, pPart, ulPartLen,
1014 1014 pEncryptedPart, pulEncryptedPartLen);
1015 1015 } else {
1016 1016 rv = CKR_FUNCTION_NOT_SUPPORTED;
1017 1017 }
1018 1018 return (rv);
1019 1019 }
1020 1020
1021 1021 CK_RV
1022 1022 do_finalize(CK_VOID_PTR pReserved)
1023 1023 {
1024 1024 if (API_Initialized() == FALSE) {
1025 1025 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1026 1026 }
1027 1027 if (pReserved != NULL) {
1028 1028 return (CKR_ARGUMENTS_BAD);
1029 1029 }
1030 1030 (void) pthread_mutex_lock(&global_mutex);
1031 1031 if (Anchor)
1032 1032 Terminate_All_Process_Sessions();
1033 1033
1034 1034 if (FuncList.ST_Finalize)
1035 1035 FuncList.ST_Finalize(0);
1036 1036
1037 1037 free(Anchor);
1038 1038 Anchor = NULL;
1039 1039
1040 1040 (void) pthread_mutex_unlock(&global_mutex);
1041 1041 return (CKR_OK);
1042 1042 }
1043 1043
1044 1044 CK_RV
1045 1045 C_Finalize(CK_VOID_PTR pReserved) {
1046 1046 return (do_finalize(pReserved));
1047 1047 }
1048 1048
1049 1049 CK_RV
1050 1050 C_FindObjects(CK_SESSION_HANDLE hSession,
1051 1051 CK_OBJECT_HANDLE_PTR phObject,
1052 1052 CK_ULONG ulMaxObjectCount,
1053 1053 CK_ULONG_PTR pulObjectCount)
1054 1054 {
1055 1055 CK_RV rv;
1056 1056 ST_SESSION_T rSession;
1057 1057
1058 1058 if (API_Initialized() == FALSE) {
1059 1059 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1060 1060 }
1061 1061 if (! phObject || ! pulObjectCount) {
1062 1062 return (CKR_ARGUMENTS_BAD);
1063 1063 }
1064 1064 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1065 1065 return (CKR_SESSION_HANDLE_INVALID);
1066 1066 }
1067 1067 if (FuncList.ST_FindObjects) {
1068 1068 rv = FuncList.ST_FindObjects(rSession, phObject,
1069 1069 ulMaxObjectCount, pulObjectCount);
1070 1070 } else {
1071 1071 rv = CKR_FUNCTION_NOT_SUPPORTED;
1072 1072 }
1073 1073 return (rv);
1074 1074 }
1075 1075
1076 1076 CK_RV
1077 1077 C_FindObjectsFinal(CK_SESSION_HANDLE hSession)
1078 1078 {
1079 1079 CK_RV rv;
1080 1080 ST_SESSION_T rSession;
1081 1081
1082 1082 if (API_Initialized() == FALSE) {
1083 1083 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1084 1084 }
1085 1085 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1086 1086 return (CKR_SESSION_HANDLE_INVALID);
1087 1087 }
1088 1088 if (FuncList.ST_FindObjectsFinal) {
1089 1089 rv = FuncList.ST_FindObjectsFinal(rSession);
1090 1090 } else {
1091 1091 rv = CKR_FUNCTION_NOT_SUPPORTED;
1092 1092 }
1093 1093 return (rv);
1094 1094 }
1095 1095
1096 1096 CK_RV
1097 1097 C_FindObjectsInit(CK_SESSION_HANDLE hSession,
1098 1098 CK_ATTRIBUTE_PTR pTemplate,
1099 1099 CK_ULONG ulCount)
1100 1100 {
1101 1101 CK_RV rv;
1102 1102 ST_SESSION_T rSession;
1103 1103
1104 1104 if (API_Initialized() == FALSE) {
1105 1105 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1106 1106 }
1107 1107 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1108 1108 return (CKR_SESSION_HANDLE_INVALID);
1109 1109 }
1110 1110 if (FuncList.ST_FindObjectsInit) {
1111 1111 rv = FuncList.ST_FindObjectsInit(rSession, pTemplate, ulCount);
1112 1112 } else {
1113 1113 rv = CKR_FUNCTION_NOT_SUPPORTED;
1114 1114 }
1115 1115 return (rv);
1116 1116 }
1117 1117
1118 1118 CK_RV
1119 1119 C_GenerateKey(CK_SESSION_HANDLE hSession,
1120 1120 CK_MECHANISM_PTR pMechanism,
1121 1121 CK_ATTRIBUTE_PTR pTemplate,
1122 1122 CK_ULONG ulCount,
1123 1123 CK_OBJECT_HANDLE_PTR phKey)
1124 1124 {
1125 1125 CK_RV rv;
1126 1126 ST_SESSION_T rSession;
1127 1127
1128 1128 if (API_Initialized() == FALSE) {
1129 1129 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1130 1130 }
1131 1131 if (! pMechanism) {
1132 1132 return (CKR_MECHANISM_INVALID);
1133 1133 }
1134 1134 if (! phKey) {
1135 1135 return (CKR_ARGUMENTS_BAD);
1136 1136 }
1137 1137 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1138 1138 return (CKR_SESSION_HANDLE_INVALID);
1139 1139 }
1140 1140 if (FuncList.ST_GenerateKey) {
1141 1141 rv = FuncList.ST_GenerateKey(rSession, pMechanism,
1142 1142 pTemplate, ulCount, phKey);
1143 1143 } else {
1144 1144 rv = CKR_FUNCTION_NOT_SUPPORTED;
1145 1145 }
1146 1146 return (rv);
1147 1147 }
1148 1148
1149 1149 CK_RV
1150 1150 C_GenerateKeyPair(CK_SESSION_HANDLE hSession,
1151 1151 CK_MECHANISM_PTR pMechanism,
1152 1152 CK_ATTRIBUTE_PTR pPublicKeyTemplate,
1153 1153 CK_ULONG ulPublicKeyAttributeCount,
1154 1154 CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
1155 1155 CK_ULONG ulPrivateKeyAttributeCount,
1156 1156 CK_OBJECT_HANDLE_PTR phPublicKey,
1157 1157 CK_OBJECT_HANDLE_PTR phPrivateKey)
1158 1158 {
1159 1159 CK_RV rv;
1160 1160 ST_SESSION_T rSession;
1161 1161
1162 1162 if (API_Initialized() == FALSE) {
1163 1163 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1164 1164 }
1165 1165 if (! pMechanism) {
1166 1166 return (CKR_MECHANISM_INVALID);
1167 1167 }
1168 1168 if (! phPublicKey || ! phPrivateKey) {
1169 1169 return (CKR_ARGUMENTS_BAD);
1170 1170 }
1171 1171 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1172 1172 return (CKR_SESSION_HANDLE_INVALID);
1173 1173 }
1174 1174 if (FuncList.ST_GenerateKeyPair) {
1175 1175 rv = FuncList.ST_GenerateKeyPair(rSession,
1176 1176 pMechanism, pPublicKeyTemplate,
1177 1177 ulPublicKeyAttributeCount, pPrivateKeyTemplate,
1178 1178 ulPrivateKeyAttributeCount, phPublicKey, phPrivateKey);
1179 1179 } else {
1180 1180 rv = CKR_FUNCTION_NOT_SUPPORTED;
1181 1181 }
1182 1182 return (rv);
1183 1183 }
1184 1184
1185 1185 CK_RV
1186 1186 C_GenerateRandom(CK_SESSION_HANDLE hSession,
1187 1187 CK_BYTE_PTR RandomData,
1188 1188 CK_ULONG ulRandomLen)
1189 1189 {
1190 1190 CK_RV rv;
1191 1191 ST_SESSION_T rSession;
1192 1192
1193 1193 if (API_Initialized() == FALSE) {
1194 1194 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1195 1195 }
1196 1196 if (! RandomData)
1197 1197 return (CKR_ARGUMENTS_BAD);
1198 1198
1199 1199 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1200 1200 return (CKR_SESSION_HANDLE_INVALID);
1201 1201 }
1202 1202 if (FuncList.ST_GenerateRandom) {
1203 1203 rv = FuncList.ST_GenerateRandom(rSession, RandomData,
1204 1204 ulRandomLen);
1205 1205 } else {
1206 1206 rv = CKR_FUNCTION_NOT_SUPPORTED;
1207 1207 }
1208 1208 return (rv);
1209 1209 }
1210 1210
1211 1211 CK_RV
1212 1212 C_GetAttributeValue(CK_SESSION_HANDLE hSession,
1213 1213 CK_OBJECT_HANDLE hObject,
1214 1214 CK_ATTRIBUTE_PTR pTemplate,
1215 1215 CK_ULONG ulCount)
1216 1216 {
1217 1217 CK_RV rv;
1218 1218 ST_SESSION_T rSession;
1219 1219
1220 1220 if (API_Initialized() == FALSE) {
1221 1221 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1222 1222 }
1223 1223 if (! pTemplate) {
1224 1224 return (CKR_TEMPLATE_INCOMPLETE);
1225 1225 }
1226 1226 if (ulCount == 0) {
1227 1227 return (CKR_TEMPLATE_INCOMPLETE);
1228 1228 }
1229 1229 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1230 1230 return (CKR_SESSION_HANDLE_INVALID);
1231 1231 }
1232 1232 if (FuncList.ST_GetAttributeValue) {
1233 1233 rv = FuncList.ST_GetAttributeValue(rSession, hObject,
|
↓ open down ↓ |
1233 lines elided |
↑ open up ↑ |
1234 1234 pTemplate, ulCount);
1235 1235 } else {
1236 1236 rv = CKR_FUNCTION_NOT_SUPPORTED;
1237 1237 }
1238 1238 return (rv);
1239 1239 }
1240 1240
1241 1241 CK_RV
1242 1242 C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList)
1243 1243 {
1244 - _init();
1245 -
1246 1244 PK11_Functions.version.major = VERSION_MAJOR;
1247 1245 PK11_Functions.version.minor = VERSION_MINOR;
1248 1246 PK11_Functions.C_Initialize = C_Initialize;
1249 1247 PK11_Functions.C_Finalize = C_Finalize;
1250 1248 PK11_Functions.C_GetInfo = C_GetInfo;
1251 1249 PK11_Functions.C_GetFunctionList = C_GetFunctionList;
1252 1250 PK11_Functions.C_GetSlotList = C_GetSlotList;
1253 1251 PK11_Functions.C_GetSlotInfo = C_GetSlotInfo;
1254 1252 PK11_Functions.C_GetTokenInfo = C_GetTokenInfo;
1255 1253 PK11_Functions.C_GetMechanismList = C_GetMechanismList;
1256 1254 PK11_Functions.C_GetMechanismInfo = C_GetMechanismInfo;
1257 1255 PK11_Functions.C_InitToken = C_InitToken;
1258 1256 PK11_Functions.C_InitPIN = C_InitPIN;
1259 1257 PK11_Functions.C_SetPIN = C_SetPIN;
1260 1258 PK11_Functions.C_OpenSession = C_OpenSession;
1261 1259 PK11_Functions.C_CloseSession = C_CloseSession;
1262 1260 PK11_Functions.C_CloseAllSessions = C_CloseAllSessions;
1263 1261 PK11_Functions.C_GetSessionInfo = C_GetSessionInfo;
1264 1262 PK11_Functions.C_GetOperationState = C_GetOperationState;
1265 1263 PK11_Functions.C_SetOperationState = C_SetOperationState;
1266 1264 PK11_Functions.C_Login = C_Login;
1267 1265 PK11_Functions.C_Logout = C_Logout;
1268 1266 PK11_Functions.C_CreateObject = C_CreateObject;
1269 1267 PK11_Functions.C_CopyObject = C_CopyObject;
1270 1268 PK11_Functions.C_DestroyObject = C_DestroyObject;
1271 1269 PK11_Functions.C_GetObjectSize = C_GetObjectSize;
1272 1270 PK11_Functions.C_GetAttributeValue = C_GetAttributeValue;
1273 1271 PK11_Functions.C_SetAttributeValue = C_SetAttributeValue;
1274 1272 PK11_Functions.C_FindObjectsInit = C_FindObjectsInit;
1275 1273 PK11_Functions.C_FindObjects = C_FindObjects;
1276 1274 PK11_Functions.C_FindObjectsFinal = C_FindObjectsFinal;
1277 1275 PK11_Functions.C_EncryptInit = C_EncryptInit;
1278 1276 PK11_Functions.C_Encrypt = C_Encrypt;
1279 1277 PK11_Functions.C_EncryptUpdate = C_EncryptUpdate;
1280 1278 PK11_Functions.C_EncryptFinal = C_EncryptFinal;
1281 1279 PK11_Functions.C_DecryptInit = C_DecryptInit;
1282 1280 PK11_Functions.C_Decrypt = C_Decrypt;
1283 1281 PK11_Functions.C_DecryptUpdate = C_DecryptUpdate;
1284 1282 PK11_Functions.C_DecryptFinal = C_DecryptFinal;
1285 1283 PK11_Functions.C_DigestInit = C_DigestInit;
1286 1284 PK11_Functions.C_Digest = C_Digest;
1287 1285 PK11_Functions.C_DigestUpdate = C_DigestUpdate;
1288 1286 PK11_Functions.C_DigestKey = C_DigestKey;
1289 1287 PK11_Functions.C_DigestFinal = C_DigestFinal;
1290 1288 PK11_Functions.C_SignInit = C_SignInit;
1291 1289 PK11_Functions.C_Sign = C_Sign;
1292 1290 PK11_Functions.C_SignUpdate = C_SignUpdate;
1293 1291 PK11_Functions.C_SignFinal = C_SignFinal;
1294 1292 PK11_Functions.C_SignRecoverInit = C_SignRecoverInit;
1295 1293 PK11_Functions.C_SignRecover = C_SignRecover;
1296 1294 PK11_Functions.C_VerifyInit = C_VerifyInit;
1297 1295 PK11_Functions.C_Verify = C_Verify;
1298 1296 PK11_Functions.C_VerifyUpdate = C_VerifyUpdate;
1299 1297 PK11_Functions.C_VerifyFinal = C_VerifyFinal;
1300 1298 PK11_Functions.C_VerifyRecoverInit = C_VerifyRecoverInit;
1301 1299 PK11_Functions.C_VerifyRecover = C_VerifyRecover;
1302 1300 PK11_Functions.C_DigestEncryptUpdate = C_DigestEncryptUpdate;
1303 1301 PK11_Functions.C_DecryptDigestUpdate = C_DecryptDigestUpdate;
1304 1302 PK11_Functions.C_SignEncryptUpdate = C_SignEncryptUpdate;
1305 1303 PK11_Functions.C_DecryptVerifyUpdate = C_DecryptVerifyUpdate;
1306 1304 PK11_Functions.C_GenerateKey = C_GenerateKey;
1307 1305 PK11_Functions.C_GenerateKeyPair = C_GenerateKeyPair;
1308 1306 PK11_Functions.C_WrapKey = C_WrapKey;
1309 1307 PK11_Functions.C_UnwrapKey = C_UnwrapKey;
1310 1308 PK11_Functions.C_DeriveKey = C_DeriveKey;
1311 1309 PK11_Functions.C_SeedRandom = C_SeedRandom;
1312 1310 PK11_Functions.C_GenerateRandom = C_GenerateRandom;
1313 1311 PK11_Functions.C_GetFunctionStatus = C_GetFunctionStatus;
1314 1312 PK11_Functions.C_CancelFunction = C_CancelFunction;
1315 1313 PK11_Functions.C_WaitForSlotEvent = C_WaitForSlotEvent;
1316 1314 if (ppFunctionList) {
1317 1315 (*ppFunctionList) = &PK11_Functions;
1318 1316 return (CKR_OK);
1319 1317 } else {
1320 1318 return (CKR_ARGUMENTS_BAD);
1321 1319 }
1322 1320 }
1323 1321
1324 1322 /*ARGSUSED*/
1325 1323 CK_RV
1326 1324 C_GetFunctionStatus(CK_SESSION_HANDLE hSession)
1327 1325 {
1328 1326 if (API_Initialized() == FALSE) {
1329 1327 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1330 1328 }
1331 1329 return (CKR_FUNCTION_NOT_PARALLEL); // PER Specification PG 170
1332 1330 }
1333 1331
1334 1332 CK_RV
1335 1333 C_GetInfo(CK_INFO_PTR pInfo)
1336 1334 {
1337 1335 TOKEN_DATA td;
1338 1336 TSS_HCONTEXT hContext;
1339 1337
1340 1338 if (! API_Initialized()) {
1341 1339 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1342 1340 }
1343 1341 if (! pInfo) {
1344 1342 return (CKR_FUNCTION_FAILED);
1345 1343 }
1346 1344 (void) memset(pInfo, 0, sizeof (*pInfo));
1347 1345 pInfo->cryptokiVersion.major = 2;
1348 1346 pInfo->cryptokiVersion.minor = 20;
1349 1347
1350 1348 if (open_tss_context(&hContext) == 0) {
1351 1349 /*
1352 1350 * Only populate the TPM info if we can establish
1353 1351 * a context, but don't return failure because
1354 1352 * the framework needs to know some of the info.
1355 1353 */
1356 1354 (void) token_get_tpm_info(hContext, &td);
1357 1355
1358 1356 (void) Tspi_Context_Close(hContext);
1359 1357
1360 1358 (void) memcpy(pInfo->manufacturerID,
1361 1359 &(td.token_info.manufacturerID),
1362 1360 sizeof (pInfo->manufacturerID) - 1);
1363 1361
1364 1362 pInfo->flags = td.token_info.flags;
1365 1363 }
1366 1364 (void) strcpy((char *)pInfo->libraryDescription,
1367 1365 "PKCS11 Interface for TPM");
1368 1366
1369 1367 pInfo->libraryVersion.major = 1;
1370 1368 pInfo->libraryVersion.minor = 0;
1371 1369
1372 1370 return (CKR_OK);
1373 1371 }
1374 1372
1375 1373 CK_RV
1376 1374 C_GetMechanismInfo(CK_SLOT_ID slotID,
1377 1375 CK_MECHANISM_TYPE type,
1378 1376 CK_MECHANISM_INFO_PTR pInfo)
1379 1377 {
1380 1378 CK_RV rv;
1381 1379 if (API_Initialized() == FALSE)
1382 1380 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1383 1381
1384 1382 if (!global_shm->token_available || (slotID > NUMBER_SLOTS_MANAGED))
1385 1383 return (CKR_SLOT_ID_INVALID);
1386 1384
1387 1385 if (FuncList.ST_GetMechanismInfo) {
1388 1386 rv = FuncList.ST_GetMechanismInfo(slotID, type, pInfo);
1389 1387 } else {
1390 1388 rv = CKR_FUNCTION_NOT_SUPPORTED;
1391 1389 }
1392 1390 return (rv);
1393 1391 }
1394 1392
1395 1393 CK_RV
1396 1394 C_GetMechanismList(CK_SLOT_ID slotID,
1397 1395 CK_MECHANISM_TYPE_PTR pMechanismList,
1398 1396 CK_ULONG_PTR pulCount)
1399 1397 {
1400 1398 CK_RV rv;
1401 1399
1402 1400 if (API_Initialized() == FALSE)
1403 1401 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1404 1402
1405 1403 if (! pulCount)
1406 1404 return (CKR_ARGUMENTS_BAD);
1407 1405
1408 1406 if (!global_shm->token_available || (slotID > NUMBER_SLOTS_MANAGED))
1409 1407 return (CKR_SLOT_ID_INVALID);
1410 1408
1411 1409 if (FuncList.ST_GetMechanismList) {
1412 1410 rv = FuncList.ST_GetMechanismList(slotID,
1413 1411 pMechanismList, pulCount);
1414 1412 } else {
1415 1413 rv = CKR_FUNCTION_NOT_SUPPORTED;
1416 1414 }
1417 1415 if (rv == CKR_OK) {
1418 1416 if (pMechanismList) {
1419 1417 unsigned long i;
1420 1418 for (i = 0; i < *pulCount; i++) {
1421 1419 logit(LOG_DEBUG, "Mechanism[%d] 0x%08X ",
1422 1420 i, pMechanismList[i]);
1423 1421 }
1424 1422 }
1425 1423 }
1426 1424 return (rv);
1427 1425 }
1428 1426
1429 1427 CK_RV
1430 1428 C_GetObjectSize(CK_SESSION_HANDLE hSession,
1431 1429 CK_OBJECT_HANDLE hObject,
1432 1430 CK_ULONG_PTR pulSize)
1433 1431 {
1434 1432 CK_RV rv;
1435 1433 ST_SESSION_T rSession;
1436 1434
1437 1435 if (API_Initialized() == FALSE) {
1438 1436 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1439 1437 }
1440 1438 if (! pulSize) {
1441 1439 return (CKR_ARGUMENTS_BAD);
1442 1440 }
1443 1441 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1444 1442 return (CKR_SESSION_HANDLE_INVALID);
1445 1443 }
1446 1444 if (FuncList.ST_GetObjectSize) {
1447 1445 rv = FuncList.ST_GetObjectSize(rSession, hObject, pulSize);
1448 1446 } else {
1449 1447 rv = CKR_FUNCTION_NOT_SUPPORTED;
1450 1448 }
1451 1449 return (rv);
1452 1450 }
1453 1451
1454 1452 CK_RV
1455 1453 C_GetOperationState(CK_SESSION_HANDLE hSession,
1456 1454 CK_BYTE_PTR pOperationState,
1457 1455 CK_ULONG_PTR pulOperationStateLen)
1458 1456 {
1459 1457 CK_RV rv;
1460 1458 ST_SESSION_T rSession;
1461 1459
1462 1460 if (API_Initialized() == FALSE) {
1463 1461 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1464 1462 }
1465 1463 if (! pulOperationStateLen) {
1466 1464 return (CKR_ARGUMENTS_BAD);
1467 1465 }
1468 1466 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1469 1467 return (CKR_SESSION_HANDLE_INVALID);
1470 1468 }
1471 1469 if (FuncList.ST_GetOperationState) {
1472 1470 rv = FuncList.ST_GetOperationState(rSession,
1473 1471 pOperationState, pulOperationStateLen);
1474 1472 } else {
1475 1473 rv = CKR_FUNCTION_NOT_SUPPORTED;
1476 1474 }
1477 1475 return (rv);
1478 1476 }
1479 1477
1480 1478 CK_RV
1481 1479 C_GetSessionInfo(CK_SESSION_HANDLE hSession,
1482 1480 CK_SESSION_INFO_PTR pInfo)
1483 1481 {
1484 1482 CK_RV rv;
1485 1483 ST_SESSION_T rSession;
1486 1484
1487 1485 if (API_Initialized() == FALSE) {
1488 1486 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1489 1487 }
1490 1488 if (! pInfo) {
1491 1489 return (CKR_ARGUMENTS_BAD);
1492 1490 }
1493 1491 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1494 1492 return (CKR_SESSION_HANDLE_INVALID);
1495 1493 }
1496 1494 if (FuncList.ST_GetSessionInfo) {
1497 1495 rv = FuncList.ST_GetSessionInfo(rSession, pInfo);
1498 1496 } else {
1499 1497 rv = CKR_FUNCTION_NOT_SUPPORTED;
1500 1498 }
1501 1499 return (rv);
1502 1500 }
1503 1501
1504 1502 CK_RV
1505 1503 C_GetSlotInfo(CK_SLOT_ID slotID,
1506 1504 CK_SLOT_INFO_PTR pInfo)
1507 1505 {
1508 1506 if (API_Initialized() == FALSE)
1509 1507 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1510 1508
1511 1509 if (!pInfo)
1512 1510 return (CKR_FUNCTION_FAILED);
1513 1511
1514 1512 if (!global_shm->token_available || (slotID > NUMBER_SLOTS_MANAGED))
1515 1513 return (CKR_SLOT_ID_INVALID);
1516 1514
1517 1515 copy_slot_info(slotID, pInfo);
1518 1516 return (CKR_OK);
1519 1517 }
1520 1518
1521 1519 /*ARGSUSED*/
1522 1520 CK_RV
1523 1521 C_GetSlotList(CK_BBOOL tokenPresent,
1524 1522 CK_SLOT_ID_PTR pSlotList,
1525 1523 CK_ULONG_PTR pulCount)
1526 1524 {
1527 1525 CK_ULONG count;
1528 1526 CK_SLOT_INFO slotInfo;
1529 1527
1530 1528 if (API_Initialized() == FALSE)
1531 1529 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1532 1530
1533 1531 if (pulCount == NULL)
1534 1532 return (CKR_FUNCTION_FAILED);
1535 1533
1536 1534 count = 0;
1537 1535 /*
1538 1536 * If we can't talk to the TPM, present no slots
1539 1537 */
1540 1538 if (!global_shm->token_available) {
1541 1539 *pulCount = 0;
1542 1540 return (CKR_OK);
1543 1541 }
1544 1542
1545 1543 copy_slot_info(TPM_SLOTID, &slotInfo);
1546 1544 if ((slotInfo.flags & CKF_TOKEN_PRESENT))
1547 1545 count++;
1548 1546
1549 1547 *pulCount = count;
1550 1548
1551 1549 if (pSlotList == NULL) {
1552 1550 return (CKR_OK);
1553 1551 } else {
1554 1552 if (*pulCount < count)
1555 1553 return (CKR_BUFFER_TOO_SMALL);
1556 1554 pSlotList[0] = TPM_SLOTID;
1557 1555 }
1558 1556 return (CKR_OK);
1559 1557 }
1560 1558
1561 1559 CK_RV
1562 1560 C_GetTokenInfo(CK_SLOT_ID slotID,
1563 1561 CK_TOKEN_INFO_PTR pInfo)
1564 1562 {
1565 1563 CK_RV rv;
1566 1564
1567 1565 if (API_Initialized() == FALSE)
1568 1566 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1569 1567
1570 1568 if (!pInfo)
1571 1569 return (CKR_ARGUMENTS_BAD);
1572 1570
1573 1571 if (!global_shm->token_available || (slotID > NUMBER_SLOTS_MANAGED))
1574 1572 return (CKR_SLOT_ID_INVALID);
1575 1573
1576 1574 slotID = TPM_SLOTID;
1577 1575 if (FuncList.ST_GetTokenInfo) {
1578 1576 rv = FuncList.ST_GetTokenInfo(slotID, pInfo);
1579 1577 } else {
1580 1578 rv = CKR_FUNCTION_NOT_SUPPORTED;
1581 1579 }
1582 1580 return (rv);
1583 1581 }
1584 1582
1585 1583 CK_RV
1586 1584 C_Initialize(CK_VOID_PTR pVoid)
1587 1585 {
1588 1586 CK_RV rv = CKR_OK;
1589 1587 CK_C_INITIALIZE_ARGS *pArg;
1590 1588 extern CK_RV ST_Initialize(void *,
1591 1589 CK_SLOT_ID, unsigned char *);
1592 1590
1593 1591 (void) pthread_mutex_lock(&global_mutex);
1594 1592 if (! Anchor) {
1595 1593 Anchor = (API_Proc_Struct_t *)malloc(
1596 1594 sizeof (API_Proc_Struct_t));
1597 1595 if (Anchor == NULL) {
1598 1596 (void) pthread_mutex_unlock(&global_mutex);
1599 1597 return (CKR_HOST_MEMORY);
1600 1598 }
1601 1599 } else {
1602 1600 (void) pthread_mutex_unlock(&global_mutex);
1603 1601 return (CKR_CRYPTOKI_ALREADY_INITIALIZED);
1604 1602 }
1605 1603 /*
1606 1604 * if pVoid is NULL, then everything is OK. The applicaiton
1607 1605 * will not be doing multi thread accesses. We can use the OS
1608 1606 * locks anyhow.
1609 1607 */
1610 1608 if (pVoid != NULL) {
1611 1609 int supplied_ok;
1612 1610 pArg = (CK_C_INITIALIZE_ARGS *)pVoid;
1613 1611
1614 1612 /*
1615 1613 * ALL supplied function pointers need to have the value
1616 1614 * either NULL or no - NULL.
1617 1615 */
1618 1616 supplied_ok = (pArg->CreateMutex == NULL &&
1619 1617 pArg->DestroyMutex == NULL &&
1620 1618 pArg->LockMutex == NULL &&
1621 1619 pArg->UnlockMutex == NULL) ||
1622 1620 (pArg->CreateMutex != NULL &&
1623 1621 pArg->DestroyMutex != NULL &&
1624 1622 pArg->LockMutex != NULL &&
1625 1623 pArg->UnlockMutex != NULL);
1626 1624
1627 1625 if (!supplied_ok) {
1628 1626 (void) pthread_mutex_unlock(&global_mutex);
1629 1627 return (CKR_ARGUMENTS_BAD);
1630 1628 }
1631 1629 /* Check for a pReserved set */
1632 1630 if (pArg->pReserved != NULL) {
1633 1631 free(Anchor);
1634 1632 Anchor = NULL;
1635 1633 (void) pthread_mutex_unlock(&global_mutex);
1636 1634 return (CKR_ARGUMENTS_BAD);
1637 1635 }
1638 1636 /*
1639 1637 * When the CKF_OS_LOCKING_OK flag isn't set and mutex
1640 1638 * function pointers are supplied by an application,
1641 1639 * return (an error. We must be able to use our own primitives.
1642 1640 */
1643 1641 if (!(pArg->flags & CKF_OS_LOCKING_OK) &&
1644 1642 (pArg->CreateMutex != NULL)) {
1645 1643 (void) pthread_mutex_unlock(&global_mutex);
1646 1644 return (CKR_CANT_LOCK);
1647 1645 }
1648 1646 }
1649 1647 (void) memset((char *)Anchor, 0, sizeof (API_Proc_Struct_t));
1650 1648 (void) pthread_mutex_init(&(Anchor->ProcMutex), NULL);
1651 1649 (void) pthread_mutex_init(&(Anchor->SessListMutex), NULL);
1652 1650 Anchor->Pid = getpid();
1653 1651
1654 1652 rv = ST_Initialize((void *)&FuncList, 0, NULL);
1655 1653 (void) pthread_mutex_unlock(&global_mutex);
1656 1654 return (rv);
1657 1655 }
1658 1656
1659 1657 CK_RV
1660 1658 C_InitPIN(CK_SESSION_HANDLE hSession,
1661 1659 CK_CHAR_PTR pPin,
1662 1660 CK_ULONG ulPinLen)
1663 1661 {
1664 1662 CK_RV rv;
1665 1663 ST_SESSION_T rSession;
1666 1664
1667 1665 if (API_Initialized() == FALSE)
1668 1666 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1669 1667
1670 1668 if (! pPin && ulPinLen)
1671 1669 return (CKR_ARGUMENTS_BAD);
1672 1670
1673 1671 if (! Valid_Session((Session_Struct_t *)hSession, &rSession))
1674 1672 return (CKR_SESSION_HANDLE_INVALID);
1675 1673
1676 1674 if (rSession.slotID > NUMBER_SLOTS_MANAGED)
1677 1675 return (CKR_SLOT_ID_INVALID);
1678 1676
1679 1677 if (FuncList.ST_InitPIN)
1680 1678 rv = FuncList.ST_InitPIN(rSession, pPin, ulPinLen);
1681 1679 else
1682 1680 rv = CKR_FUNCTION_NOT_SUPPORTED;
1683 1681
1684 1682 return (rv);
1685 1683 }
1686 1684
1687 1685 CK_RV
1688 1686 C_InitToken(CK_SLOT_ID slotID,
1689 1687 CK_CHAR_PTR pPin,
1690 1688 CK_ULONG ulPinLen,
1691 1689 CK_CHAR_PTR pLabel)
1692 1690 {
1693 1691 CK_RV rv;
1694 1692
1695 1693 if (API_Initialized() == FALSE)
1696 1694 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1697 1695
1698 1696 if (! pPin && ulPinLen)
1699 1697 return (CKR_ARGUMENTS_BAD);
1700 1698
1701 1699 if (! pLabel)
1702 1700 return (CKR_ARGUMENTS_BAD);
1703 1701
1704 1702 if (!global_shm->token_available)
1705 1703 return (CKR_SLOT_ID_INVALID);
1706 1704
1707 1705 if (FuncList.ST_InitToken)
1708 1706 rv = FuncList.ST_InitToken(slotID, pPin, ulPinLen, pLabel);
1709 1707 else
1710 1708 rv = CKR_FUNCTION_NOT_SUPPORTED;
1711 1709
1712 1710 return (rv);
1713 1711 }
1714 1712
1715 1713 CK_RV
1716 1714 C_Login(CK_SESSION_HANDLE hSession,
1717 1715 CK_USER_TYPE userType,
1718 1716 CK_CHAR_PTR pPin,
1719 1717 CK_ULONG ulPinLen)
1720 1718 {
1721 1719 CK_RV rv;
1722 1720 ST_SESSION_T rSession;
1723 1721
1724 1722 if (API_Initialized() == FALSE) {
1725 1723 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1726 1724 }
1727 1725 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1728 1726 return (CKR_SESSION_HANDLE_INVALID);
1729 1727 }
1730 1728 if (FuncList.ST_Login) {
1731 1729 rv = FuncList.ST_Login(rSession, userType, pPin, ulPinLen);
1732 1730 } else {
1733 1731 rv = CKR_FUNCTION_NOT_SUPPORTED;
1734 1732 }
1735 1733 return (rv);
1736 1734 }
1737 1735
1738 1736 CK_RV
1739 1737 C_Logout(CK_SESSION_HANDLE hSession)
1740 1738 {
1741 1739 CK_RV rv;
1742 1740 ST_SESSION_T rSession;
1743 1741
1744 1742 if (API_Initialized() == FALSE) {
1745 1743 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1746 1744 }
1747 1745 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1748 1746 return (CKR_SESSION_HANDLE_INVALID);
1749 1747 }
1750 1748 if (FuncList.ST_Logout) {
1751 1749 rv = FuncList.ST_Logout(rSession);
1752 1750 } else {
1753 1751 rv = CKR_FUNCTION_NOT_SUPPORTED;
1754 1752 }
1755 1753 return (rv);
1756 1754 }
1757 1755
1758 1756 /*ARGSUSED*/
1759 1757 CK_RV
1760 1758 C_OpenSession(
1761 1759 CK_SLOT_ID slotID,
1762 1760 CK_FLAGS flags,
1763 1761 CK_VOID_PTR pApplication,
1764 1762 CK_NOTIFY Notify,
1765 1763 CK_SESSION_HANDLE_PTR phSession)
1766 1764 {
1767 1765 CK_RV rv;
1768 1766 Session_Struct_t *apiSessp;
1769 1767
1770 1768 if (API_Initialized() == FALSE)
1771 1769 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1772 1770
1773 1771 if (!global_shm->token_available || (slotID > NUMBER_SLOTS_MANAGED))
1774 1772 return (CKR_SLOT_ID_INVALID);
1775 1773
1776 1774 if (! phSession)
1777 1775 return (CKR_FUNCTION_FAILED);
1778 1776
1779 1777 if ((flags & CKF_SERIAL_SESSION) == 0)
1780 1778 return (CKR_SESSION_PARALLEL_NOT_SUPPORTED);
1781 1779
1782 1780 if ((apiSessp = (Session_Struct_t *)malloc(
1783 1781 sizeof (Session_Struct_t))) == NULL)
1784 1782 return (CKR_HOST_MEMORY);
1785 1783
1786 1784 if (FuncList.ST_OpenSession) {
1787 1785 rv = FuncList.ST_OpenSession(slotID, flags,
1788 1786 &(apiSessp->RealHandle));
1789 1787
1790 1788 if (rv == CKR_OK) {
1791 1789 *phSession = (CK_SESSION_HANDLE)apiSessp;
1792 1790 apiSessp->SltId = slotID;
1793 1791
1794 1792 AddToSessionList(apiSessp);
1795 1793 } else {
1796 1794 free(apiSessp);
1797 1795 }
1798 1796 } else {
1799 1797 rv = CKR_FUNCTION_NOT_SUPPORTED;
1800 1798 }
1801 1799 return (rv);
1802 1800 }
1803 1801
1804 1802 CK_RV
1805 1803 C_SeedRandom(CK_SESSION_HANDLE hSession,
1806 1804 CK_BYTE_PTR pSeed,
1807 1805 CK_ULONG ulSeedLen)
1808 1806 {
1809 1807 CK_RV rv;
1810 1808 ST_SESSION_T rSession;
1811 1809
1812 1810 if (API_Initialized() == FALSE) {
1813 1811 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1814 1812 }
1815 1813 if (! pSeed && ulSeedLen) {
1816 1814 return (CKR_ARGUMENTS_BAD);
1817 1815 }
1818 1816 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1819 1817 return (CKR_SESSION_HANDLE_INVALID);
1820 1818 }
1821 1819 if (FuncList.ST_SeedRandom) {
1822 1820 rv = FuncList.ST_SeedRandom(rSession, pSeed, ulSeedLen);
1823 1821 } else {
1824 1822 rv = CKR_FUNCTION_NOT_SUPPORTED;
1825 1823 }
1826 1824 return (rv);
1827 1825 }
1828 1826
1829 1827 CK_RV
1830 1828 C_SetAttributeValue(CK_SESSION_HANDLE hSession,
1831 1829 CK_OBJECT_HANDLE hObject,
1832 1830 CK_ATTRIBUTE_PTR pTemplate,
1833 1831 CK_ULONG ulCount)
1834 1832 {
1835 1833 CK_RV rv;
1836 1834 ST_SESSION_T rSession;
1837 1835
1838 1836 if (API_Initialized() == FALSE) {
1839 1837 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1840 1838 }
1841 1839 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1842 1840 return (CKR_SESSION_HANDLE_INVALID);
1843 1841 }
1844 1842 if (! pTemplate) {
1845 1843 return (CKR_TEMPLATE_INCOMPLETE);
1846 1844 }
1847 1845 if (! ulCount) {
1848 1846 return (CKR_TEMPLATE_INCOMPLETE);
1849 1847 }
1850 1848 // Get local pointers to session
1851 1849 if (FuncList.ST_SetAttributeValue) {
1852 1850 rv = FuncList.ST_SetAttributeValue(rSession, hObject,
1853 1851 pTemplate, ulCount);
1854 1852 } else {
1855 1853 rv = CKR_FUNCTION_NOT_SUPPORTED;
1856 1854 }
1857 1855 return (rv);
1858 1856 }
1859 1857
1860 1858 CK_RV
1861 1859 C_SetOperationState(CK_SESSION_HANDLE hSession,
1862 1860 CK_BYTE_PTR pOperationState,
1863 1861 CK_ULONG ulOperationStateLen,
1864 1862 CK_OBJECT_HANDLE hEncryptionKey,
1865 1863 CK_OBJECT_HANDLE hAuthenticationKey)
1866 1864 {
1867 1865 CK_RV rv;
1868 1866 ST_SESSION_T rSession;
1869 1867
1870 1868 if (API_Initialized() == FALSE) {
1871 1869 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1872 1870 }
1873 1871 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1874 1872 return (CKR_SESSION_HANDLE_INVALID);
1875 1873 }
1876 1874 if (! pOperationState || ulOperationStateLen == 0) {
1877 1875 return (CKR_ARGUMENTS_BAD);
1878 1876 }
1879 1877 if (FuncList.ST_SetOperationState) {
1880 1878 rv = FuncList.ST_SetOperationState(rSession, pOperationState,
1881 1879 ulOperationStateLen, hEncryptionKey, hAuthenticationKey);
1882 1880 } else {
1883 1881 rv = CKR_FUNCTION_NOT_SUPPORTED;
1884 1882 }
1885 1883 return (rv);
1886 1884 }
1887 1885
1888 1886 CK_RV
1889 1887 C_SetPIN(CK_SESSION_HANDLE hSession,
1890 1888 CK_CHAR_PTR pOldPin,
1891 1889 CK_ULONG ulOldLen,
1892 1890 CK_CHAR_PTR pNewPin,
1893 1891 CK_ULONG ulNewLen)
1894 1892 {
1895 1893 CK_RV rv;
1896 1894 ST_SESSION_T rSession;
1897 1895
1898 1896 if (API_Initialized() == FALSE) {
1899 1897 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1900 1898 }
1901 1899 if (! pOldPin || ! pNewPin)
1902 1900 return (CKR_PIN_INVALID);
1903 1901 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1904 1902 return (CKR_SESSION_HANDLE_INVALID);
1905 1903 }
1906 1904 if (FuncList.ST_SetPIN) {
1907 1905 rv = FuncList.ST_SetPIN(rSession, pOldPin, ulOldLen,
1908 1906 pNewPin, ulNewLen);
1909 1907 } else {
1910 1908 rv = CKR_FUNCTION_NOT_SUPPORTED;
1911 1909 }
1912 1910 return (rv);
1913 1911 }
1914 1912
1915 1913 CK_RV
1916 1914 C_Sign(CK_SESSION_HANDLE hSession,
1917 1915 CK_BYTE_PTR pData,
1918 1916 CK_ULONG ulDataLen,
1919 1917 CK_BYTE_PTR pSignature,
1920 1918 CK_ULONG_PTR pulSignatureLen)
1921 1919 {
1922 1920 CK_RV rv;
1923 1921 ST_SESSION_T rSession;
1924 1922
1925 1923 if (API_Initialized() == FALSE) {
1926 1924 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1927 1925 }
1928 1926 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1929 1927 return (CKR_SESSION_HANDLE_INVALID);
1930 1928 }
1931 1929 if (FuncList.ST_Sign) {
1932 1930 rv = FuncList.ST_Sign(rSession, pData, ulDataLen,
1933 1931 pSignature, pulSignatureLen);
1934 1932 } else {
1935 1933 rv = CKR_FUNCTION_NOT_SUPPORTED;
1936 1934 }
1937 1935 return (rv);
1938 1936 }
1939 1937
1940 1938 CK_RV
1941 1939 C_SignEncryptUpdate(CK_SESSION_HANDLE hSession,
1942 1940 CK_BYTE_PTR pPart,
1943 1941 CK_ULONG ulPartLen,
1944 1942 CK_BYTE_PTR pEncryptedPart,
1945 1943 CK_ULONG_PTR pulEncryptedPartLen)
1946 1944 {
1947 1945 CK_RV rv;
1948 1946 ST_SESSION_T rSession;
1949 1947 if (API_Initialized() == FALSE) {
1950 1948 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1951 1949 }
1952 1950 if (! pPart || ! pulEncryptedPartLen) {
1953 1951 return (CKR_ARGUMENTS_BAD);
1954 1952 }
1955 1953 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1956 1954 return (CKR_SESSION_HANDLE_INVALID);
1957 1955 }
1958 1956 if (FuncList.ST_SignEncryptUpdate) {
1959 1957 rv = FuncList.ST_SignEncryptUpdate(rSession, pPart,
1960 1958 ulPartLen, pEncryptedPart, pulEncryptedPartLen);
1961 1959 } else {
1962 1960 rv = CKR_FUNCTION_NOT_SUPPORTED;
1963 1961 }
1964 1962 return (rv);
1965 1963 }
1966 1964
1967 1965 CK_RV
1968 1966 C_SignFinal(CK_SESSION_HANDLE hSession,
1969 1967 CK_BYTE_PTR pSignature,
1970 1968 CK_ULONG_PTR pulSignatureLen)
1971 1969 {
1972 1970 CK_RV rv;
1973 1971 ST_SESSION_T rSession;
1974 1972
1975 1973 if (API_Initialized() == FALSE) {
1976 1974 return (CKR_CRYPTOKI_NOT_INITIALIZED);
1977 1975 }
1978 1976 if (! pulSignatureLen) {
1979 1977 return (CKR_ARGUMENTS_BAD);
1980 1978 }
1981 1979 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1982 1980 return (CKR_SESSION_HANDLE_INVALID);
1983 1981 }
1984 1982 if (FuncList.ST_SignFinal) {
1985 1983 rv = FuncList.ST_SignFinal(rSession, pSignature,
1986 1984 pulSignatureLen);
1987 1985 } else {
1988 1986 rv = CKR_FUNCTION_NOT_SUPPORTED;
1989 1987 }
1990 1988 return (rv);
1991 1989 }
1992 1990
1993 1991 CK_RV
1994 1992 C_SignInit(CK_SESSION_HANDLE hSession,
1995 1993 CK_MECHANISM_PTR pMechanism,
1996 1994 CK_OBJECT_HANDLE hKey)
1997 1995 {
1998 1996 CK_RV rv;
1999 1997 ST_SESSION_T rSession;
2000 1998
2001 1999 if (API_Initialized() == FALSE) {
2002 2000 return (CKR_CRYPTOKI_NOT_INITIALIZED);
2003 2001 }
2004 2002 if (! pMechanism) {
2005 2003 return (CKR_MECHANISM_INVALID);
2006 2004 }
2007 2005 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
2008 2006 return (CKR_SESSION_HANDLE_INVALID);
2009 2007 }
2010 2008 if (FuncList.ST_SignInit) {
2011 2009 rv = FuncList.ST_SignInit(rSession, pMechanism, hKey);
2012 2010 } else {
2013 2011 rv = CKR_FUNCTION_NOT_SUPPORTED;
2014 2012 }
2015 2013 return (rv);
2016 2014 }
2017 2015
2018 2016 CK_RV
2019 2017 C_SignRecover(CK_SESSION_HANDLE hSession,
2020 2018 CK_BYTE_PTR pData,
2021 2019 CK_ULONG ulDataLen,
2022 2020 CK_BYTE_PTR pSignature,
2023 2021 CK_ULONG_PTR pulSignatureLen)
2024 2022 {
2025 2023 CK_RV rv;
2026 2024 ST_SESSION_T rSession;
2027 2025
2028 2026 if (API_Initialized() == FALSE) {
2029 2027 return (CKR_CRYPTOKI_NOT_INITIALIZED);
2030 2028 }
2031 2029 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
2032 2030 return (CKR_SESSION_HANDLE_INVALID);
2033 2031 }
2034 2032 if (FuncList.ST_SignRecover) {
2035 2033 rv = FuncList.ST_SignRecover(rSession, pData,
2036 2034 ulDataLen, pSignature, pulSignatureLen);
2037 2035 } else {
2038 2036 rv = CKR_FUNCTION_NOT_SUPPORTED;
2039 2037 }
2040 2038 return (rv);
2041 2039 }
2042 2040
2043 2041 CK_RV
2044 2042 C_SignRecoverInit(CK_SESSION_HANDLE hSession,
2045 2043 CK_MECHANISM_PTR pMechanism,
2046 2044 CK_OBJECT_HANDLE hKey)
2047 2045 {
2048 2046 CK_RV rv;
2049 2047 ST_SESSION_T rSession;
2050 2048
2051 2049 if (API_Initialized() == FALSE) {
2052 2050 return (CKR_CRYPTOKI_NOT_INITIALIZED);
2053 2051 }
2054 2052 if (! pMechanism) {
2055 2053 return (CKR_MECHANISM_INVALID);
2056 2054 }
2057 2055 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
2058 2056 return (CKR_SESSION_HANDLE_INVALID);
2059 2057 }
2060 2058 if (FuncList.ST_SignRecoverInit) {
2061 2059 rv = FuncList.ST_SignRecoverInit(rSession, pMechanism, hKey);
2062 2060 } else {
2063 2061 rv = CKR_FUNCTION_NOT_SUPPORTED;
2064 2062 }
2065 2063 return (rv);
2066 2064 }
2067 2065
2068 2066 CK_RV
2069 2067 C_SignUpdate(CK_SESSION_HANDLE hSession,
2070 2068 CK_BYTE_PTR pPart,
2071 2069 CK_ULONG ulPartLen)
2072 2070 {
2073 2071 CK_RV rv;
2074 2072 ST_SESSION_T rSession;
2075 2073
2076 2074 if (API_Initialized() == FALSE) {
2077 2075 return (CKR_CRYPTOKI_NOT_INITIALIZED);
2078 2076 }
2079 2077 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
2080 2078 return (CKR_SESSION_HANDLE_INVALID);
2081 2079 }
2082 2080 if (FuncList.ST_SignUpdate) {
2083 2081 rv = FuncList.ST_SignUpdate(rSession, pPart, ulPartLen);
2084 2082 } else {
2085 2083 rv = CKR_FUNCTION_NOT_SUPPORTED;
2086 2084 }
2087 2085 return (rv);
2088 2086 }
2089 2087
2090 2088 CK_RV
2091 2089 C_UnwrapKey(CK_SESSION_HANDLE hSession,
2092 2090 CK_MECHANISM_PTR pMechanism,
2093 2091 CK_OBJECT_HANDLE hUnwrappingKey,
2094 2092 CK_BYTE_PTR pWrappedKey,
2095 2093 CK_ULONG ulWrappedKeyLen,
2096 2094 CK_ATTRIBUTE_PTR pTemplate,
2097 2095 CK_ULONG ulAttributeCount,
2098 2096 CK_OBJECT_HANDLE_PTR phKey)
2099 2097 {
2100 2098 CK_RV rv;
2101 2099 ST_SESSION_T rSession;
2102 2100
2103 2101 if (API_Initialized() == FALSE) {
2104 2102 return (CKR_CRYPTOKI_NOT_INITIALIZED);
2105 2103 }
2106 2104 if (!pMechanism) {
2107 2105 return (CKR_MECHANISM_INVALID);
2108 2106 }
2109 2107 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
2110 2108 return (CKR_SESSION_HANDLE_INVALID);
2111 2109 }
2112 2110 if (FuncList.ST_UnwrapKey) {
2113 2111 rv = FuncList.ST_UnwrapKey(rSession, pMechanism,
2114 2112 hUnwrappingKey, pWrappedKey, ulWrappedKeyLen,
2115 2113 pTemplate, ulAttributeCount, phKey);
2116 2114 } else {
2117 2115 rv = CKR_FUNCTION_NOT_SUPPORTED;
2118 2116 }
2119 2117 return (rv);
2120 2118 }
2121 2119
2122 2120 CK_RV
2123 2121 C_Verify(CK_SESSION_HANDLE hSession,
2124 2122 CK_BYTE_PTR pData,
2125 2123 CK_ULONG ulDataLen,
2126 2124 CK_BYTE_PTR pSignature,
2127 2125 CK_ULONG ulSignatureLen)
2128 2126 {
2129 2127 CK_RV rv;
2130 2128 ST_SESSION_T rSession;
2131 2129
2132 2130 if (API_Initialized() == FALSE) {
2133 2131 return (CKR_CRYPTOKI_NOT_INITIALIZED);
2134 2132 }
2135 2133 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
2136 2134 return (CKR_SESSION_HANDLE_INVALID);
2137 2135 }
2138 2136 if (FuncList.ST_Verify) {
2139 2137 rv = FuncList.ST_Verify(rSession, pData, ulDataLen,
2140 2138 pSignature, ulSignatureLen);
2141 2139 } else {
2142 2140 rv = CKR_FUNCTION_NOT_SUPPORTED;
2143 2141 }
2144 2142 return (rv);
2145 2143 }
2146 2144
2147 2145 CK_RV
2148 2146 C_VerifyFinal(CK_SESSION_HANDLE hSession,
2149 2147 CK_BYTE_PTR pSignature,
2150 2148 CK_ULONG ulSignatureLen)
2151 2149 {
2152 2150 CK_RV rv;
2153 2151 ST_SESSION_T rSession;
2154 2152
2155 2153 if (API_Initialized() == FALSE) {
2156 2154 return (CKR_CRYPTOKI_NOT_INITIALIZED);
2157 2155 }
2158 2156 if (! pSignature) {
2159 2157 return (CKR_ARGUMENTS_BAD);
2160 2158 }
2161 2159
2162 2160 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
2163 2161 return (CKR_SESSION_HANDLE_INVALID);
2164 2162 }
2165 2163 if (FuncList.ST_VerifyFinal) {
2166 2164 rv = FuncList.ST_VerifyFinal(rSession, pSignature,
2167 2165 ulSignatureLen);
2168 2166 } else {
2169 2167 rv = CKR_FUNCTION_NOT_SUPPORTED;
2170 2168 }
2171 2169 return (rv);
2172 2170 }
2173 2171
2174 2172 CK_RV
2175 2173 C_VerifyInit(CK_SESSION_HANDLE hSession,
2176 2174 CK_MECHANISM_PTR pMechanism,
2177 2175 CK_OBJECT_HANDLE hKey)
2178 2176 {
2179 2177 CK_RV rv;
2180 2178 ST_SESSION_T rSession;
2181 2179
2182 2180 if (API_Initialized() == FALSE) {
2183 2181 return (CKR_CRYPTOKI_NOT_INITIALIZED);
2184 2182 }
2185 2183 if (! pMechanism) {
2186 2184 return (CKR_MECHANISM_INVALID);
2187 2185 }
2188 2186 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
2189 2187 return (CKR_SESSION_HANDLE_INVALID);
2190 2188 }
2191 2189
2192 2190 if (FuncList.ST_VerifyInit) {
2193 2191 rv = FuncList.ST_VerifyInit(rSession, pMechanism, hKey);
2194 2192 } else {
2195 2193 rv = CKR_FUNCTION_NOT_SUPPORTED;
2196 2194 }
2197 2195 return (rv);
2198 2196 }
2199 2197
2200 2198 CK_RV
2201 2199 C_VerifyRecover(CK_SESSION_HANDLE hSession,
2202 2200 CK_BYTE_PTR pSignature,
2203 2201 CK_ULONG ulSignatureLen,
2204 2202 CK_BYTE_PTR pData,
2205 2203 CK_ULONG_PTR pulDataLen)
2206 2204 {
2207 2205 CK_RV rv;
2208 2206 ST_SESSION_T rSession;
2209 2207
2210 2208 if (API_Initialized() == FALSE) {
2211 2209 return (CKR_CRYPTOKI_NOT_INITIALIZED);
2212 2210 }
2213 2211 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
2214 2212 return (CKR_SESSION_HANDLE_INVALID);
2215 2213 }
2216 2214 if (FuncList.ST_VerifyRecover) {
2217 2215 rv = FuncList.ST_VerifyRecover(rSession, pSignature,
2218 2216 ulSignatureLen, pData, pulDataLen);
2219 2217 } else {
2220 2218 rv = CKR_FUNCTION_NOT_SUPPORTED;
2221 2219 }
2222 2220 return (rv);
2223 2221 }
2224 2222
2225 2223 CK_RV
2226 2224 C_VerifyRecoverInit(CK_SESSION_HANDLE hSession,
2227 2225 CK_MECHANISM_PTR pMechanism,
2228 2226 CK_OBJECT_HANDLE hKey)
2229 2227 {
2230 2228 CK_RV rv;
2231 2229 ST_SESSION_T rSession;
2232 2230
2233 2231 if (API_Initialized() == FALSE) {
2234 2232 return (CKR_CRYPTOKI_NOT_INITIALIZED);
2235 2233 }
2236 2234 if (! pMechanism) {
2237 2235 return (CKR_MECHANISM_INVALID);
2238 2236 }
2239 2237 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
2240 2238 return (CKR_SESSION_HANDLE_INVALID);
2241 2239 }
2242 2240 if (FuncList.ST_VerifyRecoverInit) {
2243 2241 rv = FuncList.ST_VerifyRecoverInit(rSession, pMechanism, hKey);
2244 2242 } else {
2245 2243 rv = CKR_FUNCTION_NOT_SUPPORTED;
2246 2244 }
2247 2245 return (rv);
2248 2246 }
2249 2247
2250 2248 CK_RV
2251 2249 C_VerifyUpdate(CK_SESSION_HANDLE hSession,
2252 2250 CK_BYTE_PTR pPart,
2253 2251 CK_ULONG ulPartLen)
2254 2252 {
2255 2253 CK_RV rv;
2256 2254 ST_SESSION_T rSession;
2257 2255
2258 2256 if (API_Initialized() == FALSE) {
2259 2257 return (CKR_CRYPTOKI_NOT_INITIALIZED);
2260 2258 }
2261 2259 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
2262 2260 return (CKR_SESSION_HANDLE_INVALID);
2263 2261 }
2264 2262 if (FuncList.ST_VerifyUpdate) {
2265 2263 rv = FuncList.ST_VerifyUpdate(rSession, pPart, ulPartLen);
2266 2264 } else {
2267 2265 rv = CKR_FUNCTION_NOT_SUPPORTED;
2268 2266 }
2269 2267 return (rv);
2270 2268 }
2271 2269
2272 2270 /*ARGSUSED*/
2273 2271 CK_RV
2274 2272 C_WaitForSlotEvent(CK_FLAGS flags,
2275 2273 CK_SLOT_ID_PTR pSlot,
2276 2274 CK_VOID_PTR pReserved)
2277 2275 {
2278 2276 if (API_Initialized() == FALSE) {
2279 2277 return (CKR_CRYPTOKI_NOT_INITIALIZED);
2280 2278 }
2281 2279 return (CKR_FUNCTION_NOT_SUPPORTED);
2282 2280 }
2283 2281
2284 2282 CK_RV
2285 2283 C_WrapKey(CK_SESSION_HANDLE hSession,
2286 2284 CK_MECHANISM_PTR pMechanism,
2287 2285 CK_OBJECT_HANDLE hWrappingKey,
2288 2286 CK_OBJECT_HANDLE hKey,
2289 2287 CK_BYTE_PTR pWrappedKey,
2290 2288 CK_ULONG_PTR pulWrappedKeyLen)
2291 2289 {
2292 2290 CK_RV rv;
2293 2291 ST_SESSION_T rSession;
2294 2292
2295 2293 if (API_Initialized() == FALSE) {
2296 2294 return (CKR_CRYPTOKI_NOT_INITIALIZED);
2297 2295 }
2298 2296 if (! pMechanism) {
2299 2297 return (CKR_MECHANISM_INVALID);
2300 2298 }
2301 2299 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
2302 2300 return (CKR_SESSION_HANDLE_INVALID);
2303 2301 }
2304 2302 if (FuncList.ST_WrapKey) {
2305 2303 rv = FuncList.ST_WrapKey(rSession, pMechanism, hWrappingKey,
2306 2304 hKey, pWrappedKey, pulWrappedKeyLen);
2307 2305 } else {
2308 2306 rv = CKR_FUNCTION_NOT_SUPPORTED;
2309 2307 }
2310 2308 return (rv);
2311 2309 }
2312 2310
2313 2311 #pragma init(api_init)
2314 2312 #pragma fini(api_fini)
2315 2313
2316 2314 static void
2317 2315 api_init(void)
2318 2316 {
2319 2317 loginit();
2320 2318 if (! Initialized) {
2321 2319 (void) pthread_atfork(tpmtoken_fork_prepare,
2322 2320 tpmtoken_fork_parent, tpmtoken_fork_child);
2323 2321 Initialized = 1;
2324 2322 }
2325 2323 }
2326 2324
2327 2325 static void
2328 2326 api_fini()
2329 2327 {
2330 2328 logterm();
2331 2329 if (API_Initialized() == TRUE) {
2332 2330 (void) do_finalize(NULL);
2333 2331 }
2334 2332 }
|
↓ open down ↓ |
1079 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX