17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate * CDDL HEADER START
37c478bd9Sstevel@tonic-gate *
47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the
590e0e8c4Sizick * Common Development and Distribution License (the "License").
690e0e8c4Sizick * You may not use this file except in compliance with the License.
77c478bd9Sstevel@tonic-gate *
87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions
117c478bd9Sstevel@tonic-gate * and limitations under the License.
127c478bd9Sstevel@tonic-gate *
137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bd9Sstevel@tonic-gate *
197c478bd9Sstevel@tonic-gate * CDDL HEADER END
207c478bd9Sstevel@tonic-gate */
21726fad2aSDina K Nimeh
227c478bd9Sstevel@tonic-gate /*
23c5866e1dSPeter Shoults * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
24*989c147eSJason King * Copyright 2020 Joyent, Inc.
257c478bd9Sstevel@tonic-gate */
267c478bd9Sstevel@tonic-gate
277c478bd9Sstevel@tonic-gate #include <strings.h>
287c478bd9Sstevel@tonic-gate #include <cryptoutil.h>
297c478bd9Sstevel@tonic-gate #include <security/cryptoki.h>
3023c57df7Smcpowers #include <sys/crypto/common.h>
317c478bd9Sstevel@tonic-gate #include <arcfour.h>
327c478bd9Sstevel@tonic-gate #include "softGlobal.h"
337c478bd9Sstevel@tonic-gate #include "softSession.h"
347c478bd9Sstevel@tonic-gate #include <aes_impl.h>
35f66d273dSizick #include <blowfish_impl.h>
36f9fbec18Smcpowers #include <des_impl.h>
37f9fbec18Smcpowers #include <ecc_impl.h>
387c478bd9Sstevel@tonic-gate #include "softDH.h"
397c478bd9Sstevel@tonic-gate #include "softObject.h"
407c478bd9Sstevel@tonic-gate #include "softKeystore.h"
417c478bd9Sstevel@tonic-gate #include "softKeystoreUtil.h"
427c478bd9Sstevel@tonic-gate
437c478bd9Sstevel@tonic-gate
447c478bd9Sstevel@tonic-gate static CK_MECHANISM_TYPE soft_mechanisms[] = {
457c478bd9Sstevel@tonic-gate CKM_DES_CBC,
467c478bd9Sstevel@tonic-gate CKM_DES_CBC_PAD,
477c478bd9Sstevel@tonic-gate CKM_DES_ECB,
487c478bd9Sstevel@tonic-gate CKM_DES_KEY_GEN,
497c478bd9Sstevel@tonic-gate CKM_DES_MAC_GENERAL,
507c478bd9Sstevel@tonic-gate CKM_DES_MAC,
517c478bd9Sstevel@tonic-gate CKM_DES3_CBC,
527c478bd9Sstevel@tonic-gate CKM_DES3_CBC_PAD,
537c478bd9Sstevel@tonic-gate CKM_DES3_ECB,
54436935a1SVladimir Kotal CKM_DES2_KEY_GEN,
557c478bd9Sstevel@tonic-gate CKM_DES3_KEY_GEN,
567c478bd9Sstevel@tonic-gate CKM_AES_CBC,
577c478bd9Sstevel@tonic-gate CKM_AES_CBC_PAD,
5823c57df7Smcpowers CKM_AES_CTR,
59cd964fceSMatt Barden CKM_AES_CMAC_GENERAL,
60cd964fceSMatt Barden CKM_AES_CMAC,
617c478bd9Sstevel@tonic-gate CKM_AES_ECB,
627c478bd9Sstevel@tonic-gate CKM_AES_KEY_GEN,
63fb261280SJason King CKM_AES_GCM,
64fb261280SJason King CKM_AES_CCM,
65f66d273dSizick CKM_BLOWFISH_CBC,
66f66d273dSizick CKM_BLOWFISH_KEY_GEN,
677c478bd9Sstevel@tonic-gate CKM_SHA_1,
687c478bd9Sstevel@tonic-gate CKM_SHA_1_HMAC,
697c478bd9Sstevel@tonic-gate CKM_SHA_1_HMAC_GENERAL,
70f66d273dSizick CKM_SHA256,
71f66d273dSizick CKM_SHA256_HMAC,
72f66d273dSizick CKM_SHA256_HMAC_GENERAL,
73f66d273dSizick CKM_SHA384,
74f66d273dSizick CKM_SHA384_HMAC,
75f66d273dSizick CKM_SHA384_HMAC_GENERAL,
76f66d273dSizick CKM_SHA512,
77f66d273dSizick CKM_SHA512_HMAC,
78f66d273dSizick CKM_SHA512_HMAC_GENERAL,
7905204290SJason King CKM_SHA512_224,
8005204290SJason King CKM_SHA512_256,
817c478bd9Sstevel@tonic-gate CKM_SSL3_SHA1_MAC,
827c478bd9Sstevel@tonic-gate CKM_MD5,
837c478bd9Sstevel@tonic-gate CKM_MD5_HMAC,
847c478bd9Sstevel@tonic-gate CKM_MD5_HMAC_GENERAL,
857c478bd9Sstevel@tonic-gate CKM_SSL3_MD5_MAC,
867c478bd9Sstevel@tonic-gate CKM_RC4,
877c478bd9Sstevel@tonic-gate CKM_RC4_KEY_GEN,
887c478bd9Sstevel@tonic-gate CKM_DSA,
897c478bd9Sstevel@tonic-gate CKM_DSA_SHA1,
907c478bd9Sstevel@tonic-gate CKM_DSA_KEY_PAIR_GEN,
917c478bd9Sstevel@tonic-gate CKM_RSA_PKCS,
927c478bd9Sstevel@tonic-gate CKM_RSA_PKCS_KEY_PAIR_GEN,
937c478bd9Sstevel@tonic-gate CKM_RSA_X_509,
947c478bd9Sstevel@tonic-gate CKM_MD5_RSA_PKCS,
957c478bd9Sstevel@tonic-gate CKM_SHA1_RSA_PKCS,
96f66d273dSizick CKM_SHA256_RSA_PKCS,
97f66d273dSizick CKM_SHA384_RSA_PKCS,
98f66d273dSizick CKM_SHA512_RSA_PKCS,
997c478bd9Sstevel@tonic-gate CKM_DH_PKCS_KEY_PAIR_GEN,
1007c478bd9Sstevel@tonic-gate CKM_DH_PKCS_DERIVE,
1017c478bd9Sstevel@tonic-gate CKM_MD5_KEY_DERIVATION,
1027c478bd9Sstevel@tonic-gate CKM_SHA1_KEY_DERIVATION,
103f66d273dSizick CKM_SHA256_KEY_DERIVATION,
104f66d273dSizick CKM_SHA384_KEY_DERIVATION,
105f66d273dSizick CKM_SHA512_KEY_DERIVATION,
10605204290SJason King CKM_SHA512_224_KEY_DERIVATION,
10705204290SJason King CKM_SHA512_256_KEY_DERIVATION,
1087c478bd9Sstevel@tonic-gate CKM_PBE_SHA1_RC4_128,
1097c478bd9Sstevel@tonic-gate CKM_PKCS5_PBKD2,
1107c478bd9Sstevel@tonic-gate CKM_SSL3_PRE_MASTER_KEY_GEN,
1117c478bd9Sstevel@tonic-gate CKM_TLS_PRE_MASTER_KEY_GEN,
1127c478bd9Sstevel@tonic-gate CKM_SSL3_MASTER_KEY_DERIVE,
1137c478bd9Sstevel@tonic-gate CKM_TLS_MASTER_KEY_DERIVE,
1147c478bd9Sstevel@tonic-gate CKM_SSL3_MASTER_KEY_DERIVE_DH,
1157c478bd9Sstevel@tonic-gate CKM_TLS_MASTER_KEY_DERIVE_DH,
1167c478bd9Sstevel@tonic-gate CKM_SSL3_KEY_AND_MAC_DERIVE,
11760722cc8Sizick CKM_TLS_KEY_AND_MAC_DERIVE,
118f9fbec18Smcpowers CKM_TLS_PRF,
119f9fbec18Smcpowers CKM_EC_KEY_PAIR_GEN,
120f9fbec18Smcpowers CKM_ECDSA,
121f9fbec18Smcpowers CKM_ECDSA_SHA1,
122f9fbec18Smcpowers CKM_ECDH1_DERIVE
1237c478bd9Sstevel@tonic-gate };
1247c478bd9Sstevel@tonic-gate
1257c478bd9Sstevel@tonic-gate /*
1267c478bd9Sstevel@tonic-gate * This is the table of CK_MECHANISM_INFO structs for the supported mechanisms.
1277c478bd9Sstevel@tonic-gate * The index for this table is the same as the one above for the same
1287c478bd9Sstevel@tonic-gate * mechanism.
1297c478bd9Sstevel@tonic-gate * The minimum and maximum sizes of the key for the mechanism can be measured
1307c478bd9Sstevel@tonic-gate * in bits or in bytes (i.e. mechanism-dependent). This table specifies the
1317c478bd9Sstevel@tonic-gate * supported range of key sizes in bytes; unless noted as in bits.
1327c478bd9Sstevel@tonic-gate */
1337c478bd9Sstevel@tonic-gate static CK_MECHANISM_INFO soft_mechanism_info[] = {
1347c478bd9Sstevel@tonic-gate {DES_MINBYTES, DES_MAXBYTES,
1357c478bd9Sstevel@tonic-gate CKF_ENCRYPT|CKF_DECRYPT|
1367c478bd9Sstevel@tonic-gate CKF_WRAP|CKF_UNWRAP}, /* CKM_DES_CBC */
1377c478bd9Sstevel@tonic-gate {DES_MINBYTES, DES_MAXBYTES,
1387c478bd9Sstevel@tonic-gate CKF_ENCRYPT|CKF_DECRYPT|
1397c478bd9Sstevel@tonic-gate CKF_WRAP|CKF_UNWRAP}, /* CKM_DES_CBC_PAD */
1407c478bd9Sstevel@tonic-gate {DES_MINBYTES, DES_MAXBYTES,
1417c478bd9Sstevel@tonic-gate CKF_ENCRYPT|CKF_DECRYPT|
1427c478bd9Sstevel@tonic-gate CKF_WRAP|CKF_UNWRAP}, /* CKM_DES_ECB */
1437c478bd9Sstevel@tonic-gate {DES_MINBYTES, DES_MAXBYTES,
1447c478bd9Sstevel@tonic-gate CKF_GENERATE}, /* CKM_DES_KEY_GEN */
1457c478bd9Sstevel@tonic-gate {DES_MINBYTES, DES_MAXBYTES,
1467c478bd9Sstevel@tonic-gate CKF_SIGN|CKF_VERIFY}, /* CKM_DES_MAC_GENERAL */
1477c478bd9Sstevel@tonic-gate {DES_MINBYTES, DES_MAXBYTES,
1487c478bd9Sstevel@tonic-gate CKF_SIGN|CKF_VERIFY}, /* CKM_DES_MAC */
1497c478bd9Sstevel@tonic-gate {DES3_MINBYTES, DES3_MAXBYTES,
1507c478bd9Sstevel@tonic-gate CKF_ENCRYPT|CKF_DECRYPT|
1517c478bd9Sstevel@tonic-gate CKF_WRAP|CKF_UNWRAP}, /* CKM_DES3_CBC */
1527c478bd9Sstevel@tonic-gate {DES3_MINBYTES, DES3_MAXBYTES,
1537c478bd9Sstevel@tonic-gate CKF_ENCRYPT|CKF_DECRYPT|
1547c478bd9Sstevel@tonic-gate CKF_WRAP|CKF_UNWRAP}, /* CKM_DES3_CBC_PAD */
1557c478bd9Sstevel@tonic-gate {DES3_MINBYTES, DES3_MAXBYTES,
1567c478bd9Sstevel@tonic-gate CKF_ENCRYPT|CKF_DECRYPT|
1577c478bd9Sstevel@tonic-gate CKF_WRAP|CKF_UNWRAP}, /* CKM_DES3_ECB */
158436935a1SVladimir Kotal {DES2_MAXBYTES, DES2_MAXBYTES,
159436935a1SVladimir Kotal CKF_GENERATE}, /* CKM_DES2_KEY_GEN */
160436935a1SVladimir Kotal {DES3_MAXBYTES, DES3_MAXBYTES, /* CKK_DES3 only */
1617c478bd9Sstevel@tonic-gate CKF_GENERATE}, /* CKM_DES3_KEY_GEN */
1627c478bd9Sstevel@tonic-gate {AES_MINBYTES, AES_MAXBYTES,
1637c478bd9Sstevel@tonic-gate CKF_ENCRYPT|CKF_DECRYPT|
1647c478bd9Sstevel@tonic-gate CKF_WRAP|CKF_UNWRAP}, /* CKM_AES_CBC */
1657c478bd9Sstevel@tonic-gate {AES_MINBYTES, AES_MAXBYTES,
1667c478bd9Sstevel@tonic-gate CKF_ENCRYPT|CKF_DECRYPT|
1677c478bd9Sstevel@tonic-gate CKF_WRAP|CKF_UNWRAP}, /* CKM_AES_CBC_PAD */
1687c478bd9Sstevel@tonic-gate {AES_MINBYTES, AES_MAXBYTES,
1697c478bd9Sstevel@tonic-gate CKF_ENCRYPT|CKF_DECRYPT|
17023c57df7Smcpowers CKF_WRAP|CKF_UNWRAP}, /* CKM_AES_CTR */
17123c57df7Smcpowers {AES_MINBYTES, AES_MAXBYTES,
172cd964fceSMatt Barden CKF_SIGN|CKF_VERIFY}, /* CKM_AES_CMAC_GENERAL */
173cd964fceSMatt Barden {AES_MINBYTES, AES_MAXBYTES,
174cd964fceSMatt Barden CKF_SIGN|CKF_VERIFY}, /* CKM_AES_CMAC */
175cd964fceSMatt Barden {AES_MINBYTES, AES_MAXBYTES,
17623c57df7Smcpowers CKF_ENCRYPT|CKF_DECRYPT|
1777c478bd9Sstevel@tonic-gate CKF_WRAP|CKF_UNWRAP}, /* CKM_AES_ECB */
1787c478bd9Sstevel@tonic-gate {AES_MINBYTES, AES_MAXBYTES,
1797c478bd9Sstevel@tonic-gate CKF_GENERATE}, /* CKM_AES_KEY_GEN */
180fb261280SJason King {AES_MINBYTES, AES_MAXBYTES,
181fb261280SJason King CKF_ENCRYPT|CKF_DECRYPT|
182fb261280SJason King CKF_WRAP|CKF_UNWRAP}, /* CKM_AES_GCM */
183fb261280SJason King {AES_MINBYTES, AES_MAXBYTES,
184fb261280SJason King CKF_ENCRYPT|CKF_DECRYPT|
185fb261280SJason King CKF_WRAP|CKF_UNWRAP}, /* CKM_AES_CCM */
186f66d273dSizick {BLOWFISH_MINBYTES, BLOWFISH_MAXBYTES,
187f66d273dSizick CKF_ENCRYPT|CKF_DECRYPT|
188f66d273dSizick CKF_WRAP|CKF_UNWRAP}, /* CKM_BLOWFISH_ECB */
189f66d273dSizick {BLOWFISH_MINBYTES, BLOWFISH_MAXBYTES,
190f66d273dSizick CKF_GENERATE}, /* CKM_BLOWFISH_KEY_GEN */
1917c478bd9Sstevel@tonic-gate {0, 0, CKF_DIGEST}, /* CKM_SHA_1 */
1927c478bd9Sstevel@tonic-gate {1, 64, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA_1_HMAC */
1937c478bd9Sstevel@tonic-gate {1, 64, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA_1_HMAC_GENERAL */
194f66d273dSizick {0, 0, CKF_DIGEST}, /* CKM_SHA256 */
195f66d273dSizick {1, 64, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA256_HMAC */
196f66d273dSizick {1, 64, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA256_HMAC_GENERAL */
197f66d273dSizick {0, 0, CKF_DIGEST}, /* CKM_SHA384 */
198f66d273dSizick {1, 128, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA384_HMAC */
199f66d273dSizick {1, 128, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA384_HMAC_GENERAL */
200f66d273dSizick {0, 0, CKF_DIGEST}, /* CKM_SHA512 */
201f66d273dSizick {1, 128, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA512_HMAC */
202f66d273dSizick {1, 128, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA512_HMAC_GENERAL */
20305204290SJason King {0, 0, CKF_DIGEST}, /* CKM_SHA512_224 */
20405204290SJason King {0, 0, CKF_DIGEST}, /* CKM_SHA512_256 */
2057c478bd9Sstevel@tonic-gate {1, 512, CKF_SIGN|CKF_VERIFY}, /* CKM_SSL3_SHA1_MAC */
2067c478bd9Sstevel@tonic-gate {0, 0, CKF_DIGEST}, /* CKM_MD5 */
2077c478bd9Sstevel@tonic-gate {1, 64, CKF_SIGN|CKF_VERIFY}, /* CKM_MD5_HMAC */
2087c478bd9Sstevel@tonic-gate {1, 64, CKF_SIGN|CKF_VERIFY}, /* CKM_MD5_HMAC_GENERAL */
2097c478bd9Sstevel@tonic-gate {1, 512, CKF_SIGN|CKF_VERIFY}, /* CKM_SSL3_MD5_MAC */
2107c478bd9Sstevel@tonic-gate {8, ARCFOUR_MAX_KEY_BITS, CKF_ENCRYPT|CKF_DECRYPT}, /* CKM_RC4; */
2117c478bd9Sstevel@tonic-gate /* in bits */
2127c478bd9Sstevel@tonic-gate {8, ARCFOUR_MAX_KEY_BITS, CKF_GENERATE }, /* CKM_RC4_KEY_GEN; in bits */
2137c478bd9Sstevel@tonic-gate {512, 1024, CKF_SIGN|CKF_VERIFY}, /* CKM_DSA; in bits */
2147c478bd9Sstevel@tonic-gate {512, 1024, CKF_SIGN|CKF_VERIFY}, /* CKM_DSA_SHA1; in bits */
2157c478bd9Sstevel@tonic-gate {512, 1024, CKF_GENERATE_KEY_PAIR}, /* CKM_DSA_KEY_PAIR_GEN; */
2167c478bd9Sstevel@tonic-gate /* in bits */
2177c478bd9Sstevel@tonic-gate {256, 4096, CKF_ENCRYPT|CKF_DECRYPT|
2187c478bd9Sstevel@tonic-gate CKF_SIGN|CKF_SIGN_RECOVER|
2197c478bd9Sstevel@tonic-gate CKF_WRAP|CKF_UNWRAP|
2207c478bd9Sstevel@tonic-gate CKF_VERIFY|CKF_VERIFY_RECOVER}, /* CKM_RSA_PKCS; in bits */
2217c478bd9Sstevel@tonic-gate {256, 4096, CKF_GENERATE_KEY_PAIR}, /* CKM_RSA_PKCS_KEY_PAIR_GEN; */
2227c478bd9Sstevel@tonic-gate /* in bits */
2237c478bd9Sstevel@tonic-gate {256, 4096, CKF_ENCRYPT|CKF_DECRYPT|
2247c478bd9Sstevel@tonic-gate CKF_SIGN|CKF_SIGN_RECOVER|
2257c478bd9Sstevel@tonic-gate CKF_WRAP|CKF_UNWRAP|
2267c478bd9Sstevel@tonic-gate CKF_VERIFY|CKF_VERIFY_RECOVER}, /* CKM_RSA_X_509 in bits */
2277c478bd9Sstevel@tonic-gate {256, 4096, CKF_SIGN|CKF_VERIFY}, /* CKM_MD5_RSA_PKCS in bits */
2287c478bd9Sstevel@tonic-gate {256, 4096, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA1_RSA_PKCS in bits */
229f66d273dSizick {256, 4096, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA256_RSA_PKCS in bits */
230f66d273dSizick {256, 4096, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA384_RSA_PKCS in bits */
231f66d273dSizick {256, 4096, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA512_RSA_PKCS in bits */
232726fad2aSDina K Nimeh {DH_MIN_KEY_LEN, DH_MAX_KEY_LEN, CKF_GENERATE_KEY_PAIR},
2337c478bd9Sstevel@tonic-gate /* CKM_DH_PKCS_KEY_PAIR_GEN */
2347c478bd9Sstevel@tonic-gate /* in bits */
235726fad2aSDina K Nimeh {DH_MIN_KEY_LEN, DH_MAX_KEY_LEN, CKF_DERIVE},
2367c478bd9Sstevel@tonic-gate /* CKM_DH_PKCS_DERIVE; */
2377c478bd9Sstevel@tonic-gate /* in bits */
2387c478bd9Sstevel@tonic-gate {1, 16, CKF_DERIVE}, /* CKM_MD5_KEY_DERIVATION */
2397c478bd9Sstevel@tonic-gate {1, 20, CKF_DERIVE}, /* CKM_SHA1_KEY_DERIVATION */
240f66d273dSizick {1, 32, CKF_DERIVE}, /* CKM_SHA256_KEY_DERIVATION */
241f66d273dSizick {1, 48, CKF_DERIVE}, /* CKM_SHA384_KEY_DERIVATION */
242f66d273dSizick {1, 64, CKF_DERIVE}, /* CKM_SHA512_KEY_DERIVATION */
24305204290SJason King {1, 28, CKF_DERIVE}, /* CKM_SHA512_224_KEY_DERIVATION */
24405204290SJason King {1, 32, CKF_DERIVE}, /* CKM_SHA512_256_KEY_DERIVATION */
2457c478bd9Sstevel@tonic-gate {0, 0, CKF_GENERATE}, /* CKM_PBE_SHA1_RC4_128 */
2467c478bd9Sstevel@tonic-gate {0, 0, CKF_GENERATE}, /* CKM_PKCS5_PBKD2 */
2477c478bd9Sstevel@tonic-gate {48, 48, CKF_GENERATE}, /* CKM_SSL3_PRE_MASTER_KEY_GEN */
2487c478bd9Sstevel@tonic-gate {48, 48, CKF_GENERATE}, /* CKM_TLS_PRE_MASTER_KEY_GEN */
2497c478bd9Sstevel@tonic-gate {48, 48, CKF_DERIVE}, /* CKM_SSL3_MASTER_KEY_DERIVE */
2507c478bd9Sstevel@tonic-gate {48, 48, CKF_DERIVE}, /* CKM_TLS_MASTER_KEY_DERIVE */
2517c478bd9Sstevel@tonic-gate {48, 48, CKF_DERIVE}, /* CKM_SSL3_MASTER_KEY_DERIVE_DH */
2527c478bd9Sstevel@tonic-gate {48, 48, CKF_DERIVE}, /* CKM_TLS_MASTER_KEY_DERIVE_DH */
2537c478bd9Sstevel@tonic-gate {0, 0, CKF_DERIVE}, /* CKM_SSL3_KEY_AND_MAC_DERIVE */
25460722cc8Sizick {0, 0, CKF_DERIVE}, /* CKM_TLS_KEY_AND_MAC_DERIVE */
255f9fbec18Smcpowers {0, 0, CKF_DERIVE}, /* CKM_TLS_PRF */
256f9fbec18Smcpowers {EC_MIN_KEY_LEN, EC_MAX_KEY_LEN, CKF_GENERATE_KEY_PAIR},
257f9fbec18Smcpowers {EC_MIN_KEY_LEN, EC_MAX_KEY_LEN, CKF_SIGN|CKF_VERIFY},
258f9fbec18Smcpowers {EC_MIN_KEY_LEN, EC_MAX_KEY_LEN, CKF_SIGN|CKF_VERIFY},
259f9fbec18Smcpowers {EC_MIN_KEY_LEN, EC_MAX_KEY_LEN, CKF_DERIVE}
2607c478bd9Sstevel@tonic-gate };
2617c478bd9Sstevel@tonic-gate
2627c478bd9Sstevel@tonic-gate /*
2637c478bd9Sstevel@tonic-gate * Slot ID for softtoken is always 1. tokenPresent is ignored.
2647c478bd9Sstevel@tonic-gate * Also, only one slot is used.
2657c478bd9Sstevel@tonic-gate */
2667c478bd9Sstevel@tonic-gate /*ARGSUSED*/
2677c478bd9Sstevel@tonic-gate CK_RV
C_GetSlotList(CK_BBOOL tokenPresent,CK_SLOT_ID_PTR pSlotList,CK_ULONG_PTR pulCount)2687c478bd9Sstevel@tonic-gate C_GetSlotList(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList,
2697c478bd9Sstevel@tonic-gate CK_ULONG_PTR pulCount)
2707c478bd9Sstevel@tonic-gate {
2717c478bd9Sstevel@tonic-gate
2727c478bd9Sstevel@tonic-gate CK_RV rv;
2737c478bd9Sstevel@tonic-gate
2747c478bd9Sstevel@tonic-gate if (!softtoken_initialized)
2757c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
2767c478bd9Sstevel@tonic-gate
2777c478bd9Sstevel@tonic-gate if (pulCount == NULL) {
2787c478bd9Sstevel@tonic-gate return (CKR_ARGUMENTS_BAD);
2797c478bd9Sstevel@tonic-gate }
2807c478bd9Sstevel@tonic-gate
2817c478bd9Sstevel@tonic-gate if (pSlotList == NULL) {
2827c478bd9Sstevel@tonic-gate /*
2837c478bd9Sstevel@tonic-gate * Application only wants to know the number of slots.
2847c478bd9Sstevel@tonic-gate */
2857c478bd9Sstevel@tonic-gate *pulCount = 1;
2867c478bd9Sstevel@tonic-gate return (CKR_OK);
2877c478bd9Sstevel@tonic-gate }
2887c478bd9Sstevel@tonic-gate
2897c478bd9Sstevel@tonic-gate if ((*pulCount < 1) && (pSlotList != NULL)) {
2907c478bd9Sstevel@tonic-gate rv = CKR_BUFFER_TOO_SMALL;
2917c478bd9Sstevel@tonic-gate } else {
2927c478bd9Sstevel@tonic-gate pSlotList[0] = SOFTTOKEN_SLOTID;
2937c478bd9Sstevel@tonic-gate rv = CKR_OK;
2947c478bd9Sstevel@tonic-gate }
2957c478bd9Sstevel@tonic-gate
2967c478bd9Sstevel@tonic-gate *pulCount = 1;
2977c478bd9Sstevel@tonic-gate return (rv);
2987c478bd9Sstevel@tonic-gate }
2997c478bd9Sstevel@tonic-gate
3007c478bd9Sstevel@tonic-gate
3017c478bd9Sstevel@tonic-gate CK_RV
C_GetSlotInfo(CK_SLOT_ID slotID,CK_SLOT_INFO_PTR pInfo)3027c478bd9Sstevel@tonic-gate C_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
3037c478bd9Sstevel@tonic-gate {
3047c478bd9Sstevel@tonic-gate
3057c478bd9Sstevel@tonic-gate if (!softtoken_initialized)
3067c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
3077c478bd9Sstevel@tonic-gate
3087c478bd9Sstevel@tonic-gate if (pInfo == NULL)
3097c478bd9Sstevel@tonic-gate return (CKR_ARGUMENTS_BAD);
3107c478bd9Sstevel@tonic-gate
3117c478bd9Sstevel@tonic-gate /* Make sure the slot ID is valid */
3127c478bd9Sstevel@tonic-gate if (slotID != SOFTTOKEN_SLOTID)
3137c478bd9Sstevel@tonic-gate return (CKR_SLOT_ID_INVALID);
3147c478bd9Sstevel@tonic-gate
3157c478bd9Sstevel@tonic-gate /* Provide information about the slot in the provided buffer */
3167c478bd9Sstevel@tonic-gate (void) strncpy((char *)pInfo->slotDescription, SOFT_SLOT_DESCRIPTION,
3177c478bd9Sstevel@tonic-gate 64);
3187c478bd9Sstevel@tonic-gate (void) strncpy((char *)pInfo->manufacturerID, SOFT_MANUFACTURER_ID, 32);
3198cae6764SAnthony Scarpino pInfo->flags = CKF_TOKEN_PRESENT;
3207c478bd9Sstevel@tonic-gate pInfo->hardwareVersion.major = HARDWARE_VERSION_MAJOR;
3217c478bd9Sstevel@tonic-gate pInfo->hardwareVersion.minor = HARDWARE_VERSION_MINOR;
3227c478bd9Sstevel@tonic-gate pInfo->firmwareVersion.major = FIRMWARE_VERSION_MAJOR;
3237c478bd9Sstevel@tonic-gate pInfo->firmwareVersion.minor = FIRMWARE_VERSION_MINOR;
3247c478bd9Sstevel@tonic-gate
3257c478bd9Sstevel@tonic-gate return (CKR_OK);
3267c478bd9Sstevel@tonic-gate }
3277c478bd9Sstevel@tonic-gate
3287c478bd9Sstevel@tonic-gate CK_RV
C_GetTokenInfo(CK_SLOT_ID slotID,CK_TOKEN_INFO_PTR pInfo)3297c478bd9Sstevel@tonic-gate C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
3307c478bd9Sstevel@tonic-gate {
3311fa2a72aSPeter Shoults boolean_t pin_initialized = B_FALSE;
3321fa2a72aSPeter Shoults char *ks_cryptpin = NULL;
3331fa2a72aSPeter Shoults
3347c478bd9Sstevel@tonic-gate if (!softtoken_initialized)
3357c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
3367c478bd9Sstevel@tonic-gate
3377c478bd9Sstevel@tonic-gate /* Make sure the slot ID is valid */
3387c478bd9Sstevel@tonic-gate if (slotID != SOFTTOKEN_SLOTID)
3397c478bd9Sstevel@tonic-gate return (CKR_SLOT_ID_INVALID);
3407c478bd9Sstevel@tonic-gate
3417c478bd9Sstevel@tonic-gate if (pInfo == NULL)
3427c478bd9Sstevel@tonic-gate return (CKR_ARGUMENTS_BAD);
3437c478bd9Sstevel@tonic-gate
3441fa2a72aSPeter Shoults /*
3451fa2a72aSPeter Shoults * It is intentional that we don't forward the error code
3461fa2a72aSPeter Shoults * returned from soft_keystore_pin_initialized() to the caller
3471fa2a72aSPeter Shoults */
348c5866e1dSPeter Shoults pInfo->flags = SOFT_TOKEN_FLAGS;
349c5866e1dSPeter Shoults if (soft_slot.keystore_load_status == KEYSTORE_UNAVAILABLE) {
350c5866e1dSPeter Shoults pInfo->flags |= CKF_WRITE_PROTECTED;
3511fa2a72aSPeter Shoults } else {
3521fa2a72aSPeter Shoults if ((soft_keystore_pin_initialized(&pin_initialized,
3531fa2a72aSPeter Shoults &ks_cryptpin, B_FALSE) == CKR_OK) && !pin_initialized)
3541fa2a72aSPeter Shoults pInfo->flags |= CKF_USER_PIN_TO_BE_CHANGED;
355c5866e1dSPeter Shoults }
3561fa2a72aSPeter Shoults
357a8793c76SJason King if (ks_cryptpin != NULL) {
358a8793c76SJason King size_t cplen = strlen(ks_cryptpin) + 1;
359a8793c76SJason King
360a8793c76SJason King freezero(ks_cryptpin, cplen);
361a8793c76SJason King }
3621fa2a72aSPeter Shoults
3637c478bd9Sstevel@tonic-gate /* Provide information about a token in the provided buffer */
3647c478bd9Sstevel@tonic-gate (void) strncpy((char *)pInfo->label, SOFT_TOKEN_LABEL, 32);
3657c478bd9Sstevel@tonic-gate (void) strncpy((char *)pInfo->manufacturerID, SOFT_MANUFACTURER_ID, 32);
3667c478bd9Sstevel@tonic-gate (void) strncpy((char *)pInfo->model, TOKEN_MODEL, 16);
3677c478bd9Sstevel@tonic-gate (void) strncpy((char *)pInfo->serialNumber, SOFT_TOKEN_SERIAL, 16);
3687c478bd9Sstevel@tonic-gate
3697c478bd9Sstevel@tonic-gate pInfo->ulMaxSessionCount = CK_EFFECTIVELY_INFINITE;
3707c478bd9Sstevel@tonic-gate pInfo->ulSessionCount = soft_session_cnt;
3717c478bd9Sstevel@tonic-gate pInfo->ulMaxRwSessionCount = CK_EFFECTIVELY_INFINITE;
3727c478bd9Sstevel@tonic-gate pInfo->ulRwSessionCount = soft_session_rw_cnt;
3737c478bd9Sstevel@tonic-gate pInfo->ulMaxPinLen = MAX_PIN_LEN;
3747c478bd9Sstevel@tonic-gate pInfo->ulMinPinLen = MIN_PIN_LEN;
3757c478bd9Sstevel@tonic-gate pInfo->ulTotalPublicMemory = CK_UNAVAILABLE_INFORMATION;
3767c478bd9Sstevel@tonic-gate pInfo->ulFreePublicMemory = CK_UNAVAILABLE_INFORMATION;
3777c478bd9Sstevel@tonic-gate pInfo->ulTotalPrivateMemory = CK_UNAVAILABLE_INFORMATION;
3787c478bd9Sstevel@tonic-gate pInfo->ulFreePrivateMemory = CK_UNAVAILABLE_INFORMATION;
3797c478bd9Sstevel@tonic-gate pInfo->hardwareVersion.major = HARDWARE_VERSION_MAJOR;
3807c478bd9Sstevel@tonic-gate pInfo->hardwareVersion.minor = HARDWARE_VERSION_MINOR;
3817c478bd9Sstevel@tonic-gate pInfo->firmwareVersion.major = FIRMWARE_VERSION_MAJOR;
3827c478bd9Sstevel@tonic-gate pInfo->firmwareVersion.minor = FIRMWARE_VERSION_MINOR;
3837c478bd9Sstevel@tonic-gate (void) memset(pInfo->utcTime, ' ', 16);
3847c478bd9Sstevel@tonic-gate
3857c478bd9Sstevel@tonic-gate return (CKR_OK);
3867c478bd9Sstevel@tonic-gate }
3877c478bd9Sstevel@tonic-gate
3887c478bd9Sstevel@tonic-gate /*ARGSUSED*/
3897c478bd9Sstevel@tonic-gate CK_RV
C_WaitForSlotEvent(CK_FLAGS flags,CK_SLOT_ID_PTR pSlot,CK_VOID_PTR pReserved)3907c478bd9Sstevel@tonic-gate C_WaitForSlotEvent(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot, CK_VOID_PTR pReserved)
3917c478bd9Sstevel@tonic-gate {
3927c478bd9Sstevel@tonic-gate if (!softtoken_initialized)
3937c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
3947c478bd9Sstevel@tonic-gate
3957c478bd9Sstevel@tonic-gate /*
3967c478bd9Sstevel@tonic-gate * This is currently not implemented, however we could cause this
3977c478bd9Sstevel@tonic-gate * to wait for the token files to appear if soft_token_present is
3987c478bd9Sstevel@tonic-gate * false.
3997c478bd9Sstevel@tonic-gate * However there is currently no polite and portable way to do that
4007c478bd9Sstevel@tonic-gate * because we might not even be able to get to an fd to the
4017c478bd9Sstevel@tonic-gate * parent directory, so instead we don't support any slot events.
4027c478bd9Sstevel@tonic-gate */
4037c478bd9Sstevel@tonic-gate return (CKR_FUNCTION_NOT_SUPPORTED);
4047c478bd9Sstevel@tonic-gate }
4057c478bd9Sstevel@tonic-gate
4067c478bd9Sstevel@tonic-gate
4077c478bd9Sstevel@tonic-gate CK_RV
C_GetMechanismList(CK_SLOT_ID slotID,CK_MECHANISM_TYPE_PTR pMechanismList,CK_ULONG_PTR pulCount)4087c478bd9Sstevel@tonic-gate C_GetMechanismList(CK_SLOT_ID slotID, CK_MECHANISM_TYPE_PTR pMechanismList,
4097c478bd9Sstevel@tonic-gate CK_ULONG_PTR pulCount)
4107c478bd9Sstevel@tonic-gate {
4117c478bd9Sstevel@tonic-gate
4127c478bd9Sstevel@tonic-gate ulong_t i;
4137c478bd9Sstevel@tonic-gate ulong_t mechnum;
4147c478bd9Sstevel@tonic-gate
4157c478bd9Sstevel@tonic-gate if (!softtoken_initialized)
4167c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
4177c478bd9Sstevel@tonic-gate
4187c478bd9Sstevel@tonic-gate if (slotID != SOFTTOKEN_SLOTID)
4197c478bd9Sstevel@tonic-gate return (CKR_SLOT_ID_INVALID);
4207c478bd9Sstevel@tonic-gate
421*989c147eSJason King if (pulCount == NULL)
422*989c147eSJason King return (CKR_ARGUMENTS_BAD);
423*989c147eSJason King
4247c478bd9Sstevel@tonic-gate mechnum = sizeof (soft_mechanisms) / sizeof (CK_MECHANISM_TYPE);
4257c478bd9Sstevel@tonic-gate
4267c478bd9Sstevel@tonic-gate if (pMechanismList == NULL) {
4277c478bd9Sstevel@tonic-gate /*
4287c478bd9Sstevel@tonic-gate * Application only wants to know the number of
4297c478bd9Sstevel@tonic-gate * supported mechanism types.
4307c478bd9Sstevel@tonic-gate */
4317c478bd9Sstevel@tonic-gate *pulCount = mechnum;
4327c478bd9Sstevel@tonic-gate return (CKR_OK);
4337c478bd9Sstevel@tonic-gate }
4347c478bd9Sstevel@tonic-gate
4357c478bd9Sstevel@tonic-gate if (*pulCount < mechnum) {
4367c478bd9Sstevel@tonic-gate *pulCount = mechnum;
4377c478bd9Sstevel@tonic-gate return (CKR_BUFFER_TOO_SMALL);
4387c478bd9Sstevel@tonic-gate }
4397c478bd9Sstevel@tonic-gate
4407c478bd9Sstevel@tonic-gate for (i = 0; i < mechnum; i++) {
4417c478bd9Sstevel@tonic-gate pMechanismList[i] = soft_mechanisms[i];
4427c478bd9Sstevel@tonic-gate }
4437c478bd9Sstevel@tonic-gate
4447c478bd9Sstevel@tonic-gate *pulCount = mechnum;
4457c478bd9Sstevel@tonic-gate
4467c478bd9Sstevel@tonic-gate return (CKR_OK);
4477c478bd9Sstevel@tonic-gate }
4487c478bd9Sstevel@tonic-gate
4497c478bd9Sstevel@tonic-gate
4507c478bd9Sstevel@tonic-gate CK_RV
C_GetMechanismInfo(CK_SLOT_ID slotID,CK_MECHANISM_TYPE type,CK_MECHANISM_INFO_PTR pInfo)4517c478bd9Sstevel@tonic-gate C_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type,
4527c478bd9Sstevel@tonic-gate CK_MECHANISM_INFO_PTR pInfo)
4537c478bd9Sstevel@tonic-gate {
4547c478bd9Sstevel@tonic-gate
4557c478bd9Sstevel@tonic-gate ulong_t i;
4567c478bd9Sstevel@tonic-gate ulong_t mechnum;
4577c478bd9Sstevel@tonic-gate
4587c478bd9Sstevel@tonic-gate if (!softtoken_initialized)
4597c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
4607c478bd9Sstevel@tonic-gate
4617c478bd9Sstevel@tonic-gate if (slotID != SOFTTOKEN_SLOTID)
4627c478bd9Sstevel@tonic-gate return (CKR_SLOT_ID_INVALID);
4637c478bd9Sstevel@tonic-gate
4647c478bd9Sstevel@tonic-gate if (pInfo == NULL) {
4657c478bd9Sstevel@tonic-gate return (CKR_ARGUMENTS_BAD);
4667c478bd9Sstevel@tonic-gate }
4677c478bd9Sstevel@tonic-gate
4687c478bd9Sstevel@tonic-gate mechnum = sizeof (soft_mechanisms) / sizeof (CK_MECHANISM_TYPE);
4697c478bd9Sstevel@tonic-gate for (i = 0; i < mechnum; i++) {
4707c478bd9Sstevel@tonic-gate if (soft_mechanisms[i] == type)
4717c478bd9Sstevel@tonic-gate break;
4727c478bd9Sstevel@tonic-gate }
4737c478bd9Sstevel@tonic-gate
4747c478bd9Sstevel@tonic-gate if (i == mechnum)
4757c478bd9Sstevel@tonic-gate /* unsupported mechanism */
4767c478bd9Sstevel@tonic-gate return (CKR_MECHANISM_INVALID);
4777c478bd9Sstevel@tonic-gate
4787c478bd9Sstevel@tonic-gate pInfo->ulMinKeySize = soft_mechanism_info[i].ulMinKeySize;
4797c478bd9Sstevel@tonic-gate pInfo->ulMaxKeySize = soft_mechanism_info[i].ulMaxKeySize;
4807c478bd9Sstevel@tonic-gate pInfo->flags = soft_mechanism_info[i].flags;
4817c478bd9Sstevel@tonic-gate
4827c478bd9Sstevel@tonic-gate return (CKR_OK);
4837c478bd9Sstevel@tonic-gate }
4847c478bd9Sstevel@tonic-gate
4857c478bd9Sstevel@tonic-gate
4867c478bd9Sstevel@tonic-gate /*ARGSUSED*/
4877c478bd9Sstevel@tonic-gate CK_RV
C_InitToken(CK_SLOT_ID slotID,CK_UTF8CHAR_PTR pPin,CK_ULONG ulPinLen,CK_UTF8CHAR_PTR pLabel)4887c478bd9Sstevel@tonic-gate C_InitToken(CK_SLOT_ID slotID, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen,
4897c478bd9Sstevel@tonic-gate CK_UTF8CHAR_PTR pLabel)
4907c478bd9Sstevel@tonic-gate {
4917c478bd9Sstevel@tonic-gate if (!softtoken_initialized)
4927c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
4937c478bd9Sstevel@tonic-gate
494c5866e1dSPeter Shoults if (create_keystore() != 0)
495c5866e1dSPeter Shoults return (CKR_FUNCTION_FAILED);
496c5866e1dSPeter Shoults
497c5866e1dSPeter Shoults return (CKR_OK);
4987c478bd9Sstevel@tonic-gate }
4997c478bd9Sstevel@tonic-gate
5007c478bd9Sstevel@tonic-gate /*ARGSUSED*/
5017c478bd9Sstevel@tonic-gate CK_RV
C_InitPIN(CK_SESSION_HANDLE hSession,CK_UTF8CHAR_PTR pPin,CK_ULONG ulPinLen)5027c478bd9Sstevel@tonic-gate C_InitPIN(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen)
5037c478bd9Sstevel@tonic-gate {
5047c478bd9Sstevel@tonic-gate if (!softtoken_initialized)
5057c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
5067c478bd9Sstevel@tonic-gate
5077c478bd9Sstevel@tonic-gate return (CKR_FUNCTION_NOT_SUPPORTED);
5087c478bd9Sstevel@tonic-gate }
5097c478bd9Sstevel@tonic-gate
5107c478bd9Sstevel@tonic-gate
5117c478bd9Sstevel@tonic-gate CK_RV
C_SetPIN(CK_SESSION_HANDLE hSession,CK_UTF8CHAR_PTR pOldPin,CK_ULONG ulOldPinLen,CK_UTF8CHAR_PTR pNewPin,CK_ULONG ulNewPinLen)5127c478bd9Sstevel@tonic-gate C_SetPIN(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pOldPin,
5137c478bd9Sstevel@tonic-gate CK_ULONG ulOldPinLen, CK_UTF8CHAR_PTR pNewPin, CK_ULONG ulNewPinLen)
5147c478bd9Sstevel@tonic-gate {
5157c478bd9Sstevel@tonic-gate
5167c478bd9Sstevel@tonic-gate soft_session_t *session_p;
5177c478bd9Sstevel@tonic-gate CK_RV rv;
5187c478bd9Sstevel@tonic-gate boolean_t lock_held = B_FALSE;
5197c478bd9Sstevel@tonic-gate
5207c478bd9Sstevel@tonic-gate if (!softtoken_initialized)
5217c478bd9Sstevel@tonic-gate return (CKR_CRYPTOKI_NOT_INITIALIZED);
5227c478bd9Sstevel@tonic-gate
5237c478bd9Sstevel@tonic-gate /*
5247c478bd9Sstevel@tonic-gate * Obtain the session pointer. Also, increment the session
5257c478bd9Sstevel@tonic-gate * reference count.
5267c478bd9Sstevel@tonic-gate */
5277c478bd9Sstevel@tonic-gate rv = handle2session(hSession, &session_p);
5287c478bd9Sstevel@tonic-gate if (rv != CKR_OK)
5297c478bd9Sstevel@tonic-gate return (rv);
5307c478bd9Sstevel@tonic-gate
531c5866e1dSPeter Shoults if (!soft_keystore_status(KEYSTORE_LOAD)) {
5327c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
5337c478bd9Sstevel@tonic-gate return (CKR_DEVICE_REMOVED);
5347c478bd9Sstevel@tonic-gate }
5357c478bd9Sstevel@tonic-gate
5367c478bd9Sstevel@tonic-gate if ((ulOldPinLen < MIN_PIN_LEN) || (ulOldPinLen > MAX_PIN_LEN) ||
5377c478bd9Sstevel@tonic-gate (ulNewPinLen < MIN_PIN_LEN) ||(ulNewPinLen > MAX_PIN_LEN)) {
5387c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
5397c478bd9Sstevel@tonic-gate return (CKR_PIN_LEN_RANGE);
5407c478bd9Sstevel@tonic-gate }
5417c478bd9Sstevel@tonic-gate
5427c478bd9Sstevel@tonic-gate if ((pOldPin == NULL_PTR) || (pNewPin == NULL_PTR)) {
5437c478bd9Sstevel@tonic-gate /*
5447c478bd9Sstevel@tonic-gate * We don't support CKF_PROTECTED_AUTHENTICATION_PATH
5457c478bd9Sstevel@tonic-gate */
5467c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
5477c478bd9Sstevel@tonic-gate return (CKR_ARGUMENTS_BAD);
5487c478bd9Sstevel@tonic-gate }
5497c478bd9Sstevel@tonic-gate
5507c478bd9Sstevel@tonic-gate /* check the state of the session */
5517c478bd9Sstevel@tonic-gate if ((session_p->state != CKS_RW_PUBLIC_SESSION) &&
5527c478bd9Sstevel@tonic-gate (session_p->state != CKS_RW_USER_FUNCTIONS)) {
5537c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
5547c478bd9Sstevel@tonic-gate return (CKR_SESSION_READ_ONLY);
5557c478bd9Sstevel@tonic-gate }
5567c478bd9Sstevel@tonic-gate
5577c478bd9Sstevel@tonic-gate rv = soft_setpin(pOldPin, ulOldPinLen, pNewPin, ulNewPinLen);
5587c478bd9Sstevel@tonic-gate
5597c478bd9Sstevel@tonic-gate SES_REFRELE(session_p, lock_held);
5607c478bd9Sstevel@tonic-gate return (rv);
5617c478bd9Sstevel@tonic-gate }
562