xref: /illumos-gate/usr/src/lib/pkcs11/pkcs11_tpm/common/api_interface.c (revision c386eb9c22c7c00fc48a982f238576e16b113bda)
1 /*
2  *		Common Public License Version 0.5
3  *
4  *		THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF
5  *		THIS COMMON PUBLIC LICENSE ("AGREEMENT"). ANY USE,
6  *		REPRODUCTION OR DISTRIBUTION OF THE PROGRAM CONSTITUTES
7  *		RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT.
8  *
9  *		1. DEFINITIONS
10  *
11  *		"Contribution" means:
12  *		      a) in the case of the initial Contributor, the
13  *		      initial code and documentation distributed under
14  *		      this Agreement, and
15  *
16  *		      b) in the case of each subsequent Contributor:
17  *		      i) changes to the Program, and
18  *		      ii) additions to the Program;
19  *
20  *		      where such changes and/or additions to the Program
21  *		      originate from and are distributed by that
22  *		      particular Contributor. A Contribution 'originates'
23  *		      from a Contributor if it was added to the Program
24  *		      by such Contributor itself or anyone acting on such
25  *		      Contributor's behalf. Contributions do not include
26  *		      additions to the Program which: (i) are separate
27  *		      modules of software distributed in conjunction with
28  *		      the Program under their own license agreement, and
29  *		      (ii) are not derivative works of the Program.
30  *
31  *
32  *		"Contributor" means any person or entity that distributes
33  *		the Program.
34  *
35  *		"Licensed Patents " mean patent claims licensable by a
36  *		Contributor which are necessarily infringed by the use or
37  *		sale of its Contribution alone or when combined with the
38  *		Program.
39  *
40  *		"Program" means the Contributions distributed in
41  *		accordance with this Agreement.
42  *
43  *		"Recipient" means anyone who receives the Program under
44  *		this Agreement, including all Contributors.
45  *
46  *		2. GRANT OF RIGHTS
47  *
48  *		      a) Subject to the terms of this Agreement, each
49  *		      Contributor hereby grants Recipient a
50  *		      no - exclusive, worldwide, royalt - free copyright
51  *		      license to reproduce, prepare derivative works of,
52  *		      publicly display, publicly perform, distribute and
53  *		      sublicense the Contribution of such Contributor, if
54  *		      any, and such derivative works, in source code and
55  *		      object code form.
56  *
57  *		      b) Subject to the terms of this Agreement, each
58  *		      Contributor hereby grants Recipient a
59  *		      no - exclusive, worldwide, royalt - free patent
60  *		      license under Licensed Patents to make, use, sell,
61  *		      offer to sell, import and otherwise transfer the
62  *		      Contribution of such Contributor, if any, in source
63  *		      code and object code form. This patent license
64  *		      shall apply to the combination of the Contribution
65  *		      and the Program if, at the time the Contribution is
66  *		      added by the Contributor, such addition of the
67  *		      Contribution causes such combination to be covered
68  *		      by the Licensed Patents. The patent license shall
69  *		      not apply to any other combinations which include
70  *		      the Contribution. No hardware per se is licensed
71  *		      hereunder.
72  *
73  *		      c) Recipient understands that although each
74  *		      Contributor grants the licenses to its
75  *		      Contributions set forth herein, no assurances are
76  *		      provided by any Contributor that the Program does
77  *		      not infringe the patent or other intellectual
78  *		      property rights of any other entity. Each
79  *		      Contributor disclaims any liability to Recipient
80  *		      for claims brought by any other entity based on
81  *		      infringement of intellectual property rights or
82  *		      otherwise. As a condition to exercising the rights
83  *		      and licenses granted hereunder, each Recipient
84  *		      hereby assumes sole responsibility to secure any
85  *		      other intellectual property rights needed, if any.
86  *
87  *		      For example, if a third party patent license is
88  *		      required to allow Recipient to distribute the
89  *		      Program, it is Recipient's responsibility to
90  *		      acquire that license before distributing the
91  *		      Program.
92  *
93  *		      d) Each Contributor represents that to its
94  *		      knowledge it has sufficient copyright rights in its
95  *		      Contribution, if any, to grant the copyright
96  *		      license set forth in this Agreement.
97  *
98  *		3. REQUIREMENTS
99  *
100  *		A Contributor may choose to distribute the Program in
101  *		object code form under its own license agreement, provided
102  *		that:
103  *		      a) it complies with the terms and conditions of
104  *		      this Agreement; and
105  *
106  *		      b) its license agreement:
107  *		      i) effectively disclaims on behalf of all
108  *		      Contributors all warranties and conditions, express
109  *		      and implied, including warranties or conditions of
110  *		      title and no - infringement, and implied warranties
111  *		      or conditions of merchantability and fitness for a
112  *		      particular purpose;
113  *
114  *		      ii) effectively excludes on behalf of all
115  *		      Contributors all liability for damages, including
116  *		      direct, indirect, special, incidental and
117  *		      consequential damages, such as lost profits;
118  *
119  *		      iii) states that any provisions which differ from
120  *		      this Agreement are offered by that Contributor
121  *		      alone and not by any other party; and
122  *
123  *		      iv) states that source code for the Program is
124  *		      available from such Contributor, and informs
125  *		      licensees how to obtain it in a reasonable manner
126  *		      on or through a medium customarily used for
127  *		      software exchange.
128  *
129  *		When the Program is made available in source code form:
130  *		      a) it must be made available under this Agreement;
131  *		      and
132  *		      b) a copy of this Agreement must be included with
133  *		      each copy of the Program.
134  *
135  *		Contributors may not remove or alter any copyright notices
136  *		contained within the Program.
137  *
138  *		Each Contributor must identify itself as the originator of
139  *		its Contribution, if any, in a manner that reasonably
140  *		allows subsequent Recipients to identify the originator of
141  *		the Contribution.
142  *
143  *
144  *		4. COMMERCIAL DISTRIBUTION
145  *
146  *		Commercial distributors of software may accept certain
147  *		responsibilities with respect to end users, business
148  *		partners and the like. While this license is intended to
149  *		facilitate the commercial use of the Program, the
150  *		Contributor who includes the Program in a commercial
151  *		product offering should do so in a manner which does not
152  *		create potential liability for other Contributors.
153  *		Therefore, if a Contributor includes the Program in a
154  *		commercial product offering, such Contributor ("Commercial
155  *		Contributor") hereby agrees to defend and indemnify every
156  *		other Contributor ("Indemnified Contributor") against any
157  *		losses, damages and costs (collectively "Losses") arising
158  *		from claims, lawsuits and other legal actions brought by a
159  *		third party against the Indemnified Contributor to the
160  *		extent caused by the acts or omissions of such Commercial
161  *		Contributor in connection with its distribution of the
162  *		Program in a commercial product offering. The obligations
163  *		in this section do not apply to any claims or Losses
164  *		relating to any actual or alleged intellectual property
165  *		infringement. In order to qualify, an Indemnified
166  *		Contributor must: a) promptly notify the Commercial
167  *		Contributor in writing of such claim, and b) allow the
168  *		Commercial Contributor to control, and cooperate with the
169  *		Commercial Contributor in, the defense and any related
170  *		settlement negotiations. The Indemnified Contributor may
171  *		participate in any such claim at its own expense.
172  *
173  *
174  *		For example, a Contributor might include the Program in a
175  *		commercial product offering, Product X. That Contributor
176  *		is then a Commercial Contributor. If that Commercial
177  *		Contributor then makes performance claims, or offers
178  *		warranties related to Product X, those performance claims
179  *		and warranties are such Commercial Contributor's
180  *		responsibility alone. Under this section, the Commercial
181  *		Contributor would have to defend claims against the other
182  *		Contributors related to those performance claims and
183  *		warranties, and if a court requires any other Contributor
184  *		to pay any damages as a result, the Commercial Contributor
185  *		must pay those damages.
186  *
187  *
188  *		5. NO WARRANTY
189  *
190  *		EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE
191  *		PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT
192  *		WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR
193  *		IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR
194  *		CONDITIONS OF TITLE, NO - INFRINGEMENT, MERCHANTABILITY OR
195  *		FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is solely
196  *		responsible for determining the appropriateness of using
197  *		and distributing the Program and assumes all risks
198  *		associated with its exercise of rights under this
199  *		Agreement, including but not limited to the risks and
200  *		costs of program errors, compliance with applicable laws,
201  *		damage to or loss of data, programs or equipment, and
202  *		unavailability or interruption of operations.
203  *
204  *		6. DISCLAIMER OF LIABILITY
205  *		EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER
206  *		RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY
207  *		FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
208  *		OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION
209  *		LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF
210  *		LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
211  *		(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
212  *		OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE
213  *		OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE
214  *		POSSIBILITY OF SUCH DAMAGES.
215  *
216  *		7. GENERAL
217  *
218  *		If any provision of this Agreement is invalid or
219  *		unenforceable under applicable law, it shall not affect
220  *		the validity or enforceability of the remainder of the
221  *		terms of this Agreement, and without further action by the
222  *		parties hereto, such provision shall be reformed to the
223  *		minimum extent necessary to make such provision valid and
224  *		enforceable.
225  *
226  *
227  *		If Recipient institutes patent litigation against a
228  *		Contributor with respect to a patent applicable to
229  *		software (including a cros - claim or counterclaim in a
230  *		lawsuit), then any patent licenses granted by that
231  *		Contributor to such Recipient under this Agreement shall
232  *		terminate as of the date such litigation is filed. In
233  *		addition, If Recipient institutes patent litigation
234  *		against any entity (including a cros - claim or
235  *		counterclaim in a lawsuit) alleging that the Program
236  *		itself (excluding combinations of the Program with other
237  *		software or hardware) infringes such Recipient's
238  *		patent(s), then such Recipient's rights granted under
239  *		Section 2(b) shall terminate as of the date such
240  *		litigation is filed.
241  *
242  *		All Recipient's rights under this Agreement shall
243  *		terminate if it fails to comply with any of the material
244  *		terms or conditions of this Agreement and does not cure
245  *		such failure in a reasonable period of time after becoming
246  *		aware of such noncompliance. If all Recipient's rights
247  *		under this Agreement terminate, Recipient agrees to cease
248  *		use and distribution of the Program as soon as reasonably
249  *		practicable. However, Recipient's obligations under this
250  *		Agreement and any licenses granted by Recipient relating
251  *		to the Program shall continue and survive.
252  *
253  *		Everyone is permitted to copy and distribute copies of
254  *		this Agreement, but in order to avoid inconsistency the
255  *		Agreement is copyrighted and may only be modified in the
256  *		following manner. The Agreement Steward reserves the right
257  *		to publish new versions (including revisions) of this
258  *		Agreement from time to time. No one other than the
259  *		Agreement Steward has the right to modify this Agreement.
260  *
261  *		IBM is the initial Agreement Steward. IBM may assign the
262  *		responsibility to serve as the Agreement Steward to a
263  *		suitable separate entity. Each new version of the
264  *		Agreement will be given a distinguishing version number.
265  *		The Program (including Contributions) may always be
266  *		distributed subject to the version of the Agreement under
267  *		which it was received. In addition, after a new version of
268  *		the Agreement is published, Contributor may elect to
269  *		distribute the Program (including its Contributions) under
270  *		the new version. Except as expressly stated in Sections
271  *		2(a) and 2(b) above, Recipient receives no rights or
272  *		licenses to the intellectual property of any Contributor
273  *		under this Agreement, whether expressly, by implication,
274  *		estoppel or otherwise. All rights in the Program not
275  *		expressly granted under this Agreement are reserved.
276  *
277  *
278  *		This Agreement is governed by the laws of the State of New
279  *		York and the intellectual property laws of the United
280  *		States of America. No party to this Agreement will bring a
281  *		legal action under this Agreement more than one year after
282  *		the cause of action arose. Each party waives its rights to
283  *		a jury trial in any resulting litigation.
284  *
285  *
286  *
287  * (C) COPYRIGHT International Business Machines Corp. 2001, 2002
288  */
289 /*
290  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
291  * Use is subject to license terms.
292  */
293 
294 #include "tpmtok_int.h"
295 
296 #define	LOG(x)  logit(LOG_DEBUG, x)
297 
298 /*
299  * NOTES:
300  * In many cases the specificaiton does not allow returns
301  * of CKR_ARGUMENTSB_BAD.  We break the spec, since validation of parameters
302  * to the function are best represented by this return code (where
303  * specific RC's such as CKR_INVALID_SESSION do not exist).
304  * NOTE NOTE NOTE NOTE
305  *    The parameter checking on the update operations may need to be
306  *    modified (as well as the encrypt/decrypt) to call the std API
307  *    anyway with sanatized parameters since on error, the encrypt/decrypt
308  *    sign operations are all supposed to complete.
309  *    Therefor the parameter checking here might need to be done in
310  *    the STDLL instead of the API.
311  *    This would affect ALL the Multipart operations which have
312  *    an init followed by one or more operations.
313  *
314  * Globals for the API
315  */
316 API_Proc_Struct_t  *Anchor = NULL;
317 static unsigned int   Initialized = 0;
318 static pthread_mutex_t global_mutex = PTHREAD_MUTEX_INITIALIZER;
319 struct ST_FCN_LIST FuncList;
320 CK_FUNCTION_LIST PK11_Functions;
321 extern pthread_rwlock_t obj_list_rw_mutex;
322 
323 
324 static void
325 tpmtoken_fork_prepare()
326 {
327 	(void) pthread_mutex_lock(&global_mutex);
328 	(void) pthread_mutex_lock(&pkcs_mutex);
329 	(void) pthread_mutex_lock(&obj_list_mutex);
330 	(void) pthread_rwlock_wrlock(&obj_list_rw_mutex);
331 	(void) pthread_mutex_lock(&sess_list_mutex);
332 	(void) pthread_mutex_lock(&login_mutex);
333 	if (Anchor) {
334 		(void) pthread_mutex_lock(&Anchor->ProcMutex);
335 		(void) pthread_mutex_lock(&Anchor->SessListMutex);
336 	}
337 }
338 
339 static void
340 tpmtoken_fork_parent()
341 {
342 	if (Anchor) {
343 		(void) pthread_mutex_unlock(&Anchor->SessListMutex);
344 		(void) pthread_mutex_unlock(&Anchor->ProcMutex);
345 	}
346 	(void) pthread_mutex_unlock(&login_mutex);
347 	(void) pthread_mutex_unlock(&sess_list_mutex);
348 	(void) pthread_rwlock_unlock(&obj_list_rw_mutex);
349 	(void) pthread_mutex_unlock(&obj_list_mutex);
350 	(void) pthread_mutex_unlock(&pkcs_mutex);
351 	(void) pthread_mutex_unlock(&global_mutex);
352 }
353 
354 static void
355 tpmtoken_fork_child()
356 {
357 	if (Anchor) {
358 		(void) pthread_mutex_unlock(&Anchor->SessListMutex);
359 		(void) pthread_mutex_unlock(&Anchor->ProcMutex);
360 	}
361 
362 	(void) pthread_mutex_unlock(&login_mutex);
363 	(void) pthread_mutex_unlock(&sess_list_mutex);
364 	(void) pthread_rwlock_unlock(&obj_list_rw_mutex);
365 	(void) pthread_mutex_unlock(&obj_list_mutex);
366 	(void) pthread_mutex_unlock(&pkcs_mutex);
367 	(void) pthread_mutex_unlock(&global_mutex);
368 
369 	if (Anchor) {
370 		Terminate_All_Process_Sessions();
371 		free(Anchor);
372 		Anchor = NULL;
373 	}
374 	if (FuncList.ST_Finalize)
375 		FuncList.ST_Finalize(0);
376 
377 	logterm();
378 	loginit();
379 }
380 
381 /*ARGSUSED*/
382 CK_RV
383 C_CancelFunction(CK_SESSION_HANDLE hSession)
384 {
385 	LOG("C_CancelFunction");
386 	if (API_Initialized() == FALSE) {
387 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
388 	}
389 	return (CKR_FUNCTION_NOT_PARALLEL);
390 }
391 
392 CK_RV
393 C_CloseAllSessions(CK_SLOT_ID slotID)
394 {
395 	Session_Struct_t *pCur, *pPrev;
396 	CK_RV    rv;
397 	/*
398 	 * Although why does modutil do a close all sessions.  It is a single
399 	 * application it can only close its sessions...
400 	 * And all sessions should be closed anyhow.
401 	 */
402 	LOG("CloseAllSessions");
403 	if (API_Initialized() == FALSE)
404 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
405 	if (slotID > NUMBER_SLOTS_MANAGED)
406 		return (CKR_SLOT_ID_INVALID);
407 	/*
408 	 * Proc Mutex is locked when we remove from the seesion list in
409 	 * Close SEssion.  Therefore we don't need to do any locking
410 	 * the atomic operations are controled when we use the linked list
411 	 */
412 	pCur = (Anchor ? Anchor->SessListBeg : NULL);
413 	while (pCur) {
414 		/*
415 		 * Session owned by the slot we are working on
416 		 * There is a basic problem here.  We are using th pCur
417 		 * to point to the current one, however we delete it from
418 		 * the linked list and can no longer go Forward.  So we
419 		 * have to use the fact that this is a doubly linked list
420 		 * and get the previous pointer.  After deletion, the next
421 		 * pointer of this block will point to the next one in the
422 		 * list.
423 		 * If the value is Null, then this was the first one in
424 		 * the list and we just set pCur to the SessListBeg.
425 		 */
426 		if (pCur->SltId == slotID) {
427 			pPrev = pCur->Previous;
428 			rv = C_CloseSession((CK_SESSION_HANDLE)pCur);
429 			if (rv == CKR_OK ||
430 			    rv == CKR_SESSION_CLOSED ||
431 			    rv == CKR_SESSION_HANDLE_INVALID) {
432 				if (pPrev == NULL) {
433 					pCur = Anchor->SessListBeg;
434 				} else {
435 					pCur = pPrev->Next;
436 				}
437 			} else {
438 				return (rv);
439 			}
440 		} else {
441 			pCur = pCur->Next;
442 		}
443 	}
444 	LOG("CloseAllSessions OK");
445 	return (CKR_OK);
446 }
447 CK_RV
448 C_CloseSession(CK_SESSION_HANDLE hSession)
449 {
450 	CK_RV rv;
451 	Session_Struct_t *sessp;
452 	ST_SESSION_T rSession;
453 	LOG("C_CloseSession");
454 	if (API_Initialized() == FALSE) {
455 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
456 	}
457 	/* Validate Session */
458 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
459 		return (CKR_SESSION_HANDLE_INVALID);
460 	}
461 
462 	if (FuncList.ST_CloseSession) {
463 		/* Map the Session to the slot session */
464 		rv = FuncList.ST_CloseSession(rSession);
465 
466 		if (rv == CKR_OK) {
467 			sessp = (Session_Struct_t *)hSession;
468 			RemoveFromSessionList(sessp);
469 		}
470 	} else {
471 		rv = CKR_FUNCTION_NOT_SUPPORTED;
472 	}
473 	return (rv);
474 }
475 
476 CK_RV
477 C_CopyObject(
478 	CK_SESSION_HANDLE	hSession,
479 	CK_OBJECT_HANDLE	hObject,
480 	CK_ATTRIBUTE_PTR	pTemplate,
481 	CK_ULONG		ulCount,
482 	CK_OBJECT_HANDLE_PTR	phNewObject)
483 {
484 	CK_RV rv;
485 	ST_SESSION_T rSession;
486 	LOG("C_CopyObject");
487 	if (API_Initialized() == FALSE) {
488 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
489 	}
490 	if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) {
491 		return (CKR_SESSION_HANDLE_INVALID);
492 	}
493 	if (!phNewObject) {
494 		return (CKR_ARGUMENTS_BAD);
495 	}
496 	/*
497 	 * A null template with a count will cause the lower layer
498 	 * to have problems.
499 	 * Template with 0 count is not a problem.
500 	 */
501 	if (!pTemplate && ulCount) {
502 		return (CKR_ARGUMENTS_BAD);
503 	}
504 	if (FuncList.ST_CopyObject) {
505 		rv = FuncList.ST_CopyObject(rSession, hObject, pTemplate,
506 		    ulCount, phNewObject);
507 	} else {
508 		rv = CKR_FUNCTION_NOT_SUPPORTED;
509 	}
510 	return (rv);
511 }
512 
513 CK_RV
514 C_CreateObject(
515 	CK_SESSION_HANDLE	hSession,
516 	CK_ATTRIBUTE_PTR	pTemplate,
517 	CK_ULONG		ulCount,
518 	CK_OBJECT_HANDLE_PTR	phObject)
519 {
520 	CK_RV	rv;
521 	ST_SESSION_T rSession;
522 
523 	if (API_Initialized() == FALSE) {
524 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
525 	}
526 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
527 		return (CKR_SESSION_HANDLE_INVALID);
528 	}
529 	if (! pTemplate) {
530 		return (CKR_TEMPLATE_INCOMPLETE);
531 	}
532 	if (ulCount == 0) {
533 		return (CKR_TEMPLATE_INCOMPLETE);
534 	}
535 	if (! phObject) {
536 		return (CKR_ARGUMENTS_BAD);
537 	}
538 	if (FuncList.ST_CreateObject) {
539 		// Map the Session to the slot session
540 		rv = FuncList.ST_CreateObject(rSession, pTemplate,
541 		    ulCount, phObject);
542 	} else {
543 		rv = CKR_FUNCTION_NOT_SUPPORTED;
544 	}
545 	return (rv);
546 }
547 
548 CK_RV
549 C_Decrypt(CK_SESSION_HANDLE hSession,
550 	CK_BYTE_PTR	pEncryptedData,
551 	CK_ULONG	ulEncryptedDataLen,
552 	CK_BYTE_PTR	pData,
553 	CK_ULONG_PTR	pulDataLen)
554 {
555 	CK_RV	rv;
556 	ST_SESSION_T rSession;
557 
558 	if (API_Initialized() == FALSE) {
559 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
560 	}
561 	if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) {
562 		return (CKR_SESSION_HANDLE_INVALID);
563 	}
564 	if (FuncList.ST_Decrypt) {
565 		rv = FuncList.ST_Decrypt(rSession, pEncryptedData,
566 		    ulEncryptedDataLen, pData, pulDataLen);
567 	} else {
568 		rv = CKR_FUNCTION_NOT_SUPPORTED;
569 	}
570 	return (rv);
571 }
572 
573 CK_RV
574 C_DecryptDigestUpdate(
575 	CK_SESSION_HANDLE hSession,
576 	CK_BYTE_PTR	pEncryptedPart,
577 	CK_ULONG	ulEncryptedPartLen,
578 	CK_BYTE_PTR	pPart,
579 	CK_ULONG_PTR	pulPartLen)
580 {
581 	CK_RV	rv;
582 	ST_SESSION_T rSession;
583 
584 	if (API_Initialized() == FALSE) {
585 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
586 	}
587 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
588 		return (CKR_SESSION_HANDLE_INVALID);
589 	}
590 	if (! pEncryptedPart || ! pulPartLen) {
591 		return (CKR_ARGUMENTS_BAD);
592 	}
593 	if (FuncList.ST_DecryptDigestUpdate) {
594 		rv = FuncList.ST_DecryptDigestUpdate(rSession, pEncryptedPart,
595 		    ulEncryptedPartLen, pPart, pulPartLen);
596 	} else {
597 		rv = CKR_FUNCTION_NOT_SUPPORTED;
598 	}
599 	return (rv);
600 }
601 
602 CK_RV
603 C_DecryptFinal(CK_SESSION_HANDLE hSession,
604 	CK_BYTE_PTR	pLastPart,
605 	CK_ULONG_PTR	pulLastPartLen)
606 {
607 	CK_RV	rv;
608 	ST_SESSION_T rSession;
609 
610 	if (API_Initialized() == FALSE) {
611 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
612 	}
613 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
614 		return (CKR_SESSION_HANDLE_INVALID);
615 	}
616 	/*
617 	 * It is acceptable to have a Null pointer for the data since
618 	 * it is trying to get the length of the last part....
619 	 * The spec is unclear if a second call to Final is needed
620 	 * if there is no data in the last part.
621 	 */
622 	if (! pulLastPartLen) {
623 		return (CKR_ARGUMENTS_BAD);
624 	}
625 	if (FuncList.ST_DecryptFinal) {
626 		rv = FuncList.ST_DecryptFinal(rSession, pLastPart,
627 		    pulLastPartLen);
628 	} else {
629 		rv = CKR_FUNCTION_NOT_SUPPORTED;
630 	}
631 	return (rv);
632 }
633 
634 CK_RV
635 C_DecryptInit(CK_SESSION_HANDLE hSession,
636 	CK_MECHANISM_PTR pMechanism,
637 	CK_OBJECT_HANDLE hKey)
638 {
639 	CK_RV rv;
640 	ST_SESSION_T rSession;
641 
642 	if (API_Initialized() == FALSE) {
643 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
644 	}
645 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
646 		return (CKR_SESSION_HANDLE_INVALID);
647 	}
648 	if (! pMechanism) {
649 		return (CKR_MECHANISM_INVALID);
650 	}
651 	if (FuncList.ST_DecryptInit) {
652 		rv = FuncList.ST_DecryptInit(rSession, pMechanism, hKey);
653 	} else {
654 		rv = CKR_FUNCTION_NOT_SUPPORTED;
655 	}
656 	return (rv);
657 }
658 
659 CK_RV
660 C_DecryptUpdate(CK_SESSION_HANDLE hSession,
661 	CK_BYTE_PTR	pEncryptedPart,
662 	CK_ULONG	ulEncryptedPartLen,
663 	CK_BYTE_PTR	pPart,
664 	CK_ULONG_PTR	pulPartLen)
665 {
666 	CK_RV	rv;
667 	ST_SESSION_T rSession;
668 
669 	if (API_Initialized() == FALSE) {
670 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
671 	}
672 	if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) {
673 		return (CKR_SESSION_HANDLE_INVALID);
674 	}
675 	if (!pEncryptedPart || !pulPartLen) {
676 		return (CKR_ARGUMENTS_BAD);
677 	}
678 	if (FuncList.ST_DecryptUpdate) {
679 		rv = FuncList.ST_DecryptUpdate(rSession, pEncryptedPart,
680 		    ulEncryptedPartLen, pPart, pulPartLen);
681 	} else {
682 		rv = CKR_FUNCTION_NOT_SUPPORTED;
683 	}
684 	return (rv);
685 }
686 
687 CK_RV
688 C_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession,
689 	CK_BYTE_PTR	pEncryptedPart,
690 	CK_ULONG	ulEncryptedPartLen,
691 	CK_BYTE_PTR	pPart,
692 	CK_ULONG_PTR	pulPartLen)
693 {
694 	CK_RV	rv;
695 	ST_SESSION_T rSession;
696 
697 	if (API_Initialized() == FALSE) {
698 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
699 	}
700 	// Validate Session
701 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
702 		return (CKR_SESSION_HANDLE_INVALID);
703 	}
704 	// May have to let these go through and let the STDLL handle them
705 	if (! pEncryptedPart || ! pulPartLen) {
706 		return (CKR_ARGUMENTS_BAD);
707 	}
708 	// Get local pointers to session
709 	if (FuncList.ST_DecryptVerifyUpdate) {
710 		// Map the Session to the slot session
711 		rv = FuncList.ST_DecryptVerifyUpdate(rSession,
712 		    pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen);
713 	} else {
714 		rv = CKR_FUNCTION_NOT_SUPPORTED;
715 	}
716 	return (rv);
717 }
718 
719 CK_RV
720 C_DeriveKey(CK_SESSION_HANDLE	hSession,
721 	CK_MECHANISM_PTR	pMechanism,
722 	CK_OBJECT_HANDLE	hBaseKey,
723 	CK_ATTRIBUTE_PTR	pTemplate,
724 	CK_ULONG		ulAttributeCount,
725 	CK_OBJECT_HANDLE_PTR	phKey)
726 {
727 	CK_RV	rv;
728 	ST_SESSION_T rSession;
729 
730 	if (API_Initialized() == FALSE) {
731 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
732 	}
733 	if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) {
734 		return (CKR_SESSION_HANDLE_INVALID);
735 	}
736 
737 	if (!pMechanism) {
738 		return (CKR_MECHANISM_INVALID);
739 	}
740 	if (!pTemplate && ulAttributeCount) {
741 		return (CKR_ARGUMENTS_BAD);
742 	}
743 	if (FuncList.ST_DeriveKey) {
744 		rv = FuncList.ST_DeriveKey(rSession, pMechanism,
745 		    hBaseKey, pTemplate, ulAttributeCount, phKey);
746 	} else {
747 		rv = CKR_FUNCTION_NOT_SUPPORTED;
748 	}
749 	return (rv);
750 }
751 
752 CK_RV
753 C_DestroyObject(CK_SESSION_HANDLE hSession,
754 	CK_OBJECT_HANDLE hObject)
755 {
756 	CK_RV rv;
757 	ST_SESSION_T rSession;
758 
759 	if (API_Initialized() == FALSE) {
760 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
761 	}
762 	if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) {
763 		return (CKR_SESSION_HANDLE_INVALID);
764 	}
765 	if (FuncList.ST_DestroyObject) {
766 		rv = FuncList.ST_DestroyObject(rSession, hObject);
767 	} else {
768 		rv = CKR_FUNCTION_NOT_SUPPORTED;
769 	}
770 	return (rv);
771 }
772 
773 CK_RV
774 C_Digest(CK_SESSION_HANDLE hSession,
775 	CK_BYTE_PTR	pData,
776 	CK_ULONG	ulDataLen,
777 	CK_BYTE_PTR	pDigest,
778 	CK_ULONG_PTR	pulDigestLen)
779 {
780 	CK_RV	rv;
781 	ST_SESSION_T rSession;
782 
783 	if (API_Initialized() == FALSE) {
784 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
785 	}
786 	if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) {
787 		return (CKR_SESSION_HANDLE_INVALID);
788 	}
789 	if (FuncList.ST_Digest) {
790 		rv = FuncList.ST_Digest(rSession, pData, ulDataLen,
791 		    pDigest, pulDigestLen);
792 	} else {
793 		rv = CKR_FUNCTION_NOT_SUPPORTED;
794 	}
795 	return (rv);
796 }
797 
798 CK_RV
799 C_DigestEncryptUpdate(CK_SESSION_HANDLE hSession,
800 	CK_BYTE_PTR	pPart,
801 	CK_ULONG	ulPartLen,
802 	CK_BYTE_PTR	pEncryptedPart,
803 	CK_ULONG_PTR	pulEncryptedPartLen)
804 {
805 	CK_RV rv;
806 	ST_SESSION_T rSession;
807 
808 	if (API_Initialized() == FALSE) {
809 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
810 	}
811 	if (! pPart || ! pulEncryptedPartLen) {
812 		return (CKR_ARGUMENTS_BAD);
813 	}
814 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
815 		return (CKR_SESSION_HANDLE_INVALID);
816 	}
817 	if (FuncList.ST_DigestEncryptUpdate) {
818 		rv = FuncList.ST_DigestEncryptUpdate(rSession, pPart,
819 		    ulPartLen, pEncryptedPart, pulEncryptedPartLen);
820 	} else {
821 		rv = CKR_FUNCTION_NOT_SUPPORTED;
822 	}
823 	return (rv);
824 }
825 
826 CK_RV
827 C_DigestFinal(CK_SESSION_HANDLE hSession,
828 	CK_BYTE_PTR	pDigest,
829 	CK_ULONG_PTR	pulDigestLen)
830 {
831 	CK_RV rv;
832 	ST_SESSION_T rSession;
833 
834 	if (API_Initialized() == FALSE) {
835 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
836 	}
837 	if (! pulDigestLen) {
838 		return (CKR_ARGUMENTS_BAD);
839 	}
840 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
841 		return (CKR_SESSION_HANDLE_INVALID);
842 	}
843 	if (FuncList.ST_DigestFinal) {
844 		rv = FuncList.ST_DigestFinal(rSession, pDigest, pulDigestLen);
845 	} else {
846 		rv = CKR_FUNCTION_NOT_SUPPORTED;
847 	}
848 	return (rv);
849 }
850 
851 CK_RV
852 C_DigestInit(CK_SESSION_HANDLE hSession,
853 	CK_MECHANISM_PTR pMechanism)
854 {
855 	CK_RV rv;
856 	ST_SESSION_T rSession;
857 
858 	if (API_Initialized() == FALSE) {
859 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
860 	}
861 	if (! pMechanism) {
862 		return (CKR_MECHANISM_INVALID);
863 	}
864 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
865 		return (CKR_SESSION_HANDLE_INVALID);
866 	}
867 	if (FuncList.ST_DigestInit) {
868 		rv = FuncList.ST_DigestInit(rSession, pMechanism);
869 	} else {
870 		rv = CKR_FUNCTION_NOT_SUPPORTED;
871 	}
872 	return (rv);
873 }
874 
875 CK_RV
876 C_DigestKey(CK_SESSION_HANDLE hSession,
877 	CK_OBJECT_HANDLE hKey)
878 {
879 	CK_RV rv;
880 	ST_SESSION_T rSession;
881 
882 	if (API_Initialized() == FALSE) {
883 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
884 	}
885 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
886 		return (CKR_SESSION_HANDLE_INVALID);
887 	}
888 	if (FuncList.ST_DigestKey) {
889 		rv = FuncList.ST_DigestKey(rSession, hKey);
890 	} else {
891 		rv = CKR_FUNCTION_NOT_SUPPORTED;
892 	}
893 	return (rv);
894 }
895 
896 CK_RV
897 C_DigestUpdate(CK_SESSION_HANDLE hSession,
898 	CK_BYTE_PTR pPart,
899 	CK_ULONG ulPartLen)
900 {
901 	CK_RV rv;
902 	ST_SESSION_T rSession;
903 	if (API_Initialized() == FALSE) {
904 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
905 	}
906 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
907 		return (CKR_SESSION_HANDLE_INVALID);
908 	}
909 	if (FuncList.ST_DigestUpdate) {
910 		rv = FuncList.ST_DigestUpdate(rSession, pPart, ulPartLen);
911 	} else {
912 		rv = CKR_FUNCTION_NOT_SUPPORTED;
913 	}
914 	return (rv);
915 }
916 
917 CK_RV
918 C_Encrypt(CK_SESSION_HANDLE hSession,
919 	CK_BYTE_PTR pData,
920 	CK_ULONG ulDataLen,
921 	CK_BYTE_PTR pEncryptedData,
922 	CK_ULONG_PTR pulEncryptedDataLen)
923 {
924 	CK_RV rv;
925 	ST_SESSION_T rSession;
926 
927 	if (API_Initialized() == FALSE) {
928 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
929 	}
930 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
931 		return (CKR_SESSION_HANDLE_INVALID);
932 	}
933 	// Get local pointers to session
934 	if (FuncList.ST_Encrypt) {
935 		// Map the Session to the slot session
936 		rv = FuncList.ST_Encrypt(rSession, pData, ulDataLen,
937 		    pEncryptedData, pulEncryptedDataLen);
938 	} else {
939 		rv = CKR_FUNCTION_NOT_SUPPORTED;
940 	}
941 	return (rv);
942 }
943 
944 CK_RV
945 C_EncryptFinal(CK_SESSION_HANDLE hSession,
946 	CK_BYTE_PTR pLastEncryptedPart,
947 	CK_ULONG_PTR pulLastEncryptedPartLen)
948 {
949 	CK_RV rv;
950 	ST_SESSION_T rSession;
951 
952 	if (API_Initialized() == FALSE) {
953 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
954 	}
955 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
956 		return (CKR_SESSION_HANDLE_INVALID);
957 	}
958 	if (FuncList.ST_EncryptFinal) {
959 		rv = FuncList.ST_EncryptFinal(rSession,
960 		    pLastEncryptedPart, pulLastEncryptedPartLen);
961 	} else {
962 		rv = CKR_FUNCTION_NOT_SUPPORTED;
963 	}
964 	return (rv);
965 }
966 
967 CK_RV
968 C_EncryptInit(CK_SESSION_HANDLE hSession,
969 	CK_MECHANISM_PTR pMechanism,
970 	CK_OBJECT_HANDLE hKey)
971 {
972 	CK_RV rv;
973 	ST_SESSION_T rSession;
974 
975 	if (API_Initialized() == FALSE) {
976 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
977 	}
978 	if (! pMechanism) {
979 		return (CKR_MECHANISM_INVALID);
980 	}
981 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
982 		return (CKR_SESSION_HANDLE_INVALID);
983 	}
984 	if (FuncList.ST_EncryptInit) {
985 		rv = FuncList.ST_EncryptInit(rSession, pMechanism, hKey);
986 	} else {
987 		rv = CKR_FUNCTION_NOT_SUPPORTED;
988 	}
989 	return (rv);
990 }
991 
992 CK_RV
993 C_EncryptUpdate(CK_SESSION_HANDLE hSession,
994 	CK_BYTE_PTR pPart,
995 	CK_ULONG ulPartLen,
996 	CK_BYTE_PTR pEncryptedPart,
997 	CK_ULONG_PTR pulEncryptedPartLen)
998 {
999 	CK_RV rv;
1000 	ST_SESSION_T rSession;
1001 
1002 	if (API_Initialized() == FALSE) {
1003 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
1004 	}
1005 	if (!pPart || !pulEncryptedPartLen) {
1006 		return (CKR_ARGUMENTS_BAD);
1007 	}
1008 	if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1009 		return (CKR_SESSION_HANDLE_INVALID);
1010 	}
1011 	if (FuncList.ST_EncryptUpdate) {
1012 		rv = FuncList.ST_EncryptUpdate(rSession, pPart, ulPartLen,
1013 		    pEncryptedPart, pulEncryptedPartLen);
1014 	} else {
1015 		rv = CKR_FUNCTION_NOT_SUPPORTED;
1016 	}
1017 	return (rv);
1018 }
1019 
1020 CK_RV
1021 do_finalize(CK_VOID_PTR pReserved)
1022 {
1023 	if (API_Initialized() == FALSE) {
1024 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
1025 	}
1026 	if (pReserved != NULL) {
1027 		return (CKR_ARGUMENTS_BAD);
1028 	}
1029 	(void) pthread_mutex_lock(&global_mutex);
1030 	if (Anchor)
1031 		Terminate_All_Process_Sessions();
1032 
1033 	if (FuncList.ST_Finalize)
1034 		FuncList.ST_Finalize(0);
1035 
1036 	free(Anchor);
1037 	Anchor = NULL;
1038 
1039 	(void) pthread_mutex_unlock(&global_mutex);
1040 	return (CKR_OK);
1041 }
1042 
1043 CK_RV
1044 C_Finalize(CK_VOID_PTR pReserved) {
1045 	return (do_finalize(pReserved));
1046 }
1047 
1048 CK_RV
1049 C_FindObjects(CK_SESSION_HANDLE    hSession,
1050 	CK_OBJECT_HANDLE_PTR phObject,
1051 	CK_ULONG ulMaxObjectCount,
1052 	CK_ULONG_PTR pulObjectCount)
1053 {
1054 	CK_RV rv;
1055 	ST_SESSION_T rSession;
1056 
1057 	if (API_Initialized() == FALSE) {
1058 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
1059 	}
1060 	if (! phObject || ! pulObjectCount) {
1061 		return (CKR_ARGUMENTS_BAD);
1062 	}
1063 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1064 		return (CKR_SESSION_HANDLE_INVALID);
1065 	}
1066 	if (FuncList.ST_FindObjects) {
1067 		rv = FuncList.ST_FindObjects(rSession, phObject,
1068 		    ulMaxObjectCount, pulObjectCount);
1069 	} else {
1070 		rv = CKR_FUNCTION_NOT_SUPPORTED;
1071 	}
1072 	return (rv);
1073 }
1074 
1075 CK_RV
1076 C_FindObjectsFinal(CK_SESSION_HANDLE hSession)
1077 {
1078 	CK_RV rv;
1079 	ST_SESSION_T rSession;
1080 
1081 	if (API_Initialized() == FALSE) {
1082 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
1083 	}
1084 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1085 		return (CKR_SESSION_HANDLE_INVALID);
1086 	}
1087 	if (FuncList.ST_FindObjectsFinal) {
1088 		rv = FuncList.ST_FindObjectsFinal(rSession);
1089 	} else {
1090 		rv = CKR_FUNCTION_NOT_SUPPORTED;
1091 	}
1092 	return (rv);
1093 }
1094 
1095 CK_RV
1096 C_FindObjectsInit(CK_SESSION_HANDLE hSession,
1097 	CK_ATTRIBUTE_PTR pTemplate,
1098 	CK_ULONG ulCount)
1099 {
1100 	CK_RV rv;
1101 	ST_SESSION_T rSession;
1102 
1103 	if (API_Initialized() == FALSE) {
1104 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
1105 	}
1106 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1107 		return (CKR_SESSION_HANDLE_INVALID);
1108 	}
1109 	if (FuncList.ST_FindObjectsInit) {
1110 		rv = FuncList.ST_FindObjectsInit(rSession, pTemplate, ulCount);
1111 	} else {
1112 		rv = CKR_FUNCTION_NOT_SUPPORTED;
1113 	}
1114 	return (rv);
1115 }
1116 
1117 CK_RV
1118 C_GenerateKey(CK_SESSION_HANDLE    hSession,
1119 	CK_MECHANISM_PTR pMechanism,
1120 	CK_ATTRIBUTE_PTR pTemplate,
1121 	CK_ULONG ulCount,
1122 	CK_OBJECT_HANDLE_PTR phKey)
1123 {
1124 	CK_RV rv;
1125 	ST_SESSION_T rSession;
1126 
1127 	if (API_Initialized() == FALSE) {
1128 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
1129 	}
1130 	if (! pMechanism) {
1131 		return (CKR_MECHANISM_INVALID);
1132 	}
1133 	if (! phKey) {
1134 		return (CKR_ARGUMENTS_BAD);
1135 	}
1136 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1137 		return (CKR_SESSION_HANDLE_INVALID);
1138 	}
1139 	if (FuncList.ST_GenerateKey) {
1140 		rv = FuncList.ST_GenerateKey(rSession, pMechanism,
1141 		    pTemplate, ulCount, phKey);
1142 	} else {
1143 		rv = CKR_FUNCTION_NOT_SUPPORTED;
1144 	}
1145 	return (rv);
1146 }
1147 
1148 CK_RV
1149 C_GenerateKeyPair(CK_SESSION_HANDLE    hSession,
1150 	CK_MECHANISM_PTR pMechanism,
1151 	CK_ATTRIBUTE_PTR pPublicKeyTemplate,
1152 	CK_ULONG ulPublicKeyAttributeCount,
1153 	CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
1154 	CK_ULONG ulPrivateKeyAttributeCount,
1155 	CK_OBJECT_HANDLE_PTR phPublicKey,
1156 	CK_OBJECT_HANDLE_PTR phPrivateKey)
1157 {
1158 	CK_RV rv;
1159 	ST_SESSION_T rSession;
1160 
1161 	if (API_Initialized() == FALSE) {
1162 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
1163 	}
1164 	if (! pMechanism) {
1165 		return (CKR_MECHANISM_INVALID);
1166 	}
1167 	if (! phPublicKey || ! phPrivateKey) {
1168 		return (CKR_ARGUMENTS_BAD);
1169 	}
1170 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1171 		return (CKR_SESSION_HANDLE_INVALID);
1172 	}
1173 	if (FuncList.ST_GenerateKeyPair) {
1174 		rv = FuncList.ST_GenerateKeyPair(rSession,
1175 		    pMechanism, pPublicKeyTemplate,
1176 		    ulPublicKeyAttributeCount, pPrivateKeyTemplate,
1177 		    ulPrivateKeyAttributeCount, phPublicKey, phPrivateKey);
1178 	} else {
1179 		rv = CKR_FUNCTION_NOT_SUPPORTED;
1180 	}
1181 	return (rv);
1182 }
1183 
1184 CK_RV
1185 C_GenerateRandom(CK_SESSION_HANDLE hSession,
1186 	CK_BYTE_PTR RandomData,
1187 	CK_ULONG ulRandomLen)
1188 {
1189 	CK_RV rv;
1190 	ST_SESSION_T rSession;
1191 
1192 	if (API_Initialized() == FALSE) {
1193 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
1194 	}
1195 	if (! RandomData)
1196 		return (CKR_ARGUMENTS_BAD);
1197 
1198 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1199 		return (CKR_SESSION_HANDLE_INVALID);
1200 	}
1201 	if (FuncList.ST_GenerateRandom) {
1202 		rv = FuncList.ST_GenerateRandom(rSession, RandomData,
1203 		    ulRandomLen);
1204 	} else {
1205 		rv = CKR_FUNCTION_NOT_SUPPORTED;
1206 	}
1207 	return (rv);
1208 }
1209 
1210 CK_RV
1211 C_GetAttributeValue(CK_SESSION_HANDLE hSession,
1212 	CK_OBJECT_HANDLE hObject,
1213 	CK_ATTRIBUTE_PTR pTemplate,
1214 	CK_ULONG ulCount)
1215 {
1216 	CK_RV rv;
1217 	ST_SESSION_T rSession;
1218 
1219 	if (API_Initialized() == FALSE) {
1220 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
1221 	}
1222 	if (! pTemplate) {
1223 		return (CKR_TEMPLATE_INCOMPLETE);
1224 	}
1225 	if (ulCount == 0) {
1226 		return (CKR_TEMPLATE_INCOMPLETE);
1227 	}
1228 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1229 		return (CKR_SESSION_HANDLE_INVALID);
1230 	}
1231 	if (FuncList.ST_GetAttributeValue) {
1232 		rv = FuncList.ST_GetAttributeValue(rSession, hObject,
1233 		    pTemplate, ulCount);
1234 	} else {
1235 		rv = CKR_FUNCTION_NOT_SUPPORTED;
1236 	}
1237 	return (rv);
1238 }
1239 
1240 CK_RV
1241 C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList)
1242 {
1243 	_init();
1244 
1245 	PK11_Functions.version.major = VERSION_MAJOR;
1246 	PK11_Functions.version.minor = VERSION_MINOR;
1247 	PK11_Functions.C_Initialize = C_Initialize;
1248 	PK11_Functions.C_Finalize = C_Finalize;
1249 	PK11_Functions.C_GetInfo = C_GetInfo;
1250 	PK11_Functions.C_GetFunctionList = C_GetFunctionList;
1251 	PK11_Functions.C_GetSlotList = C_GetSlotList;
1252 	PK11_Functions.C_GetSlotInfo = C_GetSlotInfo;
1253 	PK11_Functions.C_GetTokenInfo = C_GetTokenInfo;
1254 	PK11_Functions.C_GetMechanismList = C_GetMechanismList;
1255 	PK11_Functions.C_GetMechanismInfo = C_GetMechanismInfo;
1256 	PK11_Functions.C_InitToken = C_InitToken;
1257 	PK11_Functions.C_InitPIN = C_InitPIN;
1258 	PK11_Functions.C_SetPIN = C_SetPIN;
1259 	PK11_Functions.C_OpenSession = C_OpenSession;
1260 	PK11_Functions.C_CloseSession = C_CloseSession;
1261 	PK11_Functions.C_CloseAllSessions = C_CloseAllSessions;
1262 	PK11_Functions.C_GetSessionInfo = C_GetSessionInfo;
1263 	PK11_Functions.C_GetOperationState = C_GetOperationState;
1264 	PK11_Functions.C_SetOperationState = C_SetOperationState;
1265 	PK11_Functions.C_Login = C_Login;
1266 	PK11_Functions.C_Logout = C_Logout;
1267 	PK11_Functions.C_CreateObject = C_CreateObject;
1268 	PK11_Functions.C_CopyObject = C_CopyObject;
1269 	PK11_Functions.C_DestroyObject = C_DestroyObject;
1270 	PK11_Functions.C_GetObjectSize = C_GetObjectSize;
1271 	PK11_Functions.C_GetAttributeValue = C_GetAttributeValue;
1272 	PK11_Functions.C_SetAttributeValue = C_SetAttributeValue;
1273 	PK11_Functions.C_FindObjectsInit = C_FindObjectsInit;
1274 	PK11_Functions.C_FindObjects = C_FindObjects;
1275 	PK11_Functions.C_FindObjectsFinal = C_FindObjectsFinal;
1276 	PK11_Functions.C_EncryptInit = C_EncryptInit;
1277 	PK11_Functions.C_Encrypt = C_Encrypt;
1278 	PK11_Functions.C_EncryptUpdate = C_EncryptUpdate;
1279 	PK11_Functions.C_EncryptFinal = C_EncryptFinal;
1280 	PK11_Functions.C_DecryptInit = C_DecryptInit;
1281 	PK11_Functions.C_Decrypt = C_Decrypt;
1282 	PK11_Functions.C_DecryptUpdate = C_DecryptUpdate;
1283 	PK11_Functions.C_DecryptFinal = C_DecryptFinal;
1284 	PK11_Functions.C_DigestInit = C_DigestInit;
1285 	PK11_Functions.C_Digest = C_Digest;
1286 	PK11_Functions.C_DigestUpdate = C_DigestUpdate;
1287 	PK11_Functions.C_DigestKey = C_DigestKey;
1288 	PK11_Functions.C_DigestFinal = C_DigestFinal;
1289 	PK11_Functions.C_SignInit = C_SignInit;
1290 	PK11_Functions.C_Sign = C_Sign;
1291 	PK11_Functions.C_SignUpdate = C_SignUpdate;
1292 	PK11_Functions.C_SignFinal = C_SignFinal;
1293 	PK11_Functions.C_SignRecoverInit = C_SignRecoverInit;
1294 	PK11_Functions.C_SignRecover = C_SignRecover;
1295 	PK11_Functions.C_VerifyInit = C_VerifyInit;
1296 	PK11_Functions.C_Verify = C_Verify;
1297 	PK11_Functions.C_VerifyUpdate = C_VerifyUpdate;
1298 	PK11_Functions.C_VerifyFinal = C_VerifyFinal;
1299 	PK11_Functions.C_VerifyRecoverInit = C_VerifyRecoverInit;
1300 	PK11_Functions.C_VerifyRecover = C_VerifyRecover;
1301 	PK11_Functions.C_DigestEncryptUpdate = C_DigestEncryptUpdate;
1302 	PK11_Functions.C_DecryptDigestUpdate = C_DecryptDigestUpdate;
1303 	PK11_Functions.C_SignEncryptUpdate = C_SignEncryptUpdate;
1304 	PK11_Functions.C_DecryptVerifyUpdate = C_DecryptVerifyUpdate;
1305 	PK11_Functions.C_GenerateKey = C_GenerateKey;
1306 	PK11_Functions.C_GenerateKeyPair = C_GenerateKeyPair;
1307 	PK11_Functions.C_WrapKey = C_WrapKey;
1308 	PK11_Functions.C_UnwrapKey = C_UnwrapKey;
1309 	PK11_Functions.C_DeriveKey = C_DeriveKey;
1310 	PK11_Functions.C_SeedRandom = C_SeedRandom;
1311 	PK11_Functions.C_GenerateRandom = C_GenerateRandom;
1312 	PK11_Functions.C_GetFunctionStatus = C_GetFunctionStatus;
1313 	PK11_Functions.C_CancelFunction = C_CancelFunction;
1314 	PK11_Functions.C_WaitForSlotEvent = C_WaitForSlotEvent;
1315 	if (ppFunctionList) {
1316 		(*ppFunctionList) = &PK11_Functions;
1317 		return (CKR_OK);
1318 	} else {
1319 		return (CKR_ARGUMENTS_BAD);
1320 	}
1321 }
1322 
1323 /*ARGSUSED*/
1324 CK_RV
1325 C_GetFunctionStatus(CK_SESSION_HANDLE hSession)
1326 {
1327 	if (API_Initialized() == FALSE) {
1328 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
1329 	}
1330 	return (CKR_FUNCTION_NOT_PARALLEL); // PER Specification PG 170
1331 }
1332 
1333 CK_RV
1334 C_GetInfo(CK_INFO_PTR pInfo)
1335 {
1336 	TOKEN_DATA td;
1337 	TSS_HCONTEXT hContext;
1338 
1339 	if (! API_Initialized()) {
1340 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
1341 	}
1342 	if (! pInfo) {
1343 		return (CKR_FUNCTION_FAILED);
1344 	}
1345 	(void) memset(pInfo, 0, sizeof (*pInfo));
1346 	pInfo->cryptokiVersion.major = 2;
1347 	pInfo->cryptokiVersion.minor = 20;
1348 
1349 	if (open_tss_context(&hContext))
1350 		return (CKR_FUNCTION_FAILED);
1351 
1352 	(void) token_get_tpm_info(hContext, &td);
1353 
1354 	(void) Tspi_Context_Close(hContext);
1355 
1356 	(void) memcpy(pInfo->manufacturerID, &(td.token_info.manufacturerID),
1357 	    sizeof (pInfo->manufacturerID) - 1);
1358 
1359 	pInfo->flags = td.token_info.flags;
1360 	(void) strcpy((char *)pInfo->libraryDescription,
1361 	    "PKCS11 Interface for TPM");
1362 
1363 	pInfo->libraryVersion.major = 1;
1364 	pInfo->libraryVersion.minor = 0;
1365 
1366 	return (CKR_OK);
1367 }
1368 
1369 CK_RV
1370 C_GetMechanismInfo(CK_SLOT_ID	slotID,
1371 	CK_MECHANISM_TYPE	type,
1372 	CK_MECHANISM_INFO_PTR	pInfo)
1373 {
1374 	CK_RV rv;
1375 	if (API_Initialized() == FALSE) {
1376 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
1377 	}
1378 	if (slotID > NUMBER_SLOTS_MANAGED) {
1379 		return (CKR_SLOT_ID_INVALID);
1380 	}
1381 	if (FuncList.ST_GetMechanismInfo) {
1382 		rv = FuncList.ST_GetMechanismInfo(slotID, type, pInfo);
1383 	} else {
1384 		rv = CKR_FUNCTION_NOT_SUPPORTED;
1385 	}
1386 	return (rv);
1387 }
1388 
1389 CK_RV
1390 C_GetMechanismList(CK_SLOT_ID slotID,
1391 	CK_MECHANISM_TYPE_PTR pMechanismList,
1392 	CK_ULONG_PTR pulCount)
1393 {
1394 	CK_RV rv;
1395 
1396 	if (API_Initialized() == FALSE) {
1397 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
1398 	}
1399 	if (! pulCount)
1400 		return (CKR_ARGUMENTS_BAD);
1401 
1402 	if (slotID > NUMBER_SLOTS_MANAGED)
1403 		return (CKR_SLOT_ID_INVALID);
1404 
1405 	if (FuncList.ST_GetMechanismList) {
1406 		rv = FuncList.ST_GetMechanismList(slotID,
1407 		    pMechanismList, pulCount);
1408 	} else {
1409 		rv = CKR_FUNCTION_NOT_SUPPORTED;
1410 	}
1411 	if (rv == CKR_OK) {
1412 		if (pMechanismList) {
1413 			unsigned long i;
1414 			for (i = 0; i < *pulCount; i++) {
1415 				logit(LOG_DEBUG, "Mechanism[%d] 0x%08X ",
1416 				    i, pMechanismList[i]);
1417 			}
1418 		}
1419 	}
1420 	return (rv);
1421 }
1422 
1423 CK_RV
1424 C_GetObjectSize(CK_SESSION_HANDLE hSession,
1425 	CK_OBJECT_HANDLE hObject,
1426 	CK_ULONG_PTR pulSize)
1427 {
1428 	CK_RV rv;
1429 	ST_SESSION_T rSession;
1430 
1431 	if (API_Initialized() == FALSE) {
1432 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
1433 	}
1434 	if (! pulSize) {
1435 		return (CKR_ARGUMENTS_BAD);
1436 	}
1437 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1438 		return (CKR_SESSION_HANDLE_INVALID);
1439 	}
1440 	if (FuncList.ST_GetObjectSize) {
1441 		rv = FuncList.ST_GetObjectSize(rSession, hObject, pulSize);
1442 	} else {
1443 		rv = CKR_FUNCTION_NOT_SUPPORTED;
1444 	}
1445 	return (rv);
1446 }
1447 
1448 CK_RV
1449 C_GetOperationState(CK_SESSION_HANDLE hSession,
1450 	CK_BYTE_PTR pOperationState,
1451 	CK_ULONG_PTR pulOperationStateLen)
1452 {
1453 	CK_RV rv;
1454 	ST_SESSION_T rSession;
1455 
1456 	if (API_Initialized() == FALSE) {
1457 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
1458 	}
1459 	if (! pulOperationStateLen) {
1460 		return (CKR_ARGUMENTS_BAD);
1461 	}
1462 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1463 		return (CKR_SESSION_HANDLE_INVALID);
1464 	}
1465 	if (FuncList.ST_GetOperationState) {
1466 		rv = FuncList.ST_GetOperationState(rSession,
1467 		    pOperationState, pulOperationStateLen);
1468 	} else {
1469 		rv = CKR_FUNCTION_NOT_SUPPORTED;
1470 	}
1471 	return (rv);
1472 }
1473 
1474 CK_RV
1475 C_GetSessionInfo(CK_SESSION_HANDLE hSession,
1476 	CK_SESSION_INFO_PTR pInfo)
1477 {
1478 	CK_RV rv;
1479 	ST_SESSION_T rSession;
1480 
1481 	if (API_Initialized() == FALSE) {
1482 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
1483 	}
1484 	if (! pInfo) {
1485 		return (CKR_ARGUMENTS_BAD);
1486 	}
1487 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1488 		return (CKR_SESSION_HANDLE_INVALID);
1489 	}
1490 	if (FuncList.ST_GetSessionInfo) {
1491 		rv = FuncList.ST_GetSessionInfo(rSession, pInfo);
1492 	} else {
1493 		rv = CKR_FUNCTION_NOT_SUPPORTED;
1494 	}
1495 	return (rv);
1496 }
1497 
1498 CK_RV
1499 C_GetSlotInfo(CK_SLOT_ID slotID,
1500 	CK_SLOT_INFO_PTR pInfo)
1501 {
1502 	if (API_Initialized() == FALSE) {
1503 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
1504 	}
1505 	if (!pInfo) {
1506 		return (CKR_FUNCTION_FAILED);
1507 	}
1508 	if (slotID != TPM_SLOTID)
1509 		return (CKR_SLOT_ID_INVALID);
1510 
1511 	copy_slot_info(slotID, pInfo);
1512 	return (CKR_OK);
1513 }
1514 
1515 /*ARGSUSED*/
1516 CK_RV
1517 C_GetSlotList(CK_BBOOL tokenPresent,
1518 	CK_SLOT_ID_PTR pSlotList,
1519 	CK_ULONG_PTR pulCount)
1520 {
1521 	CK_ULONG count;
1522 	CK_SLOT_INFO slotInfo;
1523 
1524 	if (API_Initialized() == FALSE)
1525 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
1526 
1527 	if (pulCount == NULL)
1528 		return (CKR_FUNCTION_FAILED);
1529 
1530 	count = 0;
1531 
1532 	copy_slot_info(TPM_SLOTID, &slotInfo);
1533 	if ((slotInfo.flags & CKF_TOKEN_PRESENT))
1534 		count++;
1535 
1536 	*pulCount = count;
1537 
1538 	if (pSlotList == NULL) {
1539 		return (CKR_OK);
1540 	} else {
1541 		if (*pulCount < count)
1542 			return (CKR_BUFFER_TOO_SMALL);
1543 		pSlotList[0] = TPM_SLOTID;
1544 	}
1545 	return (CKR_OK);
1546 }
1547 
1548 CK_RV
1549 C_GetTokenInfo(CK_SLOT_ID slotID,
1550 	CK_TOKEN_INFO_PTR pInfo)
1551 {
1552 	CK_RV rv;
1553 
1554 	if (API_Initialized() == FALSE) {
1555 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
1556 	}
1557 	if (! pInfo) {
1558 		return (CKR_ARGUMENTS_BAD);
1559 	}
1560 	if (slotID > NUMBER_SLOTS_MANAGED) {
1561 		return (CKR_SLOT_ID_INVALID);
1562 	}
1563 	slotID = TPM_SLOTID;
1564 	if (FuncList.ST_GetTokenInfo) {
1565 		rv = FuncList.ST_GetTokenInfo(slotID, pInfo);
1566 	} else {
1567 		rv = CKR_FUNCTION_NOT_SUPPORTED;
1568 	}
1569 	return (rv);
1570 }
1571 
1572 CK_RV
1573 C_Initialize(CK_VOID_PTR pVoid)
1574 {
1575 	CK_RV rv = CKR_OK;
1576 	CK_C_INITIALIZE_ARGS *pArg;
1577 	extern CK_RV ST_Initialize(void *,
1578 	    CK_SLOT_ID, unsigned char *);
1579 
1580 	(void) pthread_mutex_lock(&global_mutex);
1581 	if (! Anchor) {
1582 		Anchor = (API_Proc_Struct_t *)malloc(
1583 		    sizeof (API_Proc_Struct_t));
1584 		if (Anchor == NULL) {
1585 			(void) pthread_mutex_unlock(&global_mutex);
1586 			return (CKR_HOST_MEMORY);
1587 		}
1588 	} else {
1589 		(void) pthread_mutex_unlock(&global_mutex);
1590 		return (CKR_CRYPTOKI_ALREADY_INITIALIZED);
1591 	}
1592 	/*
1593 	 * if pVoid is NULL, then everything is OK.  The applicaiton
1594 	 * will not be doing multi thread accesses.  We can use the OS
1595 	 * locks anyhow.
1596 	 */
1597 	if (pVoid != NULL) {
1598 		int supplied_ok;
1599 		pArg = (CK_C_INITIALIZE_ARGS *)pVoid;
1600 
1601 		/*
1602 		 * ALL supplied function pointers need to have the value
1603 		 * either NULL or no - NULL.
1604 		 */
1605 		supplied_ok = (pArg->CreateMutex == NULL &&
1606 		    pArg->DestroyMutex == NULL &&
1607 		    pArg->LockMutex == NULL &&
1608 		    pArg->UnlockMutex == NULL) ||
1609 		    (pArg->CreateMutex != NULL &&
1610 		    pArg->DestroyMutex != NULL &&
1611 		    pArg->LockMutex != NULL &&
1612 		    pArg->UnlockMutex != NULL);
1613 
1614 		if (!supplied_ok) {
1615 			(void) pthread_mutex_unlock(&global_mutex);
1616 			return (CKR_ARGUMENTS_BAD);
1617 		}
1618 		/* Check for a pReserved set */
1619 		if (pArg->pReserved != NULL) {
1620 			free(Anchor);
1621 			Anchor = NULL;
1622 			(void) pthread_mutex_unlock(&global_mutex);
1623 			return (CKR_ARGUMENTS_BAD);
1624 		}
1625 		/*
1626 		 * When the CKF_OS_LOCKING_OK flag isn't set and mutex
1627 		 * function pointers are supplied by an application,
1628 		 * return (an error.  We must be able to use our own primitives.
1629 		 */
1630 		if (!(pArg->flags & CKF_OS_LOCKING_OK) &&
1631 		    (pArg->CreateMutex != NULL)) {
1632 			(void) pthread_mutex_unlock(&global_mutex);
1633 			return (CKR_CANT_LOCK);
1634 		}
1635 	}
1636 	(void) memset((char *)Anchor, 0, sizeof (API_Proc_Struct_t));
1637 	(void) pthread_mutex_init(&(Anchor->ProcMutex), NULL);
1638 	(void) pthread_mutex_init(&(Anchor->SessListMutex), NULL);
1639 	Anchor->Pid = getpid();
1640 
1641 	rv = ST_Initialize((void *)&FuncList, 0, NULL);
1642 	(void) pthread_mutex_unlock(&global_mutex);
1643 	return (rv);
1644 }
1645 
1646 CK_RV
1647 C_InitPIN(CK_SESSION_HANDLE hSession,
1648 	CK_CHAR_PTR pPin,
1649 	CK_ULONG ulPinLen)
1650 {
1651 	CK_RV rv;
1652 	ST_SESSION_T rSession;
1653 
1654 	if (API_Initialized() == FALSE) {
1655 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
1656 	}
1657 	if (! pPin && ulPinLen) {
1658 		return (CKR_ARGUMENTS_BAD);
1659 	}
1660 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1661 		return (CKR_SESSION_HANDLE_INVALID);
1662 	}
1663 
1664 	if (rSession.slotID > NUMBER_SLOTS_MANAGED) {
1665 		return (CKR_SLOT_ID_INVALID);
1666 	}
1667 	if (FuncList.ST_InitPIN) {
1668 		rv = FuncList.ST_InitPIN(rSession, pPin, ulPinLen);
1669 	} else {
1670 		rv = CKR_FUNCTION_NOT_SUPPORTED;
1671 	}
1672 	return (rv);
1673 }
1674 
1675 CK_RV
1676 C_InitToken(CK_SLOT_ID  slotID,
1677 	CK_CHAR_PTR pPin,
1678 	CK_ULONG    ulPinLen,
1679 	CK_CHAR_PTR pLabel)
1680 {
1681 	CK_RV rv;
1682 
1683 	if (API_Initialized() == FALSE) {
1684 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
1685 	}
1686 	if (! pPin && ulPinLen) {
1687 		return (CKR_ARGUMENTS_BAD);
1688 	}
1689 	if (! pLabel) {
1690 		return (CKR_ARGUMENTS_BAD);
1691 	}
1692 	if (FuncList.ST_InitToken) {
1693 		rv = FuncList.ST_InitToken(slotID, pPin, ulPinLen, pLabel);
1694 	} else {
1695 		rv = CKR_FUNCTION_NOT_SUPPORTED;
1696 	}
1697 	return (rv);
1698 }
1699 
1700 CK_RV
1701 C_Login(CK_SESSION_HANDLE hSession,
1702 	CK_USER_TYPE userType,
1703 	CK_CHAR_PTR pPin,
1704 	CK_ULONG ulPinLen)
1705 {
1706 	CK_RV rv;
1707 	ST_SESSION_T rSession;
1708 
1709 	if (API_Initialized() == FALSE) {
1710 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
1711 	}
1712 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1713 		return (CKR_SESSION_HANDLE_INVALID);
1714 	}
1715 	if (FuncList.ST_Login) {
1716 		rv = FuncList.ST_Login(rSession, userType, pPin, ulPinLen);
1717 	} else {
1718 		rv = CKR_FUNCTION_NOT_SUPPORTED;
1719 	}
1720 	return (rv);
1721 }
1722 
1723 CK_RV
1724 C_Logout(CK_SESSION_HANDLE hSession)
1725 {
1726 	CK_RV rv;
1727 	ST_SESSION_T rSession;
1728 
1729 	if (API_Initialized() == FALSE) {
1730 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
1731 	}
1732 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1733 		return (CKR_SESSION_HANDLE_INVALID);
1734 	}
1735 	if (FuncList.ST_Logout) {
1736 		rv = FuncList.ST_Logout(rSession);
1737 	} else {
1738 		rv = CKR_FUNCTION_NOT_SUPPORTED;
1739 	}
1740 	return (rv);
1741 }
1742 
1743 /*ARGSUSED*/
1744 CK_RV
1745 C_OpenSession(
1746 	CK_SLOT_ID slotID,
1747 	CK_FLAGS flags,
1748 	CK_VOID_PTR pApplication,
1749 	CK_NOTIFY Notify,
1750 	CK_SESSION_HANDLE_PTR phSession)
1751 {
1752 	CK_RV rv;
1753 	Session_Struct_t  *apiSessp;
1754 
1755 	if (API_Initialized() == FALSE) {
1756 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
1757 	}
1758 	if (slotID > NUMBER_SLOTS_MANAGED) {
1759 		return (CKR_SLOT_ID_INVALID);
1760 	}
1761 	if (! phSession) {
1762 		return (CKR_FUNCTION_FAILED);
1763 	}
1764 	if ((flags & CKF_SERIAL_SESSION) == 0) {
1765 		return (CKR_SESSION_PARALLEL_NOT_SUPPORTED);
1766 	}
1767 	if ((apiSessp = (Session_Struct_t *)malloc(
1768 	    sizeof (Session_Struct_t))) == NULL) {
1769 		return (CKR_HOST_MEMORY);
1770 	}
1771 	if (FuncList.ST_OpenSession) {
1772 		rv = FuncList.ST_OpenSession(slotID, flags,
1773 		    &(apiSessp->RealHandle));
1774 
1775 		if (rv == CKR_OK) {
1776 			*phSession = (CK_SESSION_HANDLE)apiSessp;
1777 			apiSessp->SltId = slotID;
1778 
1779 			AddToSessionList(apiSessp);
1780 		} else {
1781 			free(apiSessp);
1782 		}
1783 	} else {
1784 		rv = CKR_FUNCTION_NOT_SUPPORTED;
1785 	}
1786 	return (rv);
1787 }
1788 
1789 CK_RV
1790 C_SeedRandom(CK_SESSION_HANDLE hSession,
1791 	CK_BYTE_PTR pSeed,
1792 	CK_ULONG ulSeedLen)
1793 {
1794 	CK_RV rv;
1795 	ST_SESSION_T rSession;
1796 
1797 	if (API_Initialized() == FALSE) {
1798 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
1799 	}
1800 	if (! pSeed && ulSeedLen) {
1801 		return (CKR_ARGUMENTS_BAD);
1802 	}
1803 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1804 		return (CKR_SESSION_HANDLE_INVALID);
1805 	}
1806 	if (FuncList.ST_SeedRandom) {
1807 		rv = FuncList.ST_SeedRandom(rSession, pSeed, ulSeedLen);
1808 	} else {
1809 		rv = CKR_FUNCTION_NOT_SUPPORTED;
1810 	}
1811 	return (rv);
1812 }
1813 
1814 CK_RV
1815 C_SetAttributeValue(CK_SESSION_HANDLE hSession,
1816 	CK_OBJECT_HANDLE hObject,
1817 	CK_ATTRIBUTE_PTR pTemplate,
1818 	CK_ULONG ulCount)
1819 {
1820 	CK_RV rv;
1821 	ST_SESSION_T rSession;
1822 
1823 	if (API_Initialized() == FALSE) {
1824 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
1825 	}
1826 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1827 		return (CKR_SESSION_HANDLE_INVALID);
1828 	}
1829 	if (! pTemplate) {
1830 		return (CKR_TEMPLATE_INCOMPLETE);
1831 	}
1832 	if (! ulCount) {
1833 		return (CKR_TEMPLATE_INCOMPLETE);
1834 	}
1835 	// Get local pointers to session
1836 	if (FuncList.ST_SetAttributeValue) {
1837 		rv = FuncList.ST_SetAttributeValue(rSession, hObject,
1838 		    pTemplate, ulCount);
1839 	} else {
1840 		rv = CKR_FUNCTION_NOT_SUPPORTED;
1841 	}
1842 	return (rv);
1843 }
1844 
1845 CK_RV
1846 C_SetOperationState(CK_SESSION_HANDLE hSession,
1847 	CK_BYTE_PTR pOperationState,
1848 	CK_ULONG ulOperationStateLen,
1849 	CK_OBJECT_HANDLE hEncryptionKey,
1850 	CK_OBJECT_HANDLE hAuthenticationKey)
1851 {
1852 	CK_RV rv;
1853 	ST_SESSION_T rSession;
1854 
1855 	if (API_Initialized() == FALSE) {
1856 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
1857 	}
1858 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1859 		return (CKR_SESSION_HANDLE_INVALID);
1860 	}
1861 	if (! pOperationState || ulOperationStateLen == 0) {
1862 		return (CKR_ARGUMENTS_BAD);
1863 	}
1864 	if (FuncList.ST_SetOperationState) {
1865 		rv = FuncList.ST_SetOperationState(rSession, pOperationState,
1866 		    ulOperationStateLen, hEncryptionKey, hAuthenticationKey);
1867 	} else {
1868 		rv = CKR_FUNCTION_NOT_SUPPORTED;
1869 	}
1870 	return (rv);
1871 }
1872 
1873 CK_RV
1874 C_SetPIN(CK_SESSION_HANDLE hSession,
1875 	CK_CHAR_PTR pOldPin,
1876 	CK_ULONG ulOldLen,
1877 	CK_CHAR_PTR pNewPin,
1878 	CK_ULONG ulNewLen)
1879 {
1880 	CK_RV rv;
1881 	ST_SESSION_T rSession;
1882 
1883 	if (API_Initialized() == FALSE) {
1884 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
1885 	}
1886 	if (! pOldPin || ! pNewPin)
1887 		return (CKR_PIN_INVALID);
1888 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1889 		return (CKR_SESSION_HANDLE_INVALID);
1890 	}
1891 	if (FuncList.ST_SetPIN) {
1892 		rv = FuncList.ST_SetPIN(rSession, pOldPin, ulOldLen,
1893 		    pNewPin, ulNewLen);
1894 	} else {
1895 		rv = CKR_FUNCTION_NOT_SUPPORTED;
1896 	}
1897 	return (rv);
1898 }
1899 
1900 CK_RV
1901 C_Sign(CK_SESSION_HANDLE hSession,
1902 	CK_BYTE_PTR pData,
1903 	CK_ULONG ulDataLen,
1904 	CK_BYTE_PTR pSignature,
1905 	CK_ULONG_PTR pulSignatureLen)
1906 {
1907 	CK_RV rv;
1908 	ST_SESSION_T rSession;
1909 
1910 	if (API_Initialized() == FALSE) {
1911 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
1912 	}
1913 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1914 		return (CKR_SESSION_HANDLE_INVALID);
1915 	}
1916 	if (FuncList.ST_Sign) {
1917 		rv = FuncList.ST_Sign(rSession, pData, ulDataLen,
1918 		    pSignature, pulSignatureLen);
1919 	} else {
1920 		rv = CKR_FUNCTION_NOT_SUPPORTED;
1921 	}
1922 	return (rv);
1923 }
1924 
1925 CK_RV
1926 C_SignEncryptUpdate(CK_SESSION_HANDLE hSession,
1927 	CK_BYTE_PTR pPart,
1928 	CK_ULONG ulPartLen,
1929 	CK_BYTE_PTR pEncryptedPart,
1930 	CK_ULONG_PTR pulEncryptedPartLen)
1931 {
1932 	CK_RV rv;
1933 	ST_SESSION_T rSession;
1934 	if (API_Initialized() == FALSE) {
1935 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
1936 	}
1937 	if (! pPart || ! pulEncryptedPartLen) {
1938 		return (CKR_ARGUMENTS_BAD);
1939 	}
1940 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1941 		return (CKR_SESSION_HANDLE_INVALID);
1942 	}
1943 	if (FuncList.ST_SignEncryptUpdate) {
1944 		rv = FuncList.ST_SignEncryptUpdate(rSession, pPart,
1945 		    ulPartLen, pEncryptedPart, pulEncryptedPartLen);
1946 	} else {
1947 		rv = CKR_FUNCTION_NOT_SUPPORTED;
1948 	}
1949 	return (rv);
1950 }
1951 
1952 CK_RV
1953 C_SignFinal(CK_SESSION_HANDLE hSession,
1954 	CK_BYTE_PTR pSignature,
1955 	CK_ULONG_PTR pulSignatureLen)
1956 {
1957 	CK_RV rv;
1958 	ST_SESSION_T rSession;
1959 
1960 	if (API_Initialized() == FALSE) {
1961 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
1962 	}
1963 	if (! pulSignatureLen) {
1964 		return (CKR_ARGUMENTS_BAD);
1965 	}
1966 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1967 		return (CKR_SESSION_HANDLE_INVALID);
1968 	}
1969 	if (FuncList.ST_SignFinal) {
1970 		rv = FuncList.ST_SignFinal(rSession, pSignature,
1971 		    pulSignatureLen);
1972 	} else {
1973 		rv = CKR_FUNCTION_NOT_SUPPORTED;
1974 	}
1975 	return (rv);
1976 }
1977 
1978 CK_RV
1979 C_SignInit(CK_SESSION_HANDLE hSession,
1980 	CK_MECHANISM_PTR pMechanism,
1981 	CK_OBJECT_HANDLE hKey)
1982 {
1983 	CK_RV rv;
1984 	ST_SESSION_T rSession;
1985 
1986 	if (API_Initialized() == FALSE) {
1987 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
1988 	}
1989 	if (! pMechanism) {
1990 		return (CKR_MECHANISM_INVALID);
1991 	}
1992 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
1993 		return (CKR_SESSION_HANDLE_INVALID);
1994 	}
1995 	if (FuncList.ST_SignInit) {
1996 		rv = FuncList.ST_SignInit(rSession, pMechanism, hKey);
1997 	} else {
1998 		rv = CKR_FUNCTION_NOT_SUPPORTED;
1999 	}
2000 	return (rv);
2001 }
2002 
2003 CK_RV
2004 C_SignRecover(CK_SESSION_HANDLE hSession,
2005 	CK_BYTE_PTR pData,
2006 	CK_ULONG ulDataLen,
2007 	CK_BYTE_PTR pSignature,
2008 	CK_ULONG_PTR pulSignatureLen)
2009 {
2010 	CK_RV rv;
2011 	ST_SESSION_T rSession;
2012 
2013 	if (API_Initialized() == FALSE) {
2014 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
2015 	}
2016 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
2017 		return (CKR_SESSION_HANDLE_INVALID);
2018 	}
2019 	if (FuncList.ST_SignRecover) {
2020 		rv = FuncList.ST_SignRecover(rSession, pData,
2021 		    ulDataLen, pSignature, pulSignatureLen);
2022 	} else {
2023 		rv = CKR_FUNCTION_NOT_SUPPORTED;
2024 	}
2025 	return (rv);
2026 }
2027 
2028 CK_RV
2029 C_SignRecoverInit(CK_SESSION_HANDLE hSession,
2030 	CK_MECHANISM_PTR pMechanism,
2031 	CK_OBJECT_HANDLE hKey)
2032 {
2033 	CK_RV rv;
2034 	ST_SESSION_T rSession;
2035 
2036 	if (API_Initialized() == FALSE) {
2037 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
2038 	}
2039 	if (! pMechanism) {
2040 		return (CKR_MECHANISM_INVALID);
2041 	}
2042 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
2043 		return (CKR_SESSION_HANDLE_INVALID);
2044 	}
2045 	if (FuncList.ST_SignRecoverInit) {
2046 		rv = FuncList.ST_SignRecoverInit(rSession, pMechanism, hKey);
2047 	} else {
2048 		rv = CKR_FUNCTION_NOT_SUPPORTED;
2049 	}
2050 	return (rv);
2051 }
2052 
2053 CK_RV
2054 C_SignUpdate(CK_SESSION_HANDLE hSession,
2055 	CK_BYTE_PTR pPart,
2056 	CK_ULONG ulPartLen)
2057 {
2058 	CK_RV rv;
2059 	ST_SESSION_T rSession;
2060 
2061 	if (API_Initialized() == FALSE) {
2062 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
2063 	}
2064 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
2065 		return (CKR_SESSION_HANDLE_INVALID);
2066 	}
2067 	if (FuncList.ST_SignUpdate) {
2068 		rv = FuncList.ST_SignUpdate(rSession, pPart, ulPartLen);
2069 	} else {
2070 		rv = CKR_FUNCTION_NOT_SUPPORTED;
2071 	}
2072 	return (rv);
2073 }
2074 
2075 CK_RV
2076 C_UnwrapKey(CK_SESSION_HANDLE hSession,
2077 	CK_MECHANISM_PTR pMechanism,
2078 	CK_OBJECT_HANDLE hUnwrappingKey,
2079 	CK_BYTE_PTR pWrappedKey,
2080 	CK_ULONG ulWrappedKeyLen,
2081 	CK_ATTRIBUTE_PTR pTemplate,
2082 	CK_ULONG ulAttributeCount,
2083 	CK_OBJECT_HANDLE_PTR phKey)
2084 {
2085 	CK_RV rv;
2086 	ST_SESSION_T rSession;
2087 
2088 	if (API_Initialized() == FALSE) {
2089 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
2090 	}
2091 	if (!pMechanism) {
2092 		return (CKR_MECHANISM_INVALID);
2093 	}
2094 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
2095 		return (CKR_SESSION_HANDLE_INVALID);
2096 	}
2097 	if (FuncList.ST_UnwrapKey) {
2098 		rv = FuncList.ST_UnwrapKey(rSession, pMechanism,
2099 		    hUnwrappingKey, pWrappedKey, ulWrappedKeyLen,
2100 		    pTemplate, ulAttributeCount, phKey);
2101 	} else {
2102 		rv = CKR_FUNCTION_NOT_SUPPORTED;
2103 	}
2104 	return (rv);
2105 }
2106 
2107 CK_RV
2108 C_Verify(CK_SESSION_HANDLE hSession,
2109 	CK_BYTE_PTR pData,
2110 	CK_ULONG ulDataLen,
2111 	CK_BYTE_PTR pSignature,
2112 	CK_ULONG ulSignatureLen)
2113 {
2114 	CK_RV rv;
2115 	ST_SESSION_T rSession;
2116 
2117 	if (API_Initialized() == FALSE) {
2118 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
2119 	}
2120 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
2121 		return (CKR_SESSION_HANDLE_INVALID);
2122 	}
2123 	if (FuncList.ST_Verify) {
2124 		rv = FuncList.ST_Verify(rSession, pData, ulDataLen,
2125 		    pSignature, ulSignatureLen);
2126 	} else {
2127 		rv = CKR_FUNCTION_NOT_SUPPORTED;
2128 	}
2129 	return (rv);
2130 }
2131 
2132 CK_RV
2133 C_VerifyFinal(CK_SESSION_HANDLE hSession,
2134 	CK_BYTE_PTR pSignature,
2135 	CK_ULONG ulSignatureLen)
2136 {
2137 	CK_RV rv;
2138 	ST_SESSION_T rSession;
2139 
2140 	if (API_Initialized() == FALSE) {
2141 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
2142 	}
2143 	if (! pSignature) {
2144 		return (CKR_ARGUMENTS_BAD);
2145 	}
2146 
2147 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
2148 		return (CKR_SESSION_HANDLE_INVALID);
2149 	}
2150 	if (FuncList.ST_VerifyFinal) {
2151 		rv = FuncList.ST_VerifyFinal(rSession, pSignature,
2152 		    ulSignatureLen);
2153 	} else {
2154 		rv = CKR_FUNCTION_NOT_SUPPORTED;
2155 	}
2156 	return (rv);
2157 }
2158 
2159 CK_RV
2160 C_VerifyInit(CK_SESSION_HANDLE hSession,
2161 	CK_MECHANISM_PTR pMechanism,
2162 	CK_OBJECT_HANDLE hKey)
2163 {
2164 	CK_RV rv;
2165 	ST_SESSION_T rSession;
2166 
2167 	if (API_Initialized() == FALSE) {
2168 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
2169 	}
2170 	if (! pMechanism) {
2171 		return (CKR_MECHANISM_INVALID);
2172 	}
2173 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
2174 		return (CKR_SESSION_HANDLE_INVALID);
2175 	}
2176 
2177 	if (FuncList.ST_VerifyInit) {
2178 		rv = FuncList.ST_VerifyInit(rSession, pMechanism, hKey);
2179 	} else {
2180 		rv = CKR_FUNCTION_NOT_SUPPORTED;
2181 	}
2182 	return (rv);
2183 }
2184 
2185 CK_RV
2186 C_VerifyRecover(CK_SESSION_HANDLE hSession,
2187 	CK_BYTE_PTR pSignature,
2188 	CK_ULONG ulSignatureLen,
2189 	CK_BYTE_PTR pData,
2190 	CK_ULONG_PTR pulDataLen)
2191 {
2192 	CK_RV rv;
2193 	ST_SESSION_T rSession;
2194 
2195 	if (API_Initialized() == FALSE) {
2196 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
2197 	}
2198 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
2199 		return (CKR_SESSION_HANDLE_INVALID);
2200 	}
2201 	if (FuncList.ST_VerifyRecover) {
2202 		rv = FuncList.ST_VerifyRecover(rSession, pSignature,
2203 		    ulSignatureLen, pData, pulDataLen);
2204 	} else {
2205 		rv = CKR_FUNCTION_NOT_SUPPORTED;
2206 	}
2207 	return (rv);
2208 }
2209 
2210 CK_RV
2211 C_VerifyRecoverInit(CK_SESSION_HANDLE hSession,
2212 	CK_MECHANISM_PTR pMechanism,
2213 	CK_OBJECT_HANDLE hKey)
2214 {
2215 	CK_RV rv;
2216 	ST_SESSION_T rSession;
2217 
2218 	if (API_Initialized() == FALSE) {
2219 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
2220 	}
2221 	if (! pMechanism) {
2222 		return (CKR_MECHANISM_INVALID);
2223 	}
2224 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
2225 		return (CKR_SESSION_HANDLE_INVALID);
2226 	}
2227 	if (FuncList.ST_VerifyRecoverInit) {
2228 		rv = FuncList.ST_VerifyRecoverInit(rSession, pMechanism, hKey);
2229 	} else {
2230 		rv = CKR_FUNCTION_NOT_SUPPORTED;
2231 	}
2232 	return (rv);
2233 }
2234 
2235 CK_RV
2236 C_VerifyUpdate(CK_SESSION_HANDLE hSession,
2237 	CK_BYTE_PTR pPart,
2238 	CK_ULONG ulPartLen)
2239 {
2240 	CK_RV rv;
2241 	ST_SESSION_T rSession;
2242 
2243 	if (API_Initialized() == FALSE) {
2244 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
2245 	}
2246 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
2247 		return (CKR_SESSION_HANDLE_INVALID);
2248 	}
2249 	if (FuncList.ST_VerifyUpdate) {
2250 		rv = FuncList.ST_VerifyUpdate(rSession, pPart, ulPartLen);
2251 	} else {
2252 		rv = CKR_FUNCTION_NOT_SUPPORTED;
2253 	}
2254 	return (rv);
2255 }
2256 
2257 /*ARGSUSED*/
2258 CK_RV
2259 C_WaitForSlotEvent(CK_FLAGS flags,
2260 	CK_SLOT_ID_PTR pSlot,
2261 	CK_VOID_PTR pReserved)
2262 {
2263 	if (API_Initialized() == FALSE) {
2264 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
2265 	}
2266 	return (CKR_FUNCTION_NOT_SUPPORTED);
2267 }
2268 
2269 CK_RV
2270 C_WrapKey(CK_SESSION_HANDLE hSession,
2271 	CK_MECHANISM_PTR pMechanism,
2272 	CK_OBJECT_HANDLE hWrappingKey,
2273 	CK_OBJECT_HANDLE hKey,
2274 	CK_BYTE_PTR pWrappedKey,
2275 	CK_ULONG_PTR pulWrappedKeyLen)
2276 {
2277 	CK_RV rv;
2278 	ST_SESSION_T rSession;
2279 
2280 	if (API_Initialized() == FALSE) {
2281 		return (CKR_CRYPTOKI_NOT_INITIALIZED);
2282 	}
2283 	if (! pMechanism) {
2284 		return (CKR_MECHANISM_INVALID);
2285 	}
2286 	if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
2287 		return (CKR_SESSION_HANDLE_INVALID);
2288 	}
2289 	if (FuncList.ST_WrapKey) {
2290 		rv = FuncList.ST_WrapKey(rSession, pMechanism, hWrappingKey,
2291 		    hKey, pWrappedKey, pulWrappedKeyLen);
2292 	} else {
2293 		rv = CKR_FUNCTION_NOT_SUPPORTED;
2294 	}
2295 	return (rv);
2296 }
2297 
2298 #pragma init(api_init)
2299 #pragma fini(api_fini)
2300 
2301 static void
2302 api_init(void)
2303 {
2304 	loginit();
2305 	if (! Initialized) {
2306 		(void) pthread_atfork(tpmtoken_fork_prepare,
2307 		    tpmtoken_fork_parent, tpmtoken_fork_child);
2308 		Initialized = 1;
2309 	}
2310 }
2311 
2312 static void
2313 api_fini()
2314 {
2315 	logterm();
2316 	if (API_Initialized() == TRUE) {
2317 		(void) do_finalize(NULL);
2318 	}
2319 }
2320