1 /* 2 * Common Public License Version 0.5 3 * 4 * THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF 5 * THIS COMMON PUBLIC LICENSE ("AGREEMENT"). ANY USE, 6 * REPRODUCTION OR DISTRIBUTION OF THE PROGRAM CONSTITUTES 7 * RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT. 8 * 9 * 1. DEFINITIONS 10 * 11 * "Contribution" means: 12 * a) in the case of the initial Contributor, the 13 * initial code and documentation distributed under 14 * this Agreement, and 15 * 16 * b) in the case of each subsequent Contributor: 17 * i) changes to the Program, and 18 * ii) additions to the Program; 19 * 20 * where such changes and/or additions to the Program 21 * originate from and are distributed by that 22 * particular Contributor. A Contribution 'originates' 23 * from a Contributor if it was added to the Program 24 * by such Contributor itself or anyone acting on such 25 * Contributor's behalf. Contributions do not include 26 * additions to the Program which: (i) are separate 27 * modules of software distributed in conjunction with 28 * the Program under their own license agreement, and 29 * (ii) are not derivative works of the Program. 30 * 31 * 32 * "Contributor" means any person or entity that distributes 33 * the Program. 34 * 35 * "Licensed Patents " mean patent claims licensable by a 36 * Contributor which are necessarily infringed by the use or 37 * sale of its Contribution alone or when combined with the 38 * Program. 39 * 40 * "Program" means the Contributions distributed in 41 * accordance with this Agreement. 42 * 43 * "Recipient" means anyone who receives the Program under 44 * this Agreement, including all Contributors. 45 * 46 * 2. GRANT OF RIGHTS 47 * 48 * a) Subject to the terms of this Agreement, each 49 * Contributor hereby grants Recipient a 50 * no - exclusive, worldwide, royalt - free copyright 51 * license to reproduce, prepare derivative works of, 52 * publicly display, publicly perform, distribute and 53 * sublicense the Contribution of such Contributor, if 54 * any, and such derivative works, in source code and 55 * object code form. 56 * 57 * b) Subject to the terms of this Agreement, each 58 * Contributor hereby grants Recipient a 59 * no - exclusive, worldwide, royalt - free patent 60 * license under Licensed Patents to make, use, sell, 61 * offer to sell, import and otherwise transfer the 62 * Contribution of such Contributor, if any, in source 63 * code and object code form. This patent license 64 * shall apply to the combination of the Contribution 65 * and the Program if, at the time the Contribution is 66 * added by the Contributor, such addition of the 67 * Contribution causes such combination to be covered 68 * by the Licensed Patents. The patent license shall 69 * not apply to any other combinations which include 70 * the Contribution. No hardware per se is licensed 71 * hereunder. 72 * 73 * c) Recipient understands that although each 74 * Contributor grants the licenses to its 75 * Contributions set forth herein, no assurances are 76 * provided by any Contributor that the Program does 77 * not infringe the patent or other intellectual 78 * property rights of any other entity. Each 79 * Contributor disclaims any liability to Recipient 80 * for claims brought by any other entity based on 81 * infringement of intellectual property rights or 82 * otherwise. As a condition to exercising the rights 83 * and licenses granted hereunder, each Recipient 84 * hereby assumes sole responsibility to secure any 85 * other intellectual property rights needed, if any. 86 * 87 * For example, if a third party patent license is 88 * required to allow Recipient to distribute the 89 * Program, it is Recipient's responsibility to 90 * acquire that license before distributing the 91 * Program. 92 * 93 * d) Each Contributor represents that to its 94 * knowledge it has sufficient copyright rights in its 95 * Contribution, if any, to grant the copyright 96 * license set forth in this Agreement. 97 * 98 * 3. REQUIREMENTS 99 * 100 * A Contributor may choose to distribute the Program in 101 * object code form under its own license agreement, provided 102 * that: 103 * a) it complies with the terms and conditions of 104 * this Agreement; and 105 * 106 * b) its license agreement: 107 * i) effectively disclaims on behalf of all 108 * Contributors all warranties and conditions, express 109 * and implied, including warranties or conditions of 110 * title and no - infringement, and implied warranties 111 * or conditions of merchantability and fitness for a 112 * particular purpose; 113 * 114 * ii) effectively excludes on behalf of all 115 * Contributors all liability for damages, including 116 * direct, indirect, special, incidental and 117 * consequential damages, such as lost profits; 118 * 119 * iii) states that any provisions which differ from 120 * this Agreement are offered by that Contributor 121 * alone and not by any other party; and 122 * 123 * iv) states that source code for the Program is 124 * available from such Contributor, and informs 125 * licensees how to obtain it in a reasonable manner 126 * on or through a medium customarily used for 127 * software exchange. 128 * 129 * When the Program is made available in source code form: 130 * a) it must be made available under this Agreement; 131 * and 132 * b) a copy of this Agreement must be included with 133 * each copy of the Program. 134 * 135 * Contributors may not remove or alter any copyright notices 136 * contained within the Program. 137 * 138 * Each Contributor must identify itself as the originator of 139 * its Contribution, if any, in a manner that reasonably 140 * allows subsequent Recipients to identify the originator of 141 * the Contribution. 142 * 143 * 144 * 4. COMMERCIAL DISTRIBUTION 145 * 146 * Commercial distributors of software may accept certain 147 * responsibilities with respect to end users, business 148 * partners and the like. While this license is intended to 149 * facilitate the commercial use of the Program, the 150 * Contributor who includes the Program in a commercial 151 * product offering should do so in a manner which does not 152 * create potential liability for other Contributors. 153 * Therefore, if a Contributor includes the Program in a 154 * commercial product offering, such Contributor ("Commercial 155 * Contributor") hereby agrees to defend and indemnify every 156 * other Contributor ("Indemnified Contributor") against any 157 * losses, damages and costs (collectively "Losses") arising 158 * from claims, lawsuits and other legal actions brought by a 159 * third party against the Indemnified Contributor to the 160 * extent caused by the acts or omissions of such Commercial 161 * Contributor in connection with its distribution of the 162 * Program in a commercial product offering. The obligations 163 * in this section do not apply to any claims or Losses 164 * relating to any actual or alleged intellectual property 165 * infringement. In order to qualify, an Indemnified 166 * Contributor must: a) promptly notify the Commercial 167 * Contributor in writing of such claim, and b) allow the 168 * Commercial Contributor to control, and cooperate with the 169 * Commercial Contributor in, the defense and any related 170 * settlement negotiations. The Indemnified Contributor may 171 * participate in any such claim at its own expense. 172 * 173 * 174 * For example, a Contributor might include the Program in a 175 * commercial product offering, Product X. That Contributor 176 * is then a Commercial Contributor. If that Commercial 177 * Contributor then makes performance claims, or offers 178 * warranties related to Product X, those performance claims 179 * and warranties are such Commercial Contributor's 180 * responsibility alone. Under this section, the Commercial 181 * Contributor would have to defend claims against the other 182 * Contributors related to those performance claims and 183 * warranties, and if a court requires any other Contributor 184 * to pay any damages as a result, the Commercial Contributor 185 * must pay those damages. 186 * 187 * 188 * 5. NO WARRANTY 189 * 190 * EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE 191 * PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT 192 * WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR 193 * IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR 194 * CONDITIONS OF TITLE, NO - INFRINGEMENT, MERCHANTABILITY OR 195 * FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is solely 196 * responsible for determining the appropriateness of using 197 * and distributing the Program and assumes all risks 198 * associated with its exercise of rights under this 199 * Agreement, including but not limited to the risks and 200 * costs of program errors, compliance with applicable laws, 201 * damage to or loss of data, programs or equipment, and 202 * unavailability or interruption of operations. 203 * 204 * 6. DISCLAIMER OF LIABILITY 205 * EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER 206 * RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY 207 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, 208 * OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION 209 * LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF 210 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 211 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 212 * OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE 213 * OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE 214 * POSSIBILITY OF SUCH DAMAGES. 215 * 216 * 7. GENERAL 217 * 218 * If any provision of this Agreement is invalid or 219 * unenforceable under applicable law, it shall not affect 220 * the validity or enforceability of the remainder of the 221 * terms of this Agreement, and without further action by the 222 * parties hereto, such provision shall be reformed to the 223 * minimum extent necessary to make such provision valid and 224 * enforceable. 225 * 226 * 227 * If Recipient institutes patent litigation against a 228 * Contributor with respect to a patent applicable to 229 * software (including a cros - claim or counterclaim in a 230 * lawsuit), then any patent licenses granted by that 231 * Contributor to such Recipient under this Agreement shall 232 * terminate as of the date such litigation is filed. In 233 * addition, If Recipient institutes patent litigation 234 * against any entity (including a cros - claim or 235 * counterclaim in a lawsuit) alleging that the Program 236 * itself (excluding combinations of the Program with other 237 * software or hardware) infringes such Recipient's 238 * patent(s), then such Recipient's rights granted under 239 * Section 2(b) shall terminate as of the date such 240 * litigation is filed. 241 * 242 * All Recipient's rights under this Agreement shall 243 * terminate if it fails to comply with any of the material 244 * terms or conditions of this Agreement and does not cure 245 * such failure in a reasonable period of time after becoming 246 * aware of such noncompliance. If all Recipient's rights 247 * under this Agreement terminate, Recipient agrees to cease 248 * use and distribution of the Program as soon as reasonably 249 * practicable. However, Recipient's obligations under this 250 * Agreement and any licenses granted by Recipient relating 251 * to the Program shall continue and survive. 252 * 253 * Everyone is permitted to copy and distribute copies of 254 * this Agreement, but in order to avoid inconsistency the 255 * Agreement is copyrighted and may only be modified in the 256 * following manner. The Agreement Steward reserves the right 257 * to publish new versions (including revisions) of this 258 * Agreement from time to time. No one other than the 259 * Agreement Steward has the right to modify this Agreement. 260 * 261 * IBM is the initial Agreement Steward. IBM may assign the 262 * responsibility to serve as the Agreement Steward to a 263 * suitable separate entity. Each new version of the 264 * Agreement will be given a distinguishing version number. 265 * The Program (including Contributions) may always be 266 * distributed subject to the version of the Agreement under 267 * which it was received. In addition, after a new version of 268 * the Agreement is published, Contributor may elect to 269 * distribute the Program (including its Contributions) under 270 * the new version. Except as expressly stated in Sections 271 * 2(a) and 2(b) above, Recipient receives no rights or 272 * licenses to the intellectual property of any Contributor 273 * under this Agreement, whether expressly, by implication, 274 * estoppel or otherwise. All rights in the Program not 275 * expressly granted under this Agreement are reserved. 276 * 277 * 278 * This Agreement is governed by the laws of the State of New 279 * York and the intellectual property laws of the United 280 * States of America. No party to this Agreement will bring a 281 * legal action under this Agreement more than one year after 282 * the cause of action arose. Each party waives its rights to 283 * a jury trial in any resulting litigation. 284 * 285 * 286 * 287 * (C) COPYRIGHT International Business Machines Corp. 2001, 2002 288 */ 289 /* 290 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 291 * Use is subject to license terms. 292 */ 293 294 #include "tpmtok_int.h" 295 296 #define LOG(x) logit(LOG_DEBUG, x) 297 298 /* 299 * NOTES: 300 * In many cases the specificaiton does not allow returns 301 * of CKR_ARGUMENTSB_BAD. We break the spec, since validation of parameters 302 * to the function are best represented by this return code (where 303 * specific RC's such as CKR_INVALID_SESSION do not exist). 304 * NOTE NOTE NOTE NOTE 305 * The parameter checking on the update operations may need to be 306 * modified (as well as the encrypt/decrypt) to call the std API 307 * anyway with sanatized parameters since on error, the encrypt/decrypt 308 * sign operations are all supposed to complete. 309 * Therefor the parameter checking here might need to be done in 310 * the STDLL instead of the API. 311 * This would affect ALL the Multipart operations which have 312 * an init followed by one or more operations. 313 * 314 * Globals for the API 315 */ 316 API_Proc_Struct_t *Anchor = NULL; 317 static unsigned int Initialized = 0; 318 static pthread_mutex_t global_mutex = PTHREAD_MUTEX_INITIALIZER; 319 struct ST_FCN_LIST FuncList; 320 CK_FUNCTION_LIST PK11_Functions; 321 extern pthread_rwlock_t obj_list_rw_mutex; 322 323 324 static void 325 tpmtoken_fork_prepare() 326 { 327 (void) pthread_mutex_lock(&global_mutex); 328 (void) pthread_mutex_lock(&pkcs_mutex); 329 (void) pthread_mutex_lock(&obj_list_mutex); 330 (void) pthread_rwlock_wrlock(&obj_list_rw_mutex); 331 (void) pthread_mutex_lock(&sess_list_mutex); 332 (void) pthread_mutex_lock(&login_mutex); 333 if (Anchor) { 334 (void) pthread_mutex_lock(&Anchor->ProcMutex); 335 (void) pthread_mutex_lock(&Anchor->SessListMutex); 336 } 337 } 338 339 static void 340 tpmtoken_fork_parent() 341 { 342 if (Anchor) { 343 (void) pthread_mutex_unlock(&Anchor->SessListMutex); 344 (void) pthread_mutex_unlock(&Anchor->ProcMutex); 345 } 346 (void) pthread_mutex_unlock(&login_mutex); 347 (void) pthread_mutex_unlock(&sess_list_mutex); 348 (void) pthread_rwlock_unlock(&obj_list_rw_mutex); 349 (void) pthread_mutex_unlock(&obj_list_mutex); 350 (void) pthread_mutex_unlock(&pkcs_mutex); 351 (void) pthread_mutex_unlock(&global_mutex); 352 } 353 354 static void 355 tpmtoken_fork_child() 356 { 357 if (Anchor) { 358 (void) pthread_mutex_unlock(&Anchor->SessListMutex); 359 (void) pthread_mutex_unlock(&Anchor->ProcMutex); 360 } 361 362 (void) pthread_mutex_unlock(&login_mutex); 363 (void) pthread_mutex_unlock(&sess_list_mutex); 364 (void) pthread_rwlock_unlock(&obj_list_rw_mutex); 365 (void) pthread_mutex_unlock(&obj_list_mutex); 366 (void) pthread_mutex_unlock(&pkcs_mutex); 367 (void) pthread_mutex_unlock(&global_mutex); 368 369 if (Anchor) { 370 Terminate_All_Process_Sessions(); 371 free(Anchor); 372 Anchor = NULL; 373 } 374 if (FuncList.ST_Finalize) 375 FuncList.ST_Finalize(0); 376 377 logterm(); 378 loginit(); 379 } 380 381 /*ARGSUSED*/ 382 CK_RV 383 C_CancelFunction(CK_SESSION_HANDLE hSession) 384 { 385 LOG("C_CancelFunction"); 386 if (API_Initialized() == FALSE) { 387 return (CKR_CRYPTOKI_NOT_INITIALIZED); 388 } 389 return (CKR_FUNCTION_NOT_PARALLEL); 390 } 391 392 CK_RV 393 C_CloseAllSessions(CK_SLOT_ID slotID) 394 { 395 Session_Struct_t *pCur, *pPrev; 396 CK_RV rv; 397 /* 398 * Although why does modutil do a close all sessions. It is a single 399 * application it can only close its sessions... 400 * And all sessions should be closed anyhow. 401 */ 402 LOG("CloseAllSessions"); 403 if (API_Initialized() == FALSE) 404 return (CKR_CRYPTOKI_NOT_INITIALIZED); 405 406 if (!global_shm->token_available || (slotID > NUMBER_SLOTS_MANAGED)) 407 return (CKR_SLOT_ID_INVALID); 408 /* 409 * Proc Mutex is locked when we remove from the seesion list in 410 * Close SEssion. Therefore we don't need to do any locking 411 * the atomic operations are controled when we use the linked list 412 */ 413 pCur = (Anchor ? Anchor->SessListBeg : NULL); 414 while (pCur) { 415 /* 416 * Session owned by the slot we are working on 417 * There is a basic problem here. We are using th pCur 418 * to point to the current one, however we delete it from 419 * the linked list and can no longer go Forward. So we 420 * have to use the fact that this is a doubly linked list 421 * and get the previous pointer. After deletion, the next 422 * pointer of this block will point to the next one in the 423 * list. 424 * If the value is Null, then this was the first one in 425 * the list and we just set pCur to the SessListBeg. 426 */ 427 if (pCur->SltId == slotID) { 428 pPrev = pCur->Previous; 429 rv = C_CloseSession((CK_SESSION_HANDLE)pCur); 430 if (rv == CKR_OK || 431 rv == CKR_SESSION_CLOSED || 432 rv == CKR_SESSION_HANDLE_INVALID) { 433 if (pPrev == NULL) { 434 pCur = Anchor->SessListBeg; 435 } else { 436 pCur = pPrev->Next; 437 } 438 } else { 439 return (rv); 440 } 441 } else { 442 pCur = pCur->Next; 443 } 444 } 445 LOG("CloseAllSessions OK"); 446 return (CKR_OK); 447 } 448 CK_RV 449 C_CloseSession(CK_SESSION_HANDLE hSession) 450 { 451 CK_RV rv; 452 Session_Struct_t *sessp; 453 ST_SESSION_T rSession; 454 LOG("C_CloseSession"); 455 if (API_Initialized() == FALSE) { 456 return (CKR_CRYPTOKI_NOT_INITIALIZED); 457 } 458 /* Validate Session */ 459 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 460 return (CKR_SESSION_HANDLE_INVALID); 461 } 462 463 if (FuncList.ST_CloseSession) { 464 /* Map the Session to the slot session */ 465 rv = FuncList.ST_CloseSession(rSession); 466 467 if (rv == CKR_OK) { 468 sessp = (Session_Struct_t *)hSession; 469 RemoveFromSessionList(sessp); 470 } 471 } else { 472 rv = CKR_FUNCTION_NOT_SUPPORTED; 473 } 474 return (rv); 475 } 476 477 CK_RV 478 C_CopyObject( 479 CK_SESSION_HANDLE hSession, 480 CK_OBJECT_HANDLE hObject, 481 CK_ATTRIBUTE_PTR pTemplate, 482 CK_ULONG ulCount, 483 CK_OBJECT_HANDLE_PTR phNewObject) 484 { 485 CK_RV rv; 486 ST_SESSION_T rSession; 487 LOG("C_CopyObject"); 488 if (API_Initialized() == FALSE) { 489 return (CKR_CRYPTOKI_NOT_INITIALIZED); 490 } 491 if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) { 492 return (CKR_SESSION_HANDLE_INVALID); 493 } 494 if (!phNewObject) { 495 return (CKR_ARGUMENTS_BAD); 496 } 497 /* 498 * A null template with a count will cause the lower layer 499 * to have problems. 500 * Template with 0 count is not a problem. 501 */ 502 if (!pTemplate && ulCount) { 503 return (CKR_ARGUMENTS_BAD); 504 } 505 if (FuncList.ST_CopyObject) { 506 rv = FuncList.ST_CopyObject(rSession, hObject, pTemplate, 507 ulCount, phNewObject); 508 } else { 509 rv = CKR_FUNCTION_NOT_SUPPORTED; 510 } 511 return (rv); 512 } 513 514 CK_RV 515 C_CreateObject( 516 CK_SESSION_HANDLE hSession, 517 CK_ATTRIBUTE_PTR pTemplate, 518 CK_ULONG ulCount, 519 CK_OBJECT_HANDLE_PTR phObject) 520 { 521 CK_RV rv; 522 ST_SESSION_T rSession; 523 524 if (API_Initialized() == FALSE) { 525 return (CKR_CRYPTOKI_NOT_INITIALIZED); 526 } 527 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 528 return (CKR_SESSION_HANDLE_INVALID); 529 } 530 if (! pTemplate) { 531 return (CKR_TEMPLATE_INCOMPLETE); 532 } 533 if (ulCount == 0) { 534 return (CKR_TEMPLATE_INCOMPLETE); 535 } 536 if (! phObject) { 537 return (CKR_ARGUMENTS_BAD); 538 } 539 if (FuncList.ST_CreateObject) { 540 // Map the Session to the slot session 541 rv = FuncList.ST_CreateObject(rSession, pTemplate, 542 ulCount, phObject); 543 } else { 544 rv = CKR_FUNCTION_NOT_SUPPORTED; 545 } 546 return (rv); 547 } 548 549 CK_RV 550 C_Decrypt(CK_SESSION_HANDLE hSession, 551 CK_BYTE_PTR pEncryptedData, 552 CK_ULONG ulEncryptedDataLen, 553 CK_BYTE_PTR pData, 554 CK_ULONG_PTR pulDataLen) 555 { 556 CK_RV rv; 557 ST_SESSION_T rSession; 558 559 if (API_Initialized() == FALSE) { 560 return (CKR_CRYPTOKI_NOT_INITIALIZED); 561 } 562 if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) { 563 return (CKR_SESSION_HANDLE_INVALID); 564 } 565 if (FuncList.ST_Decrypt) { 566 rv = FuncList.ST_Decrypt(rSession, pEncryptedData, 567 ulEncryptedDataLen, pData, pulDataLen); 568 } else { 569 rv = CKR_FUNCTION_NOT_SUPPORTED; 570 } 571 return (rv); 572 } 573 574 CK_RV 575 C_DecryptDigestUpdate( 576 CK_SESSION_HANDLE hSession, 577 CK_BYTE_PTR pEncryptedPart, 578 CK_ULONG ulEncryptedPartLen, 579 CK_BYTE_PTR pPart, 580 CK_ULONG_PTR pulPartLen) 581 { 582 CK_RV rv; 583 ST_SESSION_T rSession; 584 585 if (API_Initialized() == FALSE) { 586 return (CKR_CRYPTOKI_NOT_INITIALIZED); 587 } 588 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 589 return (CKR_SESSION_HANDLE_INVALID); 590 } 591 if (! pEncryptedPart || ! pulPartLen) { 592 return (CKR_ARGUMENTS_BAD); 593 } 594 if (FuncList.ST_DecryptDigestUpdate) { 595 rv = FuncList.ST_DecryptDigestUpdate(rSession, pEncryptedPart, 596 ulEncryptedPartLen, pPart, pulPartLen); 597 } else { 598 rv = CKR_FUNCTION_NOT_SUPPORTED; 599 } 600 return (rv); 601 } 602 603 CK_RV 604 C_DecryptFinal(CK_SESSION_HANDLE hSession, 605 CK_BYTE_PTR pLastPart, 606 CK_ULONG_PTR pulLastPartLen) 607 { 608 CK_RV rv; 609 ST_SESSION_T rSession; 610 611 if (API_Initialized() == FALSE) { 612 return (CKR_CRYPTOKI_NOT_INITIALIZED); 613 } 614 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 615 return (CKR_SESSION_HANDLE_INVALID); 616 } 617 /* 618 * It is acceptable to have a Null pointer for the data since 619 * it is trying to get the length of the last part.... 620 * The spec is unclear if a second call to Final is needed 621 * if there is no data in the last part. 622 */ 623 if (! pulLastPartLen) { 624 return (CKR_ARGUMENTS_BAD); 625 } 626 if (FuncList.ST_DecryptFinal) { 627 rv = FuncList.ST_DecryptFinal(rSession, pLastPart, 628 pulLastPartLen); 629 } else { 630 rv = CKR_FUNCTION_NOT_SUPPORTED; 631 } 632 return (rv); 633 } 634 635 CK_RV 636 C_DecryptInit(CK_SESSION_HANDLE hSession, 637 CK_MECHANISM_PTR pMechanism, 638 CK_OBJECT_HANDLE hKey) 639 { 640 CK_RV rv; 641 ST_SESSION_T rSession; 642 643 if (API_Initialized() == FALSE) { 644 return (CKR_CRYPTOKI_NOT_INITIALIZED); 645 } 646 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 647 return (CKR_SESSION_HANDLE_INVALID); 648 } 649 if (! pMechanism) { 650 return (CKR_MECHANISM_INVALID); 651 } 652 if (FuncList.ST_DecryptInit) { 653 rv = FuncList.ST_DecryptInit(rSession, pMechanism, hKey); 654 } else { 655 rv = CKR_FUNCTION_NOT_SUPPORTED; 656 } 657 return (rv); 658 } 659 660 CK_RV 661 C_DecryptUpdate(CK_SESSION_HANDLE hSession, 662 CK_BYTE_PTR pEncryptedPart, 663 CK_ULONG ulEncryptedPartLen, 664 CK_BYTE_PTR pPart, 665 CK_ULONG_PTR pulPartLen) 666 { 667 CK_RV rv; 668 ST_SESSION_T rSession; 669 670 if (API_Initialized() == FALSE) { 671 return (CKR_CRYPTOKI_NOT_INITIALIZED); 672 } 673 if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) { 674 return (CKR_SESSION_HANDLE_INVALID); 675 } 676 if (!pEncryptedPart || !pulPartLen) { 677 return (CKR_ARGUMENTS_BAD); 678 } 679 if (FuncList.ST_DecryptUpdate) { 680 rv = FuncList.ST_DecryptUpdate(rSession, pEncryptedPart, 681 ulEncryptedPartLen, pPart, pulPartLen); 682 } else { 683 rv = CKR_FUNCTION_NOT_SUPPORTED; 684 } 685 return (rv); 686 } 687 688 CK_RV 689 C_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession, 690 CK_BYTE_PTR pEncryptedPart, 691 CK_ULONG ulEncryptedPartLen, 692 CK_BYTE_PTR pPart, 693 CK_ULONG_PTR pulPartLen) 694 { 695 CK_RV rv; 696 ST_SESSION_T rSession; 697 698 if (API_Initialized() == FALSE) { 699 return (CKR_CRYPTOKI_NOT_INITIALIZED); 700 } 701 // Validate Session 702 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 703 return (CKR_SESSION_HANDLE_INVALID); 704 } 705 // May have to let these go through and let the STDLL handle them 706 if (! pEncryptedPart || ! pulPartLen) { 707 return (CKR_ARGUMENTS_BAD); 708 } 709 // Get local pointers to session 710 if (FuncList.ST_DecryptVerifyUpdate) { 711 // Map the Session to the slot session 712 rv = FuncList.ST_DecryptVerifyUpdate(rSession, 713 pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen); 714 } else { 715 rv = CKR_FUNCTION_NOT_SUPPORTED; 716 } 717 return (rv); 718 } 719 720 CK_RV 721 C_DeriveKey(CK_SESSION_HANDLE hSession, 722 CK_MECHANISM_PTR pMechanism, 723 CK_OBJECT_HANDLE hBaseKey, 724 CK_ATTRIBUTE_PTR pTemplate, 725 CK_ULONG ulAttributeCount, 726 CK_OBJECT_HANDLE_PTR phKey) 727 { 728 CK_RV rv; 729 ST_SESSION_T rSession; 730 731 if (API_Initialized() == FALSE) { 732 return (CKR_CRYPTOKI_NOT_INITIALIZED); 733 } 734 if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) { 735 return (CKR_SESSION_HANDLE_INVALID); 736 } 737 738 if (!pMechanism) { 739 return (CKR_MECHANISM_INVALID); 740 } 741 if (!pTemplate && ulAttributeCount) { 742 return (CKR_ARGUMENTS_BAD); 743 } 744 if (FuncList.ST_DeriveKey) { 745 rv = FuncList.ST_DeriveKey(rSession, pMechanism, 746 hBaseKey, pTemplate, ulAttributeCount, phKey); 747 } else { 748 rv = CKR_FUNCTION_NOT_SUPPORTED; 749 } 750 return (rv); 751 } 752 753 CK_RV 754 C_DestroyObject(CK_SESSION_HANDLE hSession, 755 CK_OBJECT_HANDLE hObject) 756 { 757 CK_RV rv; 758 ST_SESSION_T rSession; 759 760 if (API_Initialized() == FALSE) { 761 return (CKR_CRYPTOKI_NOT_INITIALIZED); 762 } 763 if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) { 764 return (CKR_SESSION_HANDLE_INVALID); 765 } 766 if (FuncList.ST_DestroyObject) { 767 rv = FuncList.ST_DestroyObject(rSession, hObject); 768 } else { 769 rv = CKR_FUNCTION_NOT_SUPPORTED; 770 } 771 return (rv); 772 } 773 774 CK_RV 775 C_Digest(CK_SESSION_HANDLE hSession, 776 CK_BYTE_PTR pData, 777 CK_ULONG ulDataLen, 778 CK_BYTE_PTR pDigest, 779 CK_ULONG_PTR pulDigestLen) 780 { 781 CK_RV rv; 782 ST_SESSION_T rSession; 783 784 if (API_Initialized() == FALSE) { 785 return (CKR_CRYPTOKI_NOT_INITIALIZED); 786 } 787 if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) { 788 return (CKR_SESSION_HANDLE_INVALID); 789 } 790 if (FuncList.ST_Digest) { 791 rv = FuncList.ST_Digest(rSession, pData, ulDataLen, 792 pDigest, pulDigestLen); 793 } else { 794 rv = CKR_FUNCTION_NOT_SUPPORTED; 795 } 796 return (rv); 797 } 798 799 CK_RV 800 C_DigestEncryptUpdate(CK_SESSION_HANDLE hSession, 801 CK_BYTE_PTR pPart, 802 CK_ULONG ulPartLen, 803 CK_BYTE_PTR pEncryptedPart, 804 CK_ULONG_PTR pulEncryptedPartLen) 805 { 806 CK_RV rv; 807 ST_SESSION_T rSession; 808 809 if (API_Initialized() == FALSE) { 810 return (CKR_CRYPTOKI_NOT_INITIALIZED); 811 } 812 if (! pPart || ! pulEncryptedPartLen) { 813 return (CKR_ARGUMENTS_BAD); 814 } 815 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 816 return (CKR_SESSION_HANDLE_INVALID); 817 } 818 if (FuncList.ST_DigestEncryptUpdate) { 819 rv = FuncList.ST_DigestEncryptUpdate(rSession, pPart, 820 ulPartLen, pEncryptedPart, pulEncryptedPartLen); 821 } else { 822 rv = CKR_FUNCTION_NOT_SUPPORTED; 823 } 824 return (rv); 825 } 826 827 CK_RV 828 C_DigestFinal(CK_SESSION_HANDLE hSession, 829 CK_BYTE_PTR pDigest, 830 CK_ULONG_PTR pulDigestLen) 831 { 832 CK_RV rv; 833 ST_SESSION_T rSession; 834 835 if (API_Initialized() == FALSE) { 836 return (CKR_CRYPTOKI_NOT_INITIALIZED); 837 } 838 if (! pulDigestLen) { 839 return (CKR_ARGUMENTS_BAD); 840 } 841 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 842 return (CKR_SESSION_HANDLE_INVALID); 843 } 844 if (FuncList.ST_DigestFinal) { 845 rv = FuncList.ST_DigestFinal(rSession, pDigest, pulDigestLen); 846 } else { 847 rv = CKR_FUNCTION_NOT_SUPPORTED; 848 } 849 return (rv); 850 } 851 852 CK_RV 853 C_DigestInit(CK_SESSION_HANDLE hSession, 854 CK_MECHANISM_PTR pMechanism) 855 { 856 CK_RV rv; 857 ST_SESSION_T rSession; 858 859 if (API_Initialized() == FALSE) { 860 return (CKR_CRYPTOKI_NOT_INITIALIZED); 861 } 862 if (! pMechanism) { 863 return (CKR_MECHANISM_INVALID); 864 } 865 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 866 return (CKR_SESSION_HANDLE_INVALID); 867 } 868 if (FuncList.ST_DigestInit) { 869 rv = FuncList.ST_DigestInit(rSession, pMechanism); 870 } else { 871 rv = CKR_FUNCTION_NOT_SUPPORTED; 872 } 873 return (rv); 874 } 875 876 CK_RV 877 C_DigestKey(CK_SESSION_HANDLE hSession, 878 CK_OBJECT_HANDLE hKey) 879 { 880 CK_RV rv; 881 ST_SESSION_T rSession; 882 883 if (API_Initialized() == FALSE) { 884 return (CKR_CRYPTOKI_NOT_INITIALIZED); 885 } 886 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 887 return (CKR_SESSION_HANDLE_INVALID); 888 } 889 if (FuncList.ST_DigestKey) { 890 rv = FuncList.ST_DigestKey(rSession, hKey); 891 } else { 892 rv = CKR_FUNCTION_NOT_SUPPORTED; 893 } 894 return (rv); 895 } 896 897 CK_RV 898 C_DigestUpdate(CK_SESSION_HANDLE hSession, 899 CK_BYTE_PTR pPart, 900 CK_ULONG ulPartLen) 901 { 902 CK_RV rv; 903 ST_SESSION_T rSession; 904 if (API_Initialized() == FALSE) { 905 return (CKR_CRYPTOKI_NOT_INITIALIZED); 906 } 907 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 908 return (CKR_SESSION_HANDLE_INVALID); 909 } 910 if (FuncList.ST_DigestUpdate) { 911 rv = FuncList.ST_DigestUpdate(rSession, pPart, ulPartLen); 912 } else { 913 rv = CKR_FUNCTION_NOT_SUPPORTED; 914 } 915 return (rv); 916 } 917 918 CK_RV 919 C_Encrypt(CK_SESSION_HANDLE hSession, 920 CK_BYTE_PTR pData, 921 CK_ULONG ulDataLen, 922 CK_BYTE_PTR pEncryptedData, 923 CK_ULONG_PTR pulEncryptedDataLen) 924 { 925 CK_RV rv; 926 ST_SESSION_T rSession; 927 928 if (API_Initialized() == FALSE) { 929 return (CKR_CRYPTOKI_NOT_INITIALIZED); 930 } 931 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 932 return (CKR_SESSION_HANDLE_INVALID); 933 } 934 // Get local pointers to session 935 if (FuncList.ST_Encrypt) { 936 // Map the Session to the slot session 937 rv = FuncList.ST_Encrypt(rSession, pData, ulDataLen, 938 pEncryptedData, pulEncryptedDataLen); 939 } else { 940 rv = CKR_FUNCTION_NOT_SUPPORTED; 941 } 942 return (rv); 943 } 944 945 CK_RV 946 C_EncryptFinal(CK_SESSION_HANDLE hSession, 947 CK_BYTE_PTR pLastEncryptedPart, 948 CK_ULONG_PTR pulLastEncryptedPartLen) 949 { 950 CK_RV rv; 951 ST_SESSION_T rSession; 952 953 if (API_Initialized() == FALSE) { 954 return (CKR_CRYPTOKI_NOT_INITIALIZED); 955 } 956 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 957 return (CKR_SESSION_HANDLE_INVALID); 958 } 959 if (FuncList.ST_EncryptFinal) { 960 rv = FuncList.ST_EncryptFinal(rSession, 961 pLastEncryptedPart, pulLastEncryptedPartLen); 962 } else { 963 rv = CKR_FUNCTION_NOT_SUPPORTED; 964 } 965 return (rv); 966 } 967 968 CK_RV 969 C_EncryptInit(CK_SESSION_HANDLE hSession, 970 CK_MECHANISM_PTR pMechanism, 971 CK_OBJECT_HANDLE hKey) 972 { 973 CK_RV rv; 974 ST_SESSION_T rSession; 975 976 if (API_Initialized() == FALSE) { 977 return (CKR_CRYPTOKI_NOT_INITIALIZED); 978 } 979 if (! pMechanism) { 980 return (CKR_MECHANISM_INVALID); 981 } 982 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 983 return (CKR_SESSION_HANDLE_INVALID); 984 } 985 if (FuncList.ST_EncryptInit) { 986 rv = FuncList.ST_EncryptInit(rSession, pMechanism, hKey); 987 } else { 988 rv = CKR_FUNCTION_NOT_SUPPORTED; 989 } 990 return (rv); 991 } 992 993 CK_RV 994 C_EncryptUpdate(CK_SESSION_HANDLE hSession, 995 CK_BYTE_PTR pPart, 996 CK_ULONG ulPartLen, 997 CK_BYTE_PTR pEncryptedPart, 998 CK_ULONG_PTR pulEncryptedPartLen) 999 { 1000 CK_RV rv; 1001 ST_SESSION_T rSession; 1002 1003 if (API_Initialized() == FALSE) { 1004 return (CKR_CRYPTOKI_NOT_INITIALIZED); 1005 } 1006 if (!pPart || !pulEncryptedPartLen) { 1007 return (CKR_ARGUMENTS_BAD); 1008 } 1009 if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) { 1010 return (CKR_SESSION_HANDLE_INVALID); 1011 } 1012 if (FuncList.ST_EncryptUpdate) { 1013 rv = FuncList.ST_EncryptUpdate(rSession, pPart, ulPartLen, 1014 pEncryptedPart, pulEncryptedPartLen); 1015 } else { 1016 rv = CKR_FUNCTION_NOT_SUPPORTED; 1017 } 1018 return (rv); 1019 } 1020 1021 CK_RV 1022 do_finalize(CK_VOID_PTR pReserved) 1023 { 1024 if (API_Initialized() == FALSE) { 1025 return (CKR_CRYPTOKI_NOT_INITIALIZED); 1026 } 1027 if (pReserved != NULL) { 1028 return (CKR_ARGUMENTS_BAD); 1029 } 1030 (void) pthread_mutex_lock(&global_mutex); 1031 if (Anchor) 1032 Terminate_All_Process_Sessions(); 1033 1034 if (FuncList.ST_Finalize) 1035 FuncList.ST_Finalize(0); 1036 1037 free(Anchor); 1038 Anchor = NULL; 1039 1040 (void) pthread_mutex_unlock(&global_mutex); 1041 return (CKR_OK); 1042 } 1043 1044 CK_RV 1045 C_Finalize(CK_VOID_PTR pReserved) { 1046 return (do_finalize(pReserved)); 1047 } 1048 1049 CK_RV 1050 C_FindObjects(CK_SESSION_HANDLE hSession, 1051 CK_OBJECT_HANDLE_PTR phObject, 1052 CK_ULONG ulMaxObjectCount, 1053 CK_ULONG_PTR pulObjectCount) 1054 { 1055 CK_RV rv; 1056 ST_SESSION_T rSession; 1057 1058 if (API_Initialized() == FALSE) { 1059 return (CKR_CRYPTOKI_NOT_INITIALIZED); 1060 } 1061 if (! phObject || ! pulObjectCount) { 1062 return (CKR_ARGUMENTS_BAD); 1063 } 1064 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 1065 return (CKR_SESSION_HANDLE_INVALID); 1066 } 1067 if (FuncList.ST_FindObjects) { 1068 rv = FuncList.ST_FindObjects(rSession, phObject, 1069 ulMaxObjectCount, pulObjectCount); 1070 } else { 1071 rv = CKR_FUNCTION_NOT_SUPPORTED; 1072 } 1073 return (rv); 1074 } 1075 1076 CK_RV 1077 C_FindObjectsFinal(CK_SESSION_HANDLE hSession) 1078 { 1079 CK_RV rv; 1080 ST_SESSION_T rSession; 1081 1082 if (API_Initialized() == FALSE) { 1083 return (CKR_CRYPTOKI_NOT_INITIALIZED); 1084 } 1085 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 1086 return (CKR_SESSION_HANDLE_INVALID); 1087 } 1088 if (FuncList.ST_FindObjectsFinal) { 1089 rv = FuncList.ST_FindObjectsFinal(rSession); 1090 } else { 1091 rv = CKR_FUNCTION_NOT_SUPPORTED; 1092 } 1093 return (rv); 1094 } 1095 1096 CK_RV 1097 C_FindObjectsInit(CK_SESSION_HANDLE hSession, 1098 CK_ATTRIBUTE_PTR pTemplate, 1099 CK_ULONG ulCount) 1100 { 1101 CK_RV rv; 1102 ST_SESSION_T rSession; 1103 1104 if (API_Initialized() == FALSE) { 1105 return (CKR_CRYPTOKI_NOT_INITIALIZED); 1106 } 1107 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 1108 return (CKR_SESSION_HANDLE_INVALID); 1109 } 1110 if (FuncList.ST_FindObjectsInit) { 1111 rv = FuncList.ST_FindObjectsInit(rSession, pTemplate, ulCount); 1112 } else { 1113 rv = CKR_FUNCTION_NOT_SUPPORTED; 1114 } 1115 return (rv); 1116 } 1117 1118 CK_RV 1119 C_GenerateKey(CK_SESSION_HANDLE hSession, 1120 CK_MECHANISM_PTR pMechanism, 1121 CK_ATTRIBUTE_PTR pTemplate, 1122 CK_ULONG ulCount, 1123 CK_OBJECT_HANDLE_PTR phKey) 1124 { 1125 CK_RV rv; 1126 ST_SESSION_T rSession; 1127 1128 if (API_Initialized() == FALSE) { 1129 return (CKR_CRYPTOKI_NOT_INITIALIZED); 1130 } 1131 if (! pMechanism) { 1132 return (CKR_MECHANISM_INVALID); 1133 } 1134 if (! phKey) { 1135 return (CKR_ARGUMENTS_BAD); 1136 } 1137 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 1138 return (CKR_SESSION_HANDLE_INVALID); 1139 } 1140 if (FuncList.ST_GenerateKey) { 1141 rv = FuncList.ST_GenerateKey(rSession, pMechanism, 1142 pTemplate, ulCount, phKey); 1143 } else { 1144 rv = CKR_FUNCTION_NOT_SUPPORTED; 1145 } 1146 return (rv); 1147 } 1148 1149 CK_RV 1150 C_GenerateKeyPair(CK_SESSION_HANDLE hSession, 1151 CK_MECHANISM_PTR pMechanism, 1152 CK_ATTRIBUTE_PTR pPublicKeyTemplate, 1153 CK_ULONG ulPublicKeyAttributeCount, 1154 CK_ATTRIBUTE_PTR pPrivateKeyTemplate, 1155 CK_ULONG ulPrivateKeyAttributeCount, 1156 CK_OBJECT_HANDLE_PTR phPublicKey, 1157 CK_OBJECT_HANDLE_PTR phPrivateKey) 1158 { 1159 CK_RV rv; 1160 ST_SESSION_T rSession; 1161 1162 if (API_Initialized() == FALSE) { 1163 return (CKR_CRYPTOKI_NOT_INITIALIZED); 1164 } 1165 if (! pMechanism) { 1166 return (CKR_MECHANISM_INVALID); 1167 } 1168 if (! phPublicKey || ! phPrivateKey) { 1169 return (CKR_ARGUMENTS_BAD); 1170 } 1171 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 1172 return (CKR_SESSION_HANDLE_INVALID); 1173 } 1174 if (FuncList.ST_GenerateKeyPair) { 1175 rv = FuncList.ST_GenerateKeyPair(rSession, 1176 pMechanism, pPublicKeyTemplate, 1177 ulPublicKeyAttributeCount, pPrivateKeyTemplate, 1178 ulPrivateKeyAttributeCount, phPublicKey, phPrivateKey); 1179 } else { 1180 rv = CKR_FUNCTION_NOT_SUPPORTED; 1181 } 1182 return (rv); 1183 } 1184 1185 CK_RV 1186 C_GenerateRandom(CK_SESSION_HANDLE hSession, 1187 CK_BYTE_PTR RandomData, 1188 CK_ULONG ulRandomLen) 1189 { 1190 CK_RV rv; 1191 ST_SESSION_T rSession; 1192 1193 if (API_Initialized() == FALSE) { 1194 return (CKR_CRYPTOKI_NOT_INITIALIZED); 1195 } 1196 if (! RandomData) 1197 return (CKR_ARGUMENTS_BAD); 1198 1199 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 1200 return (CKR_SESSION_HANDLE_INVALID); 1201 } 1202 if (FuncList.ST_GenerateRandom) { 1203 rv = FuncList.ST_GenerateRandom(rSession, RandomData, 1204 ulRandomLen); 1205 } else { 1206 rv = CKR_FUNCTION_NOT_SUPPORTED; 1207 } 1208 return (rv); 1209 } 1210 1211 CK_RV 1212 C_GetAttributeValue(CK_SESSION_HANDLE hSession, 1213 CK_OBJECT_HANDLE hObject, 1214 CK_ATTRIBUTE_PTR pTemplate, 1215 CK_ULONG ulCount) 1216 { 1217 CK_RV rv; 1218 ST_SESSION_T rSession; 1219 1220 if (API_Initialized() == FALSE) { 1221 return (CKR_CRYPTOKI_NOT_INITIALIZED); 1222 } 1223 if (! pTemplate) { 1224 return (CKR_TEMPLATE_INCOMPLETE); 1225 } 1226 if (ulCount == 0) { 1227 return (CKR_TEMPLATE_INCOMPLETE); 1228 } 1229 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 1230 return (CKR_SESSION_HANDLE_INVALID); 1231 } 1232 if (FuncList.ST_GetAttributeValue) { 1233 rv = FuncList.ST_GetAttributeValue(rSession, hObject, 1234 pTemplate, ulCount); 1235 } else { 1236 rv = CKR_FUNCTION_NOT_SUPPORTED; 1237 } 1238 return (rv); 1239 } 1240 1241 CK_RV 1242 C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList) 1243 { 1244 _init(); 1245 1246 PK11_Functions.version.major = VERSION_MAJOR; 1247 PK11_Functions.version.minor = VERSION_MINOR; 1248 PK11_Functions.C_Initialize = C_Initialize; 1249 PK11_Functions.C_Finalize = C_Finalize; 1250 PK11_Functions.C_GetInfo = C_GetInfo; 1251 PK11_Functions.C_GetFunctionList = C_GetFunctionList; 1252 PK11_Functions.C_GetSlotList = C_GetSlotList; 1253 PK11_Functions.C_GetSlotInfo = C_GetSlotInfo; 1254 PK11_Functions.C_GetTokenInfo = C_GetTokenInfo; 1255 PK11_Functions.C_GetMechanismList = C_GetMechanismList; 1256 PK11_Functions.C_GetMechanismInfo = C_GetMechanismInfo; 1257 PK11_Functions.C_InitToken = C_InitToken; 1258 PK11_Functions.C_InitPIN = C_InitPIN; 1259 PK11_Functions.C_SetPIN = C_SetPIN; 1260 PK11_Functions.C_OpenSession = C_OpenSession; 1261 PK11_Functions.C_CloseSession = C_CloseSession; 1262 PK11_Functions.C_CloseAllSessions = C_CloseAllSessions; 1263 PK11_Functions.C_GetSessionInfo = C_GetSessionInfo; 1264 PK11_Functions.C_GetOperationState = C_GetOperationState; 1265 PK11_Functions.C_SetOperationState = C_SetOperationState; 1266 PK11_Functions.C_Login = C_Login; 1267 PK11_Functions.C_Logout = C_Logout; 1268 PK11_Functions.C_CreateObject = C_CreateObject; 1269 PK11_Functions.C_CopyObject = C_CopyObject; 1270 PK11_Functions.C_DestroyObject = C_DestroyObject; 1271 PK11_Functions.C_GetObjectSize = C_GetObjectSize; 1272 PK11_Functions.C_GetAttributeValue = C_GetAttributeValue; 1273 PK11_Functions.C_SetAttributeValue = C_SetAttributeValue; 1274 PK11_Functions.C_FindObjectsInit = C_FindObjectsInit; 1275 PK11_Functions.C_FindObjects = C_FindObjects; 1276 PK11_Functions.C_FindObjectsFinal = C_FindObjectsFinal; 1277 PK11_Functions.C_EncryptInit = C_EncryptInit; 1278 PK11_Functions.C_Encrypt = C_Encrypt; 1279 PK11_Functions.C_EncryptUpdate = C_EncryptUpdate; 1280 PK11_Functions.C_EncryptFinal = C_EncryptFinal; 1281 PK11_Functions.C_DecryptInit = C_DecryptInit; 1282 PK11_Functions.C_Decrypt = C_Decrypt; 1283 PK11_Functions.C_DecryptUpdate = C_DecryptUpdate; 1284 PK11_Functions.C_DecryptFinal = C_DecryptFinal; 1285 PK11_Functions.C_DigestInit = C_DigestInit; 1286 PK11_Functions.C_Digest = C_Digest; 1287 PK11_Functions.C_DigestUpdate = C_DigestUpdate; 1288 PK11_Functions.C_DigestKey = C_DigestKey; 1289 PK11_Functions.C_DigestFinal = C_DigestFinal; 1290 PK11_Functions.C_SignInit = C_SignInit; 1291 PK11_Functions.C_Sign = C_Sign; 1292 PK11_Functions.C_SignUpdate = C_SignUpdate; 1293 PK11_Functions.C_SignFinal = C_SignFinal; 1294 PK11_Functions.C_SignRecoverInit = C_SignRecoverInit; 1295 PK11_Functions.C_SignRecover = C_SignRecover; 1296 PK11_Functions.C_VerifyInit = C_VerifyInit; 1297 PK11_Functions.C_Verify = C_Verify; 1298 PK11_Functions.C_VerifyUpdate = C_VerifyUpdate; 1299 PK11_Functions.C_VerifyFinal = C_VerifyFinal; 1300 PK11_Functions.C_VerifyRecoverInit = C_VerifyRecoverInit; 1301 PK11_Functions.C_VerifyRecover = C_VerifyRecover; 1302 PK11_Functions.C_DigestEncryptUpdate = C_DigestEncryptUpdate; 1303 PK11_Functions.C_DecryptDigestUpdate = C_DecryptDigestUpdate; 1304 PK11_Functions.C_SignEncryptUpdate = C_SignEncryptUpdate; 1305 PK11_Functions.C_DecryptVerifyUpdate = C_DecryptVerifyUpdate; 1306 PK11_Functions.C_GenerateKey = C_GenerateKey; 1307 PK11_Functions.C_GenerateKeyPair = C_GenerateKeyPair; 1308 PK11_Functions.C_WrapKey = C_WrapKey; 1309 PK11_Functions.C_UnwrapKey = C_UnwrapKey; 1310 PK11_Functions.C_DeriveKey = C_DeriveKey; 1311 PK11_Functions.C_SeedRandom = C_SeedRandom; 1312 PK11_Functions.C_GenerateRandom = C_GenerateRandom; 1313 PK11_Functions.C_GetFunctionStatus = C_GetFunctionStatus; 1314 PK11_Functions.C_CancelFunction = C_CancelFunction; 1315 PK11_Functions.C_WaitForSlotEvent = C_WaitForSlotEvent; 1316 if (ppFunctionList) { 1317 (*ppFunctionList) = &PK11_Functions; 1318 return (CKR_OK); 1319 } else { 1320 return (CKR_ARGUMENTS_BAD); 1321 } 1322 } 1323 1324 /*ARGSUSED*/ 1325 CK_RV 1326 C_GetFunctionStatus(CK_SESSION_HANDLE hSession) 1327 { 1328 if (API_Initialized() == FALSE) { 1329 return (CKR_CRYPTOKI_NOT_INITIALIZED); 1330 } 1331 return (CKR_FUNCTION_NOT_PARALLEL); // PER Specification PG 170 1332 } 1333 1334 CK_RV 1335 C_GetInfo(CK_INFO_PTR pInfo) 1336 { 1337 TOKEN_DATA td; 1338 TSS_HCONTEXT hContext; 1339 1340 if (! API_Initialized()) { 1341 return (CKR_CRYPTOKI_NOT_INITIALIZED); 1342 } 1343 if (! pInfo) { 1344 return (CKR_FUNCTION_FAILED); 1345 } 1346 (void) memset(pInfo, 0, sizeof (*pInfo)); 1347 pInfo->cryptokiVersion.major = 2; 1348 pInfo->cryptokiVersion.minor = 20; 1349 1350 if (open_tss_context(&hContext) == 0) { 1351 /* 1352 * Only populate the TPM info if we can establish 1353 * a context, but don't return failure because 1354 * the framework needs to know some of the info. 1355 */ 1356 (void) token_get_tpm_info(hContext, &td); 1357 1358 (void) Tspi_Context_Close(hContext); 1359 1360 (void) memcpy(pInfo->manufacturerID, 1361 &(td.token_info.manufacturerID), 1362 sizeof (pInfo->manufacturerID) - 1); 1363 1364 pInfo->flags = td.token_info.flags; 1365 } 1366 (void) strcpy((char *)pInfo->libraryDescription, 1367 "PKCS11 Interface for TPM"); 1368 1369 pInfo->libraryVersion.major = 1; 1370 pInfo->libraryVersion.minor = 0; 1371 1372 return (CKR_OK); 1373 } 1374 1375 CK_RV 1376 C_GetMechanismInfo(CK_SLOT_ID slotID, 1377 CK_MECHANISM_TYPE type, 1378 CK_MECHANISM_INFO_PTR pInfo) 1379 { 1380 CK_RV rv; 1381 if (API_Initialized() == FALSE) 1382 return (CKR_CRYPTOKI_NOT_INITIALIZED); 1383 1384 if (!global_shm->token_available || (slotID > NUMBER_SLOTS_MANAGED)) 1385 return (CKR_SLOT_ID_INVALID); 1386 1387 if (FuncList.ST_GetMechanismInfo) { 1388 rv = FuncList.ST_GetMechanismInfo(slotID, type, pInfo); 1389 } else { 1390 rv = CKR_FUNCTION_NOT_SUPPORTED; 1391 } 1392 return (rv); 1393 } 1394 1395 CK_RV 1396 C_GetMechanismList(CK_SLOT_ID slotID, 1397 CK_MECHANISM_TYPE_PTR pMechanismList, 1398 CK_ULONG_PTR pulCount) 1399 { 1400 CK_RV rv; 1401 1402 if (API_Initialized() == FALSE) 1403 return (CKR_CRYPTOKI_NOT_INITIALIZED); 1404 1405 if (! pulCount) 1406 return (CKR_ARGUMENTS_BAD); 1407 1408 if (!global_shm->token_available || (slotID > NUMBER_SLOTS_MANAGED)) 1409 return (CKR_SLOT_ID_INVALID); 1410 1411 if (FuncList.ST_GetMechanismList) { 1412 rv = FuncList.ST_GetMechanismList(slotID, 1413 pMechanismList, pulCount); 1414 } else { 1415 rv = CKR_FUNCTION_NOT_SUPPORTED; 1416 } 1417 if (rv == CKR_OK) { 1418 if (pMechanismList) { 1419 unsigned long i; 1420 for (i = 0; i < *pulCount; i++) { 1421 logit(LOG_DEBUG, "Mechanism[%d] 0x%08X ", 1422 i, pMechanismList[i]); 1423 } 1424 } 1425 } 1426 return (rv); 1427 } 1428 1429 CK_RV 1430 C_GetObjectSize(CK_SESSION_HANDLE hSession, 1431 CK_OBJECT_HANDLE hObject, 1432 CK_ULONG_PTR pulSize) 1433 { 1434 CK_RV rv; 1435 ST_SESSION_T rSession; 1436 1437 if (API_Initialized() == FALSE) { 1438 return (CKR_CRYPTOKI_NOT_INITIALIZED); 1439 } 1440 if (! pulSize) { 1441 return (CKR_ARGUMENTS_BAD); 1442 } 1443 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 1444 return (CKR_SESSION_HANDLE_INVALID); 1445 } 1446 if (FuncList.ST_GetObjectSize) { 1447 rv = FuncList.ST_GetObjectSize(rSession, hObject, pulSize); 1448 } else { 1449 rv = CKR_FUNCTION_NOT_SUPPORTED; 1450 } 1451 return (rv); 1452 } 1453 1454 CK_RV 1455 C_GetOperationState(CK_SESSION_HANDLE hSession, 1456 CK_BYTE_PTR pOperationState, 1457 CK_ULONG_PTR pulOperationStateLen) 1458 { 1459 CK_RV rv; 1460 ST_SESSION_T rSession; 1461 1462 if (API_Initialized() == FALSE) { 1463 return (CKR_CRYPTOKI_NOT_INITIALIZED); 1464 } 1465 if (! pulOperationStateLen) { 1466 return (CKR_ARGUMENTS_BAD); 1467 } 1468 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 1469 return (CKR_SESSION_HANDLE_INVALID); 1470 } 1471 if (FuncList.ST_GetOperationState) { 1472 rv = FuncList.ST_GetOperationState(rSession, 1473 pOperationState, pulOperationStateLen); 1474 } else { 1475 rv = CKR_FUNCTION_NOT_SUPPORTED; 1476 } 1477 return (rv); 1478 } 1479 1480 CK_RV 1481 C_GetSessionInfo(CK_SESSION_HANDLE hSession, 1482 CK_SESSION_INFO_PTR pInfo) 1483 { 1484 CK_RV rv; 1485 ST_SESSION_T rSession; 1486 1487 if (API_Initialized() == FALSE) { 1488 return (CKR_CRYPTOKI_NOT_INITIALIZED); 1489 } 1490 if (! pInfo) { 1491 return (CKR_ARGUMENTS_BAD); 1492 } 1493 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 1494 return (CKR_SESSION_HANDLE_INVALID); 1495 } 1496 if (FuncList.ST_GetSessionInfo) { 1497 rv = FuncList.ST_GetSessionInfo(rSession, pInfo); 1498 } else { 1499 rv = CKR_FUNCTION_NOT_SUPPORTED; 1500 } 1501 return (rv); 1502 } 1503 1504 CK_RV 1505 C_GetSlotInfo(CK_SLOT_ID slotID, 1506 CK_SLOT_INFO_PTR pInfo) 1507 { 1508 if (API_Initialized() == FALSE) 1509 return (CKR_CRYPTOKI_NOT_INITIALIZED); 1510 1511 if (!pInfo) 1512 return (CKR_FUNCTION_FAILED); 1513 1514 if (!global_shm->token_available || (slotID > NUMBER_SLOTS_MANAGED)) 1515 return (CKR_SLOT_ID_INVALID); 1516 1517 copy_slot_info(slotID, pInfo); 1518 return (CKR_OK); 1519 } 1520 1521 /*ARGSUSED*/ 1522 CK_RV 1523 C_GetSlotList(CK_BBOOL tokenPresent, 1524 CK_SLOT_ID_PTR pSlotList, 1525 CK_ULONG_PTR pulCount) 1526 { 1527 CK_ULONG count; 1528 CK_SLOT_INFO slotInfo; 1529 1530 if (API_Initialized() == FALSE) 1531 return (CKR_CRYPTOKI_NOT_INITIALIZED); 1532 1533 if (pulCount == NULL) 1534 return (CKR_FUNCTION_FAILED); 1535 1536 count = 0; 1537 /* 1538 * If we can't talk to the TPM, present no slots 1539 */ 1540 if (!global_shm->token_available) { 1541 *pulCount = 0; 1542 return (CKR_OK); 1543 } 1544 1545 copy_slot_info(TPM_SLOTID, &slotInfo); 1546 if ((slotInfo.flags & CKF_TOKEN_PRESENT)) 1547 count++; 1548 1549 *pulCount = count; 1550 1551 if (pSlotList == NULL) { 1552 return (CKR_OK); 1553 } else { 1554 if (*pulCount < count) 1555 return (CKR_BUFFER_TOO_SMALL); 1556 pSlotList[0] = TPM_SLOTID; 1557 } 1558 return (CKR_OK); 1559 } 1560 1561 CK_RV 1562 C_GetTokenInfo(CK_SLOT_ID slotID, 1563 CK_TOKEN_INFO_PTR pInfo) 1564 { 1565 CK_RV rv; 1566 1567 if (API_Initialized() == FALSE) 1568 return (CKR_CRYPTOKI_NOT_INITIALIZED); 1569 1570 if (!pInfo) 1571 return (CKR_ARGUMENTS_BAD); 1572 1573 if (!global_shm->token_available || (slotID > NUMBER_SLOTS_MANAGED)) 1574 return (CKR_SLOT_ID_INVALID); 1575 1576 slotID = TPM_SLOTID; 1577 if (FuncList.ST_GetTokenInfo) { 1578 rv = FuncList.ST_GetTokenInfo(slotID, pInfo); 1579 } else { 1580 rv = CKR_FUNCTION_NOT_SUPPORTED; 1581 } 1582 return (rv); 1583 } 1584 1585 CK_RV 1586 C_Initialize(CK_VOID_PTR pVoid) 1587 { 1588 CK_RV rv = CKR_OK; 1589 CK_C_INITIALIZE_ARGS *pArg; 1590 extern CK_RV ST_Initialize(void *, 1591 CK_SLOT_ID, unsigned char *); 1592 1593 (void) pthread_mutex_lock(&global_mutex); 1594 if (! Anchor) { 1595 Anchor = (API_Proc_Struct_t *)malloc( 1596 sizeof (API_Proc_Struct_t)); 1597 if (Anchor == NULL) { 1598 (void) pthread_mutex_unlock(&global_mutex); 1599 return (CKR_HOST_MEMORY); 1600 } 1601 } else { 1602 (void) pthread_mutex_unlock(&global_mutex); 1603 return (CKR_CRYPTOKI_ALREADY_INITIALIZED); 1604 } 1605 /* 1606 * if pVoid is NULL, then everything is OK. The applicaiton 1607 * will not be doing multi thread accesses. We can use the OS 1608 * locks anyhow. 1609 */ 1610 if (pVoid != NULL) { 1611 int supplied_ok; 1612 pArg = (CK_C_INITIALIZE_ARGS *)pVoid; 1613 1614 /* 1615 * ALL supplied function pointers need to have the value 1616 * either NULL or no - NULL. 1617 */ 1618 supplied_ok = (pArg->CreateMutex == NULL && 1619 pArg->DestroyMutex == NULL && 1620 pArg->LockMutex == NULL && 1621 pArg->UnlockMutex == NULL) || 1622 (pArg->CreateMutex != NULL && 1623 pArg->DestroyMutex != NULL && 1624 pArg->LockMutex != NULL && 1625 pArg->UnlockMutex != NULL); 1626 1627 if (!supplied_ok) { 1628 (void) pthread_mutex_unlock(&global_mutex); 1629 return (CKR_ARGUMENTS_BAD); 1630 } 1631 /* Check for a pReserved set */ 1632 if (pArg->pReserved != NULL) { 1633 free(Anchor); 1634 Anchor = NULL; 1635 (void) pthread_mutex_unlock(&global_mutex); 1636 return (CKR_ARGUMENTS_BAD); 1637 } 1638 /* 1639 * When the CKF_OS_LOCKING_OK flag isn't set and mutex 1640 * function pointers are supplied by an application, 1641 * return (an error. We must be able to use our own primitives. 1642 */ 1643 if (!(pArg->flags & CKF_OS_LOCKING_OK) && 1644 (pArg->CreateMutex != NULL)) { 1645 (void) pthread_mutex_unlock(&global_mutex); 1646 return (CKR_CANT_LOCK); 1647 } 1648 } 1649 (void) memset((char *)Anchor, 0, sizeof (API_Proc_Struct_t)); 1650 (void) pthread_mutex_init(&(Anchor->ProcMutex), NULL); 1651 (void) pthread_mutex_init(&(Anchor->SessListMutex), NULL); 1652 Anchor->Pid = getpid(); 1653 1654 rv = ST_Initialize((void *)&FuncList, 0, NULL); 1655 (void) pthread_mutex_unlock(&global_mutex); 1656 return (rv); 1657 } 1658 1659 CK_RV 1660 C_InitPIN(CK_SESSION_HANDLE hSession, 1661 CK_CHAR_PTR pPin, 1662 CK_ULONG ulPinLen) 1663 { 1664 CK_RV rv; 1665 ST_SESSION_T rSession; 1666 1667 if (API_Initialized() == FALSE) 1668 return (CKR_CRYPTOKI_NOT_INITIALIZED); 1669 1670 if (! pPin && ulPinLen) 1671 return (CKR_ARGUMENTS_BAD); 1672 1673 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) 1674 return (CKR_SESSION_HANDLE_INVALID); 1675 1676 if (rSession.slotID > NUMBER_SLOTS_MANAGED) 1677 return (CKR_SLOT_ID_INVALID); 1678 1679 if (FuncList.ST_InitPIN) 1680 rv = FuncList.ST_InitPIN(rSession, pPin, ulPinLen); 1681 else 1682 rv = CKR_FUNCTION_NOT_SUPPORTED; 1683 1684 return (rv); 1685 } 1686 1687 CK_RV 1688 C_InitToken(CK_SLOT_ID slotID, 1689 CK_CHAR_PTR pPin, 1690 CK_ULONG ulPinLen, 1691 CK_CHAR_PTR pLabel) 1692 { 1693 CK_RV rv; 1694 1695 if (API_Initialized() == FALSE) 1696 return (CKR_CRYPTOKI_NOT_INITIALIZED); 1697 1698 if (! pPin && ulPinLen) 1699 return (CKR_ARGUMENTS_BAD); 1700 1701 if (! pLabel) 1702 return (CKR_ARGUMENTS_BAD); 1703 1704 if (!global_shm->token_available) 1705 return (CKR_SLOT_ID_INVALID); 1706 1707 if (FuncList.ST_InitToken) 1708 rv = FuncList.ST_InitToken(slotID, pPin, ulPinLen, pLabel); 1709 else 1710 rv = CKR_FUNCTION_NOT_SUPPORTED; 1711 1712 return (rv); 1713 } 1714 1715 CK_RV 1716 C_Login(CK_SESSION_HANDLE hSession, 1717 CK_USER_TYPE userType, 1718 CK_CHAR_PTR pPin, 1719 CK_ULONG ulPinLen) 1720 { 1721 CK_RV rv; 1722 ST_SESSION_T rSession; 1723 1724 if (API_Initialized() == FALSE) { 1725 return (CKR_CRYPTOKI_NOT_INITIALIZED); 1726 } 1727 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 1728 return (CKR_SESSION_HANDLE_INVALID); 1729 } 1730 if (FuncList.ST_Login) { 1731 rv = FuncList.ST_Login(rSession, userType, pPin, ulPinLen); 1732 } else { 1733 rv = CKR_FUNCTION_NOT_SUPPORTED; 1734 } 1735 return (rv); 1736 } 1737 1738 CK_RV 1739 C_Logout(CK_SESSION_HANDLE hSession) 1740 { 1741 CK_RV rv; 1742 ST_SESSION_T rSession; 1743 1744 if (API_Initialized() == FALSE) { 1745 return (CKR_CRYPTOKI_NOT_INITIALIZED); 1746 } 1747 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 1748 return (CKR_SESSION_HANDLE_INVALID); 1749 } 1750 if (FuncList.ST_Logout) { 1751 rv = FuncList.ST_Logout(rSession); 1752 } else { 1753 rv = CKR_FUNCTION_NOT_SUPPORTED; 1754 } 1755 return (rv); 1756 } 1757 1758 /*ARGSUSED*/ 1759 CK_RV 1760 C_OpenSession( 1761 CK_SLOT_ID slotID, 1762 CK_FLAGS flags, 1763 CK_VOID_PTR pApplication, 1764 CK_NOTIFY Notify, 1765 CK_SESSION_HANDLE_PTR phSession) 1766 { 1767 CK_RV rv; 1768 Session_Struct_t *apiSessp; 1769 1770 if (API_Initialized() == FALSE) 1771 return (CKR_CRYPTOKI_NOT_INITIALIZED); 1772 1773 if (!global_shm->token_available || (slotID > NUMBER_SLOTS_MANAGED)) 1774 return (CKR_SLOT_ID_INVALID); 1775 1776 if (! phSession) 1777 return (CKR_FUNCTION_FAILED); 1778 1779 if ((flags & CKF_SERIAL_SESSION) == 0) 1780 return (CKR_SESSION_PARALLEL_NOT_SUPPORTED); 1781 1782 if ((apiSessp = (Session_Struct_t *)malloc( 1783 sizeof (Session_Struct_t))) == NULL) 1784 return (CKR_HOST_MEMORY); 1785 1786 if (FuncList.ST_OpenSession) { 1787 rv = FuncList.ST_OpenSession(slotID, flags, 1788 &(apiSessp->RealHandle)); 1789 1790 if (rv == CKR_OK) { 1791 *phSession = (CK_SESSION_HANDLE)apiSessp; 1792 apiSessp->SltId = slotID; 1793 1794 AddToSessionList(apiSessp); 1795 } else { 1796 free(apiSessp); 1797 } 1798 } else { 1799 rv = CKR_FUNCTION_NOT_SUPPORTED; 1800 } 1801 return (rv); 1802 } 1803 1804 CK_RV 1805 C_SeedRandom(CK_SESSION_HANDLE hSession, 1806 CK_BYTE_PTR pSeed, 1807 CK_ULONG ulSeedLen) 1808 { 1809 CK_RV rv; 1810 ST_SESSION_T rSession; 1811 1812 if (API_Initialized() == FALSE) { 1813 return (CKR_CRYPTOKI_NOT_INITIALIZED); 1814 } 1815 if (! pSeed && ulSeedLen) { 1816 return (CKR_ARGUMENTS_BAD); 1817 } 1818 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 1819 return (CKR_SESSION_HANDLE_INVALID); 1820 } 1821 if (FuncList.ST_SeedRandom) { 1822 rv = FuncList.ST_SeedRandom(rSession, pSeed, ulSeedLen); 1823 } else { 1824 rv = CKR_FUNCTION_NOT_SUPPORTED; 1825 } 1826 return (rv); 1827 } 1828 1829 CK_RV 1830 C_SetAttributeValue(CK_SESSION_HANDLE hSession, 1831 CK_OBJECT_HANDLE hObject, 1832 CK_ATTRIBUTE_PTR pTemplate, 1833 CK_ULONG ulCount) 1834 { 1835 CK_RV rv; 1836 ST_SESSION_T rSession; 1837 1838 if (API_Initialized() == FALSE) { 1839 return (CKR_CRYPTOKI_NOT_INITIALIZED); 1840 } 1841 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 1842 return (CKR_SESSION_HANDLE_INVALID); 1843 } 1844 if (! pTemplate) { 1845 return (CKR_TEMPLATE_INCOMPLETE); 1846 } 1847 if (! ulCount) { 1848 return (CKR_TEMPLATE_INCOMPLETE); 1849 } 1850 // Get local pointers to session 1851 if (FuncList.ST_SetAttributeValue) { 1852 rv = FuncList.ST_SetAttributeValue(rSession, hObject, 1853 pTemplate, ulCount); 1854 } else { 1855 rv = CKR_FUNCTION_NOT_SUPPORTED; 1856 } 1857 return (rv); 1858 } 1859 1860 CK_RV 1861 C_SetOperationState(CK_SESSION_HANDLE hSession, 1862 CK_BYTE_PTR pOperationState, 1863 CK_ULONG ulOperationStateLen, 1864 CK_OBJECT_HANDLE hEncryptionKey, 1865 CK_OBJECT_HANDLE hAuthenticationKey) 1866 { 1867 CK_RV rv; 1868 ST_SESSION_T rSession; 1869 1870 if (API_Initialized() == FALSE) { 1871 return (CKR_CRYPTOKI_NOT_INITIALIZED); 1872 } 1873 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 1874 return (CKR_SESSION_HANDLE_INVALID); 1875 } 1876 if (! pOperationState || ulOperationStateLen == 0) { 1877 return (CKR_ARGUMENTS_BAD); 1878 } 1879 if (FuncList.ST_SetOperationState) { 1880 rv = FuncList.ST_SetOperationState(rSession, pOperationState, 1881 ulOperationStateLen, hEncryptionKey, hAuthenticationKey); 1882 } else { 1883 rv = CKR_FUNCTION_NOT_SUPPORTED; 1884 } 1885 return (rv); 1886 } 1887 1888 CK_RV 1889 C_SetPIN(CK_SESSION_HANDLE hSession, 1890 CK_CHAR_PTR pOldPin, 1891 CK_ULONG ulOldLen, 1892 CK_CHAR_PTR pNewPin, 1893 CK_ULONG ulNewLen) 1894 { 1895 CK_RV rv; 1896 ST_SESSION_T rSession; 1897 1898 if (API_Initialized() == FALSE) { 1899 return (CKR_CRYPTOKI_NOT_INITIALIZED); 1900 } 1901 if (! pOldPin || ! pNewPin) 1902 return (CKR_PIN_INVALID); 1903 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 1904 return (CKR_SESSION_HANDLE_INVALID); 1905 } 1906 if (FuncList.ST_SetPIN) { 1907 rv = FuncList.ST_SetPIN(rSession, pOldPin, ulOldLen, 1908 pNewPin, ulNewLen); 1909 } else { 1910 rv = CKR_FUNCTION_NOT_SUPPORTED; 1911 } 1912 return (rv); 1913 } 1914 1915 CK_RV 1916 C_Sign(CK_SESSION_HANDLE hSession, 1917 CK_BYTE_PTR pData, 1918 CK_ULONG ulDataLen, 1919 CK_BYTE_PTR pSignature, 1920 CK_ULONG_PTR pulSignatureLen) 1921 { 1922 CK_RV rv; 1923 ST_SESSION_T rSession; 1924 1925 if (API_Initialized() == FALSE) { 1926 return (CKR_CRYPTOKI_NOT_INITIALIZED); 1927 } 1928 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 1929 return (CKR_SESSION_HANDLE_INVALID); 1930 } 1931 if (FuncList.ST_Sign) { 1932 rv = FuncList.ST_Sign(rSession, pData, ulDataLen, 1933 pSignature, pulSignatureLen); 1934 } else { 1935 rv = CKR_FUNCTION_NOT_SUPPORTED; 1936 } 1937 return (rv); 1938 } 1939 1940 CK_RV 1941 C_SignEncryptUpdate(CK_SESSION_HANDLE hSession, 1942 CK_BYTE_PTR pPart, 1943 CK_ULONG ulPartLen, 1944 CK_BYTE_PTR pEncryptedPart, 1945 CK_ULONG_PTR pulEncryptedPartLen) 1946 { 1947 CK_RV rv; 1948 ST_SESSION_T rSession; 1949 if (API_Initialized() == FALSE) { 1950 return (CKR_CRYPTOKI_NOT_INITIALIZED); 1951 } 1952 if (! pPart || ! pulEncryptedPartLen) { 1953 return (CKR_ARGUMENTS_BAD); 1954 } 1955 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 1956 return (CKR_SESSION_HANDLE_INVALID); 1957 } 1958 if (FuncList.ST_SignEncryptUpdate) { 1959 rv = FuncList.ST_SignEncryptUpdate(rSession, pPart, 1960 ulPartLen, pEncryptedPart, pulEncryptedPartLen); 1961 } else { 1962 rv = CKR_FUNCTION_NOT_SUPPORTED; 1963 } 1964 return (rv); 1965 } 1966 1967 CK_RV 1968 C_SignFinal(CK_SESSION_HANDLE hSession, 1969 CK_BYTE_PTR pSignature, 1970 CK_ULONG_PTR pulSignatureLen) 1971 { 1972 CK_RV rv; 1973 ST_SESSION_T rSession; 1974 1975 if (API_Initialized() == FALSE) { 1976 return (CKR_CRYPTOKI_NOT_INITIALIZED); 1977 } 1978 if (! pulSignatureLen) { 1979 return (CKR_ARGUMENTS_BAD); 1980 } 1981 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 1982 return (CKR_SESSION_HANDLE_INVALID); 1983 } 1984 if (FuncList.ST_SignFinal) { 1985 rv = FuncList.ST_SignFinal(rSession, pSignature, 1986 pulSignatureLen); 1987 } else { 1988 rv = CKR_FUNCTION_NOT_SUPPORTED; 1989 } 1990 return (rv); 1991 } 1992 1993 CK_RV 1994 C_SignInit(CK_SESSION_HANDLE hSession, 1995 CK_MECHANISM_PTR pMechanism, 1996 CK_OBJECT_HANDLE hKey) 1997 { 1998 CK_RV rv; 1999 ST_SESSION_T rSession; 2000 2001 if (API_Initialized() == FALSE) { 2002 return (CKR_CRYPTOKI_NOT_INITIALIZED); 2003 } 2004 if (! pMechanism) { 2005 return (CKR_MECHANISM_INVALID); 2006 } 2007 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 2008 return (CKR_SESSION_HANDLE_INVALID); 2009 } 2010 if (FuncList.ST_SignInit) { 2011 rv = FuncList.ST_SignInit(rSession, pMechanism, hKey); 2012 } else { 2013 rv = CKR_FUNCTION_NOT_SUPPORTED; 2014 } 2015 return (rv); 2016 } 2017 2018 CK_RV 2019 C_SignRecover(CK_SESSION_HANDLE hSession, 2020 CK_BYTE_PTR pData, 2021 CK_ULONG ulDataLen, 2022 CK_BYTE_PTR pSignature, 2023 CK_ULONG_PTR pulSignatureLen) 2024 { 2025 CK_RV rv; 2026 ST_SESSION_T rSession; 2027 2028 if (API_Initialized() == FALSE) { 2029 return (CKR_CRYPTOKI_NOT_INITIALIZED); 2030 } 2031 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 2032 return (CKR_SESSION_HANDLE_INVALID); 2033 } 2034 if (FuncList.ST_SignRecover) { 2035 rv = FuncList.ST_SignRecover(rSession, pData, 2036 ulDataLen, pSignature, pulSignatureLen); 2037 } else { 2038 rv = CKR_FUNCTION_NOT_SUPPORTED; 2039 } 2040 return (rv); 2041 } 2042 2043 CK_RV 2044 C_SignRecoverInit(CK_SESSION_HANDLE hSession, 2045 CK_MECHANISM_PTR pMechanism, 2046 CK_OBJECT_HANDLE hKey) 2047 { 2048 CK_RV rv; 2049 ST_SESSION_T rSession; 2050 2051 if (API_Initialized() == FALSE) { 2052 return (CKR_CRYPTOKI_NOT_INITIALIZED); 2053 } 2054 if (! pMechanism) { 2055 return (CKR_MECHANISM_INVALID); 2056 } 2057 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 2058 return (CKR_SESSION_HANDLE_INVALID); 2059 } 2060 if (FuncList.ST_SignRecoverInit) { 2061 rv = FuncList.ST_SignRecoverInit(rSession, pMechanism, hKey); 2062 } else { 2063 rv = CKR_FUNCTION_NOT_SUPPORTED; 2064 } 2065 return (rv); 2066 } 2067 2068 CK_RV 2069 C_SignUpdate(CK_SESSION_HANDLE hSession, 2070 CK_BYTE_PTR pPart, 2071 CK_ULONG ulPartLen) 2072 { 2073 CK_RV rv; 2074 ST_SESSION_T rSession; 2075 2076 if (API_Initialized() == FALSE) { 2077 return (CKR_CRYPTOKI_NOT_INITIALIZED); 2078 } 2079 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 2080 return (CKR_SESSION_HANDLE_INVALID); 2081 } 2082 if (FuncList.ST_SignUpdate) { 2083 rv = FuncList.ST_SignUpdate(rSession, pPart, ulPartLen); 2084 } else { 2085 rv = CKR_FUNCTION_NOT_SUPPORTED; 2086 } 2087 return (rv); 2088 } 2089 2090 CK_RV 2091 C_UnwrapKey(CK_SESSION_HANDLE hSession, 2092 CK_MECHANISM_PTR pMechanism, 2093 CK_OBJECT_HANDLE hUnwrappingKey, 2094 CK_BYTE_PTR pWrappedKey, 2095 CK_ULONG ulWrappedKeyLen, 2096 CK_ATTRIBUTE_PTR pTemplate, 2097 CK_ULONG ulAttributeCount, 2098 CK_OBJECT_HANDLE_PTR phKey) 2099 { 2100 CK_RV rv; 2101 ST_SESSION_T rSession; 2102 2103 if (API_Initialized() == FALSE) { 2104 return (CKR_CRYPTOKI_NOT_INITIALIZED); 2105 } 2106 if (!pMechanism) { 2107 return (CKR_MECHANISM_INVALID); 2108 } 2109 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 2110 return (CKR_SESSION_HANDLE_INVALID); 2111 } 2112 if (FuncList.ST_UnwrapKey) { 2113 rv = FuncList.ST_UnwrapKey(rSession, pMechanism, 2114 hUnwrappingKey, pWrappedKey, ulWrappedKeyLen, 2115 pTemplate, ulAttributeCount, phKey); 2116 } else { 2117 rv = CKR_FUNCTION_NOT_SUPPORTED; 2118 } 2119 return (rv); 2120 } 2121 2122 CK_RV 2123 C_Verify(CK_SESSION_HANDLE hSession, 2124 CK_BYTE_PTR pData, 2125 CK_ULONG ulDataLen, 2126 CK_BYTE_PTR pSignature, 2127 CK_ULONG ulSignatureLen) 2128 { 2129 CK_RV rv; 2130 ST_SESSION_T rSession; 2131 2132 if (API_Initialized() == FALSE) { 2133 return (CKR_CRYPTOKI_NOT_INITIALIZED); 2134 } 2135 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 2136 return (CKR_SESSION_HANDLE_INVALID); 2137 } 2138 if (FuncList.ST_Verify) { 2139 rv = FuncList.ST_Verify(rSession, pData, ulDataLen, 2140 pSignature, ulSignatureLen); 2141 } else { 2142 rv = CKR_FUNCTION_NOT_SUPPORTED; 2143 } 2144 return (rv); 2145 } 2146 2147 CK_RV 2148 C_VerifyFinal(CK_SESSION_HANDLE hSession, 2149 CK_BYTE_PTR pSignature, 2150 CK_ULONG ulSignatureLen) 2151 { 2152 CK_RV rv; 2153 ST_SESSION_T rSession; 2154 2155 if (API_Initialized() == FALSE) { 2156 return (CKR_CRYPTOKI_NOT_INITIALIZED); 2157 } 2158 if (! pSignature) { 2159 return (CKR_ARGUMENTS_BAD); 2160 } 2161 2162 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 2163 return (CKR_SESSION_HANDLE_INVALID); 2164 } 2165 if (FuncList.ST_VerifyFinal) { 2166 rv = FuncList.ST_VerifyFinal(rSession, pSignature, 2167 ulSignatureLen); 2168 } else { 2169 rv = CKR_FUNCTION_NOT_SUPPORTED; 2170 } 2171 return (rv); 2172 } 2173 2174 CK_RV 2175 C_VerifyInit(CK_SESSION_HANDLE hSession, 2176 CK_MECHANISM_PTR pMechanism, 2177 CK_OBJECT_HANDLE hKey) 2178 { 2179 CK_RV rv; 2180 ST_SESSION_T rSession; 2181 2182 if (API_Initialized() == FALSE) { 2183 return (CKR_CRYPTOKI_NOT_INITIALIZED); 2184 } 2185 if (! pMechanism) { 2186 return (CKR_MECHANISM_INVALID); 2187 } 2188 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 2189 return (CKR_SESSION_HANDLE_INVALID); 2190 } 2191 2192 if (FuncList.ST_VerifyInit) { 2193 rv = FuncList.ST_VerifyInit(rSession, pMechanism, hKey); 2194 } else { 2195 rv = CKR_FUNCTION_NOT_SUPPORTED; 2196 } 2197 return (rv); 2198 } 2199 2200 CK_RV 2201 C_VerifyRecover(CK_SESSION_HANDLE hSession, 2202 CK_BYTE_PTR pSignature, 2203 CK_ULONG ulSignatureLen, 2204 CK_BYTE_PTR pData, 2205 CK_ULONG_PTR pulDataLen) 2206 { 2207 CK_RV rv; 2208 ST_SESSION_T rSession; 2209 2210 if (API_Initialized() == FALSE) { 2211 return (CKR_CRYPTOKI_NOT_INITIALIZED); 2212 } 2213 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 2214 return (CKR_SESSION_HANDLE_INVALID); 2215 } 2216 if (FuncList.ST_VerifyRecover) { 2217 rv = FuncList.ST_VerifyRecover(rSession, pSignature, 2218 ulSignatureLen, pData, pulDataLen); 2219 } else { 2220 rv = CKR_FUNCTION_NOT_SUPPORTED; 2221 } 2222 return (rv); 2223 } 2224 2225 CK_RV 2226 C_VerifyRecoverInit(CK_SESSION_HANDLE hSession, 2227 CK_MECHANISM_PTR pMechanism, 2228 CK_OBJECT_HANDLE hKey) 2229 { 2230 CK_RV rv; 2231 ST_SESSION_T rSession; 2232 2233 if (API_Initialized() == FALSE) { 2234 return (CKR_CRYPTOKI_NOT_INITIALIZED); 2235 } 2236 if (! pMechanism) { 2237 return (CKR_MECHANISM_INVALID); 2238 } 2239 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 2240 return (CKR_SESSION_HANDLE_INVALID); 2241 } 2242 if (FuncList.ST_VerifyRecoverInit) { 2243 rv = FuncList.ST_VerifyRecoverInit(rSession, pMechanism, hKey); 2244 } else { 2245 rv = CKR_FUNCTION_NOT_SUPPORTED; 2246 } 2247 return (rv); 2248 } 2249 2250 CK_RV 2251 C_VerifyUpdate(CK_SESSION_HANDLE hSession, 2252 CK_BYTE_PTR pPart, 2253 CK_ULONG ulPartLen) 2254 { 2255 CK_RV rv; 2256 ST_SESSION_T rSession; 2257 2258 if (API_Initialized() == FALSE) { 2259 return (CKR_CRYPTOKI_NOT_INITIALIZED); 2260 } 2261 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 2262 return (CKR_SESSION_HANDLE_INVALID); 2263 } 2264 if (FuncList.ST_VerifyUpdate) { 2265 rv = FuncList.ST_VerifyUpdate(rSession, pPart, ulPartLen); 2266 } else { 2267 rv = CKR_FUNCTION_NOT_SUPPORTED; 2268 } 2269 return (rv); 2270 } 2271 2272 /*ARGSUSED*/ 2273 CK_RV 2274 C_WaitForSlotEvent(CK_FLAGS flags, 2275 CK_SLOT_ID_PTR pSlot, 2276 CK_VOID_PTR pReserved) 2277 { 2278 if (API_Initialized() == FALSE) { 2279 return (CKR_CRYPTOKI_NOT_INITIALIZED); 2280 } 2281 return (CKR_FUNCTION_NOT_SUPPORTED); 2282 } 2283 2284 CK_RV 2285 C_WrapKey(CK_SESSION_HANDLE hSession, 2286 CK_MECHANISM_PTR pMechanism, 2287 CK_OBJECT_HANDLE hWrappingKey, 2288 CK_OBJECT_HANDLE hKey, 2289 CK_BYTE_PTR pWrappedKey, 2290 CK_ULONG_PTR pulWrappedKeyLen) 2291 { 2292 CK_RV rv; 2293 ST_SESSION_T rSession; 2294 2295 if (API_Initialized() == FALSE) { 2296 return (CKR_CRYPTOKI_NOT_INITIALIZED); 2297 } 2298 if (! pMechanism) { 2299 return (CKR_MECHANISM_INVALID); 2300 } 2301 if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) { 2302 return (CKR_SESSION_HANDLE_INVALID); 2303 } 2304 if (FuncList.ST_WrapKey) { 2305 rv = FuncList.ST_WrapKey(rSession, pMechanism, hWrappingKey, 2306 hKey, pWrappedKey, pulWrappedKeyLen); 2307 } else { 2308 rv = CKR_FUNCTION_NOT_SUPPORTED; 2309 } 2310 return (rv); 2311 } 2312 2313 #pragma init(api_init) 2314 #pragma fini(api_fini) 2315 2316 static void 2317 api_init(void) 2318 { 2319 loginit(); 2320 if (! Initialized) { 2321 (void) pthread_atfork(tpmtoken_fork_prepare, 2322 tpmtoken_fork_parent, tpmtoken_fork_child); 2323 Initialized = 1; 2324 } 2325 } 2326 2327 static void 2328 api_fini() 2329 { 2330 logterm(); 2331 if (API_Initialized() == TRUE) { 2332 (void) do_finalize(NULL); 2333 } 2334 } 2335