1 /* 2 * The Initial Developer of the Original Code is International 3 * Business Machines Corporation. Portions created by IBM 4 * Corporation are Copyright (C) 2005 International Business 5 * Machines Corporation. All Rights Reserved. 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the Common Public License as published by 9 * IBM Corporation; either version 1 of the License, or (at your option) 10 * any later version. 11 * 12 * This program is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * Common Public License for more details. 16 * 17 * You should have received a copy of the Common Public License 18 * along with this program; if not, a copy can be viewed at 19 * http://www.opensource.org/licenses/cpl1.0.php. 20 */ 21 22 /* (C) COPYRIGHT International Business Machines Corp. 2001, 2002, 2005 */ 23 /* 24 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 25 * Use is subject to license terms. 26 */ 27 28 #include <pwd.h> 29 #include <grp.h> 30 31 #include "tpmtok_int.h" 32 #include "tpmtok_defs.h" 33 34 extern pthread_rwlock_t obj_list_rw_mutex; 35 36 void SC_SetFunctionList(void); 37 38 struct ST_FCN_LIST function_list; 39 40 int debugfile = 0; 41 42 pid_t initedpid = 0; // for initialized pid 43 44 CK_C_INITIALIZE_ARGS cinit_args = {NULL, NULL, NULL, NULL, 0, NULL}; 45 46 extern void stlogterm(); 47 extern void stloginit(); 48 extern void stlogit2(int type, char *fmt, ...); 49 extern void stlogit(char *fmt, ...); 50 51 CK_BBOOL 52 st_Initialized() 53 { 54 return (initedpid == getpid()); 55 } 56 57 void 58 Fork_Initializer(void) 59 { 60 stlogterm(); 61 stloginit(); // Initialize Logging so we can capture EVERYTHING 62 63 // Force logout. This cleans out the private session and list 64 // and cleans out the private object map 65 (void) session_mgr_logout_all(); 66 67 // Clean out the public object map 68 // First parm is no longer used.. 69 (void) object_mgr_purge_map((SESSION *)0xFFFF, PUBLIC); 70 (void) object_mgr_purge_map((SESSION *)0xFFFF, PRIVATE); 71 72 // This should clear the entire session list out 73 (void) session_mgr_close_all_sessions(); 74 75 next_session_handle = 1; 76 next_object_handle = 1; 77 78 while (priv_token_obj_list) { 79 priv_token_obj_list = dlist_remove_node(priv_token_obj_list, 80 priv_token_obj_list); 81 } 82 83 while (publ_token_obj_list) { 84 publ_token_obj_list = dlist_remove_node(publ_token_obj_list, 85 publ_token_obj_list); 86 } 87 } 88 89 #define SESSION_HANDLE sSession.sessionh 90 91 #define SESS_SET \ 92 CK_SESSION_HANDLE hSession = sSession.sessionh; 93 94 static CK_RV 95 validate_mechanism(CK_MECHANISM_PTR pMechanism) 96 { 97 CK_ULONG i; 98 99 for (i = 0; i < mech_list_len; i++) { 100 if (pMechanism->mechanism == mech_list[i].mech_type) { 101 return (CKR_OK); 102 } 103 } 104 return (CKR_MECHANISM_INVALID); 105 } 106 107 #define VALID_MECH(p) \ 108 if (validate_mechanism(p) != CKR_OK) { \ 109 rc = CKR_MECHANISM_INVALID; \ 110 goto done; \ 111 } 112 113 CK_RV 114 ST_Initialize(void *FunctionList, 115 CK_SLOT_ID SlotNumber, 116 unsigned char *Correlator) 117 { 118 CK_RV rc = CKR_OK; 119 struct ST_FCN_LIST *flist = (struct ST_FCN_LIST *)FunctionList; 120 TSS_HCONTEXT hContext = 0; 121 122 stlogterm(); 123 stloginit(); 124 125 if (st_Initialized() == TRUE) { 126 return (CKR_OK); 127 } 128 // assume that the upper API prevents multiple calls of initialize 129 // since that only happens on C_Initialize and that is the 130 // resonsibility of the upper layer.. 131 initialized = FALSE; 132 133 // check for other completing this before creating mutexes... 134 // make sure that the same process tried to to the init... 135 // thread issues should be caught up above... 136 if (st_Initialized() == TRUE) { 137 goto done; 138 } 139 140 Fork_Initializer(); 141 142 (void) pthread_mutex_init(&pkcs_mutex, NULL); 143 (void) pthread_mutex_init(&obj_list_mutex, NULL); 144 (void) pthread_rwlock_init(&obj_list_rw_mutex, NULL); 145 146 (void) pthread_mutex_init(&sess_list_mutex, NULL); 147 (void) pthread_mutex_init(&login_mutex, NULL); 148 149 if (st_Initialized() == FALSE) { 150 if ((rc = attach_shm()) != CKR_OK) 151 goto done; 152 153 nv_token_data = &global_shm->nv_token_data; 154 155 initialized = TRUE; 156 initedpid = getpid(); 157 SC_SetFunctionList(); 158 159 /* Always call the token_specific_init function.... */ 160 rc = token_specific.t_init((char *)Correlator, SlotNumber, 161 &hContext); 162 if (rc != 0) 163 goto done; 164 } 165 166 rc = load_token_data(hContext, nv_token_data); 167 168 if (rc != CKR_OK) { 169 goto done; 170 } 171 172 rc = load_public_token_objects(); 173 if (rc != CKR_OK) 174 goto done; 175 176 (void) XProcLock(xproclock); 177 global_shm->publ_loaded = TRUE; 178 (void) XProcUnLock(xproclock); 179 180 init_slot_info(nv_token_data); 181 182 if (flist != NULL) 183 (*flist) = function_list; 184 done: 185 if (hContext) 186 Tspi_Context_Close(hContext); 187 return (rc); 188 } 189 190 /*ARGSUSED*/ 191 CK_RV 192 SC_Finalize(void *argptr) 193 { 194 CK_RV rc; 195 TSS_HCONTEXT hContext; 196 197 if (st_Initialized() == FALSE) { 198 return (CKR_CRYPTOKI_NOT_INITIALIZED); 199 } 200 201 rc = pthread_mutex_lock(&pkcs_mutex); 202 if (rc != CKR_OK) { 203 return (rc); 204 } 205 // 206 // If somebody else has taken care of things, leave... 207 // 208 if (st_Initialized() == FALSE) { 209 (void) pthread_mutex_unlock(&pkcs_mutex); 210 return (CKR_CRYPTOKI_NOT_INITIALIZED); 211 } 212 if (open_tss_context(&hContext)) { 213 (void) pthread_mutex_unlock(&pkcs_mutex); 214 return (CKR_FUNCTION_FAILED); 215 } 216 217 initialized = FALSE; 218 219 (void) session_mgr_close_all_sessions(); 220 (void) object_mgr_purge_token_objects(hContext); 221 (void) Tspi_Context_Close(hContext); 222 223 (void) detach_shm(); 224 if (token_specific.t_final != NULL) { 225 token_specific.t_final(); 226 } 227 228 rc = pthread_mutex_unlock(&pkcs_mutex); 229 if (rc != CKR_OK) { 230 return (rc); 231 } 232 return (CKR_OK); 233 } 234 235 /*ARGSUSED*/ 236 CK_RV 237 SC_GetTokenInfo(CK_SLOT_ID sid, CK_TOKEN_INFO_PTR pInfo) 238 { 239 CK_RV rc = CKR_OK; 240 time_t now; 241 242 if (st_Initialized() == FALSE) 243 return (CKR_CRYPTOKI_NOT_INITIALIZED); 244 245 if (pInfo == NULL) 246 return (CKR_FUNCTION_FAILED); 247 248 if (sid != TPM_SLOTID) 249 return (CKR_SLOT_ID_INVALID); 250 251 (void) memcpy(pInfo, &nv_token_data->token_info, 252 sizeof (CK_TOKEN_INFO)); 253 254 now = time((time_t *)NULL); 255 (void) strftime((char *)pInfo->utcTime, 16, "%X", localtime(&now)); 256 257 return (rc); 258 } 259 260 /*ARGSUSED*/ 261 CK_RV 262 SC_GetMechanismList( 263 CK_SLOT_ID sid, 264 CK_MECHANISM_TYPE_PTR pMechList, 265 CK_ULONG_PTR count) 266 { 267 CK_ULONG i; 268 CK_RV rc = CKR_OK; 269 270 if (st_Initialized() == FALSE) { 271 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 272 goto done; 273 } 274 275 if (count == NULL) { 276 rc = CKR_FUNCTION_FAILED; 277 goto done; 278 } 279 280 if (sid != TPM_SLOTID) { 281 rc = CKR_SLOT_ID_INVALID; 282 goto done; 283 } 284 285 if (pMechList == NULL) { 286 *count = mech_list_len; 287 rc = CKR_OK; 288 goto done; 289 } 290 291 if (*count < mech_list_len) { 292 *count = mech_list_len; 293 rc = CKR_BUFFER_TOO_SMALL; 294 goto done; 295 } 296 297 for (i = 0; i < mech_list_len; i++) 298 pMechList[i] = mech_list[i].mech_type; 299 300 *count = mech_list_len; 301 rc = CKR_OK; 302 303 done: 304 if (debugfile) { 305 stlogit2(debugfile, 306 "% - 25s: rc = 0x%08x, # mechanisms: %d\n", 307 "C_GetMechanismList", rc, *count); 308 } 309 return (rc); 310 } 311 312 /*ARGSUSED*/ 313 CK_RV 314 SC_GetMechanismInfo( 315 CK_SLOT_ID sid, 316 CK_MECHANISM_TYPE type, 317 CK_MECHANISM_INFO_PTR pInfo) 318 { 319 CK_ULONG i; 320 CK_RV rc = CKR_OK; 321 322 if (st_Initialized() == FALSE) { 323 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 324 goto done; 325 } 326 327 if (pInfo == NULL) { 328 rc = CKR_FUNCTION_FAILED; 329 goto done; 330 } 331 332 if (sid != TPM_SLOTID) { 333 rc = CKR_SLOT_ID_INVALID; 334 goto done; 335 } 336 337 for (i = 0; i < mech_list_len; i++) { 338 if (mech_list[i].mech_type == type) { 339 (void) memcpy(pInfo, &mech_list[i].mech_info, 340 sizeof (CK_MECHANISM_INFO)); 341 rc = CKR_OK; 342 goto done; 343 } 344 } 345 rc = CKR_MECHANISM_INVALID; 346 347 done: 348 if (debugfile) { 349 stlogit2(debugfile, "% - 25s: " 350 "rc = 0x%08x, mech type = 0x%08x\n", 351 "C_GetMechanismInfo", rc, type); 352 } 353 354 return (rc); 355 } 356 357 /*ARGSUSED*/ 358 CK_RV 359 SC_InitToken( 360 CK_SLOT_ID sid, 361 CK_CHAR_PTR pPin, 362 CK_ULONG ulPinLen, 363 CK_CHAR_PTR pLabel) 364 { 365 CK_RV rc = CKR_OK; 366 CK_BYTE hash_sha[SHA1_DIGEST_LENGTH]; 367 TOKEN_DATA newtoken; 368 TSS_HCONTEXT hContext = 0; 369 370 if (st_Initialized() == FALSE) { 371 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 372 goto done; 373 } 374 if (sid != TPM_SLOTID) { 375 rc = CKR_SLOT_ID_INVALID; 376 goto done; 377 } 378 379 if (! pPin || ! pLabel) { 380 rc = CKR_ARGUMENTS_BAD; 381 goto done; 382 } 383 if (open_tss_context(&hContext)) { 384 rc = CKR_FUNCTION_FAILED; 385 goto done; 386 } 387 388 rc = load_token_data(hContext, &newtoken); 389 if (rc != CKR_OK) { 390 goto done; 391 } 392 393 if (newtoken.token_info.flags & CKF_SO_PIN_LOCKED) { 394 rc = CKR_PIN_LOCKED; 395 goto done; 396 } 397 398 rc = token_specific.t_verify_so_pin(hContext, pPin, ulPinLen); 399 if (rc != CKR_OK) { 400 rc = CKR_PIN_INCORRECT; 401 goto done; 402 } 403 404 /* 405 * Before we reconstruct all the data, we should delete the 406 * token objects from the filesystem. 407 * 408 * Construct a string to delete the token objects. 409 */ 410 (void) object_mgr_destroy_token_objects(hContext); 411 412 (void) init_token_data(hContext, &newtoken); 413 (void) init_slot_info(&newtoken); 414 415 /* change the label */ 416 (void) strncpy((char *)newtoken.token_info.label, (char *)pLabel, 417 sizeof (newtoken.token_info.label)); 418 419 (void) memcpy(newtoken.so_pin_sha, hash_sha, 420 SHA1_DIGEST_LENGTH); 421 422 newtoken.token_info.flags |= CKF_TOKEN_INITIALIZED; 423 424 rc = save_token_data(&newtoken); 425 done: 426 if (hContext) 427 (void) Tspi_Context_Close(hContext); 428 429 return (rc); 430 } 431 432 CK_RV 433 SC_InitPIN( 434 ST_SESSION_HANDLE sSession, 435 CK_CHAR_PTR pPin, 436 CK_ULONG ulPinLen) 437 { 438 SESSION * sess = NULL; 439 CK_RV rc = CKR_OK; 440 CK_FLAGS * flags = NULL; 441 SESS_SET 442 443 if (st_Initialized() == FALSE) { 444 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 445 goto done; 446 } 447 448 if (! pPin) { 449 rc = CKR_ARGUMENTS_BAD; 450 goto done; 451 } 452 453 sess = session_mgr_find(hSession); 454 if (! sess) { 455 rc = CKR_SESSION_HANDLE_INVALID; 456 goto done; 457 } 458 459 if (pin_locked(&sess->session_info, 460 nv_token_data->token_info.flags) == TRUE) { 461 rc = CKR_PIN_LOCKED; 462 goto done; 463 } 464 465 if (sess->session_info.state != CKS_RW_SO_FUNCTIONS) { 466 rc = CKR_USER_NOT_LOGGED_IN; 467 goto done; 468 } 469 470 rc = token_specific.t_init_pin(sess->hContext, pPin, ulPinLen); 471 if (rc == CKR_OK) { 472 flags = &nv_token_data->token_info.flags; 473 474 *flags &= ~(CKF_USER_PIN_LOCKED | 475 CKF_USER_PIN_FINAL_TRY | 476 CKF_USER_PIN_COUNT_LOW); 477 478 rc = save_token_data(nv_token_data); 479 if (rc != CKR_OK) { 480 goto done; 481 } 482 } 483 484 done: 485 486 if (debugfile) { 487 stlogit2(debugfile, "% - 25s: session = %08x\n", 488 "C_InitPin", rc, hSession); 489 } 490 491 return (rc); 492 } 493 494 CK_RV 495 SC_SetPIN(ST_SESSION_HANDLE sSession, 496 CK_CHAR_PTR pOldPin, 497 CK_ULONG ulOldLen, 498 CK_CHAR_PTR pNewPin, 499 CK_ULONG ulNewLen) 500 { 501 SESSION * sess = NULL; 502 CK_RV rc = CKR_OK; 503 SESS_SET 504 505 if (st_Initialized() == FALSE) { 506 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 507 goto done; 508 } 509 510 sess = session_mgr_find(hSession); 511 if (! sess) { 512 rc = CKR_SESSION_HANDLE_INVALID; 513 goto done; 514 } 515 516 if (pin_locked(&sess->session_info, 517 nv_token_data->token_info.flags) == TRUE) { 518 rc = CKR_PIN_LOCKED; 519 goto done; 520 } 521 522 rc = token_specific.t_set_pin(sSession, pOldPin, 523 ulOldLen, pNewPin, ulNewLen); 524 525 done: 526 if (debugfile) { 527 stlogit2(debugfile, "% - 25s: session = %08x\n", 528 "C_SetPin", rc, hSession); 529 } 530 531 return (rc); 532 } 533 534 CK_RV 535 SC_OpenSession( 536 CK_SLOT_ID sid, 537 CK_FLAGS flags, 538 CK_SESSION_HANDLE_PTR phSession) 539 { 540 SESSION *sess; 541 CK_RV rc = CKR_OK; 542 TSS_HCONTEXT hContext; 543 544 if (st_Initialized() == FALSE) { 545 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 546 goto done; 547 } 548 549 if ((flags & CKF_RW_SESSION) == 0) { 550 if (session_mgr_so_session_exists()) { 551 return (CKR_SESSION_READ_WRITE_SO_EXISTS); 552 } 553 } 554 if (sid != TPM_SLOTID) { 555 rc = CKR_SLOT_ID_INVALID; 556 goto done; 557 } 558 if (open_tss_context(&hContext)) { 559 rc = CKR_FUNCTION_FAILED; 560 goto done; 561 } 562 563 rc = pthread_mutex_lock(&pkcs_mutex); 564 if (rc != CKR_OK) { 565 (void) pthread_mutex_unlock(&pkcs_mutex); 566 Tspi_Context_Close(hContext); 567 goto done; 568 } 569 token_specific.t_session(sid); 570 571 (void) pthread_mutex_unlock(&pkcs_mutex); 572 573 rc = session_mgr_new(flags, &sess); 574 if (rc != CKR_OK) { 575 Tspi_Context_Close(hContext); 576 goto done; 577 } 578 *phSession = sess->handle; 579 sess->session_info.slotID = sid; 580 581 /* Open a new context for each session */ 582 sess->hContext = hContext; 583 done: 584 return (rc); 585 } 586 587 CK_RV 588 SC_CloseSession(ST_SESSION_HANDLE sSession) 589 { 590 SESSION *sess = NULL; 591 CK_RV rc = CKR_OK; 592 SESS_SET 593 594 if (st_Initialized() == FALSE) { 595 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 596 goto done; 597 } 598 599 sess = session_mgr_find(hSession); 600 if (!sess) { 601 rc = CKR_SESSION_HANDLE_INVALID; 602 goto done; 603 } 604 605 rc = session_mgr_close_session(sess); 606 607 done: 608 609 return (rc); 610 } 611 612 /*ARGSUSED*/ 613 CK_RV 614 SC_CloseAllSessions(CK_SLOT_ID sid) 615 { 616 CK_RV rc = CKR_OK; 617 618 if (st_Initialized() == FALSE) 619 return (CKR_CRYPTOKI_NOT_INITIALIZED); 620 621 if (sid != TPM_SLOTID) 622 return (CKR_SLOT_ID_INVALID); 623 624 rc = session_mgr_close_all_sessions(); 625 626 return (rc); 627 } 628 629 CK_RV 630 SC_GetSessionInfo(ST_SESSION_HANDLE sSession, 631 CK_SESSION_INFO_PTR pInfo) 632 { 633 SESSION * sess = NULL; 634 CK_RV rc = CKR_OK; 635 SESS_SET 636 637 if (st_Initialized() == FALSE) { 638 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 639 goto done; 640 } 641 642 if (! pInfo) { 643 rc = CKR_ARGUMENTS_BAD; 644 goto done; 645 } 646 647 sess = session_mgr_find(hSession); 648 if (! sess) { 649 rc = CKR_SESSION_HANDLE_INVALID; 650 goto done; 651 } 652 653 (void) memcpy(pInfo, &sess->session_info, sizeof (CK_SESSION_INFO)); 654 655 done: 656 return (rc); 657 } 658 659 CK_RV SC_GetOperationState(ST_SESSION_HANDLE sSession, 660 CK_BYTE_PTR pOperationState, 661 CK_ULONG_PTR pulOperationStateLen) 662 { 663 SESSION * sess = NULL; 664 CK_BBOOL length_only = FALSE; 665 CK_RV rc = CKR_OK; 666 SESS_SET 667 668 if (st_Initialized() == FALSE) { 669 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 670 goto done; 671 } 672 673 if (! pulOperationStateLen) { 674 rc = CKR_ARGUMENTS_BAD; 675 goto done; 676 } 677 678 if (! pOperationState) 679 length_only = TRUE; 680 681 sess = session_mgr_find(hSession); 682 if (! sess) { 683 rc = CKR_SESSION_HANDLE_INVALID; 684 goto done; 685 } 686 687 rc = session_mgr_get_op_state(sess, length_only, 688 pOperationState, pulOperationStateLen); 689 done: 690 return (rc); 691 } 692 693 CK_RV 694 SC_SetOperationState(ST_SESSION_HANDLE sSession, 695 CK_BYTE_PTR pOperationState, 696 CK_ULONG ulOperationStateLen, 697 CK_OBJECT_HANDLE hEncryptionKey, 698 CK_OBJECT_HANDLE hAuthenticationKey) 699 { 700 SESSION * sess = NULL; 701 CK_RV rc = CKR_OK; 702 SESS_SET 703 704 if (st_Initialized() == FALSE) { 705 return (CKR_CRYPTOKI_NOT_INITIALIZED); 706 } 707 708 if (!pOperationState || (ulOperationStateLen == 0)) { 709 return (CKR_ARGUMENTS_BAD); 710 } 711 712 sess = session_mgr_find(hSession); 713 if (! sess) { 714 return (CKR_SESSION_HANDLE_INVALID); 715 } 716 717 rc = session_mgr_set_op_state(sess, 718 hEncryptionKey, hAuthenticationKey, 719 pOperationState); 720 721 return (rc); 722 } 723 724 CK_RV 725 SC_Login(ST_SESSION_HANDLE sSession, 726 CK_USER_TYPE userType, 727 CK_CHAR_PTR pPin, 728 CK_ULONG ulPinLen) 729 { 730 SESSION * sess = NULL; 731 CK_FLAGS * flags = NULL, flagcheck, flagmask; 732 CK_RV rc = CKR_OK; 733 734 SESS_SET 735 // In v2.11, logins should be exclusive, since token 736 // specific flags may need to be set for a bad login. - KEY 737 rc = pthread_mutex_lock(&login_mutex); 738 if (rc != CKR_OK) { 739 return (CKR_FUNCTION_FAILED); 740 } 741 742 if (st_Initialized() == FALSE) { 743 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 744 goto done; 745 } 746 747 sess = session_mgr_find(hSession); 748 if (! sess) { 749 rc = CKR_SESSION_HANDLE_INVALID; 750 goto done; 751 } 752 flags = &nv_token_data->token_info.flags; 753 754 if (! pPin || ulPinLen > MAX_PIN_LEN) { 755 set_login_flags(userType, flags); 756 rc = CKR_PIN_INCORRECT; 757 goto done; 758 } 759 760 /* 761 * PKCS #11 v2.01 requires that all sessions have the same login status: 762 * --> all sessions are public, all are SO or all are USER 763 */ 764 if (userType == CKU_USER) { 765 if (session_mgr_so_session_exists()) { 766 rc = CKR_USER_ANOTHER_ALREADY_LOGGED_IN; 767 } 768 if (session_mgr_user_session_exists()) { 769 rc = CKR_USER_ALREADY_LOGGED_IN; 770 } 771 } else if (userType == CKU_SO) { 772 773 if (session_mgr_user_session_exists()) { 774 rc = CKR_USER_ANOTHER_ALREADY_LOGGED_IN; 775 } 776 if (session_mgr_so_session_exists()) { 777 rc = CKR_USER_ALREADY_LOGGED_IN; 778 } 779 if (session_mgr_readonly_exists()) { 780 rc = CKR_SESSION_READ_ONLY_EXISTS; 781 } 782 } else { 783 rc = CKR_USER_TYPE_INVALID; 784 } 785 if (rc != CKR_OK) 786 goto done; 787 788 if (userType == CKU_USER) { 789 flagcheck = CKF_USER_PIN_LOCKED; 790 flagmask = (CKF_USER_PIN_LOCKED | CKF_USER_PIN_FINAL_TRY | 791 CKF_USER_PIN_COUNT_LOW); 792 } else { 793 flagcheck = CKF_SO_PIN_LOCKED; 794 flagmask = (CKF_SO_PIN_LOCKED | 795 CKF_SO_PIN_FINAL_TRY | 796 CKF_SO_PIN_COUNT_LOW); 797 } 798 if (*flags & flagcheck) { 799 rc = CKR_PIN_LOCKED; 800 goto done; 801 } 802 803 /* call the pluggable login function here */ 804 rc = token_specific.t_login(sess->hContext, userType, pPin, ulPinLen); 805 if (rc == CKR_OK) { 806 *flags &= ~(flagmask); 807 } else if (rc == CKR_PIN_INCORRECT) { 808 set_login_flags(userType, flags); 809 goto done; 810 } else { 811 goto done; 812 } 813 814 rc = session_mgr_login_all(userType); 815 816 done: 817 if (rc == CKR_OK) 818 rc = save_token_data(nv_token_data); 819 (void) pthread_mutex_unlock(&login_mutex); 820 return (rc); 821 } 822 823 CK_RV 824 SC_Logout(ST_SESSION_HANDLE sSession) 825 { 826 SESSION * sess = NULL; 827 CK_RV rc = CKR_OK; 828 829 SESS_SET 830 831 if (st_Initialized() == FALSE) { 832 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 833 goto done; 834 } 835 836 sess = session_mgr_find(hSession); 837 if (! sess) { 838 rc = CKR_SESSION_HANDLE_INVALID; 839 goto done; 840 } 841 842 // all sessions have the same state so we just have to check one 843 // 844 if (session_mgr_public_session_exists()) { 845 rc = CKR_USER_NOT_LOGGED_IN; 846 goto done; 847 } 848 849 (void) session_mgr_logout_all(); 850 851 rc = token_specific.t_logout(sess->hContext); 852 853 done: 854 return (rc); 855 } 856 857 CK_RV 858 SC_CreateObject(ST_SESSION_HANDLE sSession, 859 CK_ATTRIBUTE_PTR pTemplate, 860 CK_ULONG ulCount, 861 CK_OBJECT_HANDLE_PTR phObject) 862 { 863 SESSION * sess = NULL; 864 CK_RV rc = CKR_OK; 865 SESS_SET 866 867 if (st_Initialized() == FALSE) { 868 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 869 goto done; 870 } 871 872 sess = session_mgr_find(hSession); 873 if (! sess) { 874 rc = CKR_SESSION_HANDLE_INVALID; 875 goto done; 876 } 877 878 if (pin_expired(&sess->session_info, 879 nv_token_data->token_info.flags) == TRUE) { 880 rc = CKR_PIN_EXPIRED; 881 goto done; 882 } 883 884 rc = object_mgr_add(sess, pTemplate, ulCount, phObject); 885 886 done: 887 return (rc); 888 889 } 890 891 CK_RV 892 SC_CopyObject( 893 ST_SESSION_HANDLE sSession, 894 CK_OBJECT_HANDLE hObject, 895 CK_ATTRIBUTE_PTR pTemplate, 896 CK_ULONG ulCount, 897 CK_OBJECT_HANDLE_PTR phNewObject) 898 { 899 SESSION * sess = NULL; 900 CK_RV rc = CKR_OK; 901 SESS_SET 902 903 if (st_Initialized() == FALSE) { 904 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 905 goto done; 906 } 907 908 sess = session_mgr_find(hSession); 909 if (! sess) { 910 rc = CKR_SESSION_HANDLE_INVALID; 911 goto done; 912 } 913 914 if (pin_expired(&sess->session_info, 915 nv_token_data->token_info.flags) == TRUE) { 916 rc = CKR_PIN_EXPIRED; 917 goto done; 918 } 919 920 rc = object_mgr_copy(sess, pTemplate, ulCount, 921 hObject, phNewObject); 922 923 done: 924 return (rc); 925 } 926 927 CK_RV 928 SC_DestroyObject(ST_SESSION_HANDLE sSession, 929 CK_OBJECT_HANDLE hObject) 930 { 931 SESSION * sess = NULL; 932 CK_RV rc = CKR_OK; 933 SESS_SET 934 935 if (st_Initialized() == FALSE) { 936 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 937 goto done; 938 } 939 940 sess = session_mgr_find(hSession); 941 if (! sess) { 942 rc = CKR_SESSION_HANDLE_INVALID; 943 goto done; 944 } 945 946 if (pin_expired(&sess->session_info, 947 nv_token_data->token_info.flags) == TRUE) { 948 rc = CKR_PIN_EXPIRED; 949 goto done; 950 } 951 952 rc = object_mgr_destroy_object(sess, hObject); 953 done: 954 return (rc); 955 } 956 957 CK_RV 958 SC_GetObjectSize( 959 ST_SESSION_HANDLE sSession, 960 CK_OBJECT_HANDLE hObject, 961 CK_ULONG_PTR pulSize) 962 { 963 SESSION * sess = NULL; 964 CK_RV rc = CKR_OK; 965 SESS_SET 966 967 if (st_Initialized() == FALSE) { 968 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 969 goto done; 970 } 971 972 sess = session_mgr_find(hSession); 973 if (! sess) { 974 rc = CKR_SESSION_HANDLE_INVALID; 975 goto done; 976 } 977 978 rc = object_mgr_get_object_size(sess->hContext, hObject, pulSize); 979 980 done: 981 return (rc); 982 } 983 984 CK_RV 985 SC_GetAttributeValue(ST_SESSION_HANDLE sSession, 986 CK_OBJECT_HANDLE hObject, 987 CK_ATTRIBUTE_PTR pTemplate, 988 CK_ULONG ulCount) 989 { 990 SESSION * sess = NULL; 991 CK_RV rc = CKR_OK; 992 SESS_SET 993 994 if (st_Initialized() == FALSE) { 995 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 996 goto done; 997 } 998 999 sess = session_mgr_find(hSession); 1000 if (! sess) { 1001 rc = CKR_SESSION_HANDLE_INVALID; 1002 goto done; 1003 } 1004 1005 rc = object_mgr_get_attribute_values(sess, hObject, pTemplate, ulCount); 1006 1007 done: 1008 return (rc); 1009 } 1010 1011 CK_RV 1012 SC_SetAttributeValue(ST_SESSION_HANDLE sSession, 1013 CK_OBJECT_HANDLE hObject, 1014 CK_ATTRIBUTE_PTR pTemplate, 1015 CK_ULONG ulCount) 1016 { 1017 SESSION * sess = NULL; 1018 CK_RV rc = CKR_OK; 1019 SESS_SET 1020 1021 if (st_Initialized() == FALSE) { 1022 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 1023 goto done; 1024 } 1025 1026 sess = session_mgr_find(hSession); 1027 if (! sess) { 1028 rc = CKR_SESSION_HANDLE_INVALID; 1029 goto done; 1030 } 1031 1032 rc = object_mgr_set_attribute_values(sess, hObject, pTemplate, ulCount); 1033 1034 done: 1035 return (rc); 1036 } 1037 1038 CK_RV 1039 SC_FindObjectsInit(ST_SESSION_HANDLE sSession, 1040 CK_ATTRIBUTE_PTR pTemplate, 1041 CK_ULONG ulCount) 1042 { 1043 SESSION * sess = NULL; 1044 CK_RV rc = CKR_OK; 1045 SESS_SET 1046 1047 if (st_Initialized() == FALSE) { 1048 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 1049 goto done; 1050 } 1051 1052 sess = session_mgr_find(hSession); 1053 if (! sess) { 1054 rc = CKR_SESSION_HANDLE_INVALID; 1055 goto done; 1056 } 1057 1058 if (pin_expired(&sess->session_info, 1059 nv_token_data->token_info.flags) == TRUE) { 1060 rc = CKR_PIN_EXPIRED; 1061 goto done; 1062 } 1063 1064 if (sess->find_active == TRUE) { 1065 rc = CKR_OPERATION_ACTIVE; 1066 goto done; 1067 } 1068 1069 rc = object_mgr_find_init(sess, pTemplate, ulCount); 1070 1071 done: 1072 return (rc); 1073 } 1074 1075 CK_RV 1076 SC_FindObjects(ST_SESSION_HANDLE sSession, 1077 CK_OBJECT_HANDLE_PTR phObject, 1078 CK_ULONG ulMaxObjectCount, 1079 CK_ULONG_PTR pulObjectCount) 1080 { 1081 SESSION * sess = NULL; 1082 CK_ULONG count = 0; 1083 CK_RV rc = CKR_OK; 1084 SESS_SET 1085 1086 if (st_Initialized() == FALSE) { 1087 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 1088 goto done; 1089 } 1090 1091 if (! phObject || ! pulObjectCount) { 1092 rc = CKR_ARGUMENTS_BAD; 1093 goto done; 1094 } 1095 1096 sess = session_mgr_find(hSession); 1097 if (! sess) { 1098 rc = CKR_SESSION_HANDLE_INVALID; 1099 goto done; 1100 } 1101 1102 if (sess->find_active == FALSE) { 1103 rc = CKR_OPERATION_NOT_INITIALIZED; 1104 goto done; 1105 } 1106 1107 if (! sess->find_list) { 1108 rc = CKR_FUNCTION_FAILED; 1109 goto done; 1110 } 1111 count = MIN(ulMaxObjectCount, (sess->find_count - sess->find_idx)); 1112 1113 (void) memcpy(phObject, sess->find_list + sess->find_idx, 1114 count * sizeof (CK_OBJECT_HANDLE)); 1115 *pulObjectCount = count; 1116 1117 sess->find_idx += count; 1118 rc = CKR_OK; 1119 1120 done: 1121 return (rc); 1122 } 1123 1124 CK_RV 1125 SC_FindObjectsFinal(ST_SESSION_HANDLE sSession) 1126 { 1127 SESSION * sess = NULL; 1128 CK_RV rc = CKR_OK; 1129 SESS_SET 1130 1131 if (st_Initialized() == FALSE) { 1132 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 1133 goto done; 1134 } 1135 1136 sess = session_mgr_find(hSession); 1137 if (! sess) { 1138 rc = CKR_SESSION_HANDLE_INVALID; 1139 goto done; 1140 } 1141 1142 if (sess->find_active == FALSE) { 1143 rc = CKR_OPERATION_NOT_INITIALIZED; 1144 goto done; 1145 } 1146 1147 if (sess->find_list) 1148 free(sess->find_list); 1149 1150 sess->find_list = NULL; 1151 sess->find_len = 0; 1152 sess->find_idx = 0; 1153 sess->find_active = FALSE; 1154 1155 rc = CKR_OK; 1156 1157 done: 1158 return (rc); 1159 } 1160 1161 CK_RV 1162 SC_EncryptInit(ST_SESSION_HANDLE sSession, 1163 CK_MECHANISM_PTR pMechanism, 1164 CK_OBJECT_HANDLE hKey) 1165 { 1166 SESSION * sess = NULL; 1167 CK_RV rc = CKR_OK; 1168 SESS_SET 1169 1170 if (st_Initialized() == FALSE) { 1171 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 1172 goto done; 1173 } 1174 1175 if (! pMechanism) { 1176 rc = CKR_ARGUMENTS_BAD; 1177 goto done; 1178 } 1179 1180 VALID_MECH(pMechanism); 1181 1182 sess = session_mgr_find(hSession); 1183 if (! sess) { 1184 rc = CKR_SESSION_HANDLE_INVALID; 1185 goto done; 1186 } 1187 1188 if (pin_expired(&sess->session_info, 1189 nv_token_data->token_info.flags) == TRUE) { 1190 rc = CKR_PIN_EXPIRED; 1191 goto done; 1192 } 1193 1194 if (sess->encr_ctx.active == TRUE) { 1195 rc = CKR_OPERATION_ACTIVE; 1196 goto done; 1197 } 1198 1199 rc = encr_mgr_init(sess, &sess->encr_ctx, OP_ENCRYPT_INIT, 1200 pMechanism, hKey); 1201 done: 1202 return (rc); 1203 } 1204 1205 CK_RV 1206 SC_Encrypt(ST_SESSION_HANDLE sSession, 1207 CK_BYTE_PTR pData, 1208 CK_ULONG ulDataLen, 1209 CK_BYTE_PTR pEncryptedData, 1210 CK_ULONG_PTR pulEncryptedDataLen) 1211 { 1212 SESSION * sess = NULL; 1213 CK_BBOOL length_only = FALSE; 1214 CK_RV rc = CKR_OK; 1215 SESS_SET 1216 1217 if (st_Initialized() == FALSE) { 1218 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 1219 goto done; 1220 } 1221 1222 if (! pData || ! pulEncryptedDataLen) { 1223 rc = CKR_ARGUMENTS_BAD; 1224 goto done; 1225 } 1226 1227 sess = session_mgr_find(hSession); 1228 if (! sess) { 1229 rc = CKR_SESSION_HANDLE_INVALID; 1230 goto done; 1231 } 1232 1233 if (sess->encr_ctx.active == FALSE) { 1234 rc = CKR_OPERATION_NOT_INITIALIZED; 1235 goto done; 1236 } 1237 1238 if (! pEncryptedData) 1239 length_only = TRUE; 1240 1241 rc = encr_mgr_encrypt(sess, length_only, 1242 &sess->encr_ctx, pData, ulDataLen, 1243 pEncryptedData, pulEncryptedDataLen); 1244 1245 done: 1246 if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) 1247 (void) encr_mgr_cleanup(&sess->encr_ctx); 1248 1249 return (rc); 1250 } 1251 1252 #if 0 1253 CK_RV 1254 SC_EncryptUpdate(ST_SESSION_HANDLE sSession, 1255 CK_BYTE_PTR pPart, 1256 CK_ULONG ulPartLen, 1257 CK_BYTE_PTR pEncryptedPart, 1258 CK_ULONG_PTR pulEncryptedPartLen) 1259 { 1260 SESSION * sess = NULL; 1261 CK_BBOOL length_only = FALSE; 1262 CK_RV rc = CKR_OK; 1263 SESS_SET 1264 1265 if (st_Initialized() == FALSE) { 1266 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 1267 goto done; 1268 } 1269 1270 if (! pPart || ! pulEncryptedPartLen) { 1271 rc = CKR_ARGUMENTS_BAD; 1272 goto done; 1273 } 1274 1275 sess = session_mgr_find(hSession); 1276 if (! sess) { 1277 rc = CKR_SESSION_HANDLE_INVALID; 1278 goto done; 1279 } 1280 1281 if (sess->encr_ctx.active == FALSE) { 1282 rc = CKR_OPERATION_NOT_INITIALIZED; 1283 goto done; 1284 } 1285 1286 if (! pEncryptedPart) 1287 length_only = TRUE; 1288 1289 rc = encr_mgr_encrypt_update(sess, length_only, 1290 &sess->encr_ctx, pPart, ulPartLen, 1291 pEncryptedPart, pulEncryptedPartLen); 1292 1293 done: 1294 if (rc != CKR_OK && rc != CKR_BUFFER_TOO_SMALL) 1295 (void) encr_mgr_cleanup(&sess->encr_ctx); 1296 1297 return (rc); 1298 } 1299 1300 CK_RV 1301 SC_EncryptFinal(ST_SESSION_HANDLE sSession, 1302 CK_BYTE_PTR pLastEncryptedPart, 1303 CK_ULONG_PTR pulLastEncryptedPartLen) 1304 { 1305 SESSION * sess = NULL; 1306 CK_BBOOL length_only = FALSE; 1307 CK_RV rc = CKR_OK; 1308 SESS_SET 1309 1310 if (st_Initialized() == FALSE) { 1311 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 1312 goto done; 1313 } 1314 1315 if (! pulLastEncryptedPartLen) { 1316 rc = CKR_ARGUMENTS_BAD; 1317 goto done; 1318 } 1319 1320 sess = session_mgr_find(hSession); 1321 if (! sess) { 1322 rc = CKR_SESSION_HANDLE_INVALID; 1323 goto done; 1324 } 1325 1326 if (sess->encr_ctx.active == FALSE) { 1327 rc = CKR_OPERATION_NOT_INITIALIZED; 1328 goto done; 1329 } 1330 1331 if (! pLastEncryptedPart) 1332 length_only = TRUE; 1333 1334 rc = encr_mgr_encrypt_final(sess, length_only, &sess->encr_ctx, 1335 pLastEncryptedPart, pulLastEncryptedPartLen); 1336 1337 done: 1338 if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) 1339 (void) encr_mgr_cleanup(&sess->encr_ctx); 1340 1341 return (rc); 1342 } 1343 #endif 1344 1345 CK_RV 1346 SC_DecryptInit(ST_SESSION_HANDLE sSession, 1347 CK_MECHANISM_PTR pMechanism, 1348 CK_OBJECT_HANDLE hKey) 1349 { 1350 SESSION * sess = NULL; 1351 CK_RV rc = CKR_OK; 1352 SESS_SET 1353 1354 if (st_Initialized() == FALSE) { 1355 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 1356 goto done; 1357 } 1358 1359 if (! pMechanism) { 1360 rc = CKR_ARGUMENTS_BAD; 1361 goto done; 1362 } 1363 VALID_MECH(pMechanism); 1364 1365 sess = session_mgr_find(hSession); 1366 if (! sess) { 1367 rc = CKR_SESSION_HANDLE_INVALID; 1368 goto done; 1369 } 1370 1371 if (pin_expired(&sess->session_info, 1372 nv_token_data->token_info.flags) == TRUE) { 1373 rc = CKR_PIN_EXPIRED; 1374 goto done; 1375 } 1376 1377 if (sess->decr_ctx.active == TRUE) { 1378 rc = CKR_OPERATION_ACTIVE; 1379 goto done; 1380 } 1381 1382 rc = decr_mgr_init(sess, &sess->decr_ctx, 1383 OP_DECRYPT_INIT, pMechanism, hKey); 1384 1385 done: 1386 return (rc); 1387 } 1388 1389 CK_RV 1390 SC_Decrypt(ST_SESSION_HANDLE sSession, 1391 CK_BYTE_PTR pEncryptedData, 1392 CK_ULONG ulEncryptedDataLen, 1393 CK_BYTE_PTR pData, 1394 CK_ULONG_PTR pulDataLen) 1395 { 1396 SESSION * sess = NULL; 1397 CK_BBOOL length_only = FALSE; 1398 CK_RV rc = CKR_OK; 1399 SESS_SET 1400 1401 if (st_Initialized() == FALSE) { 1402 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 1403 goto done; 1404 } 1405 1406 if (! pEncryptedData || ! pulDataLen) { 1407 rc = CKR_ARGUMENTS_BAD; 1408 goto done; 1409 } 1410 1411 sess = session_mgr_find(hSession); 1412 if (! sess) { 1413 rc = CKR_SESSION_HANDLE_INVALID; 1414 goto done; 1415 } 1416 1417 if (sess->decr_ctx.active == FALSE) { 1418 rc = CKR_OPERATION_NOT_INITIALIZED; 1419 goto done; 1420 } 1421 1422 if (! pData) 1423 length_only = TRUE; 1424 1425 rc = decr_mgr_decrypt(sess, length_only, 1426 &sess->decr_ctx, 1427 pEncryptedData, ulEncryptedDataLen, 1428 pData, pulDataLen); 1429 1430 done: 1431 if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) 1432 (void) decr_mgr_cleanup(&sess->decr_ctx); 1433 1434 return (rc); 1435 } 1436 1437 CK_RV 1438 SC_DigestInit(ST_SESSION_HANDLE sSession, 1439 CK_MECHANISM_PTR pMechanism) 1440 { 1441 SESSION * sess = NULL; 1442 CK_RV rc = CKR_OK; 1443 SESS_SET 1444 1445 if (st_Initialized() == FALSE) { 1446 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 1447 goto done; 1448 } 1449 if (! pMechanism) { 1450 rc = CKR_ARGUMENTS_BAD; 1451 goto done; 1452 } 1453 1454 VALID_MECH(pMechanism); 1455 1456 sess = session_mgr_find(hSession); 1457 if (! sess) { 1458 rc = CKR_SESSION_HANDLE_INVALID; 1459 goto done; 1460 } 1461 1462 if (pin_expired(&sess->session_info, 1463 nv_token_data->token_info.flags) == TRUE) { 1464 rc = CKR_PIN_EXPIRED; 1465 goto done; 1466 } 1467 1468 if (sess->digest_ctx.active == TRUE) { 1469 rc = CKR_OPERATION_ACTIVE; 1470 goto done; 1471 } 1472 1473 rc = digest_mgr_init(sess, &sess->digest_ctx, pMechanism); 1474 1475 done: 1476 return (rc); 1477 } 1478 1479 CK_RV 1480 SC_Digest(ST_SESSION_HANDLE sSession, 1481 CK_BYTE_PTR pData, 1482 CK_ULONG ulDataLen, 1483 CK_BYTE_PTR pDigest, 1484 CK_ULONG_PTR pulDigestLen) 1485 { 1486 SESSION * sess = NULL; 1487 CK_BBOOL length_only = FALSE; 1488 CK_RV rc = CKR_OK; 1489 SESS_SET 1490 1491 if (st_Initialized() == FALSE) { 1492 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 1493 goto done; 1494 } 1495 1496 // Netscape has been known to pass a null pData to DigestUpdate 1497 // but never for Digest. It doesn't really make sense to allow it here 1498 // 1499 if (! pData || ! pulDigestLen) { 1500 rc = CKR_ARGUMENTS_BAD; 1501 goto done; 1502 } 1503 1504 sess = session_mgr_find(hSession); 1505 if (! sess) { 1506 rc = CKR_SESSION_HANDLE_INVALID; 1507 goto done; 1508 } 1509 1510 if (sess->digest_ctx.active == FALSE) { 1511 rc = CKR_OPERATION_NOT_INITIALIZED; 1512 goto done; 1513 } 1514 1515 if (! pDigest) 1516 length_only = TRUE; 1517 1518 rc = digest_mgr_digest(sess, length_only, 1519 &sess->digest_ctx, pData, ulDataLen, 1520 pDigest, pulDigestLen); 1521 1522 done: 1523 if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) 1524 (void) digest_mgr_cleanup(&sess->digest_ctx); 1525 1526 return (rc); 1527 } 1528 1529 CK_RV 1530 SC_DigestUpdate(ST_SESSION_HANDLE sSession, 1531 CK_BYTE_PTR pPart, 1532 CK_ULONG ulPartLen) 1533 { 1534 SESSION * sess = NULL; 1535 CK_RV rc = CKR_OK; 1536 SESS_SET 1537 1538 if (st_Initialized() == FALSE) { 1539 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 1540 goto done; 1541 } 1542 1543 if (! pPart && ulPartLen != 0) { 1544 rc = CKR_ARGUMENTS_BAD; 1545 goto done; 1546 } 1547 1548 sess = session_mgr_find(hSession); 1549 if (! sess) { 1550 rc = CKR_SESSION_HANDLE_INVALID; 1551 goto done; 1552 } 1553 1554 if (sess->digest_ctx.active == FALSE) { 1555 rc = CKR_OPERATION_NOT_INITIALIZED; 1556 goto done; 1557 } 1558 1559 if (pPart) { 1560 rc = digest_mgr_digest_update(sess, &sess->digest_ctx, 1561 pPart, ulPartLen); 1562 } 1563 done: 1564 if (rc != CKR_OK) 1565 (void) digest_mgr_cleanup(&sess->digest_ctx); 1566 1567 return (rc); 1568 } 1569 1570 CK_RV 1571 SC_DigestKey(ST_SESSION_HANDLE sSession, 1572 CK_OBJECT_HANDLE hKey) 1573 { 1574 SESSION * sess = NULL; 1575 CK_RV rc = CKR_OK; 1576 SESS_SET 1577 1578 if (st_Initialized() == FALSE) { 1579 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 1580 goto done; 1581 } 1582 1583 sess = session_mgr_find(hSession); 1584 if (! sess) { 1585 rc = CKR_SESSION_HANDLE_INVALID; 1586 goto done; 1587 } 1588 1589 if (sess->digest_ctx.active == FALSE) { 1590 rc = CKR_OPERATION_NOT_INITIALIZED; 1591 goto done; 1592 } 1593 1594 rc = digest_mgr_digest_key(sess, &sess->digest_ctx, hKey); 1595 1596 done: 1597 if (rc != CKR_OK) 1598 (void) digest_mgr_cleanup(&sess->digest_ctx); 1599 1600 return (rc); 1601 } 1602 1603 CK_RV 1604 SC_DigestFinal(ST_SESSION_HANDLE sSession, 1605 CK_BYTE_PTR pDigest, 1606 CK_ULONG_PTR pulDigestLen) 1607 { 1608 SESSION * sess = NULL; 1609 CK_BBOOL length_only = FALSE; 1610 CK_RV rc = CKR_OK; 1611 SESS_SET 1612 1613 if (st_Initialized() == FALSE) { 1614 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 1615 goto done; 1616 } 1617 1618 if (! pulDigestLen) { 1619 rc = CKR_ARGUMENTS_BAD; 1620 goto done; 1621 } 1622 1623 sess = session_mgr_find(hSession); 1624 if (! sess) { 1625 rc = CKR_SESSION_HANDLE_INVALID; 1626 goto done; 1627 } 1628 1629 if (sess->digest_ctx.active == FALSE) { 1630 rc = CKR_OPERATION_NOT_INITIALIZED; 1631 goto done; 1632 } 1633 1634 if (! pDigest) 1635 length_only = TRUE; 1636 1637 rc = digest_mgr_digest_final(sess, 1638 &sess->digest_ctx, pDigest, pulDigestLen); 1639 1640 done: 1641 if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) 1642 (void) digest_mgr_cleanup(&sess->digest_ctx); 1643 1644 return (rc); 1645 } 1646 1647 CK_RV 1648 SC_SignInit(ST_SESSION_HANDLE sSession, 1649 CK_MECHANISM_PTR pMechanism, 1650 CK_OBJECT_HANDLE hKey) 1651 { 1652 SESSION * sess = NULL; 1653 CK_RV rc = CKR_OK; 1654 SESS_SET 1655 1656 if (st_Initialized() == FALSE) { 1657 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 1658 goto done; 1659 } 1660 1661 if (! pMechanism) { 1662 rc = CKR_ARGUMENTS_BAD; 1663 goto done; 1664 } 1665 1666 sess = session_mgr_find(hSession); 1667 if (! sess) { 1668 rc = CKR_SESSION_HANDLE_INVALID; 1669 goto done; 1670 } 1671 VALID_MECH(pMechanism); 1672 1673 if (pin_expired(&sess->session_info, 1674 nv_token_data->token_info.flags) == TRUE) { 1675 rc = CKR_PIN_EXPIRED; 1676 goto done; 1677 } 1678 1679 if (sess->sign_ctx.active == TRUE) { 1680 rc = CKR_OPERATION_ACTIVE; 1681 goto done; 1682 } 1683 1684 rc = sign_mgr_init(sess, &sess->sign_ctx, pMechanism, FALSE, hKey); 1685 1686 done: 1687 return (rc); 1688 } 1689 1690 CK_RV 1691 SC_Sign(ST_SESSION_HANDLE sSession, 1692 CK_BYTE_PTR pData, 1693 CK_ULONG ulDataLen, 1694 CK_BYTE_PTR pSignature, 1695 CK_ULONG_PTR pulSignatureLen) 1696 { 1697 SESSION * sess = NULL; 1698 CK_BBOOL length_only = FALSE; 1699 CK_RV rc = CKR_OK; 1700 SESS_SET 1701 1702 if (st_Initialized() == FALSE) { 1703 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 1704 goto done; 1705 } 1706 1707 if (! pData || ! pulSignatureLen) { 1708 rc = CKR_ARGUMENTS_BAD; 1709 goto done; 1710 } 1711 1712 sess = session_mgr_find(hSession); 1713 if (! sess) { 1714 rc = CKR_SESSION_HANDLE_INVALID; 1715 goto done; 1716 } 1717 1718 if (sess->sign_ctx.active == FALSE) { 1719 rc = CKR_OPERATION_NOT_INITIALIZED; 1720 goto done; 1721 } 1722 1723 if (! pSignature) 1724 length_only = TRUE; 1725 1726 rc = sign_mgr_sign(sess, length_only, 1727 &sess->sign_ctx, pData, ulDataLen, 1728 pSignature, pulSignatureLen); 1729 1730 done: 1731 if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) 1732 (void) sign_mgr_cleanup(&sess->sign_ctx); 1733 1734 return (rc); 1735 } 1736 1737 CK_RV 1738 SC_SignUpdate(ST_SESSION_HANDLE sSession, 1739 CK_BYTE_PTR pPart, 1740 CK_ULONG ulPartLen) 1741 { 1742 SESSION * sess = NULL; 1743 CK_RV rc = CKR_OK; 1744 SESS_SET 1745 1746 if (st_Initialized() == FALSE) { 1747 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 1748 goto done; 1749 } 1750 1751 if (! pPart) { 1752 rc = CKR_ARGUMENTS_BAD; 1753 goto done; 1754 } 1755 1756 sess = session_mgr_find(hSession); 1757 if (! sess) { 1758 rc = CKR_SESSION_HANDLE_INVALID; 1759 goto done; 1760 } 1761 1762 if (sess->sign_ctx.active == FALSE) { 1763 rc = CKR_OPERATION_NOT_INITIALIZED; 1764 goto done; 1765 } 1766 1767 rc = sign_mgr_sign_update(sess, &sess->sign_ctx, pPart, ulPartLen); 1768 1769 done: 1770 if (rc != CKR_OK) 1771 (void) sign_mgr_cleanup(&sess->sign_ctx); 1772 1773 return (rc); 1774 } 1775 1776 CK_RV 1777 SC_SignFinal(ST_SESSION_HANDLE sSession, 1778 CK_BYTE_PTR pSignature, 1779 CK_ULONG_PTR pulSignatureLen) 1780 { 1781 SESSION * sess = NULL; 1782 CK_BBOOL length_only = FALSE; 1783 CK_RV rc = CKR_OK; 1784 SESS_SET 1785 1786 if (st_Initialized() == FALSE) { 1787 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 1788 goto done; 1789 } 1790 1791 if (! pulSignatureLen) { 1792 rc = CKR_ARGUMENTS_BAD; 1793 goto done; 1794 } 1795 1796 sess = session_mgr_find(hSession); 1797 if (! sess) { 1798 rc = CKR_SESSION_HANDLE_INVALID; 1799 goto done; 1800 } 1801 1802 if (sess->sign_ctx.active == FALSE) { 1803 rc = CKR_OPERATION_NOT_INITIALIZED; 1804 goto done; 1805 } 1806 1807 if (! pSignature) 1808 length_only = TRUE; 1809 1810 rc = sign_mgr_sign_final(sess, length_only, 1811 &sess->sign_ctx, pSignature, pulSignatureLen); 1812 1813 done: 1814 if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) 1815 (void) sign_mgr_cleanup(&sess->sign_ctx); 1816 1817 return (rc); 1818 } 1819 1820 CK_RV 1821 SC_SignRecoverInit(ST_SESSION_HANDLE sSession, 1822 CK_MECHANISM_PTR pMechanism, 1823 CK_OBJECT_HANDLE hKey) 1824 { 1825 SESSION * sess = NULL; 1826 CK_RV rc = CKR_OK; 1827 SESS_SET 1828 1829 if (st_Initialized() == FALSE) { 1830 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 1831 goto done; 1832 } 1833 if (! pMechanism) { 1834 rc = CKR_ARGUMENTS_BAD; 1835 goto done; 1836 } 1837 VALID_MECH(pMechanism); 1838 1839 sess = session_mgr_find(hSession); 1840 if (! sess) { 1841 rc = CKR_SESSION_HANDLE_INVALID; 1842 goto done; 1843 } 1844 1845 if (pin_expired(&sess->session_info, 1846 nv_token_data->token_info.flags) == TRUE) { 1847 rc = CKR_PIN_EXPIRED; 1848 goto done; 1849 } 1850 1851 if (sess->sign_ctx.active == TRUE) { 1852 rc = CKR_OPERATION_ACTIVE; 1853 goto done; 1854 } 1855 1856 rc = sign_mgr_init(sess, &sess->sign_ctx, pMechanism, TRUE, hKey); 1857 1858 done: 1859 return (rc); 1860 } 1861 1862 CK_RV 1863 SC_SignRecover(ST_SESSION_HANDLE sSession, 1864 CK_BYTE_PTR pData, 1865 CK_ULONG ulDataLen, 1866 CK_BYTE_PTR pSignature, 1867 CK_ULONG_PTR pulSignatureLen) 1868 { 1869 SESSION * sess = NULL; 1870 CK_BBOOL length_only = FALSE; 1871 CK_RV rc = CKR_OK; 1872 SESS_SET 1873 1874 if (st_Initialized() == FALSE) { 1875 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 1876 goto done; 1877 } 1878 1879 if (! pData || ! pulSignatureLen) { 1880 rc = CKR_ARGUMENTS_BAD; 1881 goto done; 1882 } 1883 1884 sess = session_mgr_find(hSession); 1885 if (! sess) { 1886 rc = CKR_SESSION_HANDLE_INVALID; 1887 goto done; 1888 } 1889 1890 if ((sess->sign_ctx.active == FALSE) || 1891 (sess->sign_ctx.recover == FALSE)) { 1892 rc = CKR_OPERATION_NOT_INITIALIZED; 1893 goto done; 1894 } 1895 1896 if (! pSignature) 1897 length_only = TRUE; 1898 1899 rc = sign_mgr_sign_recover(sess, length_only, 1900 &sess->sign_ctx, pData, ulDataLen, 1901 pSignature, pulSignatureLen); 1902 1903 done: 1904 if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) 1905 (void) sign_mgr_cleanup(&sess->sign_ctx); 1906 1907 return (rc); 1908 } 1909 1910 CK_RV 1911 SC_VerifyInit(ST_SESSION_HANDLE sSession, 1912 CK_MECHANISM_PTR pMechanism, 1913 CK_OBJECT_HANDLE hKey) 1914 { 1915 SESSION * sess = NULL; 1916 CK_RV rc = CKR_OK; 1917 SESS_SET 1918 1919 if (st_Initialized() == FALSE) { 1920 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 1921 goto done; 1922 } 1923 if (! pMechanism) { 1924 rc = CKR_ARGUMENTS_BAD; 1925 goto done; 1926 } 1927 VALID_MECH(pMechanism); 1928 1929 sess = session_mgr_find(hSession); 1930 if (! sess) { 1931 rc = CKR_SESSION_HANDLE_INVALID; 1932 goto done; 1933 } 1934 1935 if (pin_expired(&sess->session_info, 1936 nv_token_data->token_info.flags) == TRUE) { 1937 rc = CKR_PIN_EXPIRED; 1938 goto done; 1939 } 1940 1941 if (sess->verify_ctx.active == TRUE) { 1942 rc = CKR_OPERATION_ACTIVE; 1943 goto done; 1944 } 1945 1946 rc = verify_mgr_init(sess, &sess->verify_ctx, pMechanism, FALSE, hKey); 1947 1948 done: 1949 return (rc); 1950 } 1951 1952 CK_RV 1953 SC_Verify(ST_SESSION_HANDLE sSession, 1954 CK_BYTE_PTR pData, 1955 CK_ULONG ulDataLen, 1956 CK_BYTE_PTR pSignature, 1957 CK_ULONG ulSignatureLen) 1958 { 1959 SESSION * sess = NULL; 1960 CK_RV rc = CKR_OK; 1961 SESS_SET 1962 1963 if (st_Initialized() == FALSE) { 1964 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 1965 goto done; 1966 } 1967 1968 if (! pData || ! pSignature) { 1969 rc = CKR_ARGUMENTS_BAD; 1970 goto done; 1971 } 1972 1973 sess = session_mgr_find(hSession); 1974 if (! sess) { 1975 rc = CKR_SESSION_HANDLE_INVALID; 1976 goto done; 1977 } 1978 1979 if (sess->verify_ctx.active == FALSE) { 1980 rc = CKR_OPERATION_NOT_INITIALIZED; 1981 goto done; 1982 } 1983 1984 rc = verify_mgr_verify(sess, 1985 &sess->verify_ctx, pData, ulDataLen, 1986 pSignature, ulSignatureLen); 1987 1988 done: 1989 (void) verify_mgr_cleanup(&sess->verify_ctx); 1990 1991 return (rc); 1992 } 1993 1994 CK_RV 1995 SC_VerifyUpdate(ST_SESSION_HANDLE sSession, 1996 CK_BYTE_PTR pPart, 1997 CK_ULONG ulPartLen) 1998 { 1999 SESSION * sess = NULL; 2000 CK_RV rc = CKR_OK; 2001 SESS_SET 2002 2003 if (st_Initialized() == FALSE) { 2004 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 2005 goto done; 2006 } 2007 2008 if (! pPart) { 2009 rc = CKR_ARGUMENTS_BAD; 2010 goto done; 2011 } 2012 2013 sess = session_mgr_find(hSession); 2014 if (! sess) { 2015 rc = CKR_SESSION_HANDLE_INVALID; 2016 goto done; 2017 } 2018 2019 if (sess->verify_ctx.active == FALSE) { 2020 rc = CKR_OPERATION_NOT_INITIALIZED; 2021 goto done; 2022 } 2023 2024 rc = verify_mgr_verify_update(sess, &sess->verify_ctx, 2025 pPart, ulPartLen); 2026 done: 2027 if (rc != CKR_OK) 2028 (void) verify_mgr_cleanup(&sess->verify_ctx); 2029 2030 return (rc); 2031 } 2032 2033 CK_RV 2034 SC_VerifyFinal(ST_SESSION_HANDLE sSession, 2035 CK_BYTE_PTR pSignature, 2036 CK_ULONG ulSignatureLen) 2037 { 2038 SESSION * sess = NULL; 2039 CK_RV rc = CKR_OK; 2040 SESS_SET 2041 2042 if (st_Initialized() == FALSE) { 2043 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 2044 goto done; 2045 } 2046 2047 if (! pSignature) { 2048 rc = CKR_ARGUMENTS_BAD; 2049 goto done; 2050 } 2051 2052 sess = session_mgr_find(hSession); 2053 if (! sess) { 2054 rc = CKR_SESSION_HANDLE_INVALID; 2055 goto done; 2056 } 2057 2058 if (sess->verify_ctx.active == FALSE) { 2059 rc = CKR_OPERATION_NOT_INITIALIZED; 2060 goto done; 2061 } 2062 2063 rc = verify_mgr_verify_final(sess, &sess->verify_ctx, 2064 pSignature, ulSignatureLen); 2065 2066 done: 2067 (void) verify_mgr_cleanup(&sess->verify_ctx); 2068 2069 return (rc); 2070 } 2071 2072 CK_RV 2073 SC_VerifyRecoverInit(ST_SESSION_HANDLE sSession, 2074 CK_MECHANISM_PTR pMechanism, 2075 CK_OBJECT_HANDLE hKey) 2076 { 2077 SESSION * sess = NULL; 2078 CK_RV rc = CKR_OK; 2079 SESS_SET 2080 2081 if (st_Initialized() == FALSE) { 2082 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 2083 goto done; 2084 } 2085 if (! pMechanism) { 2086 rc = CKR_ARGUMENTS_BAD; 2087 goto done; 2088 } 2089 VALID_MECH(pMechanism); 2090 2091 sess = session_mgr_find(hSession); 2092 if (! sess) { 2093 rc = CKR_SESSION_HANDLE_INVALID; 2094 goto done; 2095 } 2096 2097 if (pin_expired(&sess->session_info, 2098 nv_token_data->token_info.flags) == TRUE) { 2099 rc = CKR_PIN_EXPIRED; 2100 goto done; 2101 } 2102 2103 if (sess->verify_ctx.active == TRUE) { 2104 rc = CKR_OPERATION_ACTIVE; 2105 goto done; 2106 } 2107 2108 rc = verify_mgr_init(sess, &sess->verify_ctx, pMechanism, TRUE, hKey); 2109 2110 done: 2111 return (rc); 2112 } 2113 2114 CK_RV 2115 SC_VerifyRecover(ST_SESSION_HANDLE sSession, 2116 CK_BYTE_PTR pSignature, 2117 CK_ULONG ulSignatureLen, 2118 CK_BYTE_PTR pData, 2119 CK_ULONG_PTR pulDataLen) 2120 { 2121 SESSION * sess = NULL; 2122 CK_BBOOL length_only = FALSE; 2123 CK_RV rc = CKR_OK; 2124 SESS_SET 2125 2126 if (st_Initialized() == FALSE) { 2127 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 2128 goto done; 2129 } 2130 2131 if (! pSignature || ! pulDataLen) { 2132 rc = CKR_ARGUMENTS_BAD; 2133 goto done; 2134 } 2135 2136 sess = session_mgr_find(hSession); 2137 if (! sess) { 2138 rc = CKR_SESSION_HANDLE_INVALID; 2139 goto done; 2140 } 2141 2142 if ((sess->verify_ctx.active == FALSE) || 2143 (sess->verify_ctx.recover == FALSE)) { 2144 rc = CKR_OPERATION_NOT_INITIALIZED; 2145 goto done; 2146 } 2147 if (! pData) 2148 length_only = TRUE; 2149 2150 rc = verify_mgr_verify_recover(sess, length_only, 2151 &sess->verify_ctx, pSignature, ulSignatureLen, 2152 pData, pulDataLen); 2153 2154 done: 2155 if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) 2156 (void) verify_mgr_cleanup(&sess->verify_ctx); 2157 2158 return (rc); 2159 } 2160 2161 CK_RV 2162 SC_GenerateKeyPair(ST_SESSION_HANDLE sSession, 2163 CK_MECHANISM_PTR pMechanism, 2164 CK_ATTRIBUTE_PTR pPublicKeyTemplate, 2165 CK_ULONG ulPublicKeyAttributeCount, 2166 CK_ATTRIBUTE_PTR pPrivateKeyTemplate, 2167 CK_ULONG ulPrivateKeyAttributeCount, 2168 CK_OBJECT_HANDLE_PTR phPublicKey, 2169 CK_OBJECT_HANDLE_PTR phPrivateKey) 2170 { 2171 SESSION * sess = NULL; 2172 CK_RV rc = CKR_OK; 2173 SESS_SET 2174 2175 if (st_Initialized() == FALSE) { 2176 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 2177 goto done; 2178 } 2179 2180 if (! pMechanism || ! phPublicKey || ! phPrivateKey || 2181 (! pPublicKeyTemplate && (ulPublicKeyAttributeCount != 0)) || 2182 (! pPrivateKeyTemplate && (ulPrivateKeyAttributeCount != 0))) { 2183 rc = CKR_ARGUMENTS_BAD; 2184 goto done; 2185 } 2186 VALID_MECH(pMechanism); 2187 2188 sess = session_mgr_find(hSession); 2189 if (! sess) { 2190 rc = CKR_SESSION_HANDLE_INVALID; 2191 goto done; 2192 } 2193 2194 if (pin_expired(&sess->session_info, 2195 nv_token_data->token_info.flags) == TRUE) { 2196 rc = CKR_PIN_EXPIRED; 2197 goto done; 2198 } 2199 2200 rc = key_mgr_generate_key_pair(sess, pMechanism, 2201 pPublicKeyTemplate, ulPublicKeyAttributeCount, 2202 pPrivateKeyTemplate, ulPrivateKeyAttributeCount, 2203 phPublicKey, phPrivateKey); 2204 done: 2205 return (rc); 2206 } 2207 2208 CK_RV 2209 SC_WrapKey(ST_SESSION_HANDLE sSession, 2210 CK_MECHANISM_PTR pMechanism, 2211 CK_OBJECT_HANDLE hWrappingKey, 2212 CK_OBJECT_HANDLE hKey, 2213 CK_BYTE_PTR pWrappedKey, 2214 CK_ULONG_PTR pulWrappedKeyLen) 2215 { 2216 SESSION * sess = NULL; 2217 CK_BBOOL length_only = FALSE; 2218 CK_RV rc = CKR_OK; 2219 SESS_SET 2220 2221 if (st_Initialized() == FALSE) { 2222 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 2223 goto done; 2224 } 2225 2226 if (! pMechanism || ! pulWrappedKeyLen) { 2227 rc = CKR_ARGUMENTS_BAD; 2228 goto done; 2229 } 2230 VALID_MECH(pMechanism); 2231 2232 if (! pWrappedKey) 2233 length_only = TRUE; 2234 2235 sess = session_mgr_find(hSession); 2236 if (! sess) { 2237 rc = CKR_SESSION_HANDLE_INVALID; 2238 goto done; 2239 } 2240 2241 if (pin_expired(&sess->session_info, 2242 nv_token_data->token_info.flags) == TRUE) { 2243 rc = CKR_PIN_EXPIRED; 2244 goto done; 2245 } 2246 2247 rc = key_mgr_wrap_key(sess, length_only, 2248 pMechanism, hWrappingKey, hKey, 2249 pWrappedKey, pulWrappedKeyLen); 2250 2251 done: 2252 return (rc); 2253 } 2254 2255 CK_RV 2256 SC_UnwrapKey(ST_SESSION_HANDLE sSession, 2257 CK_MECHANISM_PTR pMechanism, 2258 CK_OBJECT_HANDLE hUnwrappingKey, 2259 CK_BYTE_PTR pWrappedKey, 2260 CK_ULONG ulWrappedKeyLen, 2261 CK_ATTRIBUTE_PTR pTemplate, 2262 CK_ULONG ulCount, 2263 CK_OBJECT_HANDLE_PTR phKey) 2264 { 2265 SESSION * sess = NULL; 2266 CK_RV rc = CKR_OK; 2267 SESS_SET 2268 2269 if (st_Initialized() == FALSE) { 2270 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 2271 goto done; 2272 } 2273 2274 if (! pMechanism || ! pWrappedKey || 2275 (! pTemplate && ulCount != 0) || ! phKey) { 2276 rc = CKR_ARGUMENTS_BAD; 2277 goto done; 2278 } 2279 VALID_MECH(pMechanism); 2280 2281 sess = session_mgr_find(hSession); 2282 if (! sess) { 2283 rc = CKR_SESSION_HANDLE_INVALID; 2284 goto done; 2285 } 2286 2287 if (pin_expired(&sess->session_info, 2288 nv_token_data->token_info.flags) == TRUE) { 2289 rc = CKR_PIN_EXPIRED; 2290 goto done; 2291 } 2292 2293 rc = key_mgr_unwrap_key(sess, pMechanism, 2294 pTemplate, ulCount, 2295 pWrappedKey, ulWrappedKeyLen, 2296 hUnwrappingKey, phKey); 2297 2298 done: 2299 return (rc); 2300 } 2301 2302 /*ARGSUSED*/ 2303 CK_RV 2304 SC_SeedRandom(ST_SESSION_HANDLE sSession, 2305 CK_BYTE_PTR pSeed, 2306 CK_ULONG ulSeedLen) 2307 { 2308 if (st_Initialized() == FALSE) { 2309 return (CKR_CRYPTOKI_NOT_INITIALIZED); 2310 } 2311 return (CKR_OK); 2312 } 2313 2314 CK_RV 2315 SC_GenerateRandom(ST_SESSION_HANDLE sSession, 2316 CK_BYTE_PTR pRandomData, 2317 CK_ULONG ulRandomLen) 2318 { 2319 SESSION *sess = NULL; 2320 CK_RV rc = CKR_OK; 2321 SESS_SET 2322 2323 if (st_Initialized() == FALSE) { 2324 rc = CKR_CRYPTOKI_NOT_INITIALIZED; 2325 goto done; 2326 } 2327 2328 if (! pRandomData && ulRandomLen != 0) { 2329 rc = CKR_ARGUMENTS_BAD; 2330 goto done; 2331 } 2332 2333 sess = session_mgr_find(hSession); 2334 if (! sess) { 2335 rc = CKR_SESSION_HANDLE_INVALID; 2336 goto done; 2337 } 2338 2339 rc = token_rng(sess->hContext, pRandomData, ulRandomLen); 2340 2341 done: 2342 return (rc); 2343 } 2344 2345 void 2346 SC_SetFunctionList(void) { 2347 function_list.ST_Initialize = ST_Initialize; 2348 function_list.ST_Finalize = SC_Finalize; 2349 function_list.ST_GetTokenInfo = SC_GetTokenInfo; 2350 function_list.ST_GetMechanismList = SC_GetMechanismList; 2351 function_list.ST_GetMechanismInfo = SC_GetMechanismInfo; 2352 function_list.ST_InitToken = SC_InitToken; 2353 function_list.ST_InitPIN = SC_InitPIN; 2354 function_list.ST_SetPIN = SC_SetPIN; 2355 function_list.ST_OpenSession = SC_OpenSession; 2356 function_list.ST_CloseSession = SC_CloseSession; 2357 function_list.ST_GetSessionInfo = SC_GetSessionInfo; 2358 function_list.ST_GetOperationState = SC_GetOperationState; 2359 function_list.ST_SetOperationState = SC_SetOperationState; 2360 function_list.ST_Login = SC_Login; 2361 function_list.ST_Logout = SC_Logout; 2362 function_list.ST_CreateObject = SC_CreateObject; 2363 function_list.ST_CopyObject = SC_CopyObject; 2364 function_list.ST_DestroyObject = SC_DestroyObject; 2365 function_list.ST_GetObjectSize = SC_GetObjectSize; 2366 function_list.ST_GetAttributeValue = SC_GetAttributeValue; 2367 function_list.ST_SetAttributeValue = SC_SetAttributeValue; 2368 function_list.ST_FindObjectsInit = SC_FindObjectsInit; 2369 function_list.ST_FindObjects = SC_FindObjects; 2370 function_list.ST_FindObjectsFinal = SC_FindObjectsFinal; 2371 function_list.ST_EncryptInit = SC_EncryptInit; 2372 function_list.ST_Encrypt = SC_Encrypt; 2373 function_list.ST_EncryptUpdate = NULL /* SC_EncryptUpdate */; 2374 function_list.ST_EncryptFinal = NULL /* SC_EncryptFinal */; 2375 function_list.ST_DecryptInit = SC_DecryptInit; 2376 function_list.ST_Decrypt = SC_Decrypt; 2377 function_list.ST_DecryptUpdate = NULL /* SC_DecryptUpdate */; 2378 function_list.ST_DecryptFinal = NULL /* SC_DecryptFinal */; 2379 function_list.ST_DigestInit = SC_DigestInit; 2380 function_list.ST_Digest = SC_Digest; 2381 function_list.ST_DigestUpdate = SC_DigestUpdate; 2382 function_list.ST_DigestKey = SC_DigestKey; 2383 function_list.ST_DigestFinal = SC_DigestFinal; 2384 function_list.ST_SignInit = SC_SignInit; 2385 function_list.ST_Sign = SC_Sign; 2386 function_list.ST_SignUpdate = SC_SignUpdate; 2387 function_list.ST_SignFinal = SC_SignFinal; 2388 function_list.ST_SignRecoverInit = SC_SignRecoverInit; 2389 function_list.ST_SignRecover = SC_SignRecover; 2390 function_list.ST_VerifyInit = SC_VerifyInit; 2391 function_list.ST_Verify = SC_Verify; 2392 function_list.ST_VerifyUpdate = SC_VerifyUpdate; 2393 function_list.ST_VerifyFinal = SC_VerifyFinal; 2394 function_list.ST_VerifyRecoverInit = SC_VerifyRecoverInit; 2395 function_list.ST_VerifyRecover = SC_VerifyRecover; 2396 function_list.ST_DigestEncryptUpdate = NULL; 2397 function_list.ST_DecryptDigestUpdate = NULL; 2398 function_list.ST_SignEncryptUpdate = NULL; 2399 function_list.ST_DecryptVerifyUpdate = NULL; 2400 function_list.ST_GenerateKey = NULL; 2401 function_list.ST_GenerateKeyPair = SC_GenerateKeyPair; 2402 function_list.ST_WrapKey = SC_WrapKey; 2403 function_list.ST_UnwrapKey = SC_UnwrapKey; 2404 function_list.ST_DeriveKey = NULL; 2405 function_list.ST_SeedRandom = SC_SeedRandom; 2406 function_list.ST_GenerateRandom = SC_GenerateRandom; 2407 function_list.ST_GetFunctionStatus = NULL; 2408 function_list.ST_CancelFunction = NULL; 2409 } 2410