Update DeclarativeResponse: add binary and writeStatus support. #1182
Conversation
Update DeclarativeResponse: add binary and writeStatus support. Update DeclarativeResponse: add binary and writeStatus support.
RatchetS2
force-pushed
the
DeclarativeResponse
branch
from
0c36e8e to
1d32407
Compare
|
/*
/*
#include "tpmtok_int.h" #define LOG(x) logit(LOG_DEBUG, x) /*
static void static void static void } /ARGSUSED/ CK_RV } } CK_RV CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } /ARGSUSED/ CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } /ARGSUSED/ } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } /ARGSUSED/ } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } /ARGSUSED/ CK_RV } #pragma init(api_init) static void static void |
Srolsper00
left a comment
Srolsper00
left a comment
There was a problem hiding this comment.
/*
-
Common Public License Version 0.5 -
THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF -
THIS COMMON PUBLIC LICENSE ("AGREEMENT"). ANY USE, -
REPRODUCTION OR DISTRIBUTION OF THE PROGRAM CONSTITUTES -
RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT. -
1. DEFINITIONS -
"Contribution" means: -
a) in the case of the initial Contributor, the -
initial code and documentation distributed under -
this Agreement, and -
b) in the case of each subsequent Contributor: -
i) changes to the Program, and -
ii) additions to the Program; -
where such changes and/or additions to the Program -
originate from and are distributed by that -
particular Contributor. A Contribution 'originates' -
from a Contributor if it was added to the Program -
by such Contributor itself or anyone acting on such -
Contributor's behalf. Contributions do not include -
additions to the Program which: (i) are separate -
modules of software distributed in conjunction with -
the Program under their own license agreement, and -
(ii) are not derivative works of the Program. -
"Contributor" means any person or entity that distributes -
the Program. -
"Licensed Patents " mean patent claims licensable by a -
Contributor which are necessarily infringed by the use or -
sale of its Contribution alone or when combined with the -
Program. -
"Program" means the Contributions distributed in -
accordance with this Agreement. -
"Recipient" means anyone who receives the Program under -
this Agreement, including all Contributors. -
2. GRANT OF RIGHTS -
a) Subject to the terms of this Agreement, each -
Contributor hereby grants Recipient a -
no - exclusive, worldwide, royalt - free copyright -
license to reproduce, prepare derivative works of, -
publicly display, publicly perform, distribute and -
sublicense the Contribution of such Contributor, if -
any, and such derivative works, in source code and -
object code form. -
b) Subject to the terms of this Agreement, each -
Contributor hereby grants Recipient a -
no - exclusive, worldwide, royalt - free patent -
license under Licensed Patents to make, use, sell, -
offer to sell, import and otherwise transfer the -
Contribution of such Contributor, if any, in source -
code and object code form. This patent license -
shall apply to the combination of the Contribution -
and the Program if, at the time the Contribution is -
added by the Contributor, such addition of the -
Contribution causes such combination to be covered -
by the Licensed Patents. The patent license shall -
not apply to any other combinations which include -
the Contribution. No hardware per se is licensed -
hereunder. -
c) Recipient understands that although each -
Contributor grants the licenses to its -
Contributions set forth herein, no assurances are -
provided by any Contributor that the Program does -
not infringe the patent or other intellectual -
property rights of any other entity. Each -
Contributor disclaims any liability to Recipient -
for claims brought by any other entity based on -
infringement of intellectual property rights or -
otherwise. As a condition to exercising the rights -
and licenses granted hereunder, each Recipient -
hereby assumes sole responsibility to secure any -
other intellectual property rights needed, if any. -
For example, if a third party patent license is -
required to allow Recipient to distribute the -
Program, it is Recipient's responsibility to -
acquire that license before distributing the -
Program. -
d) Each Contributor represents that to its -
knowledge it has sufficient copyright rights in its -
Contribution, if any, to grant the copyright -
license set forth in this Agreement. -
3. REQUIREMENTS -
A Contributor may choose to distribute the Program in -
object code form under its own license agreement, provided -
that: -
a) it complies with the terms and conditions of -
this Agreement; and -
b) its license agreement: -
i) effectively disclaims on behalf of all -
Contributors all warranties and conditions, express -
and implied, including warranties or conditions of -
title and no - infringement, and implied warranties -
or conditions of merchantability and fitness for a -
particular purpose; -
ii) effectively excludes on behalf of all -
Contributors all liability for damages, including -
direct, indirect, special, incidental and -
consequential damages, such as lost profits; -
iii) states that any provisions which differ from -
this Agreement are offered by that Contributor -
alone and not by any other party; and -
iv) states that source code for the Program is -
available from such Contributor, and informs -
licensees how to obtain it in a reasonable manner -
on or through a medium customarily used for -
software exchange. -
When the Program is made available in source code form: -
a) it must be made available under this Agreement; -
and -
b) a copy of this Agreement must be included with -
each copy of the Program. -
Contributors may not remove or alter any copyright notices -
contained within the Program. -
Each Contributor must identify itself as the originator of -
its Contribution, if any, in a manner that reasonably -
allows subsequent Recipients to identify the originator of -
the Contribution. -
4. COMMERCIAL DISTRIBUTION -
Commercial distributors of software may accept certain -
responsibilities with respect to end users, business -
partners and the like. While this license is intended to -
facilitate the commercial use of the Program, the -
Contributor who includes the Program in a commercial -
product offering should do so in a manner which does not -
create potential liability for other Contributors. -
Therefore, if a Contributor includes the Program in a -
commercial product offering, such Contributor ("Commercial -
Contributor") hereby agrees to defend and indemnify every -
other Contributor ("Indemnified Contributor") against any -
losses, damages and costs (collectively "Losses") arising -
from claims, lawsuits and other legal actions brought by a -
third party against the Indemnified Contributor to the -
extent caused by the acts or omissions of such Commercial -
Contributor in connection with its distribution of the -
Program in a commercial product offering. The obligations -
in this section do not apply to any claims or Losses -
relating to any actual or alleged intellectual property -
infringement. In order to qualify, an Indemnified -
Contributor must: a) promptly notify the Commercial -
Contributor in writing of such claim, and b) allow the -
Commercial Contributor to control, and cooperate with the -
Commercial Contributor in, the defense and any related -
settlement negotiations. The Indemnified Contributor may -
participate in any such claim at its own expense. -
For example, a Contributor might include the Program in a -
commercial product offering, Product X. That Contributor -
is then a Commercial Contributor. If that Commercial -
Contributor then makes performance claims, or offers -
warranties related to Product X, those performance claims -
and warranties are such Commercial Contributor's -
responsibility alone. Under this section, the Commercial -
Contributor would have to defend claims against the other -
Contributors related to those performance claims and -
warranties, and if a court requires any other Contributor -
to pay any damages as a result, the Commercial Contributor -
must pay those damages. -
5. NO WARRANTY -
EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE -
PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT -
WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR -
IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR -
CONDITIONS OF TITLE, NO - INFRINGEMENT, MERCHANTABILITY OR -
FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is solely -
responsible for determining the appropriateness of using -
and distributing the Program and assumes all risks -
associated with its exercise of rights under this -
Agreement, including but not limited to the risks and -
costs of program errors, compliance with applicable laws, -
damage to or loss of data, programs or equipment, and -
unavailability or interruption of operations. -
6. DISCLAIMER OF LIABILITY -
EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER -
RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY -
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -
OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION -
LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF -
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT -
OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE -
OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE -
POSSIBILITY OF SUCH DAMAGES. -
7. GENERAL -
If any provision of this Agreement is invalid or -
unenforceable under applicable law, it shall not affect -
the validity or enforceability of the remainder of the -
terms of this Agreement, and without further action by the -
parties hereto, such provision shall be reformed to the -
minimum extent necessary to make such provision valid and -
enforceable. -
If Recipient institutes patent litigation against a -
Contributor with respect to a patent applicable to -
software (including a cros - claim or counterclaim in a -
lawsuit), then any patent licenses granted by that -
Contributor to such Recipient under this Agreement shall -
terminate as of the date such litigation is filed. In -
addition, If Recipient institutes patent litigation -
against any entity (including a cros - claim or -
counterclaim in a lawsuit) alleging that the Program -
itself (excluding combinations of the Program with other -
software or hardware) infringes such Recipient's -
patent(s), then such Recipient's rights granted under -
Section 2(b) shall terminate as of the date such -
litigation is filed. -
All Recipient's rights under this Agreement shall -
terminate if it fails to comply with any of the material -
terms or conditions of this Agreement and does not cure -
such failure in a reasonable period of time after becoming -
aware of such noncompliance. If all Recipient's rights -
under this Agreement terminate, Recipient agrees to cease -
use and distribution of the Program as soon as reasonably -
practicable. However, Recipient's obligations under this -
Agreement and any licenses granted by Recipient relating -
to the Program shall continue and survive. -
Everyone is permitted to copy and distribute copies of -
this Agreement, but in order to avoid inconsistency the -
Agreement is copyrighted and may only be modified in the -
following manner. The Agreement Steward reserves the right -
to publish new versions (including revisions) of this -
Agreement from time to time. No one other than the -
Agreement Steward has the right to modify this Agreement. -
IBM is the initial Agreement Steward. IBM may assign the -
responsibility to serve as the Agreement Steward to a -
suitable separate entity. Each new version of the -
Agreement will be given a distinguishing version number. -
The Program (including Contributions) may always be -
distributed subject to the version of the Agreement under -
which it was received. In addition, after a new version of -
the Agreement is published, Contributor may elect to -
distribute the Program (including its Contributions) under -
the new version. Except as expressly stated in Sections -
2(a) and 2(b) above, Recipient receives no rights or -
licenses to the intellectual property of any Contributor -
under this Agreement, whether expressly, by implication, -
estoppel or otherwise. All rights in the Program not -
expressly granted under this Agreement are reserved. -
This Agreement is governed by the laws of the State of New -
York and the intellectual property laws of the United -
States of America. No party to this Agreement will bring a -
legal action under this Agreement more than one year after -
the cause of action arose. Each party waives its rights to -
a jury trial in any resulting litigation. - (C) COPYRIGHT International Business Machines Corp. 2001, 2002
*/
/*
- Copyright (c) 2009, 2022, Oracle and/or its affiliates.
*/
#include "tpmtok_int.h"
#define LOG(x) logit(LOG_DEBUG, x)
/*
- NOTES:
- In many cases the specification does not allow returns
- of CKR_ARGUMENTS_BAD. We break the spec, since validation of parameters
- to the function are best represented by this return code (where
- specific RC's such as CKR_INVALID_SESSION do not exist).
- NOTE NOTE NOTE NOTE
- The parameter checking on the update operations may need to be
- modified (as well as the encrypt/decrypt) to call the std API
- anyway with sanitized parameters since on error, the encrypt/decrypt
- sign operations are all supposed to complete.
- Therefore the parameter checking here might need to be done in
- the STDLL instead of the API.
- This would affect ALL the Multipart operations which have
- an init followed by one or more operations.
- Globals for the API
*/
API_Proc_Struct_t *Anchor = NULL;
static unsigned int Initialized = 0;
static pthread_mutex_t global_mutex = PTHREAD_MUTEX_INITIALIZER;
struct ST_FCN_LIST FuncList;
CK_FUNCTION_LIST PK11_Functions;
extern pthread_rwlock_t obj_list_rw_mutex;
static void
tpmtoken_fork_prepare()
{
(void) pthread_mutex_lock(&global_mutex);
(void) pthread_mutex_lock(&pkcs_mutex);
(void) pthread_mutex_lock(&sess_list_mutex);
(void) pthread_mutex_lock(&obj_list_mutex);
(void) pthread_rwlock_wrlock(&obj_list_rw_mutex);
(void) pthread_mutex_lock(&login_mutex);
if (Anchor) {
(void) pthread_mutex_lock(&Anchor->ProcMutex);
(void) pthread_mutex_lock(&Anchor->SessListMutex);
}
(void) pthread_mutex_lock(&logging_mutex);
}
static void
tpmtoken_fork_parent()
{
(void) pthread_mutex_unlock(&logging_mutex);
if (Anchor) {
(void) pthread_mutex_unlock(&Anchor->SessListMutex);
(void) pthread_mutex_unlock(&Anchor->ProcMutex);
}
(void) pthread_mutex_unlock(&login_mutex);
(void) pthread_rwlock_unlock(&obj_list_rw_mutex);
(void) pthread_mutex_unlock(&obj_list_mutex);
(void) pthread_mutex_unlock(&sess_list_mutex);
(void) pthread_mutex_unlock(&pkcs_mutex);
(void) pthread_mutex_unlock(&global_mutex);
}
static void
tpmtoken_fork_child()
{
(void) pthread_mutex_unlock(&logging_mutex);
if (Anchor) {
(void) pthread_mutex_unlock(&Anchor->SessListMutex);
(void) pthread_mutex_unlock(&Anchor->ProcMutex);
}
(void) pthread_mutex_unlock(&login_mutex);
(void) pthread_rwlock_unlock(&obj_list_rw_mutex);
(void) pthread_mutex_unlock(&obj_list_mutex);
(void) pthread_mutex_unlock(&sess_list_mutex);
(void) pthread_mutex_unlock(&pkcs_mutex);
(void) pthread_mutex_unlock(&global_mutex);
if (Anchor) {
Terminate_All_Process_Sessions();
free(Anchor);
Anchor = NULL;
}
if (FuncList.ST_Finalize)
FuncList.ST_Finalize(0);
logterm();
loginit();
}
/ARGSUSED/
CK_RV
C_CancelFunction(CK_SESSION_HANDLE hSession)
{
LOG("C_CancelFunction");
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
return (CKR_FUNCTION_NOT_PARALLEL);
}
CK_RV
C_CloseAllSessions(CK_SLOT_ID slotID)
{
Session_Struct_t *pCur, pPrev;
CK_RV rv;
/
* Although why does modutil do a close all sessions. It is a single
* application it can only close its sessions...
* And all sessions should be closed anyhow.
*/
LOG("CloseAllSessions");
if (API_Initialized() == FALSE)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
if (!global_shm->token_available || (slotID > NUMBER_SLOTS_MANAGED))
return (CKR_SLOT_ID_INVALID);
/*
* Proc Mutex is locked when we remove from the session list in
* Close Session. Therefore we don't need to do any locking
* the atomic operations are controled when we use the linked list
*/
pCur = (Anchor ? Anchor->SessListBeg : NULL);
while (pCur) {
/*
* Session owned by the slot we are working on
* There is a basic problem here. We are using th pCur
* to point to the current one, however we delete it from
* the linked list and can no longer go Forward. So we
* have to use the fact that this is a doubly linked list
* and get the previous pointer. After deletion, the next
* pointer of this block will point to the next one in the
* list.
* If the value is Null, then this was the first one in
* the list and we just set pCur to the SessListBeg.
*/
if (pCur->SltId == slotID) {
pPrev = pCur->Previous;
rv = C_CloseSession((CK_SESSION_HANDLE)pCur);
if (rv == CKR_OK ||
rv == CKR_SESSION_CLOSED ||
rv == CKR_SESSION_HANDLE_INVALID) {
if (pPrev == NULL) {
pCur = Anchor->SessListBeg;
} else {
pCur = pPrev->Next;
}
} else {
return (rv);
}
} else {
pCur = pCur->Next;
}
}
LOG("CloseAllSessions OK");
return (CKR_OK);
}
CK_RV
C_CloseSession(CK_SESSION_HANDLE hSession)
{
CK_RV rv;
Session_Struct_t sessp;
ST_SESSION_T rSession;
LOG("C_CloseSession");
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
/ Validate Session */
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_CloseSession) {
/* Map the Session to the slot session */
rv = FuncList.ST_CloseSession(rSession);
if (rv == CKR_OK) {
sessp = (Session_Struct_t *)hSession;
RemoveFromSessionList(sessp);
}
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_CopyObject(
CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount,
CK_OBJECT_HANDLE_PTR phNewObject)
{
CK_RV rv;
ST_SESSION_T rSession;
LOG("C_CopyObject");
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (!Valid_Session((Session_Struct_t )hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (!phNewObject) {
return (CKR_ARGUMENTS_BAD);
}
/
* A null template with a count will cause the lower layer
* to have problems.
* Template with 0 count is not a problem.
*/
if (!pTemplate && ulCount) {
return (CKR_ARGUMENTS_BAD);
}
if (FuncList.ST_CopyObject) {
rv = FuncList.ST_CopyObject(rSession, hObject, pTemplate,
ulCount, phNewObject);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_CreateObject(
CK_SESSION_HANDLE hSession,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount,
CK_OBJECT_HANDLE_PTR phObject)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (! pTemplate) {
return (CKR_TEMPLATE_INCOMPLETE);
}
if (ulCount == 0) {
return (CKR_TEMPLATE_INCOMPLETE);
}
if (! phObject) {
return (CKR_ARGUMENTS_BAD);
}
if (FuncList.ST_CreateObject) {
// Map the Session to the slot session
rv = FuncList.ST_CreateObject(rSession, pTemplate,
ulCount, phObject);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_Decrypt(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pEncryptedData,
CK_ULONG ulEncryptedDataLen,
CK_BYTE_PTR pData,
CK_ULONG_PTR pulDataLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_Decrypt) {
rv = FuncList.ST_Decrypt(rSession, pEncryptedData,
ulEncryptedDataLen, pData, pulDataLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_DecryptDigestUpdate(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG ulEncryptedPartLen,
CK_BYTE_PTR pPart,
CK_ULONG_PTR pulPartLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (! pEncryptedPart || ! pulPartLen) {
return (CKR_ARGUMENTS_BAD);
}
if (FuncList.ST_DecryptDigestUpdate) {
rv = FuncList.ST_DecryptDigestUpdate(rSession, pEncryptedPart,
ulEncryptedPartLen, pPart, pulPartLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_DecryptFinal(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pLastPart,
CK_ULONG_PTR pulLastPartLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
/*
* It is acceptable to have a Null pointer for the data since
* it is trying to get the length of the last part....
* The spec is unclear if a second call to Final is needed
* if there is no data in the last part.
*/
if (! pulLastPartLen) {
return (CKR_ARGUMENTS_BAD);
}
if (FuncList.ST_DecryptFinal) {
rv = FuncList.ST_DecryptFinal(rSession, pLastPart,
pulLastPartLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_DecryptInit(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (! pMechanism) {
return (CKR_MECHANISM_INVALID);
}
if (FuncList.ST_DecryptInit) {
rv = FuncList.ST_DecryptInit(rSession, pMechanism, hKey);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_DecryptUpdate(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG ulEncryptedPartLen,
CK_BYTE_PTR pPart,
CK_ULONG_PTR pulPartLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (!pEncryptedPart || !pulPartLen) {
return (CKR_ARGUMENTS_BAD);
}
if (FuncList.ST_DecryptUpdate) {
rv = FuncList.ST_DecryptUpdate(rSession, pEncryptedPart,
ulEncryptedPartLen, pPart, pulPartLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG ulEncryptedPartLen,
CK_BYTE_PTR pPart,
CK_ULONG_PTR pulPartLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
// Validate Session
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
// May have to let these go through and let the STDLL handle them
if (! pEncryptedPart || ! pulPartLen) {
return (CKR_ARGUMENTS_BAD);
}
// Get local pointers to session
if (FuncList.ST_DecryptVerifyUpdate) {
// Map the Session to the slot session
rv = FuncList.ST_DecryptVerifyUpdate(rSession,
pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_DeriveKey(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hBaseKey,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
CK_OBJECT_HANDLE_PTR phKey)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (!pMechanism) {
return (CKR_MECHANISM_INVALID);
}
if (!pTemplate && ulAttributeCount) {
return (CKR_ARGUMENTS_BAD);
}
if (FuncList.ST_DeriveKey) {
rv = FuncList.ST_DeriveKey(rSession, pMechanism,
hBaseKey, pTemplate, ulAttributeCount, phKey);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_DestroyObject(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_DestroyObject) {
rv = FuncList.ST_DestroyObject(rSession, hObject);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_Digest(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pData,
CK_ULONG ulDataLen,
CK_BYTE_PTR pDigest,
CK_ULONG_PTR pulDigestLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_Digest) {
rv = FuncList.ST_Digest(rSession, pData, ulDataLen,
pDigest, pulDigestLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_DigestEncryptUpdate(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart,
CK_ULONG ulPartLen,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG_PTR pulEncryptedPartLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pPart || ! pulEncryptedPartLen) {
return (CKR_ARGUMENTS_BAD);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_DigestEncryptUpdate) {
rv = FuncList.ST_DigestEncryptUpdate(rSession, pPart,
ulPartLen, pEncryptedPart, pulEncryptedPartLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_DigestFinal(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pDigest,
CK_ULONG_PTR pulDigestLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
/* pulDigestLen checked in ST_DigestFinal so cleanup occurs */
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_DigestFinal) {
rv = FuncList.ST_DigestFinal(rSession, pDigest, pulDigestLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_DigestInit(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pMechanism) {
return (CKR_MECHANISM_INVALID);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_DigestInit) {
rv = FuncList.ST_DigestInit(rSession, pMechanism);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_DigestKey(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hKey)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_DigestKey) {
rv = FuncList.ST_DigestKey(rSession, hKey);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_DigestUpdate(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart,
CK_ULONG ulPartLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_DigestUpdate) {
rv = FuncList.ST_DigestUpdate(rSession, pPart, ulPartLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_Encrypt(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pData,
CK_ULONG ulDataLen,
CK_BYTE_PTR pEncryptedData,
CK_ULONG_PTR pulEncryptedDataLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
// Get local pointers to session
if (FuncList.ST_Encrypt) {
// Map the Session to the slot session
rv = FuncList.ST_Encrypt(rSession, pData, ulDataLen,
pEncryptedData, pulEncryptedDataLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_EncryptFinal(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pLastEncryptedPart,
CK_ULONG_PTR pulLastEncryptedPartLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_EncryptFinal) {
rv = FuncList.ST_EncryptFinal(rSession,
pLastEncryptedPart, pulLastEncryptedPartLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_EncryptInit(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pMechanism) {
return (CKR_MECHANISM_INVALID);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_EncryptInit) {
rv = FuncList.ST_EncryptInit(rSession, pMechanism, hKey);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_EncryptUpdate(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart,
CK_ULONG ulPartLen,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG_PTR pulEncryptedPartLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (!pPart || !pulEncryptedPartLen) {
return (CKR_ARGUMENTS_BAD);
}
if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_EncryptUpdate) {
rv = FuncList.ST_EncryptUpdate(rSession, pPart, ulPartLen,
pEncryptedPart, pulEncryptedPartLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
do_finalize(CK_VOID_PTR pReserved)
{
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (pReserved != NULL) {
return (CKR_ARGUMENTS_BAD);
}
(void) pthread_mutex_lock(&global_mutex);
if (Anchor)
Terminate_All_Process_Sessions();
if (FuncList.ST_Finalize)
FuncList.ST_Finalize(0);
free(Anchor);
Anchor = NULL;
(void) pthread_mutex_unlock(&global_mutex);
return (CKR_OK);
}
CK_RV
C_Finalize(CK_VOID_PTR pReserved) {
return (do_finalize(pReserved));
}
CK_RV
C_FindObjects(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE_PTR phObject,
CK_ULONG ulMaxObjectCount,
CK_ULONG_PTR pulObjectCount)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! phObject || ! pulObjectCount) {
return (CKR_ARGUMENTS_BAD);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_FindObjects) {
rv = FuncList.ST_FindObjects(rSession, phObject,
ulMaxObjectCount, pulObjectCount);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_FindObjectsFinal(CK_SESSION_HANDLE hSession)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_FindObjectsFinal) {
rv = FuncList.ST_FindObjectsFinal(rSession);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_FindObjectsInit(CK_SESSION_HANDLE hSession,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_FindObjectsInit) {
rv = FuncList.ST_FindObjectsInit(rSession, pTemplate, ulCount);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_GenerateKey(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount,
CK_OBJECT_HANDLE_PTR phKey)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pMechanism) {
return (CKR_MECHANISM_INVALID);
}
if (! phKey) {
return (CKR_ARGUMENTS_BAD);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_GenerateKey) {
rv = FuncList.ST_GenerateKey(rSession, pMechanism,
pTemplate, ulCount, phKey);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_GenerateKeyPair(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_ATTRIBUTE_PTR pPublicKeyTemplate,
CK_ULONG ulPublicKeyAttributeCount,
CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
CK_ULONG ulPrivateKeyAttributeCount,
CK_OBJECT_HANDLE_PTR phPublicKey,
CK_OBJECT_HANDLE_PTR phPrivateKey)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pMechanism) {
return (CKR_MECHANISM_INVALID);
}
if (! phPublicKey || ! phPrivateKey) {
return (CKR_ARGUMENTS_BAD);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_GenerateKeyPair) {
rv = FuncList.ST_GenerateKeyPair(rSession,
pMechanism, pPublicKeyTemplate,
ulPublicKeyAttributeCount, pPrivateKeyTemplate,
ulPrivateKeyAttributeCount, phPublicKey, phPrivateKey);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_GenerateRandom(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR RandomData,
CK_ULONG ulRandomLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! RandomData)
return (CKR_ARGUMENTS_BAD);
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_GenerateRandom) {
rv = FuncList.ST_GenerateRandom(rSession, RandomData,
ulRandomLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_GetAttributeValue(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pTemplate) {
return (CKR_TEMPLATE_INCOMPLETE);
}
if (ulCount == 0) {
return (CKR_TEMPLATE_INCOMPLETE);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_GetAttributeValue) {
rv = FuncList.ST_GetAttributeValue(rSession, hObject,
pTemplate, ulCount);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList)
{
_init();
PK11_Functions.version.major = VERSION_MAJOR;
PK11_Functions.version.minor = VERSION_MINOR;
PK11_Functions.C_Initialize = C_Initialize;
PK11_Functions.C_Finalize = C_Finalize;
PK11_Functions.C_GetInfo = C_GetInfo;
PK11_Functions.C_GetFunctionList = C_GetFunctionList;
PK11_Functions.C_GetSlotList = C_GetSlotList;
PK11_Functions.C_GetSlotInfo = C_GetSlotInfo;
PK11_Functions.C_GetTokenInfo = C_GetTokenInfo;
PK11_Functions.C_GetMechanismList = C_GetMechanismList;
PK11_Functions.C_GetMechanismInfo = C_GetMechanismInfo;
PK11_Functions.C_InitToken = C_InitToken;
PK11_Functions.C_InitPIN = C_InitPIN;
PK11_Functions.C_SetPIN = C_SetPIN;
PK11_Functions.C_OpenSession = C_OpenSession;
PK11_Functions.C_CloseSession = C_CloseSession;
PK11_Functions.C_CloseAllSessions = C_CloseAllSessions;
PK11_Functions.C_GetSessionInfo = C_GetSessionInfo;
PK11_Functions.C_GetOperationState = C_GetOperationState;
PK11_Functions.C_SetOperationState = C_SetOperationState;
PK11_Functions.C_Login = C_Login;
PK11_Functions.C_Logout = C_Logout;
PK11_Functions.C_CreateObject = C_CreateObject;
PK11_Functions.C_CopyObject = C_CopyObject;
PK11_Functions.C_DestroyObject = C_DestroyObject;
PK11_Functions.C_GetObjectSize = C_GetObjectSize;
PK11_Functions.C_GetAttributeValue = C_GetAttributeValue;
PK11_Functions.C_SetAttributeValue = C_SetAttributeValue;
PK11_Functions.C_FindObjectsInit = C_FindObjectsInit;
PK11_Functions.C_FindObjects = C_FindObjects;
PK11_Functions.C_FindObjectsFinal = C_FindObjectsFinal;
PK11_Functions.C_EncryptInit = C_EncryptInit;
PK11_Functions.C_Encrypt = C_Encrypt;
PK11_Functions.C_EncryptUpdate = C_EncryptUpdate;
PK11_Functions.C_EncryptFinal = C_EncryptFinal;
PK11_Functions.C_DecryptInit = C_DecryptInit;
PK11_Functions.C_Decrypt = C_Decrypt;
PK11_Functions.C_DecryptUpdate = C_DecryptUpdate;
PK11_Functions.C_DecryptFinal = C_DecryptFinal;
PK11_Functions.C_DigestInit = C_DigestInit;
PK11_Functions.C_Digest = C_Digest;
PK11_Functions.C_DigestUpdate = C_DigestUpdate;
PK11_Functions.C_DigestKey = C_DigestKey;
PK11_Functions.C_DigestFinal = C_DigestFinal;
PK11_Functions.C_SignInit = C_SignInit;
PK11_Functions.C_Sign = C_Sign;
PK11_Functions.C_SignUpdate = C_SignUpdate;
PK11_Functions.C_SignFinal = C_SignFinal;
PK11_Functions.C_SignRecoverInit = C_SignRecoverInit;
PK11_Functions.C_SignRecover = C_SignRecover;
PK11_Functions.C_VerifyInit = C_VerifyInit;
PK11_Functions.C_Verify = C_Verify;
PK11_Functions.C_VerifyUpdate = C_VerifyUpdate;
PK11_Functions.C_VerifyFinal = C_VerifyFinal;
PK11_Functions.C_VerifyRecoverInit = C_VerifyRecoverInit;
PK11_Functions.C_VerifyRecover = C_VerifyRecover;
PK11_Functions.C_DigestEncryptUpdate = C_DigestEncryptUpdate;
PK11_Functions.C_DecryptDigestUpdate = C_DecryptDigestUpdate;
PK11_Functions.C_SignEncryptUpdate = C_SignEncryptUpdate;
PK11_Functions.C_DecryptVerifyUpdate = C_DecryptVerifyUpdate;
PK11_Functions.C_GenerateKey = C_GenerateKey;
PK11_Functions.C_GenerateKeyPair = C_GenerateKeyPair;
PK11_Functions.C_WrapKey = C_WrapKey;
PK11_Functions.C_UnwrapKey = C_UnwrapKey;
PK11_Functions.C_DeriveKey = C_DeriveKey;
PK11_Functions.C_SeedRandom = C_SeedRandom;
PK11_Functions.C_GenerateRandom = C_GenerateRandom;
PK11_Functions.C_GetFunctionStatus = C_GetFunctionStatus;
PK11_Functions.C_CancelFunction = C_CancelFunction;
PK11_Functions.C_WaitForSlotEvent = C_WaitForSlotEvent;
if (ppFunctionList) {
(*ppFunctionList) = &PK11_Functions;
return (CKR_OK);
} else {
return (CKR_ARGUMENTS_BAD);
}
}
/ARGSUSED/
CK_RV
C_GetFunctionStatus(CK_SESSION_HANDLE hSession)
{
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
return (CKR_FUNCTION_NOT_PARALLEL); // PER Specification PG 170
}
CK_RV
C_GetInfo(CK_INFO_PTR pInfo)
{
TOKEN_DATA td;
TSS_HCONTEXT hContext;
if (! API_Initialized()) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pInfo) {
return (CKR_FUNCTION_FAILED);
}
(void) memset(pInfo, 0, sizeof (*pInfo));
pInfo->cryptokiVersion.major = 2;
pInfo->cryptokiVersion.minor = 20;
if (open_tss_context(&hContext) == 0) {
/*
* Only populate the TPM info if we can establish
* a context, but don't return failure because
* the framework needs to know some of the info.
*/
(void) token_get_tpm_info(hContext, &td);
(void) Tspi_Context_Close(hContext);
(void) memcpy(pInfo->manufacturerID,
&(td.token_info.manufacturerID),
sizeof (pInfo->manufacturerID) - 1);
pInfo->flags = td.token_info.flags;
}
(void) strcpy((char *)pInfo->libraryDescription,
"PKCS11 Interface for TPM");
pInfo->libraryVersion.major = 1;
pInfo->libraryVersion.minor = 0;
return (CKR_OK);
}
CK_RV
C_GetMechanismInfo(CK_SLOT_ID slotID,
CK_MECHANISM_TYPE type,
CK_MECHANISM_INFO_PTR pInfo)
{
CK_RV rv;
if (API_Initialized() == FALSE)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
if (!global_shm->token_available || (slotID > NUMBER_SLOTS_MANAGED))
return (CKR_SLOT_ID_INVALID);
if (FuncList.ST_GetMechanismInfo) {
rv = FuncList.ST_GetMechanismInfo(slotID, type, pInfo);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_GetMechanismList(CK_SLOT_ID slotID,
CK_MECHANISM_TYPE_PTR pMechanismList,
CK_ULONG_PTR pulCount)
{
CK_RV rv;
if (API_Initialized() == FALSE)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
if (! pulCount)
return (CKR_ARGUMENTS_BAD);
if (!global_shm->token_available || (slotID > NUMBER_SLOTS_MANAGED))
return (CKR_SLOT_ID_INVALID);
if (FuncList.ST_GetMechanismList) {
rv = FuncList.ST_GetMechanismList(slotID,
pMechanismList, pulCount);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
if (rv == CKR_OK) {
if (pMechanismList) {
unsigned long i;
for (i = 0; i < *pulCount; i++) {
logit(LOG_DEBUG, "Mechanism[%lu] 0x%08lX ",
i, pMechanismList[i]);
}
}
}
return (rv);
}
CK_RV
C_GetObjectSize(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject,
CK_ULONG_PTR pulSize)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pulSize) {
return (CKR_ARGUMENTS_BAD);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_GetObjectSize) {
rv = FuncList.ST_GetObjectSize(rSession, hObject, pulSize);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_GetOperationState(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pOperationState,
CK_ULONG_PTR pulOperationStateLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pulOperationStateLen) {
return (CKR_ARGUMENTS_BAD);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_GetOperationState) {
rv = FuncList.ST_GetOperationState(rSession,
pOperationState, pulOperationStateLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_GetSessionInfo(CK_SESSION_HANDLE hSession,
CK_SESSION_INFO_PTR pInfo)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pInfo) {
return (CKR_ARGUMENTS_BAD);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_GetSessionInfo) {
rv = FuncList.ST_GetSessionInfo(rSession, pInfo);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_GetSlotInfo(CK_SLOT_ID slotID,
CK_SLOT_INFO_PTR pInfo)
{
if (API_Initialized() == FALSE)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
if (!pInfo)
return (CKR_FUNCTION_FAILED);
if (!global_shm->token_available || (slotID > NUMBER_SLOTS_MANAGED))
return (CKR_SLOT_ID_INVALID);
copy_slot_info(slotID, pInfo);
return (CKR_OK);
}
/ARGSUSED/
CK_RV
C_GetSlotList(CK_BBOOL tokenPresent,
CK_SLOT_ID_PTR pSlotList,
CK_ULONG_PTR pulCount)
{
CK_ULONG count;
CK_SLOT_INFO slotInfo;
if (API_Initialized() == FALSE)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
if (pulCount == NULL)
return (CKR_FUNCTION_FAILED);
count = 0;
/*
* If we can't talk to the TPM, present no slots
*/
if (!global_shm->token_available) {
*pulCount = 0;
return (CKR_OK);
}
copy_slot_info(TPM_SLOTID, &slotInfo);
if ((slotInfo.flags & CKF_TOKEN_PRESENT))
count++;
*pulCount = count;
if (pSlotList == NULL) {
return (CKR_OK);
} else {
if (*pulCount < count)
return (CKR_BUFFER_TOO_SMALL);
pSlotList[0] = TPM_SLOTID;
}
return (CKR_OK);
}
CK_RV
C_GetTokenInfo(CK_SLOT_ID slotID,
CK_TOKEN_INFO_PTR pInfo)
{
CK_RV rv;
if (API_Initialized() == FALSE)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
if (!pInfo)
return (CKR_ARGUMENTS_BAD);
if (!global_shm->token_available || (slotID > NUMBER_SLOTS_MANAGED))
return (CKR_SLOT_ID_INVALID);
slotID = TPM_SLOTID;
if (FuncList.ST_GetTokenInfo) {
rv = FuncList.ST_GetTokenInfo(slotID, pInfo);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_Initialize(CK_VOID_PTR pVoid)
{
CK_RV rv = CKR_OK;
CK_C_INITIALIZE_ARGS *pArg;
extern CK_RV ST_Initialize(void *,
CK_SLOT_ID, unsigned char *);
(void) pthread_mutex_lock(&global_mutex);
if (! Anchor) {
Anchor = (API_Proc_Struct_t *)malloc(
sizeof (API_Proc_Struct_t));
if (Anchor == NULL) {
(void) pthread_mutex_unlock(&global_mutex);
return (CKR_HOST_MEMORY);
}
} else {
(void) pthread_mutex_unlock(&global_mutex);
return (CKR_CRYPTOKI_ALREADY_INITIALIZED);
}
/*
* if pVoid is NULL, then everything is OK. The application
* will not be doing multi thread accesses. We can use the OS
* locks anyhow.
*/
if (pVoid != NULL) {
int supplied_ok;
pArg = (CK_C_INITIALIZE_ARGS *)pVoid;
/*
* ALL supplied function pointers need to have the value
* either NULL or no - NULL.
*/
supplied_ok = (pArg->CreateMutex == NULL &&
pArg->DestroyMutex == NULL &&
pArg->LockMutex == NULL &&
pArg->UnlockMutex == NULL) ||
(pArg->CreateMutex != NULL &&
pArg->DestroyMutex != NULL &&
pArg->LockMutex != NULL &&
pArg->UnlockMutex != NULL);
if (!supplied_ok) {
(void) pthread_mutex_unlock(&global_mutex);
return (CKR_ARGUMENTS_BAD);
}
/* Check for a pReserved set */
if (pArg->pReserved != NULL) {
free(Anchor);
Anchor = NULL;
(void) pthread_mutex_unlock(&global_mutex);
return (CKR_ARGUMENTS_BAD);
}
/*
* When the CKF_OS_LOCKING_OK flag isn't set and mutex
* function pointers are supplied by an application,
* return (an error. We must be able to use our own primitives.
*/
if (!(pArg->flags & CKF_OS_LOCKING_OK) &&
(pArg->CreateMutex != NULL)) {
(void) pthread_mutex_unlock(&global_mutex);
return (CKR_CANT_LOCK);
}
}
(void) memset((char *)Anchor, 0, sizeof (API_Proc_Struct_t));
(void) pthread_mutex_init(&(Anchor->ProcMutex), NULL);
(void) pthread_mutex_init(&(Anchor->SessListMutex), NULL);
Anchor->Pid = getpid();
rv = ST_Initialize((void *)&FuncList, 0, NULL);
(void) pthread_mutex_unlock(&global_mutex);
return (rv);
}
CK_RV
C_InitPIN(CK_SESSION_HANDLE hSession,
CK_CHAR_PTR pPin,
CK_ULONG ulPinLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
if (pPin == NULL) {
return (CKR_ARGUMENTS_BAD);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession))
return (CKR_SESSION_HANDLE_INVALID);
if (rSession.slotID > NUMBER_SLOTS_MANAGED)
return (CKR_SLOT_ID_INVALID);
if (FuncList.ST_InitPIN)
rv = FuncList.ST_InitPIN(rSession, pPin, ulPinLen);
else
rv = CKR_FUNCTION_NOT_SUPPORTED;
return (rv);
}
CK_RV
C_InitToken(CK_SLOT_ID slotID,
CK_CHAR_PTR pPin,
CK_ULONG ulPinLen,
CK_CHAR_PTR pLabel)
{
CK_RV rv;
if (API_Initialized() == FALSE)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
if (pPin == NULL) {
return (CKR_ARGUMENTS_BAD);
}
/* Use default label if pLabel is NULL */
if (!global_shm->token_available)
return (CKR_SLOT_ID_INVALID);
if (FuncList.ST_InitToken) {
rv = FuncList.ST_InitToken(slotID, pPin, ulPinLen, pLabel);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_Login(CK_SESSION_HANDLE hSession,
CK_USER_TYPE userType,
CK_CHAR_PTR pPin,
CK_ULONG ulPinLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_Login) {
rv = FuncList.ST_Login(rSession, userType, pPin, ulPinLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_Logout(CK_SESSION_HANDLE hSession)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_Logout) {
rv = FuncList.ST_Logout(rSession);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
/ARGSUSED/
CK_RV
C_OpenSession(
CK_SLOT_ID slotID,
CK_FLAGS flags,
CK_VOID_PTR pApplication,
CK_NOTIFY Notify,
CK_SESSION_HANDLE_PTR phSession)
{
CK_RV rv;
Session_Struct_t *apiSessp;
if (API_Initialized() == FALSE)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
if (!global_shm->token_available || (slotID > NUMBER_SLOTS_MANAGED))
return (CKR_SLOT_ID_INVALID);
if (! phSession)
return (CKR_FUNCTION_FAILED);
if ((flags & CKF_SERIAL_SESSION) == 0)
return (CKR_SESSION_PARALLEL_NOT_SUPPORTED);
if ((apiSessp = (Session_Struct_t *)malloc(
sizeof (Session_Struct_t))) == NULL)
return (CKR_HOST_MEMORY);
if (FuncList.ST_OpenSession) {
rv = FuncList.ST_OpenSession(slotID, flags,
&(apiSessp->RealHandle));
if (rv == CKR_OK) {
*phSession = (CK_SESSION_HANDLE)apiSessp;
apiSessp->SltId = slotID;
AddToSessionList(apiSessp);
} else {
free(apiSessp);
}
} else {
free(apiSessp);
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_SeedRandom(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pSeed,
CK_ULONG ulSeedLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pSeed && ulSeedLen) {
return (CKR_ARGUMENTS_BAD);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_SeedRandom) {
rv = FuncList.ST_SeedRandom(rSession, pSeed, ulSeedLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_SetAttributeValue(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (! pTemplate) {
return (CKR_TEMPLATE_INCOMPLETE);
}
if (! ulCount) {
return (CKR_TEMPLATE_INCOMPLETE);
}
// Get local pointers to session
if (FuncList.ST_SetAttributeValue) {
rv = FuncList.ST_SetAttributeValue(rSession, hObject,
pTemplate, ulCount);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_SetOperationState(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pOperationState,
CK_ULONG ulOperationStateLen,
CK_OBJECT_HANDLE hEncryptionKey,
CK_OBJECT_HANDLE hAuthenticationKey)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (! pOperationState || ulOperationStateLen == 0) {
return (CKR_ARGUMENTS_BAD);
}
if (FuncList.ST_SetOperationState) {
rv = FuncList.ST_SetOperationState(rSession, pOperationState,
ulOperationStateLen, hEncryptionKey, hAuthenticationKey);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_SetPIN(CK_SESSION_HANDLE hSession,
CK_CHAR_PTR pOldPin,
CK_ULONG ulOldLen,
CK_CHAR_PTR pNewPin,
CK_ULONG ulNewLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pOldPin || ! pNewPin)
return (CKR_PIN_INVALID);
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_SetPIN) {
rv = FuncList.ST_SetPIN(rSession, pOldPin, ulOldLen,
pNewPin, ulNewLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_Sign(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pData,
CK_ULONG ulDataLen,
CK_BYTE_PTR pSignature,
CK_ULONG_PTR pulSignatureLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_Sign) {
rv = FuncList.ST_Sign(rSession, pData, ulDataLen,
pSignature, pulSignatureLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_SignEncryptUpdate(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart,
CK_ULONG ulPartLen,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG_PTR pulEncryptedPartLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pPart || ! pulEncryptedPartLen) {
return (CKR_ARGUMENTS_BAD);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_SignEncryptUpdate) {
rv = FuncList.ST_SignEncryptUpdate(rSession, pPart,
ulPartLen, pEncryptedPart, pulEncryptedPartLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_SignFinal(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pSignature,
CK_ULONG_PTR pulSignatureLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
/* pulSignatureLen checked in ST_SignFinal so cleanup occurs */
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_SignFinal) {
rv = FuncList.ST_SignFinal(rSession, pSignature,
pulSignatureLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_SignInit(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pMechanism) {
return (CKR_MECHANISM_INVALID);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_SignInit) {
rv = FuncList.ST_SignInit(rSession, pMechanism, hKey);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_SignRecover(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pData,
CK_ULONG ulDataLen,
CK_BYTE_PTR pSignature,
CK_ULONG_PTR pulSignatureLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_SignRecover) {
rv = FuncList.ST_SignRecover(rSession, pData,
ulDataLen, pSignature, pulSignatureLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_SignRecoverInit(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pMechanism) {
return (CKR_MECHANISM_INVALID);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_SignRecoverInit) {
rv = FuncList.ST_SignRecoverInit(rSession, pMechanism, hKey);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_SignUpdate(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart,
CK_ULONG ulPartLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_SignUpdate) {
rv = FuncList.ST_SignUpdate(rSession, pPart, ulPartLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_UnwrapKey(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hUnwrappingKey,
CK_BYTE_PTR pWrappedKey,
CK_ULONG ulWrappedKeyLen,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
CK_OBJECT_HANDLE_PTR phKey)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (!pMechanism) {
return (CKR_MECHANISM_INVALID);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_UnwrapKey) {
rv = FuncList.ST_UnwrapKey(rSession, pMechanism,
hUnwrappingKey, pWrappedKey, ulWrappedKeyLen,
pTemplate, ulAttributeCount, phKey);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_Verify(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pData,
CK_ULONG ulDataLen,
CK_BYTE_PTR pSignature,
CK_ULONG ulSignatureLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_Verify) {
rv = FuncList.ST_Verify(rSession, pData, ulDataLen,
pSignature, ulSignatureLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_VerifyFinal(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pSignature,
CK_ULONG ulSignatureLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
/* pSignature checked in ST_VerifyFinal so cleanup occurs */
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_VerifyFinal) {
rv = FuncList.ST_VerifyFinal(rSession, pSignature,
ulSignatureLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_VerifyInit(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pMechanism) {
return (CKR_MECHANISM_INVALID);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_VerifyInit) {
rv = FuncList.ST_VerifyInit(rSession, pMechanism, hKey);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_VerifyRecover(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pSignature,
CK_ULONG ulSignatureLen,
CK_BYTE_PTR pData,
CK_ULONG_PTR pulDataLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_VerifyRecover) {
rv = FuncList.ST_VerifyRecover(rSession, pSignature,
ulSignatureLen, pData, pulDataLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_VerifyRecoverInit(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pMechanism) {
return (CKR_MECHANISM_INVALID);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_VerifyRecoverInit) {
rv = FuncList.ST_VerifyRecoverInit(rSession, pMechanism, hKey);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_VerifyUpdate(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart,
CK_ULONG ulPartLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_VerifyUpdate) {
rv = FuncList.ST_VerifyUpdate(rSession, pPart, ulPartLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
/ARGSUSED/
CK_RV
C_WaitForSlotEvent(CK_FLAGS flags,
CK_SLOT_ID_PTR pSlot,
CK_VOID_PTR pReserved)
{
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
return (CKR_FUNCTION_NOT_SUPPORTED);
}
CK_RV
C_WrapKey(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hWrappingKey,
CK_OBJECT_HANDLE hKey,
CK_BYTE_PTR pWrappedKey,
CK_ULONG_PTR pulWrappedKeyLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pMechanism) {
return (CKR_MECHANISM_INVALID);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_WrapKey) {
rv = FuncList.ST_WrapKey(rSession, pMechanism, hWrappingKey,
hKey, pWrappedKey, pulWrappedKeyLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
#pragma init(api_init)
#pragma fini(api_fini)
static void
api_init(void)
{
loginit();
if (! Initialized) {
(void) pthread_atfork(tpmtoken_fork_prepare,
tpmtoken_fork_parent, tpmtoken_fork_child);
Initialized = 1;
}
}
static void
api_fini()
{
logterm();
if (API_Initialized() == TRUE) {
(void) do_finalize(NULL);
}
}
|
/*
/*
#include "tpmtok_int.h" #define LOG(x) logit(LOG_DEBUG, x) /*
static void static void static void } /ARGSUSED/ CK_RV } } CK_RV CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } /ARGSUSED/ CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } /ARGSUSED/ } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } /ARGSUSED/ } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } CK_RV } /ARGSUSED/ CK_RV } #pragma init(api_init) static void static void |
2 participants
Pull request #1072 has been closed, so I’m opening this one with fewer modifications.
Add binary data and writeStatus support to DeclarativeResponse: #1124