pk11tokens.c revision 99ebb4ca412cb0a19d77a3899a87c055b9c30fa8
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*
*/
#pragma ident "%Z%%M% %I% %E% SMI"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <security/cryptoki.h>
#include <kmfapi.h>
#include <kmfapiP.h>
#include <cryptoutil.h>
/*
* memcmp_pad_max() is a specialized version of memcmp() which
* compares two pieces of data up to a maximum length. If the
* the two data match up the maximum length, they are considered
* matching. Trailing blanks do not cause the match to fail if
* one of the data is shorted.
*
* Examples of matches:
* "one" |
* "one " |
* ^maximum length
*
* "Number One | X" (X is beyond maximum length)
* "Number One " |
* ^maximum length
*
* Examples of mismatches:
* " one"
* "one"
*
* "Number One X|"
* "Number One |"
* ^maximum length
*/
static int
{
char *marker;
/* No point in comparing anything beyond max_sz */
/* Find shorter of the two data. */
} else { /* d1_len > d2_len */
}
/* Have a match in the shortest length of data? */
/* CONSTCOND */
return (1);
/* If the rest of longer data is nulls or blanks, call it a match. */
/* CONSTCOND */
return (1);
return (0);
}
static KMF_RETURN
{
}
return (KMF_ERR_INTERNAL);
}
if (tmp_count == 0) {
*slot_count = 0;
return (KMF_OK);
}
/* Allocate initial space for the slot list. */
sizeof (CK_SLOT_ID))) == NULL)
return (KMF_ERR_MEMORY);
/* Then get the slot list itself. */
for (;;) {
*slot_count = tmp_count;
break;
}
if (ck_rv != CKR_BUFFER_TOO_SMALL) {
}
break;
}
/*
* If the number of slots grew, try again. This
* is to be consistent with pktool in ONNV.
*/
break;
}
}
return (kmf_rv);
}
/*
* Returns pointer to either null-terminator or next unescaped colon. The
* string to be extracted starts at the beginning and goes until one character
* before this pointer. If NULL is returned, the string itself is NULL.
*/
static char *
find_unescaped_colon(char *str)
{
char *end;
return (NULL);
return (end);
}
return (end);
}
/*
* Compresses away any characters escaped with backslash from given string.
* The string is altered in-place. Example, "ab\:\\e" becomes "ab:\e".
*/
static void
unescape_str(char *str)
{
char *mark;
return;
} else {
}
}
*mark = '\0';
}
/*
* Given a colon-separated token specifier, this functions splits it into
* its label, manufacturer ID (if any), and serial number (if any). Literal
* Fields can left blank and trailing colons can be omitted, however leading
* colons are required as placeholders. For example, these are equivalent:
* (a) "lbl", "lbl:", "lbl::" (b) "lbl:man", "lbl:man:"
* but these are not:
* (c) "man", ":man" (d) "ser", "::ser"
* Furthermore, the token label is required always.
*
* The buffer containing the token specifier is altered by replacing the
* colons to null-terminators, and pointers returned are pointers into this
* string. No new memory is allocated.
*/
static int
char **serial_no)
{
char *mark;
return (-1);
}
*token_name = NULL;
/* Token label (required) */
*token_name = token_spec;
if (*mark != '\0')
return (-1);
}
return (0);
token_spec = mark;
/* Manufacturer identifier (optional) */
*manuf_id = token_spec;
if (*mark != '\0')
return (0);
token_spec = mark;
/* Serial number (optional) */
*serial_no = token_spec;
if (*mark != '\0')
return (0);
}
/*
* Find slots that match a token identifier. Token labels take the
* form of:
* token_name:manufacturer:serial_number
* manufacterer and serial number are optional. If used, the fields
* are delimited by the colon ':' character.
*/
{
CK_ULONG slot_count = 0;
int i;
char *metaslot_slot_info;
char *metaslot_token_info;
char *token_name = NULL;
return (KMF_ERR_BAD_PARAMETER);
(rv != CKR_CRYPTOKI_ALREADY_INITIALIZED)) {
return (KMF_ERR_UNINITIALIZED);
}
}
/*
* Parse token specifier into token_name, manuf_id, serial_no.
* Token_name is required; manuf_id and serial_no are optional.
*/
return (KMF_ERR_MEMORY);
&serial_no) < 0) {
return (KMF_ERR_BAD_PARAMETER);
}
/* Get a list of all slots with tokens present. */
return (kmf_rv);
}
/* If there are no such slots, the desired token won't be found. */
if (slot_count == 0) {
return (KMF_ERR_TOKEN_NOT_PRESENT);
}
/* Search the slot list for the token. */
for (i = 0; i < slot_count; i++) {
continue;
}
/* See if the token label matches. */
/*
* If manufacturer id was given, see if it actually matches.
* If no manufacturer id was given, assume match is true.
*/
if (manuf_id) {
} else {
}
/*
* If serial number was given, see if it actually matches.
* If no serial number was given, assume match is true.
*/
if (serial_no) {
} else {
}
break; /* found it! */
}
if (i < slot_count) {
/* found the desired token from the slotlist */
return (KMF_OK);
}
/*
* If we didn't find the token from the slotlist, check if this token
* is the one currently hidden by the metaslot. If that's case,
* we can just use the metaslot, the slot 0.
*/
if (kmf_rv) {
/*
* Failed to get the metaslot info. This usually means that
* metaslot is disabled from the system.
*/
} else {
max_sz) == 0) {
} else {
}
}
return (kmf_rv);
}
{
return (rv);
return (KMF_ERR_BAD_PARAMETER);
/*
* If setting PKCS#11 token look for the slot.
*/
return (rv);
}
return (KMF_ERR_PLUGIN_NOTFOUND);
return (KMF_ERR_FUNCTION_NOT_FOUND);
return (rv);
}
/*
*
* Name: KMF_SelectToken
*
* Description:
* This function enables the user of PKCS#11 plugin to select a
* particular PKCS#11 token. Valid token label are required in order to
* successfully complete this function.
* All subsequent KMF APIs, which specify PKCS#11 keystore as
* the backend, will be performed at the selected token.
*
* Parameters:
* label(input) - pointer to the token label
*
* Returns:
* A KMF_RETURN value indicating success or specifying a particular
* error condition.
* The value KMF_OK indicates success. All other values represent
* an error condition.
*
*/
int readonly)
{
return (kmf_rv);
return (KMF_ERR_BAD_PARAMETER);
}
if (!is_pk11_ready()) {
return (KMF_ERR_UNINITIALIZED);
}
/* Only one token can be active per thread */
return (KMF_ERR_TOKEN_SELECTED);
}
/* Find the token with matching label */
return (kmf_rv);
}
if (!readonly)
/* Open a session then log the user into the token */
return (KMF_ERR_INTERNAL);
}
return (kmf_rv);
}