kernelObject.c revision 7c478bd95313f5f23a4c958a745db2134aa03244
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2005 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
#include <pthread.h>
#include <stdlib.h>
#include <errno.h>
#include <security/cryptoki.h>
#include "kernelGlobal.h"
#include "kernelObject.h"
#include "kernelSession.h"
#include <errno.h>
#include <string.h>
#include <cryptoutil.h>
{
if (!kernel_initialized)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
return (CKR_ARGUMENTS_BAD);
}
/*
* Obtain the session pointer. Also, increment the session
* reference count.
*/
return (rv);
/* Create a new object. */
/*
* Decrement the session reference count.
* We do not hold the session lock.
*/
return (rv);
}
{
int i, r;
if (!kernel_initialized)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
/* Check arguments */
(phNewObject == NULL)) {
return (CKR_ARGUMENTS_BAD);
}
/*
* Obtain the session pointer. Also, increment the session
* reference count.
*/
return (rv);
/* Obtain the object pointer. */
/*
* Decrement the session reference count.
* We do not hold the session lock.
*/
return (rv);
}
if (old_object->is_lib_obj) {
/*
* Copy the old object to a new object.
* The 3rd argument with TRUE value indicates that
* everything in the object will be duplicated.
*/
/* Most likely we ran out of space. */
/*
* Decrement the session reference count.
* We do not hold the session lock.
*/
return (rv);
}
/* No need to hold the lock on the old object. */
/* Modify the object attribute if requested */
for (i = 0; i < ulCount; i++) {
/* Set the requested attribute into the new object. */
/*
* Decrement the session reference count.
* We do not hold the session lock.
*/
return (rv);
}
}
/* Insert the new object into this session's object list. */
/*
* Decrement the session reference count.
* We do not hold the session lock.
*/
/* set handle of the new object */
} else {
/*
* The old object was created in the HW provider.
* First, create an object wrapper in library.
*/
if (new_object == NULL) {
goto failed_cleanup;
}
/* Call CRYPTO_OBJECT_COPY ioctl to get a new object. */
if (ulCount > 0) {
goto failed_cleanup;
}
}
&object_copy)) < 0) {
break;
}
if (r < 0) {
} else {
}
/* Free the attributes' space allocated for ioctl */
goto failed_cleanup;
}
/* No need to hold the lock on the old object. */
/*
* Store the kernel object handle in the object wrapper and
* get the CKA_PRIVATE value of the new object.
*/
&is_pri_obj);
goto failed_cleanup;
}
/*
* Initialize other field of the object wrapper.
*/
if (is_pri_obj)
else
if (is_token_obj)
else
/*
* Add the new copied object into the slot's token list
* or the session list. We don't hold the slot lock.
*/
if (is_token_obj) {
/*
* Decrement the session reference count.
* We do not hold the session lock.
*/
/* Add into the slot token object list. */
} else {
/*
* Decrement the session reference count.
* We do not hold the session lock.
*/
}
/* set handle of the new object */
}
return (rv);
if (new_object != NULL) {
(void) free(new_object);
}
return (rv);
}
{
if (!kernel_initialized)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
/* Obtain the session pointer. */
return (rv);
/* Obtain the object pointer. */
goto clean_exit;
}
/* Only session objects can be destroyed at a read-only session. */
goto clean_exit;
}
/*
* If the object is a session object, obtain the session handle
* which object belongs to. For a token object, we will use the
* session handle from the caller, because the session used to
* create the token object may no longer exist.
*/
return (rv);
}
/*
* The first FALSE boolean argument indicates that the caller
* does not hold the slot lock. The second FALSE boolean
* argument indicates that the caller wants to clean up the
* object in the HW provider also.
*/
} else {
/*
* The first FALSE boolean argument indicates that the caller
* does not hold the session lock. The second FALSE boolean
* argument indicates that the caller wants to clean the object
* in the HW provider also.
*/
B_FALSE);
}
/*
* Decrement the session reference count.
* We do not hold the session lock.
*/
return (rv);
}
{
int i, r;
if (!kernel_initialized)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
return (CKR_ARGUMENTS_BAD);
/*
* Obtain the session pointer. Also, increment the session
* reference count.
*/
return (rv);
/* Obtain the object pointer. */
/*
* Decrement the session reference count.
* We do not hold the session lock.
*/
return (rv);
}
/* Acquire the lock on the object. */
if (object_p->is_lib_obj) {
/*
* The object was created in the library. The library
* contains the value information of each attribute.
*/
for (i = 0; i < ulCount; i++) {
/*
* Get the value of each attribute in the template.
* (We must process EVERY attribute in the template.)
*/
/* At least we catch some type of error. */
}
} else {
/*
* The object was created in HW provider, call ioctl to get
* the values of attributes.
*/
goto clean_exit;
}
&obj_get_attr)) < 0) {
break;
}
if (r < 0) {
} else {
}
/*
* The error codes CKR_ATTRIBUTE_SENSITIVE,
* CKR_ATTRIBUTE_TYPE_INVALID, and CKR_BUFFER_TOO_SMALL
* do not denote true errors for this function. If a call
* returns any of these three values, then the call must
* nonetheless have processed every attribute in the
* template. Every attribute in the template whose value
* can be returned will be returned.
*/
(rv == CKR_ATTRIBUTE_SENSITIVE) ||
(rv == CKR_ATTRIBUTE_TYPE_INVALID) ||
(rv == CKR_BUFFER_TOO_SMALL)) {
}
}
/* Free the attributes' allocated for the ioctl call. */
}
/* Release the object lock */
/*
* Decrement the session reference count.
* We do not hold the session lock.
*/
return (rv);
}
{
int i, r;
if (!kernel_initialized)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
return (CKR_ARGUMENTS_BAD);
/*
* Obtain the session pointer. Also, increment the session
* reference count.
*/
return (rv);
/* Obtain the object pointer. */
/*
* Decrement the session reference count.
* We do not hold the session lock.
*/
return (rv);
}
/* lock the object */
/*
* If the object was created in the HW provider, changing its
* attributes' values need to be done in the provider too.
*/
if (!object_p->is_lib_obj) {
/* Cannot modify a token object with a READ-ONLY session */
return (rv);
}
return (rv);
}
&obj_set_attr)) < 0) {
break;
}
if (r < 0) {
} else {
}
/* Free the attributes' space allocated for the ioctl call. */
return (rv);
}
/*
* if we come here, the object must have been created in the
* library. The work will be done completely in the library.
*
* Copy the old object to a new object. We work on the copied
* version because in case of error we still keep the old one
* intact.
*/
/* Most likely we ran out of space. */
/*
* Decrement the session reference count.
* We do not hold the session lock.
*/
return (rv);
}
/*
* No need to hold the lock on the old object, because we
* will be working on the new scratch object.
*/
for (i = 0; i < ulCount; i++) {
/* Set the requested attribute into the new object. */
/*
* Decrement the session reference count.
* We do not hold the session lock.
*/
return (rv);
}
}
/*
* We've successfully set all the requested attributes.
* Merge the new object with the old object, then destory
* the new one. The reason to do the merging is because we
* have to keep the original object handle (address of object).
*/
/*
* Decrement the session reference count.
* We do not hold the session lock.
*/
return (rv);
}
{
int r;
if (!kernel_initialized)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
/* Check if pulSize is valid */
return (CKR_ARGUMENTS_BAD);
}
/*
* Obtain the session pointer. Also, increment the session
* reference count.
*/
return (rv);
/* Obtain the object pointer. */
/*
* Decrement the session reference count.
* We do not hold the session lock.
*/
return (rv);
}
/* Acquire the lock on the object. */
if (!object_p->is_lib_obj) {
/*
* The object was created in HW provider, call the
* CRYPTO_OBJECT_GET_SIZE ioctl.
*/
&obj_gs)) < 0) {
break;
}
if (r < 0) {
} else {
}
}
} else {
}
/* Release the object lock */
/*
* Decrement the session reference count.
* We do not hold the session lock.
*/
return (rv);
}
{
int r;
if (!kernel_initialized)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
/* Check the arguments */
return (CKR_ARGUMENTS_BAD);
}
/*
* Obtain the session pointer. Also, increment the session
* reference count.
*/
return (rv);
/* Acquire the session lock */
/* Check to see if find operation is already active */
/* decrement the session count, and unlock the mutex */
return (CKR_OPERATION_ACTIVE);
} else {
/*
* This active flag will remain ON until application calls
* C_FindObjectsFinal.
*/
}
/*
* If the HW provider supports object creation, we call the
* CRYPTO_OBJECT_FIND_INIT ioctl to initialize object finding.
* Otherwise, all the objects are created in the library and we
* do the find objects solely in the library.
*/
&obj_fi)) < 0) {
break;
}
if (r < 0) {
} else {
}
}
/* Free the attributes' space allocated for the ioctl call. */
} else {
}
}
/* decrement the session count, and unlock the mutex */
return (rv);
}
{
int r;
if (!kernel_initialized)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
/* check for invalid arguments */
(pulObjectCount == NULL)) {
return (CKR_ARGUMENTS_BAD);
}
if (ulMaxObjectCount == 0) {
/* don't need to do anything, just return */
*pulObjectCount = 0;
return (CKR_OK);
}
/*
* Obtain the session pointer. Also, increment the session
* reference count.
*/
return (rv);
/* Acquire the slot lock */
/* Acquire the session lock */
/* Check to see if find operation is active */
goto clean_exit;
}
/*
* Similar to C_FindObjectInit(), if the HW provider supports object
* creation, we call the respective ioctl to find objects.
* Otherwise, all the objects are created in the library and we do
* the find objects solely in the library.
*/
ulMaxObjectCount * sizeof (crypto_object_id_t));
goto clean_exit;
}
&obj_fu)) < 0) {
break;
}
if (r < 0) {
} else {
}
}
} else {
}
/* decrement the session count, and release the session lock */
/* release the slot lock */
return (rv);
}
{
int r;
if (!kernel_initialized)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
/*
* Obtain the session pointer. Also, increment the session
* reference count.
*/
return (rv);
/* Acquire the session lock */
/* Check to see if find operation is active */
return (CKR_OPERATION_NOT_INITIALIZED);
}
/*
* Similar to C_FindObjectInit(), if the HW provider supports object
* creation, we need to call the CRYPTO_OBJECT_FIND_FINAL ioctl.
*/
&obj_ff)) < 0) {
break;
}
if (r < 0) {
} else {
}
/* only need to reset find_objects.flags */
}
} else {
/*
* The find object operations were done in the library, we
* need to cleanup find_objects context.
*/
}
/* decrement the session count, and release the lock */
return (rv);
}