kmsSlotToken.c revision 4f14b0f29aa144cc03efdde5508ae126ae197acf
5cb9d86f97eb79f6a8a7d6231cf0354196dce286Brendan Mmiller * CDDL HEADER START
5cb9d86f97eb79f6a8a7d6231cf0354196dce286Brendan Mmiller * The contents of this file are subject to the terms of the
5cb9d86f97eb79f6a8a7d6231cf0354196dce286Brendan Mmiller * Common Development and Distribution License (the "License").
5cb9d86f97eb79f6a8a7d6231cf0354196dce286Brendan Mmiller * You may not use this file except in compliance with the License.
5cb9d86f97eb79f6a8a7d6231cf0354196dce286Brendan Mmiller * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
5cb9d86f97eb79f6a8a7d6231cf0354196dce286Brendan Mmiller * or http://www.opensolaris.org/os/licensing.
5cb9d86f97eb79f6a8a7d6231cf0354196dce286Brendan Mmiller * See the License for the specific language governing permissions
5cb9d86f97eb79f6a8a7d6231cf0354196dce286Brendan Mmiller * and limitations under the License.
5cb9d86f97eb79f6a8a7d6231cf0354196dce286Brendan Mmiller * When distributing Covered Code, include this CDDL HEADER in each
5cb9d86f97eb79f6a8a7d6231cf0354196dce286Brendan Mmiller * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
5cb9d86f97eb79f6a8a7d6231cf0354196dce286Brendan Mmiller * If applicable, add the following below this CDDL HEADER, with the
5cb9d86f97eb79f6a8a7d6231cf0354196dce286Brendan Mmiller * fields enclosed by brackets "[]" replaced with your own identifying
5cb9d86f97eb79f6a8a7d6231cf0354196dce286Brendan Mmiller * information: Portions Copyright [yyyy] [name of copyright owner]
5cb9d86f97eb79f6a8a7d6231cf0354196dce286Brendan Mmiller * CDDL HEADER END
5cb9d86f97eb79f6a8a7d6231cf0354196dce286Brendan Mmiller * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
5cb9d86f97eb79f6a8a7d6231cf0354196dce286Brendan Mmiller * Just basic AES mechanisms (for now...)
5cb9d86f97eb79f6a8a7d6231cf0354196dce286Brendan Mmillerstatic CK_MECHANISM_TYPE kms_mechanisms[] = {
5cb9d86f97eb79f6a8a7d6231cf0354196dce286Brendan Mmiller * KMS only supports 256 bit keys, so the range below is MAX-MAX
5cb9d86f97eb79f6a8a7d6231cf0354196dce286Brendan Mmiller * instead of MIN-MAX.
5cb9d86f97eb79f6a8a7d6231cf0354196dce286Brendan Mmillerstatic CK_MECHANISM_INFO kms_mechanism_info[] = {
5cb9d86f97eb79f6a8a7d6231cf0354196dce286Brendan Mmiller {AES_MAX_KEY_BYTES, AES_MAX_KEY_BYTES, CKF_GENERATE},
5cb9d86f97eb79f6a8a7d6231cf0354196dce286Brendan Mmiller {AES_MAX_KEY_BYTES, AES_MAX_KEY_BYTES, CKF_ENCRYPT|CKF_DECRYPT|
5cb9d86f97eb79f6a8a7d6231cf0354196dce286Brendan Mmiller {AES_MAX_KEY_BYTES, AES_MAX_KEY_BYTES, CKF_ENCRYPT|CKF_DECRYPT|
5cb9d86f97eb79f6a8a7d6231cf0354196dce286Brendan Mmiller/* ARGSUSED */
5cb9d86f97eb79f6a8a7d6231cf0354196dce286Brendan MmillerC_GetSlotList(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList,
5cb9d86f97eb79f6a8a7d6231cf0354196dce286Brendan Mmiller * If KMS is not available or initialized, return 0 slots
5cb9d86f97eb79f6a8a7d6231cf0354196dce286Brendan Mmiller * but CKR_OK status.
0b90cf39da4c7ba2b843ffd3512d84d009b5dff0Brendan MmillerC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
0b90cf39da4c7ba2b843ffd3512d84d009b5dff0Brendan Mmiller /* Provide information about the slot in the provided buffer */
0b90cf39da4c7ba2b843ffd3512d84d009b5dff0Brendan Mmiller (void) strncpy((char *)pInfo->slotDescription, SLOT_DESCRIPTION,
0b90cf39da4c7ba2b843ffd3512d84d009b5dff0Brendan Mmiller (void) strncpy((char *)pInfo->manufacturerID, MANUFACTURER_ID, 32);
0b90cf39da4c7ba2b843ffd3512d84d009b5dff0Brendan Mmiller pInfo->hardwareVersion.major = HARDWARE_VERSION_MAJOR;
0b90cf39da4c7ba2b843ffd3512d84d009b5dff0Brendan Mmiller pInfo->hardwareVersion.minor = HARDWARE_VERSION_MINOR;
0b90cf39da4c7ba2b843ffd3512d84d009b5dff0Brendan Mmiller pInfo->firmwareVersion.major = FIRMWARE_VERSION_MAJOR;
0b90cf39da4c7ba2b843ffd3512d84d009b5dff0Brendan Mmiller pInfo->firmwareVersion.minor = FIRMWARE_VERSION_MINOR;
0b90cf39da4c7ba2b843ffd3512d84d009b5dff0Brendan MmillerC_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
0b90cf39da4c7ba2b843ffd3512d84d009b5dff0Brendan Mmiller /* Provide information about a token in the provided buffer */
0b90cf39da4c7ba2b843ffd3512d84d009b5dff0Brendan Mmiller (void) strncpy((char *)pInfo->label, KMS_TOKEN_LABEL, 32);
0b90cf39da4c7ba2b843ffd3512d84d009b5dff0Brendan Mmiller (void) strncpy((char *)pInfo->manufacturerID, MANUFACTURER_ID, 32);
0b90cf39da4c7ba2b843ffd3512d84d009b5dff0Brendan Mmiller (void) strncpy((char *)pInfo->model, KMS_TOKEN_MODEL, 16);
0b90cf39da4c7ba2b843ffd3512d84d009b5dff0Brendan Mmiller (void) strncpy((char *)pInfo->serialNumber, KMS_TOKEN_SERIAL, 16);
0b90cf39da4c7ba2b843ffd3512d84d009b5dff0Brendan Mmiller pInfo->ulMaxSessionCount = CK_EFFECTIVELY_INFINITE;
return (CKR_OK);
if (!kms_initialized)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
return (CKR_FUNCTION_NOT_SUPPORTED);
if (!kms_initialized)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
return (CKR_SLOT_ID_INVALID);
return (CKR_OK);
return (CKR_BUFFER_TOO_SMALL);
for (i = 0; i < mechnum; i++)
return (CKR_OK);
if (!kms_initialized)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
return (CKR_SLOT_ID_INVALID);
return (CKR_ARGUMENTS_BAD);
for (i = 0; i < mechnum; i++) {
if (i == mechnum)
return (CKR_MECHANISM_INVALID);
return (CKR_OK);
if (!kms_initialized)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
return (CKR_SLOT_ID_INVALID);
return (CKR_FUNCTION_FAILED);
&kmscfg,
(const char *)pPin,
return (rv);
if (!kms_initialized)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
return (CKR_FUNCTION_NOT_SUPPORTED);
if (!kms_initialized)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
return (rv);
return (rv);
if (!kms_is_initialized()) {
return (CKR_FUNCTION_FAILED);
return (CKR_ARGUMENTS_BAD);
if (!kms_is_pin_set()) {
(const char *)pOldPin,
(const char *)pOldPin,
(const char *)pNewPin);
return (rv);