/*
* Common Public License Version 0.5
*
* THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF
* THIS COMMON PUBLIC LICENSE ("AGREEMENT"). ANY USE,
* REPRODUCTION OR DISTRIBUTION OF THE PROGRAM CONSTITUTES
* RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT.
*
* 1. DEFINITIONS
*
* "Contribution" means:
* a) in the case of the initial Contributor, the
* initial code and documentation distributed under
* this Agreement, and
*
* b) in the case of each subsequent Contributor:
* i) changes to the Program, and
* ii) additions to the Program;
*
* where such changes and/or additions to the Program
* originate from and are distributed by that
* particular Contributor. A Contribution 'originates'
* from a Contributor if it was added to the Program
* by such Contributor itself or anyone acting on such
* Contributor's behalf. Contributions do not include
* additions to the Program which: (i) are separate
* modules of software distributed in conjunction with
* the Program under their own license agreement, and
* (ii) are not derivative works of the Program.
*
*
* "Contributor" means any person or entity that distributes
* the Program.
*
* "Licensed Patents " mean patent claims licensable by a
* Contributor which are necessarily infringed by the use or
* sale of its Contribution alone or when combined with the
* Program.
*
* "Program" means the Contributions distributed in
* accordance with this Agreement.
*
* "Recipient" means anyone who receives the Program under
* this Agreement, including all Contributors.
*
* 2. GRANT OF RIGHTS
*
* a) Subject to the terms of this Agreement, each
* Contributor hereby grants Recipient a
* no - exclusive, worldwide, royalt - free copyright
* license to reproduce, prepare derivative works of,
* publicly display, publicly perform, distribute and
* sublicense the Contribution of such Contributor, if
* any, and such derivative works, in source code and
* object code form.
*
* b) Subject to the terms of this Agreement, each
* Contributor hereby grants Recipient a
* no - exclusive, worldwide, royalt - free patent
* license under Licensed Patents to make, use, sell,
* offer to sell, import and otherwise transfer the
* Contribution of such Contributor, if any, in source
* code and object code form. This patent license
* shall apply to the combination of the Contribution
* and the Program if, at the time the Contribution is
* added by the Contributor, such addition of the
* Contribution causes such combination to be covered
* by the Licensed Patents. The patent license shall
* not apply to any other combinations which include
* the Contribution. No hardware per se is licensed
* hereunder.
*
* c) Recipient understands that although each
* Contributor grants the licenses to its
* Contributions set forth herein, no assurances are
* provided by any Contributor that the Program does
* not infringe the patent or other intellectual
* property rights of any other entity. Each
* Contributor disclaims any liability to Recipient
* for claims brought by any other entity based on
* infringement of intellectual property rights or
* otherwise. As a condition to exercising the rights
* and licenses granted hereunder, each Recipient
* hereby assumes sole responsibility to secure any
* other intellectual property rights needed, if any.
*
* For example, if a third party patent license is
* required to allow Recipient to distribute the
* Program, it is Recipient's responsibility to
* acquire that license before distributing the
* Program.
*
* d) Each Contributor represents that to its
* knowledge it has sufficient copyright rights in its
* Contribution, if any, to grant the copyright
* license set forth in this Agreement.
*
* 3. REQUIREMENTS
*
* A Contributor may choose to distribute the Program in
* object code form under its own license agreement, provided
* that:
* a) it complies with the terms and conditions of
* this Agreement; and
*
* b) its license agreement:
* i) effectively disclaims on behalf of all
* Contributors all warranties and conditions, express
* and implied, including warranties or conditions of
* title and no - infringement, and implied warranties
* or conditions of merchantability and fitness for a
* particular purpose;
*
* ii) effectively excludes on behalf of all
* Contributors all liability for damages, including
* direct, indirect, special, incidental and
* consequential damages, such as lost profits;
*
* iii) states that any provisions which differ from
* this Agreement are offered by that Contributor
* alone and not by any other party; and
*
* iv) states that source code for the Program is
* available from such Contributor, and informs
* licensees how to obtain it in a reasonable manner
* on or through a medium customarily used for
* software exchange.
*
* When the Program is made available in source code form:
* a) it must be made available under this Agreement;
* and
* b) a copy of this Agreement must be included with
* each copy of the Program.
*
* Contributors may not remove or alter any copyright notices
* contained within the Program.
*
* Each Contributor must identify itself as the originator of
* its Contribution, if any, in a manner that reasonably
* allows subsequent Recipients to identify the originator of
* the Contribution.
*
*
* 4. COMMERCIAL DISTRIBUTION
*
* Commercial distributors of software may accept certain
* responsibilities with respect to end users, business
* partners and the like. While this license is intended to
* facilitate the commercial use of the Program, the
* Contributor who includes the Program in a commercial
* product offering should do so in a manner which does not
* create potential liability for other Contributors.
* Therefore, if a Contributor includes the Program in a
* commercial product offering, such Contributor ("Commercial
* Contributor") hereby agrees to defend and indemnify every
* other Contributor ("Indemnified Contributor") against any
* losses, damages and costs (collectively "Losses") arising
* from claims, lawsuits and other legal actions brought by a
* third party against the Indemnified Contributor to the
* extent caused by the acts or omissions of such Commercial
* Contributor in connection with its distribution of the
* Program in a commercial product offering. The obligations
* in this section do not apply to any claims or Losses
* relating to any actual or alleged intellectual property
* infringement. In order to qualify, an Indemnified
* Contributor must: a) promptly notify the Commercial
* Contributor in writing of such claim, and b) allow the
* Commercial Contributor to control, and cooperate with the
* Commercial Contributor in, the defense and any related
* settlement negotiations. The Indemnified Contributor may
* participate in any such claim at its own expense.
*
*
* For example, a Contributor might include the Program in a
* commercial product offering, Product X. That Contributor
* is then a Commercial Contributor. If that Commercial
* Contributor then makes performance claims, or offers
* warranties related to Product X, those performance claims
* and warranties are such Commercial Contributor's
* responsibility alone. Under this section, the Commercial
* Contributor would have to defend claims against the other
* Contributors related to those performance claims and
* warranties, and if a court requires any other Contributor
* to pay any damages as a result, the Commercial Contributor
* must pay those damages.
*
*
* 5. NO WARRANTY
*
* EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE
* PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR
* IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR
* CONDITIONS OF TITLE, NO - INFRINGEMENT, MERCHANTABILITY OR
* FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is solely
* responsible for determining the appropriateness of using
* and distributing the Program and assumes all risks
* associated with its exercise of rights under this
* Agreement, including but not limited to the risks and
* costs of program errors, compliance with applicable laws,
* damage to or loss of data, programs or equipment, and
* unavailability or interruption of operations.
*
* 6. DISCLAIMER OF LIABILITY
* EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER
* RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION
* LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE
* OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGES.
*
* 7. GENERAL
*
* If any provision of this Agreement is invalid or
* unenforceable under applicable law, it shall not affect
* the validity or enforceability of the remainder of the
* terms of this Agreement, and without further action by the
* parties hereto, such provision shall be reformed to the
* minimum extent necessary to make such provision valid and
* enforceable.
*
*
* If Recipient institutes patent litigation against a
* Contributor with respect to a patent applicable to
* software (including a cros - claim or counterclaim in a
* lawsuit), then any patent licenses granted by that
* Contributor to such Recipient under this Agreement shall
* terminate as of the date such litigation is filed. In
* addition, If Recipient institutes patent litigation
* against any entity (including a cros - claim or
* counterclaim in a lawsuit) alleging that the Program
* itself (excluding combinations of the Program with other
* software or hardware) infringes such Recipient's
* patent(s), then such Recipient's rights granted under
* Section 2(b) shall terminate as of the date such
* litigation is filed.
*
* All Recipient's rights under this Agreement shall
* terminate if it fails to comply with any of the material
* terms or conditions of this Agreement and does not cure
* such failure in a reasonable period of time after becoming
* aware of such noncompliance. If all Recipient's rights
* under this Agreement terminate, Recipient agrees to cease
* use and distribution of the Program as soon as reasonably
* practicable. However, Recipient's obligations under this
* Agreement and any licenses granted by Recipient relating
* to the Program shall continue and survive.
*
* Everyone is permitted to copy and distribute copies of
* this Agreement, but in order to avoid inconsistency the
* Agreement is copyrighted and may only be modified in the
* following manner. The Agreement Steward reserves the right
* to publish new versions (including revisions) of this
* Agreement from time to time. No one other than the
* Agreement Steward has the right to modify this Agreement.
*
* IBM is the initial Agreement Steward. IBM may assign the
* responsibility to serve as the Agreement Steward to a
* suitable separate entity. Each new version of the
* Agreement will be given a distinguishing version number.
* The Program (including Contributions) may always be
* distributed subject to the version of the Agreement under
* which it was received. In addition, after a new version of
* the Agreement is published, Contributor may elect to
* distribute the Program (including its Contributions) under
* the new version. Except as expressly stated in Sections
* 2(a) and 2(b) above, Recipient receives no rights or
* licenses to the intellectual property of any Contributor
* under this Agreement, whether expressly, by implication,
* estoppel or otherwise. All rights in the Program not
* expressly granted under this Agreement are reserved.
*
*
* This Agreement is governed by the laws of the State of New
* York and the intellectual property laws of the United
* States of America. No party to this Agreement will bring a
* legal action under this Agreement more than one year after
* the cause of action arose. Each party waives its rights to
* a jury trial in any resulting litigation.
*
*
*
* (C) COPYRIGHT International Business Machines Corp. 2001, 2002
*/
/*
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#include "tpmtok_int.h"
#define LOG(x) logit(LOG_DEBUG, x)
/*
* NOTES:
* In many cases the specificaiton does not allow returns
* of CKR_ARGUMENTSB_BAD. We break the spec, since validation of parameters
* to the function are best represented by this return code (where
* specific RC's such as CKR_INVALID_SESSION do not exist).
* NOTE NOTE NOTE NOTE
* The parameter checking on the update operations may need to be
* modified (as well as the encrypt/decrypt) to call the std API
* anyway with sanatized parameters since on error, the encrypt/decrypt
* sign operations are all supposed to complete.
* Therefor the parameter checking here might need to be done in
* the STDLL instead of the API.
* This would affect ALL the Multipart operations which have
* an init followed by one or more operations.
*
* Globals for the API
*/
API_Proc_Struct_t *Anchor = NULL;
static unsigned int Initialized = 0;
static pthread_mutex_t global_mutex = PTHREAD_MUTEX_INITIALIZER;
struct ST_FCN_LIST FuncList;
CK_FUNCTION_LIST PK11_Functions;
extern pthread_rwlock_t obj_list_rw_mutex;
static void
tpmtoken_fork_prepare()
{
(void) pthread_mutex_lock(&global_mutex);
(void) pthread_mutex_lock(&pkcs_mutex);
(void) pthread_mutex_lock(&obj_list_mutex);
(void) pthread_rwlock_wrlock(&obj_list_rw_mutex);
(void) pthread_mutex_lock(&sess_list_mutex);
(void) pthread_mutex_lock(&login_mutex);
if (Anchor) {
(void) pthread_mutex_lock(&Anchor->ProcMutex);
(void) pthread_mutex_lock(&Anchor->SessListMutex);
}
}
static void
tpmtoken_fork_parent()
{
if (Anchor) {
(void) pthread_mutex_unlock(&Anchor->SessListMutex);
(void) pthread_mutex_unlock(&Anchor->ProcMutex);
}
(void) pthread_mutex_unlock(&login_mutex);
(void) pthread_mutex_unlock(&sess_list_mutex);
(void) pthread_rwlock_unlock(&obj_list_rw_mutex);
(void) pthread_mutex_unlock(&obj_list_mutex);
(void) pthread_mutex_unlock(&pkcs_mutex);
(void) pthread_mutex_unlock(&global_mutex);
}
static void
tpmtoken_fork_child()
{
if (Anchor) {
(void) pthread_mutex_unlock(&Anchor->SessListMutex);
(void) pthread_mutex_unlock(&Anchor->ProcMutex);
}
(void) pthread_mutex_unlock(&login_mutex);
(void) pthread_mutex_unlock(&sess_list_mutex);
(void) pthread_rwlock_unlock(&obj_list_rw_mutex);
(void) pthread_mutex_unlock(&obj_list_mutex);
(void) pthread_mutex_unlock(&pkcs_mutex);
(void) pthread_mutex_unlock(&global_mutex);
if (Anchor) {
Terminate_All_Process_Sessions();
free(Anchor);
Anchor = NULL;
}
if (FuncList.ST_Finalize)
FuncList.ST_Finalize(0);
logterm();
loginit();
}
/*ARGSUSED*/
CK_RV
C_CancelFunction(CK_SESSION_HANDLE hSession)
{
LOG("C_CancelFunction");
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
return (CKR_FUNCTION_NOT_PARALLEL);
}
CK_RV
C_CloseAllSessions(CK_SLOT_ID slotID)
{
Session_Struct_t *pCur, *pPrev;
CK_RV rv;
/*
* Although why does modutil do a close all sessions. It is a single
* application it can only close its sessions...
* And all sessions should be closed anyhow.
*/
LOG("CloseAllSessions");
if (API_Initialized() == FALSE)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
if (!global_shm->token_available || (slotID > NUMBER_SLOTS_MANAGED))
return (CKR_SLOT_ID_INVALID);
/*
* Proc Mutex is locked when we remove from the seesion list in
* Close SEssion. Therefore we don't need to do any locking
* the atomic operations are controled when we use the linked list
*/
pCur = (Anchor ? Anchor->SessListBeg : NULL);
while (pCur) {
/*
* Session owned by the slot we are working on
* There is a basic problem here. We are using th pCur
* to point to the current one, however we delete it from
* the linked list and can no longer go Forward. So we
* have to use the fact that this is a doubly linked list
* and get the previous pointer. After deletion, the next
* pointer of this block will point to the next one in the
* list.
* If the value is Null, then this was the first one in
* the list and we just set pCur to the SessListBeg.
*/
if (pCur->SltId == slotID) {
pPrev = pCur->Previous;
rv = C_CloseSession((CK_SESSION_HANDLE)pCur);
if (rv == CKR_OK ||
rv == CKR_SESSION_CLOSED ||
rv == CKR_SESSION_HANDLE_INVALID) {
if (pPrev == NULL) {
pCur = Anchor->SessListBeg;
} else {
pCur = pPrev->Next;
}
} else {
return (rv);
}
} else {
pCur = pCur->Next;
}
}
LOG("CloseAllSessions OK");
return (CKR_OK);
}
CK_RV
C_CloseSession(CK_SESSION_HANDLE hSession)
{
CK_RV rv;
Session_Struct_t *sessp;
ST_SESSION_T rSession;
LOG("C_CloseSession");
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
/* Validate Session */
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_CloseSession) {
/* Map the Session to the slot session */
rv = FuncList.ST_CloseSession(rSession);
if (rv == CKR_OK) {
sessp = (Session_Struct_t *)hSession;
RemoveFromSessionList(sessp);
}
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_CopyObject(
CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount,
CK_OBJECT_HANDLE_PTR phNewObject)
{
CK_RV rv;
ST_SESSION_T rSession;
LOG("C_CopyObject");
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (!phNewObject) {
return (CKR_ARGUMENTS_BAD);
}
/*
* A null template with a count will cause the lower layer
* to have problems.
* Template with 0 count is not a problem.
*/
if (!pTemplate && ulCount) {
return (CKR_ARGUMENTS_BAD);
}
if (FuncList.ST_CopyObject) {
rv = FuncList.ST_CopyObject(rSession, hObject, pTemplate,
ulCount, phNewObject);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_CreateObject(
CK_SESSION_HANDLE hSession,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount,
CK_OBJECT_HANDLE_PTR phObject)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (! pTemplate) {
return (CKR_TEMPLATE_INCOMPLETE);
}
if (ulCount == 0) {
return (CKR_TEMPLATE_INCOMPLETE);
}
if (! phObject) {
return (CKR_ARGUMENTS_BAD);
}
if (FuncList.ST_CreateObject) {
// Map the Session to the slot session
rv = FuncList.ST_CreateObject(rSession, pTemplate,
ulCount, phObject);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_Decrypt(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pEncryptedData,
CK_ULONG ulEncryptedDataLen,
CK_BYTE_PTR pData,
CK_ULONG_PTR pulDataLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_Decrypt) {
rv = FuncList.ST_Decrypt(rSession, pEncryptedData,
ulEncryptedDataLen, pData, pulDataLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_DecryptDigestUpdate(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG ulEncryptedPartLen,
CK_BYTE_PTR pPart,
CK_ULONG_PTR pulPartLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (! pEncryptedPart || ! pulPartLen) {
return (CKR_ARGUMENTS_BAD);
}
if (FuncList.ST_DecryptDigestUpdate) {
rv = FuncList.ST_DecryptDigestUpdate(rSession, pEncryptedPart,
ulEncryptedPartLen, pPart, pulPartLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_DecryptFinal(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pLastPart,
CK_ULONG_PTR pulLastPartLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
/*
* It is acceptable to have a Null pointer for the data since
* it is trying to get the length of the last part....
* The spec is unclear if a second call to Final is needed
* if there is no data in the last part.
*/
if (! pulLastPartLen) {
return (CKR_ARGUMENTS_BAD);
}
if (FuncList.ST_DecryptFinal) {
rv = FuncList.ST_DecryptFinal(rSession, pLastPart,
pulLastPartLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_DecryptInit(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (! pMechanism) {
return (CKR_MECHANISM_INVALID);
}
if (FuncList.ST_DecryptInit) {
rv = FuncList.ST_DecryptInit(rSession, pMechanism, hKey);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_DecryptUpdate(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG ulEncryptedPartLen,
CK_BYTE_PTR pPart,
CK_ULONG_PTR pulPartLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (!pEncryptedPart || !pulPartLen) {
return (CKR_ARGUMENTS_BAD);
}
if (FuncList.ST_DecryptUpdate) {
rv = FuncList.ST_DecryptUpdate(rSession, pEncryptedPart,
ulEncryptedPartLen, pPart, pulPartLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG ulEncryptedPartLen,
CK_BYTE_PTR pPart,
CK_ULONG_PTR pulPartLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
// Validate Session
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
// May have to let these go through and let the STDLL handle them
if (! pEncryptedPart || ! pulPartLen) {
return (CKR_ARGUMENTS_BAD);
}
// Get local pointers to session
if (FuncList.ST_DecryptVerifyUpdate) {
// Map the Session to the slot session
rv = FuncList.ST_DecryptVerifyUpdate(rSession,
pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_DeriveKey(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hBaseKey,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
CK_OBJECT_HANDLE_PTR phKey)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (!pMechanism) {
return (CKR_MECHANISM_INVALID);
}
if (!pTemplate && ulAttributeCount) {
return (CKR_ARGUMENTS_BAD);
}
if (FuncList.ST_DeriveKey) {
rv = FuncList.ST_DeriveKey(rSession, pMechanism,
hBaseKey, pTemplate, ulAttributeCount, phKey);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_DestroyObject(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_DestroyObject) {
rv = FuncList.ST_DestroyObject(rSession, hObject);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_Digest(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pData,
CK_ULONG ulDataLen,
CK_BYTE_PTR pDigest,
CK_ULONG_PTR pulDigestLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_Digest) {
rv = FuncList.ST_Digest(rSession, pData, ulDataLen,
pDigest, pulDigestLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_DigestEncryptUpdate(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart,
CK_ULONG ulPartLen,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG_PTR pulEncryptedPartLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pPart || ! pulEncryptedPartLen) {
return (CKR_ARGUMENTS_BAD);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_DigestEncryptUpdate) {
rv = FuncList.ST_DigestEncryptUpdate(rSession, pPart,
ulPartLen, pEncryptedPart, pulEncryptedPartLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_DigestFinal(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pDigest,
CK_ULONG_PTR pulDigestLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pulDigestLen) {
return (CKR_ARGUMENTS_BAD);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_DigestFinal) {
rv = FuncList.ST_DigestFinal(rSession, pDigest, pulDigestLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_DigestInit(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pMechanism) {
return (CKR_MECHANISM_INVALID);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_DigestInit) {
rv = FuncList.ST_DigestInit(rSession, pMechanism);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_DigestKey(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hKey)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_DigestKey) {
rv = FuncList.ST_DigestKey(rSession, hKey);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_DigestUpdate(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart,
CK_ULONG ulPartLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_DigestUpdate) {
rv = FuncList.ST_DigestUpdate(rSession, pPart, ulPartLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_Encrypt(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pData,
CK_ULONG ulDataLen,
CK_BYTE_PTR pEncryptedData,
CK_ULONG_PTR pulEncryptedDataLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
// Get local pointers to session
if (FuncList.ST_Encrypt) {
// Map the Session to the slot session
rv = FuncList.ST_Encrypt(rSession, pData, ulDataLen,
pEncryptedData, pulEncryptedDataLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_EncryptFinal(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pLastEncryptedPart,
CK_ULONG_PTR pulLastEncryptedPartLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_EncryptFinal) {
rv = FuncList.ST_EncryptFinal(rSession,
pLastEncryptedPart, pulLastEncryptedPartLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_EncryptInit(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pMechanism) {
return (CKR_MECHANISM_INVALID);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_EncryptInit) {
rv = FuncList.ST_EncryptInit(rSession, pMechanism, hKey);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_EncryptUpdate(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart,
CK_ULONG ulPartLen,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG_PTR pulEncryptedPartLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (!pPart || !pulEncryptedPartLen) {
return (CKR_ARGUMENTS_BAD);
}
if (!Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_EncryptUpdate) {
rv = FuncList.ST_EncryptUpdate(rSession, pPart, ulPartLen,
pEncryptedPart, pulEncryptedPartLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
do_finalize(CK_VOID_PTR pReserved)
{
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (pReserved != NULL) {
return (CKR_ARGUMENTS_BAD);
}
(void) pthread_mutex_lock(&global_mutex);
if (Anchor)
Terminate_All_Process_Sessions();
if (FuncList.ST_Finalize)
FuncList.ST_Finalize(0);
free(Anchor);
Anchor = NULL;
(void) pthread_mutex_unlock(&global_mutex);
return (CKR_OK);
}
CK_RV
C_Finalize(CK_VOID_PTR pReserved) {
return (do_finalize(pReserved));
}
CK_RV
C_FindObjects(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE_PTR phObject,
CK_ULONG ulMaxObjectCount,
CK_ULONG_PTR pulObjectCount)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! phObject || ! pulObjectCount) {
return (CKR_ARGUMENTS_BAD);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_FindObjects) {
rv = FuncList.ST_FindObjects(rSession, phObject,
ulMaxObjectCount, pulObjectCount);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_FindObjectsFinal(CK_SESSION_HANDLE hSession)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_FindObjectsFinal) {
rv = FuncList.ST_FindObjectsFinal(rSession);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_FindObjectsInit(CK_SESSION_HANDLE hSession,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_FindObjectsInit) {
rv = FuncList.ST_FindObjectsInit(rSession, pTemplate, ulCount);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_GenerateKey(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount,
CK_OBJECT_HANDLE_PTR phKey)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pMechanism) {
return (CKR_MECHANISM_INVALID);
}
if (! phKey) {
return (CKR_ARGUMENTS_BAD);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_GenerateKey) {
rv = FuncList.ST_GenerateKey(rSession, pMechanism,
pTemplate, ulCount, phKey);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_GenerateKeyPair(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_ATTRIBUTE_PTR pPublicKeyTemplate,
CK_ULONG ulPublicKeyAttributeCount,
CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
CK_ULONG ulPrivateKeyAttributeCount,
CK_OBJECT_HANDLE_PTR phPublicKey,
CK_OBJECT_HANDLE_PTR phPrivateKey)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pMechanism) {
return (CKR_MECHANISM_INVALID);
}
if (! phPublicKey || ! phPrivateKey) {
return (CKR_ARGUMENTS_BAD);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_GenerateKeyPair) {
rv = FuncList.ST_GenerateKeyPair(rSession,
pMechanism, pPublicKeyTemplate,
ulPublicKeyAttributeCount, pPrivateKeyTemplate,
ulPrivateKeyAttributeCount, phPublicKey, phPrivateKey);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_GenerateRandom(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR RandomData,
CK_ULONG ulRandomLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! RandomData)
return (CKR_ARGUMENTS_BAD);
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_GenerateRandom) {
rv = FuncList.ST_GenerateRandom(rSession, RandomData,
ulRandomLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_GetAttributeValue(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pTemplate) {
return (CKR_TEMPLATE_INCOMPLETE);
}
if (ulCount == 0) {
return (CKR_TEMPLATE_INCOMPLETE);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_GetAttributeValue) {
rv = FuncList.ST_GetAttributeValue(rSession, hObject,
pTemplate, ulCount);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList)
{
PK11_Functions.version.major = VERSION_MAJOR;
PK11_Functions.version.minor = VERSION_MINOR;
PK11_Functions.C_Initialize = C_Initialize;
PK11_Functions.C_Finalize = C_Finalize;
PK11_Functions.C_GetInfo = C_GetInfo;
PK11_Functions.C_GetFunctionList = C_GetFunctionList;
PK11_Functions.C_GetSlotList = C_GetSlotList;
PK11_Functions.C_GetSlotInfo = C_GetSlotInfo;
PK11_Functions.C_GetTokenInfo = C_GetTokenInfo;
PK11_Functions.C_GetMechanismList = C_GetMechanismList;
PK11_Functions.C_GetMechanismInfo = C_GetMechanismInfo;
PK11_Functions.C_InitToken = C_InitToken;
PK11_Functions.C_InitPIN = C_InitPIN;
PK11_Functions.C_SetPIN = C_SetPIN;
PK11_Functions.C_OpenSession = C_OpenSession;
PK11_Functions.C_CloseSession = C_CloseSession;
PK11_Functions.C_CloseAllSessions = C_CloseAllSessions;
PK11_Functions.C_GetSessionInfo = C_GetSessionInfo;
PK11_Functions.C_GetOperationState = C_GetOperationState;
PK11_Functions.C_SetOperationState = C_SetOperationState;
PK11_Functions.C_Login = C_Login;
PK11_Functions.C_Logout = C_Logout;
PK11_Functions.C_CreateObject = C_CreateObject;
PK11_Functions.C_CopyObject = C_CopyObject;
PK11_Functions.C_DestroyObject = C_DestroyObject;
PK11_Functions.C_GetObjectSize = C_GetObjectSize;
PK11_Functions.C_GetAttributeValue = C_GetAttributeValue;
PK11_Functions.C_SetAttributeValue = C_SetAttributeValue;
PK11_Functions.C_FindObjectsInit = C_FindObjectsInit;
PK11_Functions.C_FindObjects = C_FindObjects;
PK11_Functions.C_FindObjectsFinal = C_FindObjectsFinal;
PK11_Functions.C_EncryptInit = C_EncryptInit;
PK11_Functions.C_Encrypt = C_Encrypt;
PK11_Functions.C_EncryptUpdate = C_EncryptUpdate;
PK11_Functions.C_EncryptFinal = C_EncryptFinal;
PK11_Functions.C_DecryptInit = C_DecryptInit;
PK11_Functions.C_Decrypt = C_Decrypt;
PK11_Functions.C_DecryptUpdate = C_DecryptUpdate;
PK11_Functions.C_DecryptFinal = C_DecryptFinal;
PK11_Functions.C_DigestInit = C_DigestInit;
PK11_Functions.C_Digest = C_Digest;
PK11_Functions.C_DigestUpdate = C_DigestUpdate;
PK11_Functions.C_DigestKey = C_DigestKey;
PK11_Functions.C_DigestFinal = C_DigestFinal;
PK11_Functions.C_SignInit = C_SignInit;
PK11_Functions.C_Sign = C_Sign;
PK11_Functions.C_SignUpdate = C_SignUpdate;
PK11_Functions.C_SignFinal = C_SignFinal;
PK11_Functions.C_SignRecoverInit = C_SignRecoverInit;
PK11_Functions.C_SignRecover = C_SignRecover;
PK11_Functions.C_VerifyInit = C_VerifyInit;
PK11_Functions.C_Verify = C_Verify;
PK11_Functions.C_VerifyUpdate = C_VerifyUpdate;
PK11_Functions.C_VerifyFinal = C_VerifyFinal;
PK11_Functions.C_VerifyRecoverInit = C_VerifyRecoverInit;
PK11_Functions.C_VerifyRecover = C_VerifyRecover;
PK11_Functions.C_DigestEncryptUpdate = C_DigestEncryptUpdate;
PK11_Functions.C_DecryptDigestUpdate = C_DecryptDigestUpdate;
PK11_Functions.C_SignEncryptUpdate = C_SignEncryptUpdate;
PK11_Functions.C_DecryptVerifyUpdate = C_DecryptVerifyUpdate;
PK11_Functions.C_GenerateKey = C_GenerateKey;
PK11_Functions.C_GenerateKeyPair = C_GenerateKeyPair;
PK11_Functions.C_WrapKey = C_WrapKey;
PK11_Functions.C_UnwrapKey = C_UnwrapKey;
PK11_Functions.C_DeriveKey = C_DeriveKey;
PK11_Functions.C_SeedRandom = C_SeedRandom;
PK11_Functions.C_GenerateRandom = C_GenerateRandom;
PK11_Functions.C_GetFunctionStatus = C_GetFunctionStatus;
PK11_Functions.C_CancelFunction = C_CancelFunction;
PK11_Functions.C_WaitForSlotEvent = C_WaitForSlotEvent;
if (ppFunctionList) {
(*ppFunctionList) = &PK11_Functions;
return (CKR_OK);
} else {
return (CKR_ARGUMENTS_BAD);
}
}
/*ARGSUSED*/
CK_RV
C_GetFunctionStatus(CK_SESSION_HANDLE hSession)
{
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
return (CKR_FUNCTION_NOT_PARALLEL); // PER Specification PG 170
}
CK_RV
C_GetInfo(CK_INFO_PTR pInfo)
{
TOKEN_DATA td;
TSS_HCONTEXT hContext;
if (! API_Initialized()) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pInfo) {
return (CKR_FUNCTION_FAILED);
}
(void) memset(pInfo, 0, sizeof (*pInfo));
pInfo->cryptokiVersion.major = 2;
pInfo->cryptokiVersion.minor = 20;
if (open_tss_context(&hContext) == 0) {
/*
* Only populate the TPM info if we can establish
* a context, but don't return failure because
* the framework needs to know some of the info.
*/
(void) token_get_tpm_info(hContext, &td);
(void) Tspi_Context_Close(hContext);
(void) memcpy(pInfo->manufacturerID,
&(td.token_info.manufacturerID),
sizeof (pInfo->manufacturerID) - 1);
pInfo->flags = td.token_info.flags;
}
(void) strcpy((char *)pInfo->libraryDescription,
"PKCS11 Interface for TPM");
pInfo->libraryVersion.major = 1;
pInfo->libraryVersion.minor = 0;
return (CKR_OK);
}
CK_RV
C_GetMechanismInfo(CK_SLOT_ID slotID,
CK_MECHANISM_TYPE type,
CK_MECHANISM_INFO_PTR pInfo)
{
CK_RV rv;
if (API_Initialized() == FALSE)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
if (!global_shm->token_available || (slotID > NUMBER_SLOTS_MANAGED))
return (CKR_SLOT_ID_INVALID);
if (FuncList.ST_GetMechanismInfo) {
rv = FuncList.ST_GetMechanismInfo(slotID, type, pInfo);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_GetMechanismList(CK_SLOT_ID slotID,
CK_MECHANISM_TYPE_PTR pMechanismList,
CK_ULONG_PTR pulCount)
{
CK_RV rv;
if (API_Initialized() == FALSE)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
if (! pulCount)
return (CKR_ARGUMENTS_BAD);
if (!global_shm->token_available || (slotID > NUMBER_SLOTS_MANAGED))
return (CKR_SLOT_ID_INVALID);
if (FuncList.ST_GetMechanismList) {
rv = FuncList.ST_GetMechanismList(slotID,
pMechanismList, pulCount);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
if (rv == CKR_OK) {
if (pMechanismList) {
unsigned long i;
for (i = 0; i < *pulCount; i++) {
logit(LOG_DEBUG, "Mechanism[%d] 0x%08X ",
i, pMechanismList[i]);
}
}
}
return (rv);
}
CK_RV
C_GetObjectSize(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject,
CK_ULONG_PTR pulSize)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pulSize) {
return (CKR_ARGUMENTS_BAD);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_GetObjectSize) {
rv = FuncList.ST_GetObjectSize(rSession, hObject, pulSize);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_GetOperationState(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pOperationState,
CK_ULONG_PTR pulOperationStateLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pulOperationStateLen) {
return (CKR_ARGUMENTS_BAD);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_GetOperationState) {
rv = FuncList.ST_GetOperationState(rSession,
pOperationState, pulOperationStateLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_GetSessionInfo(CK_SESSION_HANDLE hSession,
CK_SESSION_INFO_PTR pInfo)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pInfo) {
return (CKR_ARGUMENTS_BAD);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_GetSessionInfo) {
rv = FuncList.ST_GetSessionInfo(rSession, pInfo);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_GetSlotInfo(CK_SLOT_ID slotID,
CK_SLOT_INFO_PTR pInfo)
{
if (API_Initialized() == FALSE)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
if (!pInfo)
return (CKR_FUNCTION_FAILED);
if (!global_shm->token_available || (slotID > NUMBER_SLOTS_MANAGED))
return (CKR_SLOT_ID_INVALID);
copy_slot_info(slotID, pInfo);
return (CKR_OK);
}
/*ARGSUSED*/
CK_RV
C_GetSlotList(CK_BBOOL tokenPresent,
CK_SLOT_ID_PTR pSlotList,
CK_ULONG_PTR pulCount)
{
CK_ULONG count;
CK_SLOT_INFO slotInfo;
if (API_Initialized() == FALSE)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
if (pulCount == NULL)
return (CKR_FUNCTION_FAILED);
count = 0;
/*
* If we can't talk to the TPM, present no slots
*/
if (!global_shm->token_available) {
*pulCount = 0;
return (CKR_OK);
}
copy_slot_info(TPM_SLOTID, &slotInfo);
if ((slotInfo.flags & CKF_TOKEN_PRESENT))
count++;
*pulCount = count;
if (pSlotList == NULL) {
return (CKR_OK);
} else {
if (*pulCount < count)
return (CKR_BUFFER_TOO_SMALL);
pSlotList[0] = TPM_SLOTID;
}
return (CKR_OK);
}
CK_RV
C_GetTokenInfo(CK_SLOT_ID slotID,
CK_TOKEN_INFO_PTR pInfo)
{
CK_RV rv;
if (API_Initialized() == FALSE)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
if (!pInfo)
return (CKR_ARGUMENTS_BAD);
if (!global_shm->token_available || (slotID > NUMBER_SLOTS_MANAGED))
return (CKR_SLOT_ID_INVALID);
slotID = TPM_SLOTID;
if (FuncList.ST_GetTokenInfo) {
rv = FuncList.ST_GetTokenInfo(slotID, pInfo);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_Initialize(CK_VOID_PTR pVoid)
{
CK_RV rv = CKR_OK;
CK_C_INITIALIZE_ARGS *pArg;
extern CK_RV ST_Initialize(void *,
CK_SLOT_ID, unsigned char *);
(void) pthread_mutex_lock(&global_mutex);
if (! Anchor) {
Anchor = (API_Proc_Struct_t *)malloc(
sizeof (API_Proc_Struct_t));
if (Anchor == NULL) {
(void) pthread_mutex_unlock(&global_mutex);
return (CKR_HOST_MEMORY);
}
} else {
(void) pthread_mutex_unlock(&global_mutex);
return (CKR_CRYPTOKI_ALREADY_INITIALIZED);
}
/*
* if pVoid is NULL, then everything is OK. The applicaiton
* will not be doing multi thread accesses. We can use the OS
* locks anyhow.
*/
if (pVoid != NULL) {
int supplied_ok;
pArg = (CK_C_INITIALIZE_ARGS *)pVoid;
/*
* ALL supplied function pointers need to have the value
* either NULL or no - NULL.
*/
supplied_ok = (pArg->CreateMutex == NULL &&
pArg->DestroyMutex == NULL &&
pArg->LockMutex == NULL &&
pArg->UnlockMutex == NULL) ||
(pArg->CreateMutex != NULL &&
pArg->DestroyMutex != NULL &&
pArg->LockMutex != NULL &&
pArg->UnlockMutex != NULL);
if (!supplied_ok) {
(void) pthread_mutex_unlock(&global_mutex);
return (CKR_ARGUMENTS_BAD);
}
/* Check for a pReserved set */
if (pArg->pReserved != NULL) {
free(Anchor);
Anchor = NULL;
(void) pthread_mutex_unlock(&global_mutex);
return (CKR_ARGUMENTS_BAD);
}
/*
* When the CKF_OS_LOCKING_OK flag isn't set and mutex
* function pointers are supplied by an application,
* return (an error. We must be able to use our own primitives.
*/
if (!(pArg->flags & CKF_OS_LOCKING_OK) &&
(pArg->CreateMutex != NULL)) {
(void) pthread_mutex_unlock(&global_mutex);
return (CKR_CANT_LOCK);
}
}
(void) memset((char *)Anchor, 0, sizeof (API_Proc_Struct_t));
(void) pthread_mutex_init(&(Anchor->ProcMutex), NULL);
(void) pthread_mutex_init(&(Anchor->SessListMutex), NULL);
Anchor->Pid = getpid();
rv = ST_Initialize((void *)&FuncList, 0, NULL);
(void) pthread_mutex_unlock(&global_mutex);
return (rv);
}
CK_RV
C_InitPIN(CK_SESSION_HANDLE hSession,
CK_CHAR_PTR pPin,
CK_ULONG ulPinLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
if (! pPin && ulPinLen)
return (CKR_ARGUMENTS_BAD);
if (! Valid_Session((Session_Struct_t *)hSession, &rSession))
return (CKR_SESSION_HANDLE_INVALID);
if (rSession.slotID > NUMBER_SLOTS_MANAGED)
return (CKR_SLOT_ID_INVALID);
if (FuncList.ST_InitPIN)
rv = FuncList.ST_InitPIN(rSession, pPin, ulPinLen);
else
rv = CKR_FUNCTION_NOT_SUPPORTED;
return (rv);
}
CK_RV
C_InitToken(CK_SLOT_ID slotID,
CK_CHAR_PTR pPin,
CK_ULONG ulPinLen,
CK_CHAR_PTR pLabel)
{
CK_RV rv;
if (API_Initialized() == FALSE)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
if (! pPin && ulPinLen)
return (CKR_ARGUMENTS_BAD);
if (! pLabel)
return (CKR_ARGUMENTS_BAD);
if (!global_shm->token_available)
return (CKR_SLOT_ID_INVALID);
if (FuncList.ST_InitToken)
rv = FuncList.ST_InitToken(slotID, pPin, ulPinLen, pLabel);
else
rv = CKR_FUNCTION_NOT_SUPPORTED;
return (rv);
}
CK_RV
C_Login(CK_SESSION_HANDLE hSession,
CK_USER_TYPE userType,
CK_CHAR_PTR pPin,
CK_ULONG ulPinLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_Login) {
rv = FuncList.ST_Login(rSession, userType, pPin, ulPinLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_Logout(CK_SESSION_HANDLE hSession)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_Logout) {
rv = FuncList.ST_Logout(rSession);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
/*ARGSUSED*/
CK_RV
C_OpenSession(
CK_SLOT_ID slotID,
CK_FLAGS flags,
CK_VOID_PTR pApplication,
CK_NOTIFY Notify,
CK_SESSION_HANDLE_PTR phSession)
{
CK_RV rv;
Session_Struct_t *apiSessp;
if (API_Initialized() == FALSE)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
if (!global_shm->token_available || (slotID > NUMBER_SLOTS_MANAGED))
return (CKR_SLOT_ID_INVALID);
if (! phSession)
return (CKR_FUNCTION_FAILED);
if ((flags & CKF_SERIAL_SESSION) == 0)
return (CKR_SESSION_PARALLEL_NOT_SUPPORTED);
if ((apiSessp = (Session_Struct_t *)malloc(
sizeof (Session_Struct_t))) == NULL)
return (CKR_HOST_MEMORY);
if (FuncList.ST_OpenSession) {
rv = FuncList.ST_OpenSession(slotID, flags,
&(apiSessp->RealHandle));
if (rv == CKR_OK) {
*phSession = (CK_SESSION_HANDLE)apiSessp;
apiSessp->SltId = slotID;
AddToSessionList(apiSessp);
} else {
free(apiSessp);
}
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_SeedRandom(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pSeed,
CK_ULONG ulSeedLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pSeed && ulSeedLen) {
return (CKR_ARGUMENTS_BAD);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_SeedRandom) {
rv = FuncList.ST_SeedRandom(rSession, pSeed, ulSeedLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_SetAttributeValue(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (! pTemplate) {
return (CKR_TEMPLATE_INCOMPLETE);
}
if (! ulCount) {
return (CKR_TEMPLATE_INCOMPLETE);
}
// Get local pointers to session
if (FuncList.ST_SetAttributeValue) {
rv = FuncList.ST_SetAttributeValue(rSession, hObject,
pTemplate, ulCount);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_SetOperationState(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pOperationState,
CK_ULONG ulOperationStateLen,
CK_OBJECT_HANDLE hEncryptionKey,
CK_OBJECT_HANDLE hAuthenticationKey)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (! pOperationState || ulOperationStateLen == 0) {
return (CKR_ARGUMENTS_BAD);
}
if (FuncList.ST_SetOperationState) {
rv = FuncList.ST_SetOperationState(rSession, pOperationState,
ulOperationStateLen, hEncryptionKey, hAuthenticationKey);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_SetPIN(CK_SESSION_HANDLE hSession,
CK_CHAR_PTR pOldPin,
CK_ULONG ulOldLen,
CK_CHAR_PTR pNewPin,
CK_ULONG ulNewLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pOldPin || ! pNewPin)
return (CKR_PIN_INVALID);
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_SetPIN) {
rv = FuncList.ST_SetPIN(rSession, pOldPin, ulOldLen,
pNewPin, ulNewLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_Sign(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pData,
CK_ULONG ulDataLen,
CK_BYTE_PTR pSignature,
CK_ULONG_PTR pulSignatureLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_Sign) {
rv = FuncList.ST_Sign(rSession, pData, ulDataLen,
pSignature, pulSignatureLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_SignEncryptUpdate(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart,
CK_ULONG ulPartLen,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG_PTR pulEncryptedPartLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pPart || ! pulEncryptedPartLen) {
return (CKR_ARGUMENTS_BAD);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_SignEncryptUpdate) {
rv = FuncList.ST_SignEncryptUpdate(rSession, pPart,
ulPartLen, pEncryptedPart, pulEncryptedPartLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_SignFinal(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pSignature,
CK_ULONG_PTR pulSignatureLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pulSignatureLen) {
return (CKR_ARGUMENTS_BAD);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_SignFinal) {
rv = FuncList.ST_SignFinal(rSession, pSignature,
pulSignatureLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_SignInit(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pMechanism) {
return (CKR_MECHANISM_INVALID);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_SignInit) {
rv = FuncList.ST_SignInit(rSession, pMechanism, hKey);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_SignRecover(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pData,
CK_ULONG ulDataLen,
CK_BYTE_PTR pSignature,
CK_ULONG_PTR pulSignatureLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_SignRecover) {
rv = FuncList.ST_SignRecover(rSession, pData,
ulDataLen, pSignature, pulSignatureLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_SignRecoverInit(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pMechanism) {
return (CKR_MECHANISM_INVALID);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_SignRecoverInit) {
rv = FuncList.ST_SignRecoverInit(rSession, pMechanism, hKey);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_SignUpdate(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart,
CK_ULONG ulPartLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_SignUpdate) {
rv = FuncList.ST_SignUpdate(rSession, pPart, ulPartLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_UnwrapKey(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hUnwrappingKey,
CK_BYTE_PTR pWrappedKey,
CK_ULONG ulWrappedKeyLen,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
CK_OBJECT_HANDLE_PTR phKey)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (!pMechanism) {
return (CKR_MECHANISM_INVALID);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_UnwrapKey) {
rv = FuncList.ST_UnwrapKey(rSession, pMechanism,
hUnwrappingKey, pWrappedKey, ulWrappedKeyLen,
pTemplate, ulAttributeCount, phKey);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_Verify(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pData,
CK_ULONG ulDataLen,
CK_BYTE_PTR pSignature,
CK_ULONG ulSignatureLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_Verify) {
rv = FuncList.ST_Verify(rSession, pData, ulDataLen,
pSignature, ulSignatureLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_VerifyFinal(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pSignature,
CK_ULONG ulSignatureLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pSignature) {
return (CKR_ARGUMENTS_BAD);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_VerifyFinal) {
rv = FuncList.ST_VerifyFinal(rSession, pSignature,
ulSignatureLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_VerifyInit(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pMechanism) {
return (CKR_MECHANISM_INVALID);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_VerifyInit) {
rv = FuncList.ST_VerifyInit(rSession, pMechanism, hKey);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_VerifyRecover(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pSignature,
CK_ULONG ulSignatureLen,
CK_BYTE_PTR pData,
CK_ULONG_PTR pulDataLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_VerifyRecover) {
rv = FuncList.ST_VerifyRecover(rSession, pSignature,
ulSignatureLen, pData, pulDataLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_VerifyRecoverInit(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pMechanism) {
return (CKR_MECHANISM_INVALID);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_VerifyRecoverInit) {
rv = FuncList.ST_VerifyRecoverInit(rSession, pMechanism, hKey);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
CK_RV
C_VerifyUpdate(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart,
CK_ULONG ulPartLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_VerifyUpdate) {
rv = FuncList.ST_VerifyUpdate(rSession, pPart, ulPartLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
/*ARGSUSED*/
CK_RV
C_WaitForSlotEvent(CK_FLAGS flags,
CK_SLOT_ID_PTR pSlot,
CK_VOID_PTR pReserved)
{
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
return (CKR_FUNCTION_NOT_SUPPORTED);
}
CK_RV
C_WrapKey(CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hWrappingKey,
CK_OBJECT_HANDLE hKey,
CK_BYTE_PTR pWrappedKey,
CK_ULONG_PTR pulWrappedKeyLen)
{
CK_RV rv;
ST_SESSION_T rSession;
if (API_Initialized() == FALSE) {
return (CKR_CRYPTOKI_NOT_INITIALIZED);
}
if (! pMechanism) {
return (CKR_MECHANISM_INVALID);
}
if (! Valid_Session((Session_Struct_t *)hSession, &rSession)) {
return (CKR_SESSION_HANDLE_INVALID);
}
if (FuncList.ST_WrapKey) {
rv = FuncList.ST_WrapKey(rSession, pMechanism, hWrappingKey,
hKey, pWrappedKey, pulWrappedKeyLen);
} else {
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
return (rv);
}
#pragma init(api_init)
#pragma fini(api_fini)
static void
api_init(void)
{
loginit();
if (! Initialized) {
(void) pthread_atfork(tpmtoken_fork_prepare,
tpmtoken_fork_parent, tpmtoken_fork_child);
Initialized = 1;
}
}
static void
api_fini()
{
logterm();
if (API_Initialized() == TRUE) {
(void) do_finalize(NULL);
}
}