Copyright (c) 2005, Sun Microsystems, Inc. All Rights Reserved.
The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
/usr/lib/security/pkcs11_kernel.so /usr/lib/security/64/pkcs11_kernel.so
The pkcs11_kernel.so object implements the RSA PKCS#11 v2.20 specification by using a private interface to communicate with the Kernel Cryptographic Framework.
Each unique hardware provider is represented by a PKCS#11 slot. In a system with no hardware Kernel Cryptographic Framework providers, this PKCS#11 library presents no slots.
The PKCS#11 mechanisms provided by this library is determined by the available hardware providers.
Application developers should link to libpkcs11.so rather than link directly to pkcs11_kernel.so. See libpkcs11(3LIB).
All of the Standard PKCS#11 functions listed on libpkcs11(3LIB) are implemented except for the following:
C_DecryptDigestUpdate C_DecryptVerifyUpdate C_DigestEncryptUpdate C_GetOperationState C_InitToken C_InitPIN C_SetOperationState C_SignEncryptUpdate C_WaitForSlotEvent
A call to these functions returns CKR_FUNCTION_NOT_SUPPORTED.
Buffers cannot be greater than 2 megabytes. For example, C_Encrypt() can be called with a 2 megabyte buffer of plaintext and a 2 megabyte buffer for the ciphertext.
The maximum number of object handles that can be returned by a call to C_FindObjects() is 512.
The maximum amount of kernel memory that can be used for crypto operations is limited by the project.max-crypto-memory resource control. Allocations in the kernel for buffers and session-related structures are charged against this resource control.
The return values of each of the implemented functions are defined and listed in the RSA PKCS#11 v2.20 specification. See http://www.rsasecurity.com.
See attributes(5) for a description of the following attributes:
ATTRIBUTE TYPE ATTRIBUTE VALUE |
Interface Stability Standard: PKCS#11 v2.20 |
MT-Level |
MT-Safe with exceptions. See section 6.5.2 of RSA PKCS#11 v2.20 |
cryptoadm(1M), rctladm(1M), libpkcs11(3LIB), attributes(5), pkcs11_softtoken(5)
RSA PKCS#11 v2.20 http://www.rsasecurity.com
Applications that have an open session to a PKCS#11 slot make the corresponding hardware provider driver not unloadable. An administrator must close the applications that have an PKCS#11 session open to the hardware provider to make the driver unloadable.