/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
*/
/*
* Key Management Functions
* (as defined in PKCS#11 spec section 11.14)
*/
#include "metaGlobal.h"
/*
* meta_GenerateKey
*
*/
{
return (CKR_ARGUMENTS_BAD);
return (rv);
goto finish;
goto finish;
if (key)
}
return (rv);
}
/*
* meta_GenerateKeyPair
*
*/
{
return (CKR_ARGUMENTS_BAD);
return (rv);
goto finish;
goto finish;
goto finish;
if (key1)
if (key2)
}
return (rv);
}
/*
* meta_WrapKey
*
*/
{
return (CKR_ARGUMENTS_BAD);
return (rv);
return (rv);
}
return (rv);
}
return (rv);
}
/*
* meta_UnwrapKey
*
*/
{
return (CKR_ARGUMENTS_BAD);
return (rv);
return (rv);
}
goto finish;
goto finish;
if (outputKey)
}
return (rv);
}
/*
* meta_DeriveKey
*
* This function is a bit gross because of PKCS#11 kludges that pass extra
* object handles in some mechanism parameters. It probably needs to be
* broken up into more manageable pieces.
*/
{
return (CKR_ARGUMENTS_BAD);
}
/*
* Special case: Normally, the caller must always provide storage
* for the derived key handle at phKey. Two (related) mechanisms
* are special, in that multiple keys are instead returned via
* pMech->pParameter. In these cases the spec says (see 12.38.4
* and 12.39.4) that phKey should be a NULL pointer, as it is not used.
*/
!= sizeof (CK_SSL3_KEY_MAT_PARAMS)))
return (CKR_ARGUMENTS_BAD);
if (ssl_key_mat == NULL)
return (CKR_ARGUMENTS_BAD);
break;
case CKM_TLS_PRF:
break;
default:
return (CKR_ARGUMENTS_BAD);
};
return (rv);
goto finish;
/*
* A few oddball mechanisms pass a 2nd object handle in the parameters.
* Here we validate that handle, and create a duplicate copy of the
* mechanism and parameters. This is done because the application
* does not expect these values to be changing, and could be using the
* same data in multiple threads (eg concurrent calls to C_DeriveKey).
* We copy the data to make sure there are no MT-Safe problems.
*/
case CKM_ECMQV_DERIVE:
/* uses CK_ECDH2_DERIVE_PARAMS struct as the parameter */
!= sizeof (CK_ECDH2_DERIVE_PARAMS))) {
goto finish;
}
/* Duplicate the mechanism and parameters */
ecdh_params = *ec_tmpptr;
/* Get the key the application is providing */
break;
case CKM_X9_42_MQV_DERIVE:
/* both use CK_X9_42_DH2_DERIVE_PARAMS as the parameter */
!= sizeof (CK_X9_42_DH2_DERIVE_PARAMS))) {
goto finish;
}
/* Duplicate the mechanism and parameters */
x942_params = *x9_tmpptr;
/* Get the key the application is providing */
break;
/* uses a CK_OBJECT_HANDLE as the parameter */
!= sizeof (CK_OBJECT_HANDLE))) {
goto finish;
}
/* Duplicate the mechanism and parameters */
/* Get the key the application is providing */
break;
default:
/* nothing special to do. */
break;
}
if (phBaseKey2) {
goto finish;
}
/*
* Allocate meta objects to store the derived key(s). Normally just
*/
goto finish;
if (ssl_keys) {
goto finish;
goto finish;
goto finish;
}
/* Perform the actual key derive operation. */
goto finish;
if (tlsprf) {
/* phKey isn't used (is NULL) for mechanism CKM_TLS_PRF. */
} else {
/* Make derived key(s) active and visible to other threads. */
if (ssl_keys) {
= (CK_OBJECT_HANDLE) newKey1;
= (CK_OBJECT_HANDLE) newKey2;
} else {
}
}
if (newKey1)
if (newKey2)
if (newKey3)
if (newKey4)
}
if (basekey1)
if (basekey2)
return (rv);
}