/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
*/
#include <strings.h>
#include <cryptoutil.h>
#include <security/cryptoki.h>
#include "softGlobal.h"
#include "softSession.h"
#include <aes/aes_impl.h>
#include <blowfish/blowfish_impl.h>
#include <des/des_impl.h>
#include <dsa/dsa_impl.h>
#include <ecc/ecc_impl.h>
#include <rsa/rsa_impl.h>
#include "softDH.h"
#include "softObject.h"
#include "softKeystore.h"
#include "softKeystoreUtil.h"
#include <sys/auxv_SPARC.h>
#include <sys/auxv_386.h>
/*
* NOTE: If the order of this table is changed or if mechs are inserted
* or removed the _FIRST_MECH _LAST_MECH defines need to be updated.
* Care should also be take to group all mechs for a given algorithm together.
*/
#define DES_FIRST_MECH 0
};
/*
* This is the table of CK_MECHANISM_INFO structs for the supported mechanisms.
* The index for this table is the same as the one above for the same
* mechanism.
* The minimum and maximum sizes of the key for the mechanism can be measured
* in bits or in bytes (i.e. mechanism-dependent). This table specifies the
* supported range of key sizes in bytes; unless noted as in bits.
*/
CKF_GENERATE}, /* CKM_DES_KEY_GEN */
CKF_GENERATE}, /* CKM_DES2_KEY_GEN */
CKF_GENERATE}, /* CKM_DES3_KEY_GEN */
CKF_GENERATE}, /* CKM_AES_KEY_GEN */
CKF_GENERATE}, /* CKM_BLOWFISH_KEY_GEN */
{0, 0, CKF_DIGEST}, /* CKM_SHA_1 */
{1, SHA1_HMAC_BLOCK_SIZE,
{1, SHA1_HMAC_BLOCK_SIZE,
{0, 0, CKF_DIGEST}, /* CKM_SHA224 */
{0, 0, CKF_DIGEST}, /* CKM_SHA256 */
{0, 0, CKF_DIGEST}, /* CKM_SHA384 */
{0, 0, CKF_DIGEST}, /* CKM_SHA512 */
{0, 0, CKF_DIGEST}, /* CKM_MD5 */
{1, MD5_HMAC_BLOCK_SIZE,
{1, MD5_HMAC_BLOCK_SIZE,
CKF_GENERATE }, /* CKM_RC4_KEY_GEN */
CKF_GENERATE_KEY_PAIR}, /* CKM_DSA_KEY_PAIR_GEN */
CKF_GENERATE_KEY_PAIR}, /* CKM_RSA_PKCS_KEY_PAIR_GEN; */
CKF_GENERATE_KEY_PAIR}, /* CKM_DH_PKCS_KEY_PAIR_GEN */
CKF_DERIVE}, /* CKM_DH_PKCS_DERIVE; */
{0, 0, CKF_GENERATE}, /* CKM_PBE_SHA1_RC4_128 */
{0, 0, CKF_GENERATE}, /* CKM_PKCS5_PBKD2 */
{0, 0, CKF_DERIVE}, /* CKM_SSL3_KEY_AND_MAC_DERIVE */
{0, 0, CKF_DERIVE}, /* CKM_TLS_KEY_AND_MAC_DERIVE */
{0, 0, CKF_DERIVE}, /* CKM_TLS_PRF */
};
/*
* For those mechanisms that we have ISA hardware instructions for
* set the CKF_HW flag.
*/
void
update_mech_hw_flags(void)
{
int m;
/* SPARC or Intel AES */
#ifdef __sparc
if (ui & AV_386_AES) {
#endif
for (m = AES_FIRST_MECH; m <= AES_LAST_MECH; m++) {
}
}
#ifdef __sparc
for (m = DES_FIRST_MECH; m <= DES_LAST_MECH; m++) {
}
}
if (ui & AV_SPARC_MD5) {
for (m = MD5_FIRST_MECH; m <= MD5_LAST_MECH; m++) {
}
}
if (ui & AV_SPARC_SHA1) {
for (m = SHA1_FIRST_MECH; m <= SHA1_LAST_MECH; m++) {
}
}
if (ui & AV_SPARC_SHA256) {
for (m = SHA224_FIRST_MECH; m <= SHA256_LAST_MECH; m++) {
}
}
if (ui & AV_SPARC_SHA512) {
for (m = SHA384_FIRST_MECH; m <= SHA512_LAST_MECH; m++) {
}
}
for (m = RSA_FIRST_MECH; m <= RSA_LAST_MECH; m++) {
}
for (m = DSA_FIRST_MECH; m <= DSA_LAST_MECH; m++) {
}
for (m = DH_FIRST_MECH; m <= DH_LAST_MECH; m++) {
}
for (m = EC_FIRST_MECH; m <= EC_LAST_MECH; m++) {
}
}
#endif /* __sparc */
}
/*
* Slot ID for softtoken is always 1. tokenPresent is ignored.
* Also, only one slot is used.
*/
/*ARGSUSED*/
{
if (!softtoken_initialized)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
return (CKR_ARGUMENTS_BAD);
}
/*
* Application only wants to know the number of slots.
*/
*pulCount = 1;
return (CKR_OK);
}
} else {
pSlotList[0] = SOFTTOKEN_SLOTID;
}
*pulCount = 1;
return (rv);
}
{
if (!softtoken_initialized)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
return (CKR_ARGUMENTS_BAD);
/* Make sure the slot ID is valid */
if (slotID != SOFTTOKEN_SLOTID)
return (CKR_SLOT_ID_INVALID);
/* Provide information about the slot in the provided buffer */
64);
return (CKR_OK);
}
{
if (!softtoken_initialized)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
/* Make sure the slot ID is valid */
if (slotID != SOFTTOKEN_SLOTID)
return (CKR_SLOT_ID_INVALID);
return (CKR_ARGUMENTS_BAD);
/*
* It is intentional that we don't forward the error code
* returned from soft_keystore_pin_initialized() to the caller
*/
&ks_cryptpin, B_FALSE);
if (ks_cryptpin)
if (pin_initialized) {
} else {
}
}
/* Provide information about a token in the provided buffer */
return (CKR_OK);
}
/*ARGSUSED*/
{
if (!softtoken_initialized)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
/*
* This is currently not implemented, however we could cause this
* to wait for the token files to appear if soft_token_present is
* false.
* However there is currently no polite and portable way to do that
* because we might not even be able to get to an fd to the
* parent directory, so instead we don't support any slot events.
*/
return (CKR_FUNCTION_NOT_SUPPORTED);
}
{
ulong_t i;
if (!softtoken_initialized)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
if (slotID != SOFTTOKEN_SLOTID)
return (CKR_SLOT_ID_INVALID);
if (pMechanismList == NULL) {
/*
* Application only wants to know the number of
* supported mechanism types.
*/
return (CKR_OK);
}
return (CKR_BUFFER_TOO_SMALL);
}
for (i = 0; i < mechnum; i++) {
pMechanismList[i] = soft_mechanisms[i];
}
return (CKR_OK);
}
{
ulong_t i;
if (!softtoken_initialized)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
if (slotID != SOFTTOKEN_SLOTID)
return (CKR_SLOT_ID_INVALID);
return (CKR_ARGUMENTS_BAD);
}
for (i = 0; i < mechnum; i++) {
if (soft_mechanisms[i] == type)
break;
}
if (i == mechnum)
/* unsupported mechanism */
return (CKR_MECHANISM_INVALID);
return (CKR_OK);
}
/*ARGSUSED*/
{
if (!softtoken_initialized)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
/*
* pPin and pLabel are not used as softtoken
* doesn't have the concept of an SO user. We don't
* reject any values (if set), as generic applications
* (like KMF) may set these for other tokens and
* if we error out with something like CKR_ARGUMENTS_BAD
* the application likely won't know how to recover.
*/
if (slotID != SOFTTOKEN_SLOTID)
return (CKR_SLOT_ID_INVALID);
if (create_keystore() != 0)
return (CKR_FUNCTION_FAILED);
return (CKR_OK);
}
/*ARGSUSED*/
{
if (!softtoken_initialized)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
return (CKR_FUNCTION_NOT_SUPPORTED);
}
{
if (!softtoken_initialized)
return (CKR_CRYPTOKI_NOT_INITIALIZED);
/*
* Obtain the session pointer. Also, increment the session
* reference count.
*/
return (rv);
if (!soft_keystore_status(KEYSTORE_LOAD)) {
return (CKR_DEVICE_REMOVED);
}
return (CKR_PIN_LEN_RANGE);
}
/*
* We don't support CKF_PROTECTED_AUTHENTICATION_PATH
*/
return (CKR_ARGUMENTS_BAD);
}
/* check the state of the session */
return (CKR_SESSION_READ_ONLY);
}
return (rv);
}