1N/A/*
1N/A * The Initial Developer of the Original Code is International
1N/A * Business Machines Corporation. Portions created by IBM
1N/A * Corporation are Copyright (C) 2005 International Business
1N/A * Machines Corporation. All Rights Reserved.
1N/A *
1N/A * This program is free software; you can redistribute it and/or modify
1N/A * it under the terms of the Common Public License as published by
1N/A * IBM Corporation; either version 1 of the License, or (at your option)
1N/A * any later version.
1N/A *
1N/A * This program is distributed in the hope that it will be useful,
1N/A * but WITHOUT ANY WARRANTY; without even the implied warranty of
1N/A * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
1N/A * Common Public License for more details.
1N/A *
1N/A * You should have received a copy of the Common Public License
1N/A * along with this program; if not, a copy can be viewed at
1N/A * http://www.opensource.org/licenses/cpl1.0.php.
1N/A */
1N/A
1N/A/* (C) COPYRIGHT International Business Machines Corp. 2001, 2002, 2005 */
1N/A/*
2N/A * Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved.
1N/A */
1N/A
1N/A#include <pwd.h>
1N/A#include <grp.h>
1N/A
1N/A#include "tpmtok_int.h"
1N/A#include "tpmtok_defs.h"
1N/A
1N/Aextern pthread_rwlock_t obj_list_rw_mutex;
1N/A
1N/Avoid SC_SetFunctionList(void);
1N/A
1N/Astruct ST_FCN_LIST function_list;
1N/A
1N/Aint debugfile = 0;
1N/A
1N/Apid_t initedpid = 0; // for initialized pid
1N/A
1N/ACK_C_INITIALIZE_ARGS cinit_args = {NULL, NULL, NULL, NULL, 0, NULL};
1N/A
1N/Aextern void stlogterm();
1N/Aextern void stloginit();
1N/Aextern void stlogit2(int type, char *fmt, ...);
1N/Aextern void stlogit(char *fmt, ...);
1N/A
1N/ACK_BBOOL
1N/Ast_Initialized()
1N/A{
1N/A return (initedpid == getpid());
1N/A}
1N/A
1N/Avoid
1N/AFork_Initializer(void)
1N/A{
1N/A stlogterm();
1N/A stloginit(); // Initialize Logging so we can capture EVERYTHING
1N/A
1N/A // Force logout. This cleans out the private session and list
1N/A // and cleans out the private object map
1N/A (void) session_mgr_logout_all();
1N/A
1N/A // Clean out the public object map
1N/A // First parm is no longer used..
1N/A (void) object_mgr_purge_map((SESSION *)0xFFFF, PUBLIC);
1N/A (void) object_mgr_purge_map((SESSION *)0xFFFF, PRIVATE);
1N/A
1N/A // This should clear the entire session list out
1N/A (void) session_mgr_close_all_sessions();
1N/A
1N/A next_session_handle = 1;
1N/A next_object_handle = 1;
1N/A
1N/A while (priv_token_obj_list) {
1N/A priv_token_obj_list = dlist_remove_node(priv_token_obj_list,
1N/A priv_token_obj_list);
1N/A }
1N/A
1N/A while (publ_token_obj_list) {
1N/A publ_token_obj_list = dlist_remove_node(publ_token_obj_list,
1N/A publ_token_obj_list);
1N/A }
1N/A}
1N/A
1N/A#define SESSION_HANDLE sSession.sessionh
1N/A
1N/A#define SESS_SET \
1N/A CK_SESSION_HANDLE hSession = sSession.sessionh;
1N/A
1N/Astatic CK_RV
1N/Avalidate_mechanism(CK_MECHANISM_PTR pMechanism)
1N/A{
1N/A CK_ULONG i;
1N/A
1N/A for (i = 0; i < mech_list_len; i++) {
1N/A if (pMechanism->mechanism == mech_list[i].mech_type) {
1N/A return (CKR_OK);
1N/A }
1N/A }
1N/A return (CKR_MECHANISM_INVALID);
1N/A}
1N/A
1N/A#define VALID_MECH(p) \
1N/A if (validate_mechanism(p) != CKR_OK) { \
1N/A rc = CKR_MECHANISM_INVALID; \
1N/A goto done; \
1N/A }
1N/A
1N/ACK_RV
1N/AST_Initialize(void *FunctionList,
1N/A CK_SLOT_ID SlotNumber,
1N/A unsigned char *Correlator)
1N/A{
1N/A CK_RV rc = CKR_OK;
1N/A struct ST_FCN_LIST *flist = (struct ST_FCN_LIST *)FunctionList;
1N/A TSS_HCONTEXT hContext = 0;
1N/A
1N/A stlogterm();
1N/A stloginit();
1N/A
1N/A if (st_Initialized() == TRUE) {
1N/A return (CKR_OK);
1N/A }
1N/A // assume that the upper API prevents multiple calls of initialize
1N/A // since that only happens on C_Initialize and that is the
2N/A // responsibility of the upper layer..
1N/A initialized = FALSE;
1N/A
1N/A // check for other completing this before creating mutexes...
1N/A // make sure that the same process tried to to the init...
1N/A // thread issues should be caught up above...
1N/A if (st_Initialized() == TRUE) {
1N/A goto done;
1N/A }
1N/A
1N/A Fork_Initializer();
1N/A
1N/A (void) pthread_mutex_init(&pkcs_mutex, NULL);
1N/A (void) pthread_mutex_init(&obj_list_mutex, NULL);
1N/A (void) pthread_rwlock_init(&obj_list_rw_mutex, NULL);
1N/A
1N/A (void) pthread_mutex_init(&sess_list_mutex, NULL);
1N/A (void) pthread_mutex_init(&login_mutex, NULL);
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A if ((rc = attach_shm()) != CKR_OK)
1N/A goto done;
1N/A
1N/A nv_token_data = &global_shm->nv_token_data;
1N/A
1N/A initialized = TRUE;
1N/A initedpid = getpid();
1N/A SC_SetFunctionList();
1N/A
1N/A if (flist != NULL)
1N/A (*flist) = function_list;
1N/A
1N/A /* Always call the token_specific_init function.... */
1N/A rc = token_specific.t_init((char *)Correlator, SlotNumber,
1N/A &hContext);
1N/A if (rc != 0) {
1N/A /*
1N/A * The token could not be initialized, return OK, but
1N/A * present no slots.
1N/A */
1N/A rc = CKR_OK;
1N/A goto done;
1N/A } else {
1N/A /* Mark the token as available */
1N/A global_shm->token_available = TRUE;
1N/A }
1N/A }
1N/A
1N/A rc = load_token_data(hContext, nv_token_data);
1N/A
1N/A if (rc != CKR_OK) {
1N/A goto done;
1N/A }
1N/A
1N/A rc = load_public_token_objects();
1N/A if (rc != CKR_OK)
1N/A goto done;
1N/A
1N/A (void) XProcLock(xproclock);
1N/A global_shm->publ_loaded = TRUE;
1N/A (void) XProcUnLock(xproclock);
1N/A
1N/A init_slot_info(nv_token_data);
1N/A
1N/Adone:
1N/A if (hContext)
1N/A Tspi_Context_Close(hContext);
1N/A return (rc);
1N/A}
1N/A
1N/A/*ARGSUSED*/
1N/ACK_RV
1N/ASC_Finalize(void *argptr)
1N/A{
1N/A CK_RV rc;
1N/A TSS_HCONTEXT hContext;
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A return (CKR_CRYPTOKI_NOT_INITIALIZED);
1N/A }
1N/A
1N/A rc = pthread_mutex_lock(&pkcs_mutex);
1N/A if (rc != CKR_OK) {
1N/A return (rc);
1N/A }
1N/A //
1N/A // If somebody else has taken care of things, leave...
1N/A //
1N/A if (st_Initialized() == FALSE) {
1N/A (void) pthread_mutex_unlock(&pkcs_mutex);
1N/A return (CKR_CRYPTOKI_NOT_INITIALIZED);
1N/A }
1N/A if (open_tss_context(&hContext) == 0) {
1N/A if (token_specific.t_final != NULL)
1N/A token_specific.t_final(hContext);
1N/A (void) session_mgr_close_all_sessions();
1N/A (void) object_mgr_purge_token_objects(hContext);
1N/A (void) Tspi_Context_Close(hContext);
1N/A }
1N/A (void) detach_shm();
1N/A
1N/A initialized = FALSE;
1N/A
1N/A rc = pthread_mutex_unlock(&pkcs_mutex);
1N/A if (rc != CKR_OK) {
1N/A return (rc);
1N/A }
1N/A return (CKR_OK);
1N/A}
1N/A
1N/A/*ARGSUSED*/
1N/ACK_RV
1N/ASC_GetTokenInfo(CK_SLOT_ID sid, CK_TOKEN_INFO_PTR pInfo)
1N/A{
1N/A CK_RV rc = CKR_OK;
1N/A time_t now;
1N/A
1N/A if (st_Initialized() == FALSE)
1N/A return (CKR_CRYPTOKI_NOT_INITIALIZED);
1N/A
1N/A if (pInfo == NULL)
1N/A return (CKR_FUNCTION_FAILED);
1N/A
1N/A if (sid != TPM_SLOTID)
1N/A return (CKR_SLOT_ID_INVALID);
1N/A
1N/A (void) memcpy(pInfo, &nv_token_data->token_info,
1N/A sizeof (CK_TOKEN_INFO));
1N/A
1N/A now = time((time_t *)NULL);
1N/A (void) strftime((char *)pInfo->utcTime, 16, "%X", localtime(&now));
1N/A
1N/A return (rc);
1N/A}
1N/A
1N/A/*ARGSUSED*/
1N/ACK_RV
1N/ASC_GetMechanismList(
1N/A CK_SLOT_ID sid,
1N/A CK_MECHANISM_TYPE_PTR pMechList,
1N/A CK_ULONG_PTR count)
1N/A{
1N/A CK_ULONG i;
1N/A CK_RV rc = CKR_OK;
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A if (count == NULL) {
1N/A rc = CKR_FUNCTION_FAILED;
1N/A goto done;
1N/A }
1N/A
1N/A if (sid != TPM_SLOTID) {
1N/A rc = CKR_SLOT_ID_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A if (pMechList == NULL) {
1N/A *count = mech_list_len;
1N/A rc = CKR_OK;
1N/A goto done;
1N/A }
1N/A
1N/A if (*count < mech_list_len) {
1N/A *count = mech_list_len;
1N/A rc = CKR_BUFFER_TOO_SMALL;
1N/A goto done;
1N/A }
1N/A
1N/A for (i = 0; i < mech_list_len; i++)
1N/A pMechList[i] = mech_list[i].mech_type;
1N/A
1N/A *count = mech_list_len;
1N/A rc = CKR_OK;
1N/A
1N/Adone:
1N/A if (debugfile) {
1N/A stlogit2(debugfile,
1N/A "% - 25s: rc = 0x%08x, # mechanisms: %d\n",
1N/A "C_GetMechanismList", rc, *count);
1N/A }
1N/A return (rc);
1N/A}
1N/A
1N/A/*ARGSUSED*/
1N/ACK_RV
1N/ASC_GetMechanismInfo(
1N/A CK_SLOT_ID sid,
1N/A CK_MECHANISM_TYPE type,
1N/A CK_MECHANISM_INFO_PTR pInfo)
1N/A{
1N/A CK_ULONG i;
1N/A CK_RV rc = CKR_OK;
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A if (pInfo == NULL) {
1N/A rc = CKR_FUNCTION_FAILED;
1N/A goto done;
1N/A }
1N/A
1N/A if (sid != TPM_SLOTID) {
1N/A rc = CKR_SLOT_ID_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A for (i = 0; i < mech_list_len; i++) {
1N/A if (mech_list[i].mech_type == type) {
1N/A (void) memcpy(pInfo, &mech_list[i].mech_info,
1N/A sizeof (CK_MECHANISM_INFO));
1N/A rc = CKR_OK;
1N/A goto done;
1N/A }
1N/A }
1N/A rc = CKR_MECHANISM_INVALID;
1N/A
1N/Adone:
1N/A if (debugfile) {
1N/A stlogit2(debugfile, "% - 25s: "
1N/A "rc = 0x%08x, mech type = 0x%08x\n",
1N/A "C_GetMechanismInfo", rc, type);
1N/A }
1N/A
1N/A return (rc);
1N/A}
1N/A
1N/A/*ARGSUSED*/
1N/ACK_RV
1N/ASC_InitToken(
1N/A CK_SLOT_ID sid,
1N/A CK_CHAR_PTR pPin,
1N/A CK_ULONG ulPinLen,
1N/A CK_CHAR_PTR pLabel)
1N/A{
1N/A CK_RV rc = CKR_OK;
1N/A CK_BYTE hash_sha[SHA1_DIGEST_LENGTH];
1N/A TOKEN_DATA newtoken;
1N/A TSS_HCONTEXT hContext = 0;
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A if (sid != TPM_SLOTID) {
1N/A rc = CKR_SLOT_ID_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A if (! pPin || ! pLabel) {
1N/A rc = CKR_ARGUMENTS_BAD;
1N/A goto done;
1N/A }
1N/A if (open_tss_context(&hContext)) {
1N/A rc = CKR_FUNCTION_FAILED;
1N/A goto done;
1N/A }
1N/A
1N/A rc = load_token_data(hContext, &newtoken);
1N/A if (rc != CKR_OK) {
1N/A goto done;
1N/A }
1N/A
1N/A if (newtoken.token_info.flags & CKF_SO_PIN_LOCKED) {
1N/A rc = CKR_PIN_LOCKED;
1N/A goto done;
1N/A }
1N/A
1N/A rc = token_specific.t_verify_so_pin(hContext, pPin, ulPinLen);
1N/A if (rc != CKR_OK) {
1N/A rc = CKR_PIN_INCORRECT;
1N/A goto done;
1N/A }
1N/A
1N/A /*
1N/A * Before we reconstruct all the data, we should delete the
1N/A * token objects from the filesystem.
1N/A *
1N/A * Construct a string to delete the token objects.
1N/A */
1N/A (void) object_mgr_destroy_token_objects(hContext);
1N/A
1N/A (void) init_token_data(hContext, &newtoken);
1N/A (void) init_slot_info(&newtoken);
1N/A
1N/A /* change the label */
1N/A (void) strncpy((char *)newtoken.token_info.label, (char *)pLabel,
1N/A sizeof (newtoken.token_info.label));
1N/A
1N/A (void) memcpy(newtoken.so_pin_sha, hash_sha,
1N/A SHA1_DIGEST_LENGTH);
1N/A
1N/A newtoken.token_info.flags |= CKF_TOKEN_INITIALIZED;
1N/A
1N/A rc = save_token_data(&newtoken);
1N/Adone:
1N/A if (hContext)
1N/A (void) Tspi_Context_Close(hContext);
1N/A
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_InitPIN(
1N/A ST_SESSION_HANDLE sSession,
1N/A CK_CHAR_PTR pPin,
1N/A CK_ULONG ulPinLen)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_RV rc = CKR_OK;
1N/A CK_FLAGS * flags = NULL;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A if (! pPin) {
1N/A rc = CKR_ARGUMENTS_BAD;
1N/A goto done;
1N/A }
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A if (pin_locked(&sess->session_info,
1N/A nv_token_data->token_info.flags) == TRUE) {
1N/A rc = CKR_PIN_LOCKED;
1N/A goto done;
1N/A }
1N/A
1N/A if (sess->session_info.state != CKS_RW_SO_FUNCTIONS) {
1N/A rc = CKR_USER_NOT_LOGGED_IN;
1N/A goto done;
1N/A }
1N/A
1N/A rc = token_specific.t_init_pin(sess->hContext, pPin, ulPinLen);
1N/A if (rc == CKR_OK) {
1N/A flags = &nv_token_data->token_info.flags;
1N/A
1N/A *flags &= ~(CKF_USER_PIN_LOCKED |
1N/A CKF_USER_PIN_FINAL_TRY |
1N/A CKF_USER_PIN_COUNT_LOW);
1N/A
1N/A rc = save_token_data(nv_token_data);
1N/A if (rc != CKR_OK) {
1N/A goto done;
1N/A }
1N/A }
1N/A
1N/Adone:
1N/A
1N/A if (debugfile) {
1N/A stlogit2(debugfile, "% - 25s: session = %08x\n",
1N/A "C_InitPin", rc, hSession);
1N/A }
1N/A
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_SetPIN(ST_SESSION_HANDLE sSession,
1N/A CK_CHAR_PTR pOldPin,
1N/A CK_ULONG ulOldLen,
1N/A CK_CHAR_PTR pNewPin,
1N/A CK_ULONG ulNewLen)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A if (pin_locked(&sess->session_info,
1N/A nv_token_data->token_info.flags) == TRUE) {
1N/A rc = CKR_PIN_LOCKED;
1N/A goto done;
1N/A }
1N/A
1N/A rc = token_specific.t_set_pin(sSession, pOldPin,
1N/A ulOldLen, pNewPin, ulNewLen);
1N/A
1N/Adone:
1N/A if (debugfile) {
1N/A stlogit2(debugfile, "% - 25s: session = %08x\n",
1N/A "C_SetPin", rc, hSession);
1N/A }
1N/A
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_OpenSession(
1N/A CK_SLOT_ID sid,
1N/A CK_FLAGS flags,
1N/A CK_SESSION_HANDLE_PTR phSession)
1N/A{
1N/A SESSION *sess;
1N/A CK_RV rc = CKR_OK;
1N/A TSS_HCONTEXT hContext;
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A if ((flags & CKF_RW_SESSION) == 0) {
1N/A if (session_mgr_so_session_exists()) {
1N/A return (CKR_SESSION_READ_WRITE_SO_EXISTS);
1N/A }
1N/A }
1N/A if (sid != TPM_SLOTID) {
1N/A rc = CKR_SLOT_ID_INVALID;
1N/A goto done;
1N/A }
1N/A if (open_tss_context(&hContext)) {
1N/A rc = CKR_FUNCTION_FAILED;
1N/A goto done;
1N/A }
1N/A
1N/A rc = pthread_mutex_lock(&pkcs_mutex);
1N/A if (rc != CKR_OK) {
1N/A (void) pthread_mutex_unlock(&pkcs_mutex);
1N/A Tspi_Context_Close(hContext);
1N/A goto done;
1N/A }
1N/A token_specific.t_session(sid);
1N/A
1N/A (void) pthread_mutex_unlock(&pkcs_mutex);
1N/A
1N/A rc = session_mgr_new(flags, &sess);
1N/A if (rc != CKR_OK) {
1N/A Tspi_Context_Close(hContext);
1N/A goto done;
1N/A }
1N/A *phSession = sess->handle;
1N/A sess->session_info.slotID = sid;
1N/A
1N/A /* Open a new context for each session */
1N/A sess->hContext = hContext;
1N/Adone:
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_CloseSession(ST_SESSION_HANDLE sSession)
1N/A{
1N/A SESSION *sess = NULL;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (!sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A if (token_specific.t_final != NULL) {
1N/A token_specific.t_final(sess->hContext);
1N/A }
1N/A
1N/A rc = session_mgr_close_session(sess);
1N/A
1N/Adone:
1N/A
1N/A return (rc);
1N/A}
1N/A
1N/A/*ARGSUSED*/
1N/ACK_RV
1N/ASC_CloseAllSessions(CK_SLOT_ID sid)
1N/A{
1N/A CK_RV rc = CKR_OK;
1N/A
1N/A if (st_Initialized() == FALSE)
1N/A return (CKR_CRYPTOKI_NOT_INITIALIZED);
1N/A
1N/A if (sid != TPM_SLOTID)
1N/A return (CKR_SLOT_ID_INVALID);
1N/A
1N/A rc = session_mgr_close_all_sessions();
1N/A
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_GetSessionInfo(ST_SESSION_HANDLE sSession,
1N/A CK_SESSION_INFO_PTR pInfo)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A if (! pInfo) {
1N/A rc = CKR_ARGUMENTS_BAD;
1N/A goto done;
1N/A }
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A (void) memcpy(pInfo, &sess->session_info, sizeof (CK_SESSION_INFO));
1N/A
1N/Adone:
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV SC_GetOperationState(ST_SESSION_HANDLE sSession,
1N/A CK_BYTE_PTR pOperationState,
1N/A CK_ULONG_PTR pulOperationStateLen)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_BBOOL length_only = FALSE;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A if (! pulOperationStateLen) {
1N/A rc = CKR_ARGUMENTS_BAD;
1N/A goto done;
1N/A }
1N/A
1N/A if (! pOperationState)
1N/A length_only = TRUE;
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A rc = session_mgr_get_op_state(sess, length_only,
1N/A pOperationState, pulOperationStateLen);
1N/Adone:
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_SetOperationState(ST_SESSION_HANDLE sSession,
1N/A CK_BYTE_PTR pOperationState,
1N/A CK_ULONG ulOperationStateLen,
1N/A CK_OBJECT_HANDLE hEncryptionKey,
1N/A CK_OBJECT_HANDLE hAuthenticationKey)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A return (CKR_CRYPTOKI_NOT_INITIALIZED);
1N/A }
1N/A
1N/A if (!pOperationState || (ulOperationStateLen == 0)) {
1N/A return (CKR_ARGUMENTS_BAD);
1N/A }
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A return (CKR_SESSION_HANDLE_INVALID);
1N/A }
1N/A
1N/A rc = session_mgr_set_op_state(sess,
1N/A hEncryptionKey, hAuthenticationKey,
1N/A pOperationState);
1N/A
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_Login(ST_SESSION_HANDLE sSession,
1N/A CK_USER_TYPE userType,
1N/A CK_CHAR_PTR pPin,
1N/A CK_ULONG ulPinLen)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_FLAGS * flags = NULL, flagcheck, flagmask;
1N/A CK_RV rc = CKR_OK;
1N/A
1N/A SESS_SET
1N/A // In v2.11, logins should be exclusive, since token
1N/A // specific flags may need to be set for a bad login. - KEY
1N/A rc = pthread_mutex_lock(&login_mutex);
1N/A if (rc != CKR_OK) {
1N/A return (CKR_FUNCTION_FAILED);
1N/A }
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A flags = &nv_token_data->token_info.flags;
1N/A
1N/A if (pPin == NULL) {
1N/A set_login_flags(userType, flags);
1N/A rc = CKR_ARGUMENTS_BAD;
1N/A goto done;
1N/A }
1N/A if (ulPinLen < MIN_PIN_LEN || ulPinLen > MAX_PIN_LEN) {
1N/A set_login_flags(userType, flags);
1N/A rc = CKR_PIN_LEN_RANGE;
1N/A goto done;
1N/A }
1N/A
1N/A /*
1N/A * PKCS #11 v2.01 requires that all sessions have the same login status:
1N/A * --> all sessions are public, all are SO or all are USER
1N/A */
1N/A if (userType == CKU_USER) {
1N/A if (session_mgr_so_session_exists()) {
1N/A rc = CKR_USER_ANOTHER_ALREADY_LOGGED_IN;
1N/A }
1N/A if (session_mgr_user_session_exists()) {
1N/A rc = CKR_USER_ALREADY_LOGGED_IN;
1N/A }
1N/A } else if (userType == CKU_SO) {
1N/A if (session_mgr_user_session_exists()) {
1N/A rc = CKR_USER_ANOTHER_ALREADY_LOGGED_IN;
1N/A }
1N/A if (session_mgr_so_session_exists()) {
1N/A rc = CKR_USER_ALREADY_LOGGED_IN;
1N/A }
1N/A if (session_mgr_readonly_exists()) {
1N/A rc = CKR_SESSION_READ_ONLY_EXISTS;
1N/A }
1N/A } else {
1N/A rc = CKR_USER_TYPE_INVALID;
1N/A }
1N/A if (rc != CKR_OK)
1N/A goto done;
1N/A
1N/A if (userType == CKU_USER) {
1N/A flagcheck = CKF_USER_PIN_LOCKED;
1N/A flagmask = (CKF_USER_PIN_LOCKED | CKF_USER_PIN_FINAL_TRY |
1N/A CKF_USER_PIN_COUNT_LOW);
1N/A } else {
1N/A flagcheck = CKF_SO_PIN_LOCKED;
1N/A flagmask = (CKF_SO_PIN_LOCKED |
1N/A CKF_SO_PIN_FINAL_TRY |
1N/A CKF_SO_PIN_COUNT_LOW);
1N/A }
1N/A if (*flags & flagcheck) {
1N/A rc = CKR_PIN_LOCKED;
1N/A goto done;
1N/A }
1N/A
1N/A /* call the pluggable login function here */
1N/A rc = token_specific.t_login(sess->hContext, userType, pPin, ulPinLen);
1N/A if (rc == CKR_OK) {
1N/A *flags &= ~(flagmask);
1N/A } else if (rc == CKR_PIN_INCORRECT) {
1N/A set_login_flags(userType, flags);
1N/A goto done;
1N/A } else {
1N/A goto done;
1N/A }
1N/A
1N/A rc = session_mgr_login_all(userType);
1N/A
1N/Adone:
1N/A if (rc == CKR_OK)
1N/A rc = save_token_data(nv_token_data);
1N/A (void) pthread_mutex_unlock(&login_mutex);
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_Logout(ST_SESSION_HANDLE sSession)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_RV rc = CKR_OK;
1N/A
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A // all sessions have the same state so we just have to check one
1N/A //
1N/A if (session_mgr_public_session_exists()) {
1N/A rc = CKR_USER_NOT_LOGGED_IN;
1N/A goto done;
1N/A }
1N/A
1N/A (void) session_mgr_logout_all();
1N/A
1N/A rc = token_specific.t_logout(sess->hContext);
1N/A
1N/Adone:
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_CreateObject(ST_SESSION_HANDLE sSession,
1N/A CK_ATTRIBUTE_PTR pTemplate,
1N/A CK_ULONG ulCount,
1N/A CK_OBJECT_HANDLE_PTR phObject)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A if (pin_expired(&sess->session_info,
1N/A nv_token_data->token_info.flags) == TRUE) {
1N/A rc = CKR_PIN_EXPIRED;
1N/A goto done;
1N/A }
1N/A rc = object_mgr_add(sess, pTemplate, ulCount, phObject);
1N/A
1N/Adone:
1N/A return (rc);
1N/A
1N/A}
1N/A
1N/ACK_RV
1N/ASC_CopyObject(
1N/A ST_SESSION_HANDLE sSession,
1N/A CK_OBJECT_HANDLE hObject,
1N/A CK_ATTRIBUTE_PTR pTemplate,
1N/A CK_ULONG ulCount,
1N/A CK_OBJECT_HANDLE_PTR phNewObject)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A if (pin_expired(&sess->session_info,
1N/A nv_token_data->token_info.flags) == TRUE) {
1N/A rc = CKR_PIN_EXPIRED;
1N/A goto done;
1N/A }
1N/A
1N/A rc = object_mgr_copy(sess, pTemplate, ulCount,
1N/A hObject, phNewObject);
1N/A
1N/Adone:
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_DestroyObject(ST_SESSION_HANDLE sSession,
1N/A CK_OBJECT_HANDLE hObject)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A if (pin_expired(&sess->session_info,
1N/A nv_token_data->token_info.flags) == TRUE) {
1N/A rc = CKR_PIN_EXPIRED;
1N/A goto done;
1N/A }
1N/A
1N/A rc = object_mgr_destroy_object(sess, hObject);
1N/Adone:
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_GetObjectSize(
1N/A ST_SESSION_HANDLE sSession,
1N/A CK_OBJECT_HANDLE hObject,
1N/A CK_ULONG_PTR pulSize)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A rc = object_mgr_get_object_size(sess->hContext, hObject, pulSize);
1N/A
1N/Adone:
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_GetAttributeValue(ST_SESSION_HANDLE sSession,
1N/A CK_OBJECT_HANDLE hObject,
1N/A CK_ATTRIBUTE_PTR pTemplate,
1N/A CK_ULONG ulCount)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A rc = object_mgr_get_attribute_values(sess, hObject, pTemplate, ulCount);
1N/A
1N/Adone:
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_SetAttributeValue(ST_SESSION_HANDLE sSession,
1N/A CK_OBJECT_HANDLE hObject,
1N/A CK_ATTRIBUTE_PTR pTemplate,
1N/A CK_ULONG ulCount)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A rc = object_mgr_set_attribute_values(sess, hObject, pTemplate, ulCount);
1N/A
1N/Adone:
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_FindObjectsInit(ST_SESSION_HANDLE sSession,
1N/A CK_ATTRIBUTE_PTR pTemplate,
1N/A CK_ULONG ulCount)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A if (pin_expired(&sess->session_info,
1N/A nv_token_data->token_info.flags) == TRUE) {
1N/A rc = CKR_PIN_EXPIRED;
1N/A goto done;
1N/A }
1N/A
1N/A if (sess->find_active == TRUE) {
1N/A rc = CKR_OPERATION_ACTIVE;
1N/A goto done;
1N/A }
1N/A
1N/A rc = object_mgr_find_init(sess, pTemplate, ulCount);
1N/A
1N/Adone:
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_FindObjects(ST_SESSION_HANDLE sSession,
1N/A CK_OBJECT_HANDLE_PTR phObject,
1N/A CK_ULONG ulMaxObjectCount,
1N/A CK_ULONG_PTR pulObjectCount)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_ULONG count = 0;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A if (! phObject || ! pulObjectCount) {
1N/A rc = CKR_ARGUMENTS_BAD;
1N/A goto done;
1N/A }
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A if (sess->find_active == FALSE) {
1N/A rc = CKR_OPERATION_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A if (! sess->find_list) {
1N/A rc = CKR_FUNCTION_FAILED;
1N/A goto done;
1N/A }
1N/A count = MIN(ulMaxObjectCount, (sess->find_count - sess->find_idx));
1N/A
1N/A (void) memcpy(phObject, sess->find_list + sess->find_idx,
1N/A count * sizeof (CK_OBJECT_HANDLE));
1N/A *pulObjectCount = count;
1N/A
1N/A sess->find_idx += count;
1N/A rc = CKR_OK;
1N/A
1N/Adone:
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_FindObjectsFinal(ST_SESSION_HANDLE sSession)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A if (sess->find_active == FALSE) {
1N/A rc = CKR_OPERATION_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A if (sess->find_list)
1N/A free(sess->find_list);
1N/A
1N/A sess->find_list = NULL;
1N/A sess->find_len = 0;
1N/A sess->find_idx = 0;
1N/A sess->find_active = FALSE;
1N/A
1N/A rc = CKR_OK;
1N/A
1N/Adone:
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_EncryptInit(ST_SESSION_HANDLE sSession,
1N/A CK_MECHANISM_PTR pMechanism,
1N/A CK_OBJECT_HANDLE hKey)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A if (! pMechanism) {
1N/A rc = CKR_ARGUMENTS_BAD;
1N/A goto done;
1N/A }
1N/A
1N/A VALID_MECH(pMechanism);
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A if (pin_expired(&sess->session_info,
1N/A nv_token_data->token_info.flags) == TRUE) {
1N/A rc = CKR_PIN_EXPIRED;
1N/A goto done;
1N/A }
1N/A
1N/A if (sess->encr_ctx.active == TRUE) {
1N/A rc = CKR_OPERATION_ACTIVE;
1N/A goto done;
1N/A }
1N/A
1N/A rc = encr_mgr_init(sess, &sess->encr_ctx, OP_ENCRYPT_INIT,
1N/A pMechanism, hKey);
1N/Adone:
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_Encrypt(ST_SESSION_HANDLE sSession,
1N/A CK_BYTE_PTR pData,
1N/A CK_ULONG ulDataLen,
1N/A CK_BYTE_PTR pEncryptedData,
1N/A CK_ULONG_PTR pulEncryptedDataLen)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_BBOOL length_only = FALSE;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A if (! pData || ! pulEncryptedDataLen) {
1N/A rc = CKR_ARGUMENTS_BAD;
1N/A goto done;
1N/A }
1N/A if (sess->encr_ctx.active == FALSE) {
1N/A rc = CKR_OPERATION_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A if (! pEncryptedData)
1N/A length_only = TRUE;
1N/A
1N/A rc = encr_mgr_encrypt(sess, length_only,
1N/A &sess->encr_ctx, pData, ulDataLen,
1N/A pEncryptedData, pulEncryptedDataLen);
1N/A
1N/Adone:
1N/A if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE))
1N/A (void) encr_mgr_cleanup(&sess->encr_ctx);
1N/A
1N/A return (rc);
1N/A}
1N/A
1N/A#if 0
1N/ACK_RV
1N/ASC_EncryptUpdate(ST_SESSION_HANDLE sSession,
1N/A CK_BYTE_PTR pPart,
1N/A CK_ULONG ulPartLen,
1N/A CK_BYTE_PTR pEncryptedPart,
1N/A CK_ULONG_PTR pulEncryptedPartLen)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_BBOOL length_only = FALSE;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A if (! pPart || ! pulEncryptedPartLen) {
1N/A rc = CKR_ARGUMENTS_BAD;
1N/A goto done;
1N/A }
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A if (sess->encr_ctx.active == FALSE) {
1N/A rc = CKR_OPERATION_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A if (! pEncryptedPart)
1N/A length_only = TRUE;
1N/A
1N/A rc = encr_mgr_encrypt_update(sess, length_only,
1N/A &sess->encr_ctx, pPart, ulPartLen,
1N/A pEncryptedPart, pulEncryptedPartLen);
1N/A
1N/Adone:
1N/A if (rc != CKR_OK && rc != CKR_BUFFER_TOO_SMALL)
1N/A (void) encr_mgr_cleanup(&sess->encr_ctx);
1N/A
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_EncryptFinal(ST_SESSION_HANDLE sSession,
1N/A CK_BYTE_PTR pLastEncryptedPart,
1N/A CK_ULONG_PTR pulLastEncryptedPartLen)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_BBOOL length_only = FALSE;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A if (! pulLastEncryptedPartLen) {
1N/A rc = CKR_ARGUMENTS_BAD;
1N/A goto done;
1N/A }
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A if (sess->encr_ctx.active == FALSE) {
1N/A rc = CKR_OPERATION_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A if (! pLastEncryptedPart)
1N/A length_only = TRUE;
1N/A
1N/A rc = encr_mgr_encrypt_final(sess, length_only, &sess->encr_ctx,
1N/A pLastEncryptedPart, pulLastEncryptedPartLen);
1N/A
1N/Adone:
1N/A if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE))
1N/A (void) encr_mgr_cleanup(&sess->encr_ctx);
1N/A
1N/A return (rc);
1N/A}
1N/A#endif
1N/A
1N/ACK_RV
1N/ASC_DecryptInit(ST_SESSION_HANDLE sSession,
1N/A CK_MECHANISM_PTR pMechanism,
1N/A CK_OBJECT_HANDLE hKey)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A if (! pMechanism) {
1N/A rc = CKR_ARGUMENTS_BAD;
1N/A goto done;
1N/A }
1N/A VALID_MECH(pMechanism);
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A if (pin_expired(&sess->session_info,
1N/A nv_token_data->token_info.flags) == TRUE) {
1N/A rc = CKR_PIN_EXPIRED;
1N/A goto done;
1N/A }
1N/A
1N/A if (sess->decr_ctx.active == TRUE) {
1N/A rc = CKR_OPERATION_ACTIVE;
1N/A goto done;
1N/A }
1N/A
1N/A rc = decr_mgr_init(sess, &sess->decr_ctx,
1N/A OP_DECRYPT_INIT, pMechanism, hKey);
1N/A
1N/Adone:
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_Decrypt(ST_SESSION_HANDLE sSession,
1N/A CK_BYTE_PTR pEncryptedData,
1N/A CK_ULONG ulEncryptedDataLen,
1N/A CK_BYTE_PTR pData,
1N/A CK_ULONG_PTR pulDataLen)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_BBOOL length_only = FALSE;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A if (! pEncryptedData || ! pulDataLen) {
1N/A rc = CKR_ARGUMENTS_BAD;
1N/A goto done;
1N/A }
1N/A if (sess->decr_ctx.active == FALSE) {
1N/A rc = CKR_OPERATION_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A if (! pData)
1N/A length_only = TRUE;
1N/A
1N/A rc = decr_mgr_decrypt(sess,
1N/A length_only,
1N/A &sess->decr_ctx,
1N/A pEncryptedData,
1N/A ulEncryptedDataLen,
1N/A pData,
1N/A pulDataLen);
1N/A
1N/Adone:
1N/A if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE))
1N/A (void) decr_mgr_cleanup(&sess->decr_ctx);
1N/A
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_DigestInit(ST_SESSION_HANDLE sSession,
1N/A CK_MECHANISM_PTR pMechanism)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A if (! pMechanism) {
1N/A rc = CKR_ARGUMENTS_BAD;
1N/A goto done;
1N/A }
1N/A
1N/A VALID_MECH(pMechanism);
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A if (pin_expired(&sess->session_info,
1N/A nv_token_data->token_info.flags) == TRUE) {
1N/A rc = CKR_PIN_EXPIRED;
1N/A goto done;
1N/A }
1N/A
1N/A if (sess->digest_ctx.active == TRUE) {
1N/A rc = CKR_OPERATION_ACTIVE;
1N/A goto done;
1N/A }
1N/A
1N/A rc = digest_mgr_init(sess, &sess->digest_ctx, pMechanism);
1N/A
1N/Adone:
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_Digest(ST_SESSION_HANDLE sSession,
1N/A CK_BYTE_PTR pData,
1N/A CK_ULONG ulDataLen,
1N/A CK_BYTE_PTR pDigest,
1N/A CK_ULONG_PTR pulDigestLen)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_BBOOL length_only = FALSE;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A if (! pData || ! pulDigestLen) {
1N/A rc = CKR_ARGUMENTS_BAD;
1N/A goto done;
1N/A }
1N/A
1N/A if (sess->digest_ctx.active == FALSE) {
1N/A rc = CKR_OPERATION_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A if (! pDigest)
1N/A length_only = TRUE;
1N/A
1N/A rc = digest_mgr_digest(sess, length_only,
1N/A &sess->digest_ctx, pData, ulDataLen,
1N/A pDigest, pulDigestLen);
1N/A
1N/Adone:
1N/A if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE))
1N/A (void) digest_mgr_cleanup(&sess->digest_ctx);
1N/A
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_DigestUpdate(ST_SESSION_HANDLE sSession,
1N/A CK_BYTE_PTR pPart,
1N/A CK_ULONG ulPartLen)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A if (! pPart && ulPartLen != 0) {
1N/A rc = CKR_ARGUMENTS_BAD;
1N/A goto done;
1N/A }
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A if (sess->digest_ctx.active == FALSE) {
1N/A rc = CKR_OPERATION_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A if (pPart) {
1N/A rc = digest_mgr_digest_update(sess, &sess->digest_ctx,
1N/A pPart, ulPartLen);
1N/A }
1N/Adone:
1N/A if (rc != CKR_OK)
1N/A (void) digest_mgr_cleanup(&sess->digest_ctx);
1N/A
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_DigestKey(ST_SESSION_HANDLE sSession,
1N/A CK_OBJECT_HANDLE hKey)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A if (sess->digest_ctx.active == FALSE) {
1N/A rc = CKR_OPERATION_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A rc = digest_mgr_digest_key(sess, &sess->digest_ctx, hKey);
1N/A
1N/Adone:
1N/A if (rc != CKR_OK)
1N/A (void) digest_mgr_cleanup(&sess->digest_ctx);
1N/A
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_DigestFinal(ST_SESSION_HANDLE sSession,
1N/A CK_BYTE_PTR pDigest,
1N/A CK_ULONG_PTR pulDigestLen)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_BBOOL length_only = FALSE;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A if (! pulDigestLen) {
1N/A rc = CKR_ARGUMENTS_BAD;
1N/A goto done;
1N/A }
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A if (sess->digest_ctx.active == FALSE) {
1N/A rc = CKR_OPERATION_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A if (! pDigest)
1N/A length_only = TRUE;
1N/A
1N/A rc = digest_mgr_digest_final(sess,
1N/A &sess->digest_ctx, pDigest, pulDigestLen);
1N/A
1N/Adone:
1N/A if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE))
1N/A (void) digest_mgr_cleanup(&sess->digest_ctx);
1N/A
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_SignInit(ST_SESSION_HANDLE sSession,
1N/A CK_MECHANISM_PTR pMechanism,
1N/A CK_OBJECT_HANDLE hKey)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A if (! pMechanism) {
1N/A rc = CKR_ARGUMENTS_BAD;
1N/A goto done;
1N/A }
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A VALID_MECH(pMechanism);
1N/A
1N/A if (pin_expired(&sess->session_info,
1N/A nv_token_data->token_info.flags) == TRUE) {
1N/A rc = CKR_PIN_EXPIRED;
1N/A goto done;
1N/A }
1N/A
1N/A if (sess->sign_ctx.active == TRUE) {
1N/A rc = CKR_OPERATION_ACTIVE;
1N/A goto done;
1N/A }
1N/A
1N/A rc = sign_mgr_init(sess, &sess->sign_ctx, pMechanism, FALSE, hKey);
1N/A
1N/Adone:
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_Sign(ST_SESSION_HANDLE sSession,
1N/A CK_BYTE_PTR pData,
1N/A CK_ULONG ulDataLen,
1N/A CK_BYTE_PTR pSignature,
1N/A CK_ULONG_PTR pulSignatureLen)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_BBOOL length_only = FALSE;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A if (!pData || !pulSignatureLen) {
1N/A rc = CKR_ARGUMENTS_BAD;
1N/A goto done;
1N/A }
1N/A
1N/A if (sess->sign_ctx.active == FALSE) {
1N/A rc = CKR_OPERATION_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A if (! pSignature)
1N/A length_only = TRUE;
1N/A
1N/A rc = sign_mgr_sign(sess, length_only,
1N/A &sess->sign_ctx, pData, ulDataLen,
1N/A pSignature, pulSignatureLen);
1N/A
1N/Adone:
1N/A if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE))
1N/A (void) sign_mgr_cleanup(&sess->sign_ctx);
1N/A
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_SignUpdate(ST_SESSION_HANDLE sSession,
1N/A CK_BYTE_PTR pPart,
1N/A CK_ULONG ulPartLen)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A if (! pPart) {
1N/A rc = CKR_ARGUMENTS_BAD;
1N/A goto done;
1N/A }
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A if (sess->sign_ctx.active == FALSE) {
1N/A rc = CKR_OPERATION_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A rc = sign_mgr_sign_update(sess, &sess->sign_ctx, pPart, ulPartLen);
1N/A
1N/Adone:
1N/A if (rc != CKR_OK)
1N/A (void) sign_mgr_cleanup(&sess->sign_ctx);
1N/A
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_SignFinal(ST_SESSION_HANDLE sSession,
1N/A CK_BYTE_PTR pSignature,
1N/A CK_ULONG_PTR pulSignatureLen)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_BBOOL length_only = FALSE;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A if (! pulSignatureLen) {
1N/A rc = CKR_ARGUMENTS_BAD;
1N/A goto done;
1N/A }
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A if (sess->sign_ctx.active == FALSE) {
1N/A rc = CKR_OPERATION_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A if (! pSignature)
1N/A length_only = TRUE;
1N/A
1N/A rc = sign_mgr_sign_final(sess, length_only,
1N/A &sess->sign_ctx, pSignature, pulSignatureLen);
1N/A
1N/Adone:
1N/A if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE))
1N/A (void) sign_mgr_cleanup(&sess->sign_ctx);
1N/A
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_SignRecoverInit(ST_SESSION_HANDLE sSession,
1N/A CK_MECHANISM_PTR pMechanism,
1N/A CK_OBJECT_HANDLE hKey)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A if (! pMechanism) {
1N/A rc = CKR_ARGUMENTS_BAD;
1N/A goto done;
1N/A }
1N/A VALID_MECH(pMechanism);
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A if (pin_expired(&sess->session_info,
1N/A nv_token_data->token_info.flags) == TRUE) {
1N/A rc = CKR_PIN_EXPIRED;
1N/A goto done;
1N/A }
1N/A
1N/A if (sess->sign_ctx.active == TRUE) {
1N/A rc = CKR_OPERATION_ACTIVE;
1N/A goto done;
1N/A }
1N/A
1N/A rc = sign_mgr_init(sess, &sess->sign_ctx, pMechanism, TRUE, hKey);
1N/A
1N/Adone:
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_SignRecover(ST_SESSION_HANDLE sSession,
1N/A CK_BYTE_PTR pData,
1N/A CK_ULONG ulDataLen,
1N/A CK_BYTE_PTR pSignature,
1N/A CK_ULONG_PTR pulSignatureLen)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_BBOOL length_only = FALSE;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A if (!pData || !pulSignatureLen) {
1N/A rc = CKR_ARGUMENTS_BAD;
1N/A goto done;
1N/A }
1N/A if ((sess->sign_ctx.active == FALSE) ||
1N/A (sess->sign_ctx.recover == FALSE)) {
1N/A rc = CKR_OPERATION_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A if (! pSignature)
1N/A length_only = TRUE;
1N/A
1N/A rc = sign_mgr_sign_recover(sess, length_only,
1N/A &sess->sign_ctx, pData, ulDataLen,
1N/A pSignature, pulSignatureLen);
1N/A
1N/Adone:
1N/A if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE))
1N/A (void) sign_mgr_cleanup(&sess->sign_ctx);
1N/A
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_VerifyInit(ST_SESSION_HANDLE sSession,
1N/A CK_MECHANISM_PTR pMechanism,
1N/A CK_OBJECT_HANDLE hKey)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A if (! pMechanism) {
1N/A rc = CKR_ARGUMENTS_BAD;
1N/A goto done;
1N/A }
1N/A VALID_MECH(pMechanism);
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A if (pin_expired(&sess->session_info,
1N/A nv_token_data->token_info.flags) == TRUE) {
1N/A rc = CKR_PIN_EXPIRED;
1N/A goto done;
1N/A }
1N/A
1N/A if (sess->verify_ctx.active == TRUE) {
1N/A rc = CKR_OPERATION_ACTIVE;
1N/A goto done;
1N/A }
1N/A
1N/A rc = verify_mgr_init(sess, &sess->verify_ctx, pMechanism, FALSE, hKey);
1N/A
1N/Adone:
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_Verify(ST_SESSION_HANDLE sSession,
1N/A CK_BYTE_PTR pData,
1N/A CK_ULONG ulDataLen,
1N/A CK_BYTE_PTR pSignature,
1N/A CK_ULONG ulSignatureLen)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A if (! pData || ! pSignature) {
1N/A rc = CKR_ARGUMENTS_BAD;
1N/A goto done;
1N/A }
1N/A if (sess->verify_ctx.active == FALSE) {
1N/A rc = CKR_OPERATION_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A rc = verify_mgr_verify(sess,
1N/A &sess->verify_ctx, pData, ulDataLen,
1N/A pSignature, ulSignatureLen);
1N/A
1N/Adone:
1N/A (void) verify_mgr_cleanup(&sess->verify_ctx);
1N/A
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_VerifyUpdate(ST_SESSION_HANDLE sSession,
1N/A CK_BYTE_PTR pPart,
1N/A CK_ULONG ulPartLen)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A if (! pPart) {
1N/A rc = CKR_ARGUMENTS_BAD;
1N/A goto done;
1N/A }
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A if (sess->verify_ctx.active == FALSE) {
1N/A rc = CKR_OPERATION_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A rc = verify_mgr_verify_update(sess, &sess->verify_ctx,
1N/A pPart, ulPartLen);
1N/Adone:
1N/A if (rc != CKR_OK)
1N/A (void) verify_mgr_cleanup(&sess->verify_ctx);
1N/A
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_VerifyFinal(ST_SESSION_HANDLE sSession,
1N/A CK_BYTE_PTR pSignature,
1N/A CK_ULONG ulSignatureLen)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A if (! pSignature) {
1N/A rc = CKR_ARGUMENTS_BAD;
1N/A goto done;
1N/A }
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A if (sess->verify_ctx.active == FALSE) {
1N/A rc = CKR_OPERATION_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A rc = verify_mgr_verify_final(sess, &sess->verify_ctx,
1N/A pSignature, ulSignatureLen);
1N/A
1N/Adone:
1N/A (void) verify_mgr_cleanup(&sess->verify_ctx);
1N/A
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_VerifyRecoverInit(ST_SESSION_HANDLE sSession,
1N/A CK_MECHANISM_PTR pMechanism,
1N/A CK_OBJECT_HANDLE hKey)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A if (! pMechanism) {
1N/A rc = CKR_ARGUMENTS_BAD;
1N/A goto done;
1N/A }
1N/A VALID_MECH(pMechanism);
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A if (pin_expired(&sess->session_info,
1N/A nv_token_data->token_info.flags) == TRUE) {
1N/A rc = CKR_PIN_EXPIRED;
1N/A goto done;
1N/A }
1N/A
1N/A if (sess->verify_ctx.active == TRUE) {
1N/A rc = CKR_OPERATION_ACTIVE;
1N/A goto done;
1N/A }
1N/A
1N/A rc = verify_mgr_init(sess, &sess->verify_ctx, pMechanism, TRUE, hKey);
1N/A
1N/Adone:
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_VerifyRecover(ST_SESSION_HANDLE sSession,
1N/A CK_BYTE_PTR pSignature,
1N/A CK_ULONG ulSignatureLen,
1N/A CK_BYTE_PTR pData,
1N/A CK_ULONG_PTR pulDataLen)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_BBOOL length_only = FALSE;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A if (!pSignature || !pulDataLen) {
1N/A rc = CKR_ARGUMENTS_BAD;
1N/A goto done;
1N/A }
1N/A
1N/A if ((sess->verify_ctx.active == FALSE) ||
1N/A (sess->verify_ctx.recover == FALSE)) {
1N/A rc = CKR_OPERATION_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A if (! pData)
1N/A length_only = TRUE;
1N/A
1N/A rc = verify_mgr_verify_recover(sess, length_only,
1N/A &sess->verify_ctx, pSignature, ulSignatureLen,
1N/A pData, pulDataLen);
1N/A
1N/Adone:
1N/A if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE))
1N/A (void) verify_mgr_cleanup(&sess->verify_ctx);
1N/A
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_GenerateKeyPair(ST_SESSION_HANDLE sSession,
1N/A CK_MECHANISM_PTR pMechanism,
1N/A CK_ATTRIBUTE_PTR pPublicKeyTemplate,
1N/A CK_ULONG ulPublicKeyAttributeCount,
1N/A CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
1N/A CK_ULONG ulPrivateKeyAttributeCount,
1N/A CK_OBJECT_HANDLE_PTR phPublicKey,
1N/A CK_OBJECT_HANDLE_PTR phPrivateKey)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A if (! pMechanism || ! phPublicKey || ! phPrivateKey ||
1N/A (! pPublicKeyTemplate && (ulPublicKeyAttributeCount != 0)) ||
1N/A (! pPrivateKeyTemplate && (ulPrivateKeyAttributeCount != 0))) {
1N/A rc = CKR_ARGUMENTS_BAD;
1N/A goto done;
1N/A }
1N/A VALID_MECH(pMechanism);
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A if (pin_expired(&sess->session_info,
1N/A nv_token_data->token_info.flags) == TRUE) {
1N/A rc = CKR_PIN_EXPIRED;
1N/A goto done;
1N/A }
1N/A
1N/A rc = key_mgr_generate_key_pair(sess, pMechanism,
1N/A pPublicKeyTemplate, ulPublicKeyAttributeCount,
1N/A pPrivateKeyTemplate, ulPrivateKeyAttributeCount,
1N/A phPublicKey, phPrivateKey);
1N/Adone:
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_WrapKey(ST_SESSION_HANDLE sSession,
1N/A CK_MECHANISM_PTR pMechanism,
1N/A CK_OBJECT_HANDLE hWrappingKey,
1N/A CK_OBJECT_HANDLE hKey,
1N/A CK_BYTE_PTR pWrappedKey,
1N/A CK_ULONG_PTR pulWrappedKeyLen)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_BBOOL length_only = FALSE;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A if (! pMechanism || ! pulWrappedKeyLen) {
1N/A rc = CKR_ARGUMENTS_BAD;
1N/A goto done;
1N/A }
1N/A VALID_MECH(pMechanism);
1N/A
1N/A if (! pWrappedKey)
1N/A length_only = TRUE;
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A if (pin_expired(&sess->session_info,
1N/A nv_token_data->token_info.flags) == TRUE) {
1N/A rc = CKR_PIN_EXPIRED;
1N/A goto done;
1N/A }
1N/A
1N/A rc = key_mgr_wrap_key(sess, length_only,
1N/A pMechanism, hWrappingKey, hKey,
1N/A pWrappedKey, pulWrappedKeyLen);
1N/A
1N/Adone:
1N/A return (rc);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_UnwrapKey(ST_SESSION_HANDLE sSession,
1N/A CK_MECHANISM_PTR pMechanism,
1N/A CK_OBJECT_HANDLE hUnwrappingKey,
1N/A CK_BYTE_PTR pWrappedKey,
1N/A CK_ULONG ulWrappedKeyLen,
1N/A CK_ATTRIBUTE_PTR pTemplate,
1N/A CK_ULONG ulCount,
1N/A CK_OBJECT_HANDLE_PTR phKey)
1N/A{
1N/A SESSION * sess = NULL;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A if (! pMechanism || ! pWrappedKey ||
1N/A (! pTemplate && ulCount != 0) || ! phKey) {
1N/A rc = CKR_ARGUMENTS_BAD;
1N/A goto done;
1N/A }
1N/A VALID_MECH(pMechanism);
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A if (pin_expired(&sess->session_info,
1N/A nv_token_data->token_info.flags) == TRUE) {
1N/A rc = CKR_PIN_EXPIRED;
1N/A goto done;
1N/A }
1N/A
1N/A rc = key_mgr_unwrap_key(sess, pMechanism,
1N/A pTemplate, ulCount,
1N/A pWrappedKey, ulWrappedKeyLen,
1N/A hUnwrappingKey, phKey);
1N/A
1N/Adone:
1N/A return (rc);
1N/A}
1N/A
1N/A/*ARGSUSED*/
1N/ACK_RV
1N/ASC_SeedRandom(ST_SESSION_HANDLE sSession,
1N/A CK_BYTE_PTR pSeed,
1N/A CK_ULONG ulSeedLen)
1N/A{
1N/A if (st_Initialized() == FALSE) {
1N/A return (CKR_CRYPTOKI_NOT_INITIALIZED);
1N/A }
1N/A if (pSeed == NULL || ulSeedLen == NULL)
1N/A return (CKR_ARGUMENTS_BAD);
1N/A
1N/A return (CKR_OK);
1N/A}
1N/A
1N/ACK_RV
1N/ASC_GenerateRandom(ST_SESSION_HANDLE sSession,
1N/A CK_BYTE_PTR pRandomData,
1N/A CK_ULONG ulRandomLen)
1N/A{
1N/A SESSION *sess = NULL;
1N/A CK_RV rc = CKR_OK;
1N/A SESS_SET
1N/A
1N/A if (st_Initialized() == FALSE) {
1N/A rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1N/A goto done;
1N/A }
1N/A
1N/A if (! pRandomData && ulRandomLen != 0) {
1N/A rc = CKR_ARGUMENTS_BAD;
1N/A goto done;
1N/A }
1N/A
1N/A sess = session_mgr_find(hSession);
1N/A if (! sess) {
1N/A rc = CKR_SESSION_HANDLE_INVALID;
1N/A goto done;
1N/A }
1N/A
1N/A rc = token_rng(sess->hContext, pRandomData, ulRandomLen);
1N/A
1N/Adone:
1N/A return (rc);
1N/A}
1N/A
1N/Avoid
1N/ASC_SetFunctionList(void) {
1N/A function_list.ST_Initialize = ST_Initialize;
1N/A function_list.ST_Finalize = SC_Finalize;
1N/A function_list.ST_GetTokenInfo = SC_GetTokenInfo;
1N/A function_list.ST_GetMechanismList = SC_GetMechanismList;
1N/A function_list.ST_GetMechanismInfo = SC_GetMechanismInfo;
1N/A function_list.ST_InitToken = SC_InitToken;
1N/A function_list.ST_InitPIN = SC_InitPIN;
1N/A function_list.ST_SetPIN = SC_SetPIN;
1N/A function_list.ST_OpenSession = SC_OpenSession;
1N/A function_list.ST_CloseSession = SC_CloseSession;
1N/A function_list.ST_GetSessionInfo = SC_GetSessionInfo;
1N/A function_list.ST_GetOperationState = SC_GetOperationState;
1N/A function_list.ST_SetOperationState = SC_SetOperationState;
1N/A function_list.ST_Login = SC_Login;
1N/A function_list.ST_Logout = SC_Logout;
1N/A function_list.ST_CreateObject = SC_CreateObject;
1N/A function_list.ST_CopyObject = SC_CopyObject;
1N/A function_list.ST_DestroyObject = SC_DestroyObject;
1N/A function_list.ST_GetObjectSize = SC_GetObjectSize;
1N/A function_list.ST_GetAttributeValue = SC_GetAttributeValue;
1N/A function_list.ST_SetAttributeValue = SC_SetAttributeValue;
1N/A function_list.ST_FindObjectsInit = SC_FindObjectsInit;
1N/A function_list.ST_FindObjects = SC_FindObjects;
1N/A function_list.ST_FindObjectsFinal = SC_FindObjectsFinal;
1N/A function_list.ST_EncryptInit = SC_EncryptInit;
1N/A function_list.ST_Encrypt = SC_Encrypt;
1N/A function_list.ST_EncryptUpdate = NULL /* SC_EncryptUpdate */;
1N/A function_list.ST_EncryptFinal = NULL /* SC_EncryptFinal */;
1N/A function_list.ST_DecryptInit = SC_DecryptInit;
1N/A function_list.ST_Decrypt = SC_Decrypt;
1N/A function_list.ST_DecryptUpdate = NULL /* SC_DecryptUpdate */;
1N/A function_list.ST_DecryptFinal = NULL /* SC_DecryptFinal */;
1N/A function_list.ST_DigestInit = SC_DigestInit;
1N/A function_list.ST_Digest = SC_Digest;
1N/A function_list.ST_DigestUpdate = SC_DigestUpdate;
1N/A function_list.ST_DigestKey = SC_DigestKey;
1N/A function_list.ST_DigestFinal = SC_DigestFinal;
1N/A function_list.ST_SignInit = SC_SignInit;
1N/A function_list.ST_Sign = SC_Sign;
1N/A function_list.ST_SignUpdate = SC_SignUpdate;
1N/A function_list.ST_SignFinal = SC_SignFinal;
1N/A function_list.ST_SignRecoverInit = SC_SignRecoverInit;
1N/A function_list.ST_SignRecover = SC_SignRecover;
1N/A function_list.ST_VerifyInit = SC_VerifyInit;
1N/A function_list.ST_Verify = SC_Verify;
1N/A function_list.ST_VerifyUpdate = SC_VerifyUpdate;
1N/A function_list.ST_VerifyFinal = SC_VerifyFinal;
1N/A function_list.ST_VerifyRecoverInit = SC_VerifyRecoverInit;
1N/A function_list.ST_VerifyRecover = SC_VerifyRecover;
1N/A function_list.ST_DigestEncryptUpdate = NULL;
1N/A function_list.ST_DecryptDigestUpdate = NULL;
1N/A function_list.ST_SignEncryptUpdate = NULL;
1N/A function_list.ST_DecryptVerifyUpdate = NULL;
1N/A function_list.ST_GenerateKey = NULL;
1N/A function_list.ST_GenerateKeyPair = SC_GenerateKeyPair;
1N/A function_list.ST_WrapKey = SC_WrapKey;
1N/A function_list.ST_UnwrapKey = SC_UnwrapKey;
1N/A function_list.ST_DeriveKey = NULL;
1N/A function_list.ST_SeedRandom = SC_SeedRandom;
1N/A function_list.ST_GenerateRandom = SC_GenerateRandom;
1N/A function_list.ST_GetFunctionStatus = NULL;
1N/A function_list.ST_CancelFunction = NULL;
1N/A}