Print this page
Raise max RSA keysize (WIP)
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSlotToken.c
+++ new/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSlotToken.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21
22 22 /*
23 23 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
24 24 */
25 25
26 26 #include <strings.h>
27 27 #include <cryptoutil.h>
28 28 #include <security/cryptoki.h>
29 29 #include <sys/crypto/common.h>
30 30 #include <arcfour.h>
31 31 #include "softGlobal.h"
32 32 #include "softSession.h"
33 33 #include <aes_impl.h>
34 34 #include <blowfish_impl.h>
35 35 #include <des_impl.h>
36 36 #include <ecc_impl.h>
37 37 #include "softDH.h"
38 38 #include "softObject.h"
39 39 #include "softKeystore.h"
40 40 #include "softKeystoreUtil.h"
41 41
42 42
43 43 static CK_MECHANISM_TYPE soft_mechanisms[] = {
44 44 CKM_DES_CBC,
45 45 CKM_DES_CBC_PAD,
46 46 CKM_DES_ECB,
47 47 CKM_DES_KEY_GEN,
48 48 CKM_DES_MAC_GENERAL,
49 49 CKM_DES_MAC,
50 50 CKM_DES3_CBC,
51 51 CKM_DES3_CBC_PAD,
52 52 CKM_DES3_ECB,
53 53 CKM_DES2_KEY_GEN,
54 54 CKM_DES3_KEY_GEN,
55 55 CKM_AES_CBC,
56 56 CKM_AES_CBC_PAD,
57 57 CKM_AES_CTR,
58 58 CKM_AES_ECB,
59 59 CKM_AES_KEY_GEN,
60 60 CKM_BLOWFISH_CBC,
61 61 CKM_BLOWFISH_KEY_GEN,
62 62 CKM_SHA_1,
63 63 CKM_SHA_1_HMAC,
64 64 CKM_SHA_1_HMAC_GENERAL,
65 65 CKM_SHA256,
66 66 CKM_SHA256_HMAC,
67 67 CKM_SHA256_HMAC_GENERAL,
68 68 CKM_SHA384,
69 69 CKM_SHA384_HMAC,
70 70 CKM_SHA384_HMAC_GENERAL,
71 71 CKM_SHA512,
72 72 CKM_SHA512_HMAC,
73 73 CKM_SHA512_HMAC_GENERAL,
74 74 CKM_SSL3_SHA1_MAC,
75 75 CKM_MD5,
76 76 CKM_MD5_HMAC,
77 77 CKM_MD5_HMAC_GENERAL,
78 78 CKM_SSL3_MD5_MAC,
79 79 CKM_RC4,
80 80 CKM_RC4_KEY_GEN,
81 81 CKM_DSA,
82 82 CKM_DSA_SHA1,
83 83 CKM_DSA_KEY_PAIR_GEN,
84 84 CKM_RSA_PKCS,
85 85 CKM_RSA_PKCS_KEY_PAIR_GEN,
86 86 CKM_RSA_X_509,
87 87 CKM_MD5_RSA_PKCS,
88 88 CKM_SHA1_RSA_PKCS,
89 89 CKM_SHA256_RSA_PKCS,
90 90 CKM_SHA384_RSA_PKCS,
91 91 CKM_SHA512_RSA_PKCS,
92 92 CKM_DH_PKCS_KEY_PAIR_GEN,
93 93 CKM_DH_PKCS_DERIVE,
94 94 CKM_MD5_KEY_DERIVATION,
95 95 CKM_SHA1_KEY_DERIVATION,
96 96 CKM_SHA256_KEY_DERIVATION,
97 97 CKM_SHA384_KEY_DERIVATION,
98 98 CKM_SHA512_KEY_DERIVATION,
99 99 CKM_PBE_SHA1_RC4_128,
100 100 CKM_PKCS5_PBKD2,
101 101 CKM_SSL3_PRE_MASTER_KEY_GEN,
102 102 CKM_TLS_PRE_MASTER_KEY_GEN,
103 103 CKM_SSL3_MASTER_KEY_DERIVE,
104 104 CKM_TLS_MASTER_KEY_DERIVE,
105 105 CKM_SSL3_MASTER_KEY_DERIVE_DH,
106 106 CKM_TLS_MASTER_KEY_DERIVE_DH,
107 107 CKM_SSL3_KEY_AND_MAC_DERIVE,
108 108 CKM_TLS_KEY_AND_MAC_DERIVE,
109 109 CKM_TLS_PRF,
110 110 CKM_EC_KEY_PAIR_GEN,
111 111 CKM_ECDSA,
112 112 CKM_ECDSA_SHA1,
113 113 CKM_ECDH1_DERIVE
114 114 };
115 115
116 116 /*
117 117 * This is the table of CK_MECHANISM_INFO structs for the supported mechanisms.
118 118 * The index for this table is the same as the one above for the same
119 119 * mechanism.
120 120 * The minimum and maximum sizes of the key for the mechanism can be measured
121 121 * in bits or in bytes (i.e. mechanism-dependent). This table specifies the
122 122 * supported range of key sizes in bytes; unless noted as in bits.
123 123 */
124 124 static CK_MECHANISM_INFO soft_mechanism_info[] = {
125 125 {DES_MINBYTES, DES_MAXBYTES,
126 126 CKF_ENCRYPT|CKF_DECRYPT|
127 127 CKF_WRAP|CKF_UNWRAP}, /* CKM_DES_CBC */
128 128 {DES_MINBYTES, DES_MAXBYTES,
129 129 CKF_ENCRYPT|CKF_DECRYPT|
130 130 CKF_WRAP|CKF_UNWRAP}, /* CKM_DES_CBC_PAD */
131 131 {DES_MINBYTES, DES_MAXBYTES,
132 132 CKF_ENCRYPT|CKF_DECRYPT|
133 133 CKF_WRAP|CKF_UNWRAP}, /* CKM_DES_ECB */
134 134 {DES_MINBYTES, DES_MAXBYTES,
135 135 CKF_GENERATE}, /* CKM_DES_KEY_GEN */
136 136 {DES_MINBYTES, DES_MAXBYTES,
137 137 CKF_SIGN|CKF_VERIFY}, /* CKM_DES_MAC_GENERAL */
138 138 {DES_MINBYTES, DES_MAXBYTES,
139 139 CKF_SIGN|CKF_VERIFY}, /* CKM_DES_MAC */
140 140 {DES3_MINBYTES, DES3_MAXBYTES,
141 141 CKF_ENCRYPT|CKF_DECRYPT|
142 142 CKF_WRAP|CKF_UNWRAP}, /* CKM_DES3_CBC */
143 143 {DES3_MINBYTES, DES3_MAXBYTES,
144 144 CKF_ENCRYPT|CKF_DECRYPT|
145 145 CKF_WRAP|CKF_UNWRAP}, /* CKM_DES3_CBC_PAD */
146 146 {DES3_MINBYTES, DES3_MAXBYTES,
147 147 CKF_ENCRYPT|CKF_DECRYPT|
148 148 CKF_WRAP|CKF_UNWRAP}, /* CKM_DES3_ECB */
149 149 {DES2_MAXBYTES, DES2_MAXBYTES,
150 150 CKF_GENERATE}, /* CKM_DES2_KEY_GEN */
151 151 {DES3_MAXBYTES, DES3_MAXBYTES, /* CKK_DES3 only */
152 152 CKF_GENERATE}, /* CKM_DES3_KEY_GEN */
153 153 {AES_MINBYTES, AES_MAXBYTES,
154 154 CKF_ENCRYPT|CKF_DECRYPT|
155 155 CKF_WRAP|CKF_UNWRAP}, /* CKM_AES_CBC */
156 156 {AES_MINBYTES, AES_MAXBYTES,
157 157 CKF_ENCRYPT|CKF_DECRYPT|
158 158 CKF_WRAP|CKF_UNWRAP}, /* CKM_AES_CBC_PAD */
159 159 {AES_MINBYTES, AES_MAXBYTES,
160 160 CKF_ENCRYPT|CKF_DECRYPT|
161 161 CKF_WRAP|CKF_UNWRAP}, /* CKM_AES_CTR */
162 162 {AES_MINBYTES, AES_MAXBYTES,
163 163 CKF_ENCRYPT|CKF_DECRYPT|
164 164 CKF_WRAP|CKF_UNWRAP}, /* CKM_AES_ECB */
165 165 {AES_MINBYTES, AES_MAXBYTES,
166 166 CKF_GENERATE}, /* CKM_AES_KEY_GEN */
167 167 {BLOWFISH_MINBYTES, BLOWFISH_MAXBYTES,
168 168 CKF_ENCRYPT|CKF_DECRYPT|
169 169 CKF_WRAP|CKF_UNWRAP}, /* CKM_BLOWFISH_ECB */
170 170 {BLOWFISH_MINBYTES, BLOWFISH_MAXBYTES,
171 171 CKF_GENERATE}, /* CKM_BLOWFISH_KEY_GEN */
172 172 {0, 0, CKF_DIGEST}, /* CKM_SHA_1 */
173 173 {1, 64, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA_1_HMAC */
174 174 {1, 64, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA_1_HMAC_GENERAL */
175 175 {0, 0, CKF_DIGEST}, /* CKM_SHA256 */
176 176 {1, 64, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA256_HMAC */
177 177 {1, 64, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA256_HMAC_GENERAL */
178 178 {0, 0, CKF_DIGEST}, /* CKM_SHA384 */
179 179 {1, 128, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA384_HMAC */
180 180 {1, 128, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA384_HMAC_GENERAL */
181 181 {0, 0, CKF_DIGEST}, /* CKM_SHA512 */
182 182 {1, 128, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA512_HMAC */
183 183 {1, 128, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA512_HMAC_GENERAL */
184 184 {1, 512, CKF_SIGN|CKF_VERIFY}, /* CKM_SSL3_SHA1_MAC */
185 185 {0, 0, CKF_DIGEST}, /* CKM_MD5 */
|
↓ open down ↓ |
185 lines elided |
↑ open up ↑ |
186 186 {1, 64, CKF_SIGN|CKF_VERIFY}, /* CKM_MD5_HMAC */
187 187 {1, 64, CKF_SIGN|CKF_VERIFY}, /* CKM_MD5_HMAC_GENERAL */
188 188 {1, 512, CKF_SIGN|CKF_VERIFY}, /* CKM_SSL3_MD5_MAC */
189 189 {8, ARCFOUR_MAX_KEY_BITS, CKF_ENCRYPT|CKF_DECRYPT}, /* CKM_RC4; */
190 190 /* in bits */
191 191 {8, ARCFOUR_MAX_KEY_BITS, CKF_GENERATE }, /* CKM_RC4_KEY_GEN; in bits */
192 192 {512, 1024, CKF_SIGN|CKF_VERIFY}, /* CKM_DSA; in bits */
193 193 {512, 1024, CKF_SIGN|CKF_VERIFY}, /* CKM_DSA_SHA1; in bits */
194 194 {512, 1024, CKF_GENERATE_KEY_PAIR}, /* CKM_DSA_KEY_PAIR_GEN; */
195 195 /* in bits */
196 - {256, 4096, CKF_ENCRYPT|CKF_DECRYPT|
196 + {RSA_MIN_KEY_LEN, RSA_MAX_KEY_LEN, CKF_ENCRYPT|CKF_DECRYPT|
197 197 CKF_SIGN|CKF_SIGN_RECOVER|
198 198 CKF_WRAP|CKF_UNWRAP|
199 199 CKF_VERIFY|CKF_VERIFY_RECOVER}, /* CKM_RSA_PKCS; in bits */
200 - {256, 4096, CKF_GENERATE_KEY_PAIR}, /* CKM_RSA_PKCS_KEY_PAIR_GEN; */
200 + {RSA_MIN_KEY_LEN, RSA_MAX_KEY_LEN,
201 + CKF_GENERATE_KEY_PAIR}, /* CKM_RSA_PKCS_KEY_PAIR_GEN; */
201 202 /* in bits */
202 - {256, 4096, CKF_ENCRYPT|CKF_DECRYPT|
203 + {RSA_MIN_KEY_LEN, RSA_MAX_KEY_LEN, CKF_ENCRYPT|CKF_DECRYPT|
203 204 CKF_SIGN|CKF_SIGN_RECOVER|
204 205 CKF_WRAP|CKF_UNWRAP|
205 206 CKF_VERIFY|CKF_VERIFY_RECOVER}, /* CKM_RSA_X_509 in bits */
206 - {256, 4096, CKF_SIGN|CKF_VERIFY}, /* CKM_MD5_RSA_PKCS in bits */
207 - {256, 4096, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA1_RSA_PKCS in bits */
208 - {256, 4096, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA256_RSA_PKCS in bits */
209 - {256, 4096, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA384_RSA_PKCS in bits */
210 - {256, 4096, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA512_RSA_PKCS in bits */
207 + {RSA_MIN_KEY_LEN, RSA_MAX_KEY_LEN,
208 + CKF_SIGN|CKF_VERIFY}, /* CKM_MD5_RSA_PKCS in bits */
209 + {RSA_MIN_KEY_LEN, RSA_MAX_KEY_LEN,
210 + CKF_SIGN|CKF_VERIFY}, /* CKM_SHA1_RSA_PKCS in bits */
211 + {RSA_MIN_KEY_LEN, RSA_MAX_KEY_LEN,
212 + CKF_SIGN|CKF_VERIFY}, /* CKM_SHA256_RSA_PKCS in bits */
213 + {RSA_MIN_KEY_LEN, RSA_MAX_KEY_LEN,
214 + CKF_SIGN|CKF_VERIFY}, /* CKM_SHA384_RSA_PKCS in bits */
215 + {RSA_MIN_KEY_LEN, RSA_MAX_KEY_LEN,
216 + CKF_SIGN|CKF_VERIFY}, /* CKM_SHA512_RSA_PKCS in bits */
211 217 {DH_MIN_KEY_LEN, DH_MAX_KEY_LEN, CKF_GENERATE_KEY_PAIR},
212 218 /* CKM_DH_PKCS_KEY_PAIR_GEN */
213 219 /* in bits */
214 220 {DH_MIN_KEY_LEN, DH_MAX_KEY_LEN, CKF_DERIVE},
215 221 /* CKM_DH_PKCS_DERIVE; */
216 222 /* in bits */
217 223 {1, 16, CKF_DERIVE}, /* CKM_MD5_KEY_DERIVATION */
218 224 {1, 20, CKF_DERIVE}, /* CKM_SHA1_KEY_DERIVATION */
219 225 {1, 32, CKF_DERIVE}, /* CKM_SHA256_KEY_DERIVATION */
220 226 {1, 48, CKF_DERIVE}, /* CKM_SHA384_KEY_DERIVATION */
221 227 {1, 64, CKF_DERIVE}, /* CKM_SHA512_KEY_DERIVATION */
222 228 {0, 0, CKF_GENERATE}, /* CKM_PBE_SHA1_RC4_128 */
223 229 {0, 0, CKF_GENERATE}, /* CKM_PKCS5_PBKD2 */
224 230 {48, 48, CKF_GENERATE}, /* CKM_SSL3_PRE_MASTER_KEY_GEN */
225 231 {48, 48, CKF_GENERATE}, /* CKM_TLS_PRE_MASTER_KEY_GEN */
226 232 {48, 48, CKF_DERIVE}, /* CKM_SSL3_MASTER_KEY_DERIVE */
227 233 {48, 48, CKF_DERIVE}, /* CKM_TLS_MASTER_KEY_DERIVE */
228 234 {48, 48, CKF_DERIVE}, /* CKM_SSL3_MASTER_KEY_DERIVE_DH */
229 235 {48, 48, CKF_DERIVE}, /* CKM_TLS_MASTER_KEY_DERIVE_DH */
230 236 {0, 0, CKF_DERIVE}, /* CKM_SSL3_KEY_AND_MAC_DERIVE */
231 237 {0, 0, CKF_DERIVE}, /* CKM_TLS_KEY_AND_MAC_DERIVE */
232 238 {0, 0, CKF_DERIVE}, /* CKM_TLS_PRF */
233 239 {EC_MIN_KEY_LEN, EC_MAX_KEY_LEN, CKF_GENERATE_KEY_PAIR},
234 240 {EC_MIN_KEY_LEN, EC_MAX_KEY_LEN, CKF_SIGN|CKF_VERIFY},
235 241 {EC_MIN_KEY_LEN, EC_MAX_KEY_LEN, CKF_SIGN|CKF_VERIFY},
236 242 {EC_MIN_KEY_LEN, EC_MAX_KEY_LEN, CKF_DERIVE}
237 243 };
238 244
239 245 /*
240 246 * Slot ID for softtoken is always 1. tokenPresent is ignored.
241 247 * Also, only one slot is used.
242 248 */
243 249 /*ARGSUSED*/
244 250 CK_RV
245 251 C_GetSlotList(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList,
246 252 CK_ULONG_PTR pulCount)
247 253 {
248 254
249 255 CK_RV rv;
250 256
251 257 if (!softtoken_initialized)
252 258 return (CKR_CRYPTOKI_NOT_INITIALIZED);
253 259
254 260 if (pulCount == NULL) {
255 261 return (CKR_ARGUMENTS_BAD);
256 262 }
257 263
258 264 if (pSlotList == NULL) {
259 265 /*
260 266 * Application only wants to know the number of slots.
261 267 */
262 268 *pulCount = 1;
263 269 return (CKR_OK);
264 270 }
265 271
266 272 if ((*pulCount < 1) && (pSlotList != NULL)) {
267 273 rv = CKR_BUFFER_TOO_SMALL;
268 274 } else {
269 275 pSlotList[0] = SOFTTOKEN_SLOTID;
270 276 rv = CKR_OK;
271 277 }
272 278
273 279 *pulCount = 1;
274 280 return (rv);
275 281 }
276 282
277 283
278 284 CK_RV
279 285 C_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
280 286 {
281 287
282 288 if (!softtoken_initialized)
283 289 return (CKR_CRYPTOKI_NOT_INITIALIZED);
284 290
285 291 if (pInfo == NULL)
286 292 return (CKR_ARGUMENTS_BAD);
287 293
288 294 /* Make sure the slot ID is valid */
289 295 if (slotID != SOFTTOKEN_SLOTID)
290 296 return (CKR_SLOT_ID_INVALID);
291 297
292 298 /* Provide information about the slot in the provided buffer */
293 299 (void) strncpy((char *)pInfo->slotDescription, SOFT_SLOT_DESCRIPTION,
294 300 64);
295 301 (void) strncpy((char *)pInfo->manufacturerID, SOFT_MANUFACTURER_ID, 32);
296 302 pInfo->flags = CKF_TOKEN_PRESENT;
297 303 pInfo->hardwareVersion.major = HARDWARE_VERSION_MAJOR;
298 304 pInfo->hardwareVersion.minor = HARDWARE_VERSION_MINOR;
299 305 pInfo->firmwareVersion.major = FIRMWARE_VERSION_MAJOR;
300 306 pInfo->firmwareVersion.minor = FIRMWARE_VERSION_MINOR;
301 307
302 308 return (CKR_OK);
303 309 }
304 310
305 311 CK_RV
306 312 C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
307 313 {
308 314 boolean_t pin_initialized = B_FALSE;
309 315 char *ks_cryptpin = NULL;
310 316
311 317 if (!softtoken_initialized)
312 318 return (CKR_CRYPTOKI_NOT_INITIALIZED);
313 319
314 320 /* Make sure the slot ID is valid */
315 321 if (slotID != SOFTTOKEN_SLOTID)
316 322 return (CKR_SLOT_ID_INVALID);
317 323
318 324 if (pInfo == NULL)
319 325 return (CKR_ARGUMENTS_BAD);
320 326
321 327 /*
322 328 * It is intentional that we don't forward the error code
323 329 * returned from soft_keystore_pin_initialized() to the caller
324 330 */
325 331 pInfo->flags = SOFT_TOKEN_FLAGS;
326 332 if (soft_slot.keystore_load_status == KEYSTORE_UNAVAILABLE) {
327 333 pInfo->flags |= CKF_WRITE_PROTECTED;
328 334 } else {
329 335 if ((soft_keystore_pin_initialized(&pin_initialized,
330 336 &ks_cryptpin, B_FALSE) == CKR_OK) && !pin_initialized)
331 337 pInfo->flags |= CKF_USER_PIN_TO_BE_CHANGED;
332 338 }
333 339
334 340 if (ks_cryptpin)
335 341 free(ks_cryptpin);
336 342
337 343 /* Provide information about a token in the provided buffer */
338 344 (void) strncpy((char *)pInfo->label, SOFT_TOKEN_LABEL, 32);
339 345 (void) strncpy((char *)pInfo->manufacturerID, SOFT_MANUFACTURER_ID, 32);
340 346 (void) strncpy((char *)pInfo->model, TOKEN_MODEL, 16);
341 347 (void) strncpy((char *)pInfo->serialNumber, SOFT_TOKEN_SERIAL, 16);
342 348
343 349 pInfo->ulMaxSessionCount = CK_EFFECTIVELY_INFINITE;
344 350 pInfo->ulSessionCount = soft_session_cnt;
345 351 pInfo->ulMaxRwSessionCount = CK_EFFECTIVELY_INFINITE;
346 352 pInfo->ulRwSessionCount = soft_session_rw_cnt;
347 353 pInfo->ulMaxPinLen = MAX_PIN_LEN;
348 354 pInfo->ulMinPinLen = MIN_PIN_LEN;
349 355 pInfo->ulTotalPublicMemory = CK_UNAVAILABLE_INFORMATION;
350 356 pInfo->ulFreePublicMemory = CK_UNAVAILABLE_INFORMATION;
351 357 pInfo->ulTotalPrivateMemory = CK_UNAVAILABLE_INFORMATION;
352 358 pInfo->ulFreePrivateMemory = CK_UNAVAILABLE_INFORMATION;
353 359 pInfo->hardwareVersion.major = HARDWARE_VERSION_MAJOR;
354 360 pInfo->hardwareVersion.minor = HARDWARE_VERSION_MINOR;
355 361 pInfo->firmwareVersion.major = FIRMWARE_VERSION_MAJOR;
356 362 pInfo->firmwareVersion.minor = FIRMWARE_VERSION_MINOR;
357 363 (void) memset(pInfo->utcTime, ' ', 16);
358 364
359 365 return (CKR_OK);
360 366 }
361 367
362 368 /*ARGSUSED*/
363 369 CK_RV
364 370 C_WaitForSlotEvent(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot, CK_VOID_PTR pReserved)
365 371 {
366 372 if (!softtoken_initialized)
367 373 return (CKR_CRYPTOKI_NOT_INITIALIZED);
368 374
369 375 /*
370 376 * This is currently not implemented, however we could cause this
371 377 * to wait for the token files to appear if soft_token_present is
372 378 * false.
373 379 * However there is currently no polite and portable way to do that
374 380 * because we might not even be able to get to an fd to the
375 381 * parent directory, so instead we don't support any slot events.
376 382 */
377 383 return (CKR_FUNCTION_NOT_SUPPORTED);
378 384 }
379 385
380 386
381 387 CK_RV
382 388 C_GetMechanismList(CK_SLOT_ID slotID, CK_MECHANISM_TYPE_PTR pMechanismList,
383 389 CK_ULONG_PTR pulCount)
384 390 {
385 391
386 392 ulong_t i;
387 393 ulong_t mechnum;
388 394
389 395 if (!softtoken_initialized)
390 396 return (CKR_CRYPTOKI_NOT_INITIALIZED);
391 397
392 398 if (slotID != SOFTTOKEN_SLOTID)
393 399 return (CKR_SLOT_ID_INVALID);
394 400
395 401 mechnum = sizeof (soft_mechanisms) / sizeof (CK_MECHANISM_TYPE);
396 402
397 403 if (pMechanismList == NULL) {
398 404 /*
399 405 * Application only wants to know the number of
400 406 * supported mechanism types.
401 407 */
402 408 *pulCount = mechnum;
403 409 return (CKR_OK);
404 410 }
405 411
406 412 if (*pulCount < mechnum) {
407 413 *pulCount = mechnum;
408 414 return (CKR_BUFFER_TOO_SMALL);
409 415 }
410 416
411 417 for (i = 0; i < mechnum; i++) {
412 418 pMechanismList[i] = soft_mechanisms[i];
413 419 }
414 420
415 421 *pulCount = mechnum;
416 422
417 423 return (CKR_OK);
418 424 }
419 425
420 426
421 427 CK_RV
422 428 C_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type,
423 429 CK_MECHANISM_INFO_PTR pInfo)
424 430 {
425 431
426 432 ulong_t i;
427 433 ulong_t mechnum;
428 434
429 435 if (!softtoken_initialized)
430 436 return (CKR_CRYPTOKI_NOT_INITIALIZED);
431 437
432 438 if (slotID != SOFTTOKEN_SLOTID)
433 439 return (CKR_SLOT_ID_INVALID);
434 440
435 441 if (pInfo == NULL) {
436 442 return (CKR_ARGUMENTS_BAD);
437 443 }
438 444
439 445 mechnum = sizeof (soft_mechanisms) / sizeof (CK_MECHANISM_TYPE);
440 446 for (i = 0; i < mechnum; i++) {
441 447 if (soft_mechanisms[i] == type)
442 448 break;
443 449 }
444 450
445 451 if (i == mechnum)
446 452 /* unsupported mechanism */
447 453 return (CKR_MECHANISM_INVALID);
448 454
449 455 pInfo->ulMinKeySize = soft_mechanism_info[i].ulMinKeySize;
450 456 pInfo->ulMaxKeySize = soft_mechanism_info[i].ulMaxKeySize;
451 457 pInfo->flags = soft_mechanism_info[i].flags;
452 458
453 459 return (CKR_OK);
454 460 }
455 461
456 462
457 463 /*ARGSUSED*/
458 464 CK_RV
459 465 C_InitToken(CK_SLOT_ID slotID, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen,
460 466 CK_UTF8CHAR_PTR pLabel)
461 467 {
462 468 if (!softtoken_initialized)
463 469 return (CKR_CRYPTOKI_NOT_INITIALIZED);
464 470
465 471 if (create_keystore() != 0)
466 472 return (CKR_FUNCTION_FAILED);
467 473
468 474 return (CKR_OK);
469 475 }
470 476
471 477 /*ARGSUSED*/
472 478 CK_RV
473 479 C_InitPIN(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen)
474 480 {
475 481 if (!softtoken_initialized)
476 482 return (CKR_CRYPTOKI_NOT_INITIALIZED);
477 483
478 484 return (CKR_FUNCTION_NOT_SUPPORTED);
479 485 }
480 486
481 487
482 488 CK_RV
483 489 C_SetPIN(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pOldPin,
484 490 CK_ULONG ulOldPinLen, CK_UTF8CHAR_PTR pNewPin, CK_ULONG ulNewPinLen)
485 491 {
486 492
487 493 soft_session_t *session_p;
488 494 CK_RV rv;
489 495 boolean_t lock_held = B_FALSE;
490 496
491 497 if (!softtoken_initialized)
492 498 return (CKR_CRYPTOKI_NOT_INITIALIZED);
493 499
494 500 /*
495 501 * Obtain the session pointer. Also, increment the session
496 502 * reference count.
497 503 */
498 504 rv = handle2session(hSession, &session_p);
499 505 if (rv != CKR_OK)
500 506 return (rv);
501 507
502 508 if (!soft_keystore_status(KEYSTORE_LOAD)) {
503 509 SES_REFRELE(session_p, lock_held);
504 510 return (CKR_DEVICE_REMOVED);
505 511 }
506 512
507 513 if ((ulOldPinLen < MIN_PIN_LEN) || (ulOldPinLen > MAX_PIN_LEN) ||
508 514 (ulNewPinLen < MIN_PIN_LEN) ||(ulNewPinLen > MAX_PIN_LEN)) {
509 515 SES_REFRELE(session_p, lock_held);
510 516 return (CKR_PIN_LEN_RANGE);
511 517 }
512 518
513 519 if ((pOldPin == NULL_PTR) || (pNewPin == NULL_PTR)) {
514 520 /*
515 521 * We don't support CKF_PROTECTED_AUTHENTICATION_PATH
516 522 */
517 523 SES_REFRELE(session_p, lock_held);
518 524 return (CKR_ARGUMENTS_BAD);
519 525 }
520 526
521 527 /* check the state of the session */
522 528 if ((session_p->state != CKS_RW_PUBLIC_SESSION) &&
523 529 (session_p->state != CKS_RW_USER_FUNCTIONS)) {
524 530 SES_REFRELE(session_p, lock_held);
525 531 return (CKR_SESSION_READ_ONLY);
526 532 }
527 533
528 534 rv = soft_setpin(pOldPin, ulOldPinLen, pNewPin, ulNewPinLen);
529 535
530 536 SES_REFRELE(session_p, lock_held);
531 537 return (rv);
532 538 }
|
↓ open down ↓ |
312 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX