1 /*
2 * gnome-keyring
3 *
4 * Copyright (C) 2010 Stefan Walter
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU Lesser General Public License as
8 * published by the Free Software Foundation; either version 2.1 of
9 * the License, or (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this program; if not, see
18 * <http://www.gnu.org/licenses/>.
19 */
20
21 #include "config.h"
22
23 #include "gkm-wrap-layer.h"
24 #include "gkm-wrap-prompt.h"
25
26 #include "pkcs11/pkcs11.h"
27 #include "pkcs11/pkcs11i.h"
28
29 #include <glib.h>
30
31 #include <string.h>
32
33 typedef struct _Mapping {
34 CK_SLOT_ID wrap_slot;
35 CK_SLOT_ID real_slot;
36 CK_FUNCTION_LIST_PTR funcs;
37 } Mapping;
38
39 typedef struct _Session {
40 gint wrap_session;
41 CK_SESSION_HANDLE real_session;
42 CK_G_APPLICATION_ID app_id;
43 CK_SLOT_ID wrap_slot;
44 CK_OBJECT_HANDLE specific;
45 } Session;
46
47 G_LOCK_DEFINE_STATIC (wrap_layer);
48
49 static GList *wrap_modules = NULL;
50 static Mapping *wrap_mappings = NULL;
51 static guint n_wrap_mappings = 0;
52 static GHashTable *wrap_sessions = NULL;
53 static gint last_handle = 16;
54
55 #define MANUFACTURER_ID "GNOME Keyring "
56 #define LIBRARY_DESCRIPTION "GNOME Keyring Daemon Core "
57 #define LIBRARY_VERSION_MAJOR 1
58 #define LIBRARY_VERSION_MINOR 1
59
60 /* Start wrap slots slightly higher for testing */
61 #define PLEX_MAPPING_OFFSET 0x10
62
63 static CK_RV
map_slot_unlocked(CK_SLOT_ID slot,Mapping * mapping)64 map_slot_unlocked (CK_SLOT_ID slot, Mapping *mapping)
65 {
66 if (!wrap_mappings)
67 return CKR_CRYPTOKI_NOT_INITIALIZED;
68
69 if (slot < PLEX_MAPPING_OFFSET)
70 return CKR_SLOT_ID_INVALID;
71 slot -= PLEX_MAPPING_OFFSET;
72
73 g_assert (mapping);
74
75 if (slot > n_wrap_mappings) {
76 return CKR_SLOT_ID_INVALID;
77 } else {
78 memcpy (mapping, &wrap_mappings[slot], sizeof (Mapping));
79 return CKR_OK;
80 }
81 }
82
83 static CK_RV
map_slot_to_real(CK_SLOT_ID_PTR slot,Mapping * mapping)84 map_slot_to_real (CK_SLOT_ID_PTR slot, Mapping *mapping)
85 {
86 CK_RV rv;
87
88 g_assert (mapping);
89
90 G_LOCK (wrap_layer);
91
92 rv = map_slot_unlocked (*slot, mapping);
93 if (rv == CKR_OK)
94 *slot = mapping->real_slot;
95
96 G_UNLOCK (wrap_layer);
97
98 return rv;
99 }
100
101 static CK_RV
map_session_to_real(CK_SESSION_HANDLE_PTR handle,Mapping * mapping,Session * session)102 map_session_to_real (CK_SESSION_HANDLE_PTR handle, Mapping *mapping, Session *session)
103 {
104 CK_RV rv = CKR_OK;
105 Session *sess;
106
107 g_assert (handle);
108 g_assert (mapping);
109
110 G_LOCK (wrap_layer);
111
112 if (!wrap_sessions) {
113 rv = CKR_CRYPTOKI_NOT_INITIALIZED;
114 } else {
115 sess = g_hash_table_lookup (wrap_sessions, GINT_TO_POINTER ((gint)*handle));
116 if (sess != NULL) {
117 *handle = sess->real_session;
118 rv = map_slot_unlocked (sess->wrap_slot, mapping);
119 if (session != NULL)
120 memcpy (session, sess, sizeof (Session));
121 } else {
122 rv = CKR_SESSION_HANDLE_INVALID;
123 }
124 }
125
126 G_UNLOCK (wrap_layer);
127
128 return rv;
129 }
130
131 static void
lookup_session_specific(CK_SESSION_HANDLE handle,CK_OBJECT_HANDLE_PTR key)132 lookup_session_specific (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE_PTR key)
133 {
134 Session *sess;
135
136 g_assert (key);
137 *key = 0;
138
139 G_LOCK (wrap_layer);
140
141 if (wrap_sessions) {
142 sess = g_hash_table_lookup (wrap_sessions, GINT_TO_POINTER ((gint)handle));
143 if (sess == NULL)
144 g_warning ("sessions out of sync with lower layer");
145 else
146 *key = sess->specific;
147 }
148
149 G_UNLOCK (wrap_layer);
150 }
151
152 static void
store_session_specific(CK_SESSION_HANDLE handle,CK_OBJECT_HANDLE key)153 store_session_specific (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE key)
154 {
155 Session *sess;
156
157 G_LOCK (wrap_layer);
158
159 if (wrap_sessions) {
160 sess = g_hash_table_lookup (wrap_sessions, GINT_TO_POINTER ((gint)handle));
161 if (sess == NULL)
162 g_warning ("sessions out of sync with lower layer");
163 else
164 sess->specific = key;
165 }
166
167 G_UNLOCK (wrap_layer);
168 }
169
170 static CK_RV
wrap_C_Initialize(CK_VOID_PTR init_args)171 wrap_C_Initialize (CK_VOID_PTR init_args)
172 {
173 CK_FUNCTION_LIST_PTR funcs;
174 GArray *mappings = NULL;
175 CK_SLOT_ID_PTR slots;
176 Mapping mapping;
177 CK_ULONG i, count;
178 CK_RV rv = CKR_OK;
179 GList *l;
180
181 mappings = g_array_new (FALSE, TRUE, sizeof (Mapping));
182
183 G_LOCK (wrap_layer);
184
185 if (wrap_mappings)
186 rv = CKR_CRYPTOKI_ALREADY_INITIALIZED;
187
188 for (l = wrap_modules; rv == CKR_OK && l != NULL; l = g_list_next (l)) {
189 funcs = l->data;
190
191 /* Initialize each module */
192 rv = (funcs->C_Initialize) (init_args);
193 if (rv == CKR_CRYPTOKI_ALREADY_INITIALIZED)
194 rv = CKR_OK;
195 if (rv != CKR_OK)
196 break;
197
198 /* And then ask it for its slots */
199 rv = (funcs->C_GetSlotList) (FALSE, NULL, &count);
200 if (rv != CKR_OK)
201 break;
202 if (!count)
203 continue;
204 slots = g_new0 (CK_SLOT_ID, count);
205 rv = (funcs->C_GetSlotList) (FALSE, slots, &count);
206 if (rv != CKR_OK) {
207 g_free (slots);
208 break;
209 }
210
211 /* And now add a mapping for each of those slots */
212 for (i = 0; i < count; ++i) {
213 memset (&mapping, 0, sizeof (mapping));
214 mapping.wrap_slot = mappings->len + PLEX_MAPPING_OFFSET;
215 mapping.real_slot = slots[i];
216 mapping.funcs = funcs;
217 g_array_append_val (mappings, mapping);
218 }
219
220 g_free (slots);
221 }
222
223 /* If failed, then finalize all the ones that succeeded */
224 if (rv != CKR_OK && l != NULL) {
225 for (l = g_list_previous (l); l; l = g_list_previous (l)) {
226 funcs = l->data;
227 (funcs->C_Finalize) (NULL);
228 }
229 }
230
231 /* If succeeded then swap in mappings */
232 if (rv == CKR_OK) {
233 g_assert (!wrap_mappings);
234 n_wrap_mappings = mappings->len;
235 wrap_mappings = (Mapping*)g_array_free (mappings, FALSE);
236 mappings = NULL;
237 wrap_sessions = g_hash_table_new_full (g_direct_hash, g_direct_equal, NULL, g_free);
238 }
239
240 G_UNLOCK (wrap_layer);
241
242 /* If failed or somehow unused then free */
243 if (mappings)
244 g_array_free (mappings, TRUE);
245
246 return rv;
247 }
248
249 static CK_RV
wrap_C_Finalize(CK_VOID_PTR reserved)250 wrap_C_Finalize (CK_VOID_PTR reserved)
251 {
252 CK_FUNCTION_LIST_PTR funcs;
253 GList *l;
254
255 G_LOCK (wrap_layer);
256
257 for (l = wrap_modules; l != NULL; l = g_list_next (l)) {
258 funcs = l->data;
259 (funcs->C_Finalize) (NULL);
260 }
261 g_free (wrap_mappings);
262 wrap_mappings = NULL;
263
264 g_hash_table_destroy (wrap_sessions);
265 wrap_sessions = NULL;
266
267 G_UNLOCK (wrap_layer);
268
269 return CKR_OK;
270 }
271
272 static CK_RV
wrap_C_GetInfo(CK_INFO_PTR info)273 wrap_C_GetInfo (CK_INFO_PTR info)
274 {
275 if (info == NULL)
276 return CKR_ARGUMENTS_BAD;
277
278 info->cryptokiVersion.major = CRYPTOKI_VERSION_MAJOR;
279 info->cryptokiVersion.minor = CRYPTOKI_VERSION_MINOR;
280 info->libraryVersion.major = LIBRARY_VERSION_MAJOR;
281 info->libraryVersion.minor = LIBRARY_VERSION_MINOR;
282 info->flags = 0;
283 memcpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32);
284 memcpy ((char*)info->libraryDescription, LIBRARY_DESCRIPTION, 32);
285 return CKR_OK;
286 }
287
288 static CK_RV
wrap_C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR list)289 wrap_C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list)
290 {
291 if (!list)
292 return CKR_ARGUMENTS_BAD;
293 *list = gkm_wrap_layer_get_functions_no_prompts ();
294 return CKR_OK;
295 }
296
297 static CK_RV
auth_C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR list)298 auth_C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list)
299 {
300 if (!list)
301 return CKR_ARGUMENTS_BAD;
302 *list = gkm_wrap_layer_get_functions ();
303 return CKR_OK;
304 }
305
306 static CK_RV
wrap_C_GetSlotList(CK_BBOOL token_present,CK_SLOT_ID_PTR slot_list,CK_ULONG_PTR count)307 wrap_C_GetSlotList (CK_BBOOL token_present, CK_SLOT_ID_PTR slot_list, CK_ULONG_PTR count)
308 {
309 CK_SLOT_INFO info;
310 Mapping *mapping;
311 CK_ULONG index;
312 CK_RV rv;
313
314 guint i;
315
316 if (!count)
317 return CKR_ARGUMENTS_BAD;
318
319 G_LOCK (wrap_layer);
320
321 rv = CKR_OK;
322 index = 0;
323
324 /* Go through and build up a map */
325 for (i = 0; i < n_wrap_mappings; ++i) {
326 mapping = &wrap_mappings[i];
327
328 /* Skip ones without a token if requested */
329 if (token_present) {
330 rv = (mapping->funcs->C_GetSlotInfo) (mapping->real_slot, &info);
331 if (rv != CKR_OK)
332 break;
333 if (!(info.flags & CKF_TOKEN_PRESENT))
334 continue;
335 }
336
337 /* Fill in the slot if we can */
338 if (slot_list && *count > index)
339 slot_list[index] = mapping->wrap_slot;
340
341 ++index;
342 }
343
344 if (slot_list && *count < index)
345 rv = CKR_BUFFER_TOO_SMALL;
346
347 *count = index;
348
349 G_UNLOCK (wrap_layer);
350
351 return rv;
352 }
353
354 static CK_RV
wrap_C_GetSlotInfo(CK_SLOT_ID id,CK_SLOT_INFO_PTR info)355 wrap_C_GetSlotInfo (CK_SLOT_ID id, CK_SLOT_INFO_PTR info)
356 {
357 Mapping map;
358 CK_RV rv;
359
360 rv = map_slot_to_real (&id, &map);
361 if (rv != CKR_OK)
362 return rv;
363 return (map.funcs->C_GetSlotInfo) (id, info);
364 }
365
366 static CK_RV
wrap_C_GetTokenInfo(CK_SLOT_ID id,CK_TOKEN_INFO_PTR info)367 wrap_C_GetTokenInfo (CK_SLOT_ID id, CK_TOKEN_INFO_PTR info)
368 {
369 Mapping map;
370 CK_RV rv;
371
372 rv = map_slot_to_real (&id, &map);
373 if (rv != CKR_OK)
374 return rv;
375 return (map.funcs->C_GetTokenInfo) (id, info);
376 }
377
378 static CK_RV
auth_C_GetTokenInfo(CK_SLOT_ID id,CK_TOKEN_INFO_PTR info)379 auth_C_GetTokenInfo (CK_SLOT_ID id, CK_TOKEN_INFO_PTR info)
380 {
381 CK_RV rv = wrap_C_GetTokenInfo (id, info);
382 if (rv == CKR_OK)
383 info->flags |= CKF_PROTECTED_AUTHENTICATION_PATH;
384 return rv;
385 }
386
387 static CK_RV
wrap_C_GetMechanismList(CK_SLOT_ID id,CK_MECHANISM_TYPE_PTR mechanism_list,CK_ULONG_PTR count)388 wrap_C_GetMechanismList (CK_SLOT_ID id, CK_MECHANISM_TYPE_PTR mechanism_list, CK_ULONG_PTR count)
389 {
390 Mapping map;
391 CK_RV rv;
392
393 rv = map_slot_to_real (&id, &map);
394 if (rv != CKR_OK)
395 return rv;
396 return (map.funcs->C_GetMechanismList) (id, mechanism_list, count);
397 }
398
399 static CK_RV
wrap_C_GetMechanismInfo(CK_SLOT_ID id,CK_MECHANISM_TYPE type,CK_MECHANISM_INFO_PTR info)400 wrap_C_GetMechanismInfo (CK_SLOT_ID id, CK_MECHANISM_TYPE type, CK_MECHANISM_INFO_PTR info)
401 {
402 Mapping map;
403 CK_RV rv;
404
405 rv = map_slot_to_real (&id, &map);
406 if (rv != CKR_OK)
407 return rv;
408 return (map.funcs->C_GetMechanismInfo) (id, type, info);
409 }
410
411 static CK_RV
wrap_C_InitToken(CK_SLOT_ID id,CK_UTF8CHAR_PTR pin,CK_ULONG pin_len,CK_UTF8CHAR_PTR label)412 wrap_C_InitToken (CK_SLOT_ID id, CK_UTF8CHAR_PTR pin, CK_ULONG pin_len, CK_UTF8CHAR_PTR label)
413 {
414 Mapping map;
415 CK_RV rv;
416
417 rv = map_slot_to_real (&id, &map);
418 if (rv != CKR_OK)
419 return rv;
420 return (map.funcs->C_InitToken) (id, pin, pin_len, label);
421 }
422
423 static CK_RV
wrap_C_WaitForSlotEvent(CK_FLAGS flags,CK_SLOT_ID_PTR slot,CK_VOID_PTR reserved)424 wrap_C_WaitForSlotEvent (CK_FLAGS flags, CK_SLOT_ID_PTR slot, CK_VOID_PTR reserved)
425 {
426 /* TODO: We could implement this by polling, esp. the nonblock case. */
427 return CKR_NO_EVENT;
428 }
429
430 static CK_RV
wrap_C_OpenSession(CK_SLOT_ID id,CK_FLAGS flags,CK_VOID_PTR user_data,CK_NOTIFY callback,CK_SESSION_HANDLE_PTR handle)431 wrap_C_OpenSession (CK_SLOT_ID id, CK_FLAGS flags, CK_VOID_PTR user_data, CK_NOTIFY callback, CK_SESSION_HANDLE_PTR handle)
432 {
433 Session *sess;
434 Mapping map;
435 CK_RV rv;
436
437 if (handle == NULL)
438 return CKR_ARGUMENTS_BAD;
439
440 rv = map_slot_to_real (&id, &map);
441 if (rv != CKR_OK)
442 return rv;
443
444 rv = (map.funcs->C_OpenSession) (id, flags, user_data, callback, handle);
445
446 if (rv == CKR_OK) {
447 G_LOCK (wrap_layer);
448
449 sess = g_new (Session, 1);
450 if (flags & CKF_G_APPLICATION_SESSION)
451 sess->app_id = ((CK_G_APPLICATION_PTR)user_data)->applicationId;
452 sess->wrap_slot = map.wrap_slot;
453 sess->real_session = *handle;
454 sess->wrap_session = ++last_handle; /* TODO: Handle wrapping, and then collisions */
455 g_hash_table_replace (wrap_sessions, GINT_TO_POINTER (sess->wrap_session), sess);
456
457 *handle = (CK_ULONG)sess->wrap_session;
458
459 G_UNLOCK (wrap_layer);
460 }
461
462 return rv;
463 }
464
465 static CK_RV
wrap_C_CloseSession(CK_SESSION_HANDLE handle)466 wrap_C_CloseSession (CK_SESSION_HANDLE handle)
467 {
468 gint key = (gint)handle;
469 Mapping map;
470 CK_RV rv;
471
472 rv = map_session_to_real (&handle, &map, NULL);
473 if (rv != CKR_OK)
474 return rv;
475 rv = (map.funcs->C_CloseSession) (handle);
476
477 if (rv == CKR_OK) {
478 G_LOCK (wrap_layer);
479
480 g_hash_table_remove (wrap_sessions, GINT_TO_POINTER (key));
481
482 G_UNLOCK (wrap_layer);
483 }
484
485 return rv;
486 }
487
488 static CK_RV
wrap_C_CloseAllSessions(CK_SLOT_ID id)489 wrap_C_CloseAllSessions (CK_SLOT_ID id)
490 {
491 GHashTableIter iter;
492 CK_SESSION_HANDLE handle;
493 gpointer key, value;
494 Session *sess;
495 GArray *to_close;
496 gint i;
497
498 to_close = g_array_new (FALSE, FALSE, sizeof (CK_SESSION_HANDLE));
499
500 G_LOCK (wrap_layer);
501
502 g_hash_table_iter_init (&iter, wrap_sessions);
503 while (g_hash_table_iter_next (&iter, &key, &value)) {
504 sess = value;
505 if ((sess->app_id | sess->wrap_slot) == id) {
506 handle = (CK_SESSION_HANDLE)sess->wrap_session;
507 g_array_append_val (to_close, handle);
508 }
509 }
510
511 G_UNLOCK (wrap_layer);
512
513 for (i = 0; i < to_close->len; ++i)
514 wrap_C_CloseSession (g_array_index (to_close, CK_SESSION_HANDLE, i));
515
516 g_array_free (to_close, TRUE);
517 return CKR_OK;
518 }
519
520 static CK_RV
wrap_C_GetFunctionStatus(CK_SESSION_HANDLE handle)521 wrap_C_GetFunctionStatus (CK_SESSION_HANDLE handle)
522 {
523 Mapping map;
524 CK_RV rv;
525
526 rv = map_session_to_real (&handle, &map, NULL);
527 if (rv != CKR_OK)
528 return rv;
529 return (map.funcs->C_GetFunctionStatus) (handle);
530 }
531
532 static CK_RV
wrap_C_CancelFunction(CK_SESSION_HANDLE handle)533 wrap_C_CancelFunction (CK_SESSION_HANDLE handle)
534 {
535 Mapping map;
536 CK_RV rv;
537
538 rv = map_session_to_real (&handle, &map, NULL);
539 if (rv != CKR_OK)
540 return rv;
541 return (map.funcs->C_CancelFunction) (handle);
542 }
543
544 static CK_RV
wrap_C_GetSessionInfo(CK_SESSION_HANDLE handle,CK_SESSION_INFO_PTR info)545 wrap_C_GetSessionInfo (CK_SESSION_HANDLE handle, CK_SESSION_INFO_PTR info)
546 {
547 Mapping map;
548 CK_RV rv;
549
550 if (info == NULL)
551 return CKR_ARGUMENTS_BAD;
552
553 rv = map_session_to_real (&handle, &map, NULL);
554 if (rv != CKR_OK)
555 return rv;
556
557 rv = (map.funcs->C_GetSessionInfo) (handle, info);
558 if (rv == CKR_OK)
559 info->slotID = map.wrap_slot;
560
561 return rv;
562 }
563
564 static CK_RV
wrap_C_InitPIN(CK_SESSION_HANDLE handle,CK_UTF8CHAR_PTR pin,CK_ULONG pin_len)565 wrap_C_InitPIN (CK_SESSION_HANDLE handle, CK_UTF8CHAR_PTR pin, CK_ULONG pin_len)
566 {
567 Mapping map;
568 CK_RV rv;
569
570 rv = map_session_to_real (&handle, &map, NULL);
571 if (rv != CKR_OK)
572 return rv;
573
574 return (map.funcs->C_InitPIN) (handle, pin, pin_len);
575 }
576
577 static CK_RV
auth_C_InitPIN(CK_SESSION_HANDLE handle,CK_UTF8CHAR_PTR pin,CK_ULONG pin_len)578 auth_C_InitPIN (CK_SESSION_HANDLE handle, CK_UTF8CHAR_PTR pin, CK_ULONG pin_len)
579 {
580 GkmWrapPrompt *prompt;
581 CK_RV rv = CKR_OK;
582
583 prompt = gkm_wrap_prompt_for_init_pin (gkm_wrap_layer_get_functions_no_prompts(),
584 handle, pin, pin_len);
585
586 for (;;) {
587 if (prompt && !gkm_wrap_prompt_do_init_pin (prompt, rv, &pin, &pin_len))
588 break;
589
590 rv = wrap_C_InitPIN (handle, pin, pin_len);
591
592 if (!prompt || rv != CKR_PIN_INVALID || rv != CKR_PIN_LEN_RANGE)
593 break;
594 }
595
596 if (prompt) {
597 gkm_wrap_prompt_done_init_pin (prompt, rv);
598 g_object_unref (prompt);
599 }
600
601 return rv;
602 }
603
604 static CK_RV
wrap_C_SetPIN(CK_SESSION_HANDLE handle,CK_UTF8CHAR_PTR old_pin,CK_ULONG old_pin_len,CK_UTF8CHAR_PTR new_pin,CK_ULONG new_pin_len)605 wrap_C_SetPIN (CK_SESSION_HANDLE handle, CK_UTF8CHAR_PTR old_pin, CK_ULONG old_pin_len,
606 CK_UTF8CHAR_PTR new_pin, CK_ULONG new_pin_len)
607 {
608 Mapping map;
609 CK_RV rv;
610
611 rv = map_session_to_real (&handle, &map, NULL);
612 if (rv != CKR_OK)
613 return rv;
614
615 return (map.funcs->C_SetPIN) (handle, old_pin, old_pin_len, new_pin, new_pin_len);
616 }
617
618 static CK_RV
auth_C_SetPIN(CK_SESSION_HANDLE handle,CK_UTF8CHAR_PTR old_pin,CK_ULONG old_pin_len,CK_UTF8CHAR_PTR new_pin,CK_ULONG new_pin_len)619 auth_C_SetPIN (CK_SESSION_HANDLE handle, CK_UTF8CHAR_PTR old_pin, CK_ULONG old_pin_len,
620 CK_UTF8CHAR_PTR new_pin, CK_ULONG new_pin_len)
621 {
622 GkmWrapPrompt *prompt;
623 CK_RV rv = CKR_OK;
624
625 prompt = gkm_wrap_prompt_for_set_pin (gkm_wrap_layer_get_functions_no_prompts(),
626 handle, old_pin, old_pin_len, new_pin, new_pin_len);
627
628 for (;;) {
629 if (prompt && !gkm_wrap_prompt_do_set_pin (prompt, rv, &old_pin, &old_pin_len,
630 &new_pin, &new_pin_len))
631 break;
632
633 rv = wrap_C_SetPIN (handle, old_pin, old_pin_len, new_pin, new_pin_len);
634
635 if (!prompt || rv != CKR_PIN_INCORRECT ||
636 rv != CKR_PIN_INVALID || rv != CKR_PIN_LEN_RANGE)
637 break;
638 }
639
640 if (prompt) {
641 gkm_wrap_prompt_done_set_pin (prompt, rv);
642 g_object_unref (prompt);
643 }
644
645 return rv;
646 }
647
648 static CK_RV
wrap_C_GetOperationState(CK_SESSION_HANDLE handle,CK_BYTE_PTR operation_state,CK_ULONG_PTR operation_state_len)649 wrap_C_GetOperationState (CK_SESSION_HANDLE handle, CK_BYTE_PTR operation_state, CK_ULONG_PTR operation_state_len)
650 {
651 Mapping map;
652 CK_RV rv;
653
654 rv = map_session_to_real (&handle, &map, NULL);
655 if (rv != CKR_OK)
656 return rv;
657 return (map.funcs->C_GetOperationState) (handle, operation_state, operation_state_len);
658 }
659
660 static CK_RV
wrap_C_SetOperationState(CK_SESSION_HANDLE handle,CK_BYTE_PTR operation_state,CK_ULONG operation_state_len,CK_OBJECT_HANDLE encryption_key,CK_OBJECT_HANDLE authentication_key)661 wrap_C_SetOperationState (CK_SESSION_HANDLE handle, CK_BYTE_PTR operation_state,
662 CK_ULONG operation_state_len, CK_OBJECT_HANDLE encryption_key,
663 CK_OBJECT_HANDLE authentication_key)
664 {
665 Mapping map;
666 CK_RV rv;
667
668 rv = map_session_to_real (&handle, &map, NULL);
669 if (rv != CKR_OK)
670 return rv;
671 return (map.funcs->C_SetOperationState) (handle, operation_state, operation_state_len, encryption_key, authentication_key);
672 }
673
674 static CK_RV
wrap_C_Login(CK_SESSION_HANDLE handle,CK_USER_TYPE user_type,CK_UTF8CHAR_PTR pin,CK_ULONG pin_len)675 wrap_C_Login (CK_SESSION_HANDLE handle, CK_USER_TYPE user_type,
676 CK_UTF8CHAR_PTR pin, CK_ULONG pin_len)
677 {
678 Mapping map;
679 CK_RV rv;
680
681 rv = map_session_to_real (&handle, &map, NULL);
682 if (rv != CKR_OK)
683 return rv;
684
685 return (map.funcs->C_Login) (handle, user_type, pin, pin_len);
686 }
687
688 static CK_RV
auth_C_Login(CK_SESSION_HANDLE handle,CK_USER_TYPE user_type,CK_UTF8CHAR_PTR pin,CK_ULONG pin_len)689 auth_C_Login (CK_SESSION_HANDLE handle, CK_USER_TYPE user_type,
690 CK_UTF8CHAR_PTR pin, CK_ULONG pin_len)
691 {
692 GkmWrapPrompt *prompt;
693 CK_OBJECT_HANDLE specific;
694 CK_RV rv;
695
696 lookup_session_specific (handle, &specific);
697 prompt = gkm_wrap_prompt_for_login (gkm_wrap_layer_get_functions_no_prompts(),
698 user_type, handle, specific, pin, pin_len);
699
700 for (;;) {
701 rv = wrap_C_Login (handle, user_type, pin, pin_len);
702
703 if (!prompt || rv != CKR_PIN_INCORRECT)
704 break;
705
706 if (!gkm_wrap_prompt_do_login (prompt, user_type, rv, &pin, &pin_len))
707 break;
708 }
709
710 if (prompt) {
711 gkm_wrap_prompt_done_login (prompt, user_type, rv);
712 g_object_unref (prompt);
713 }
714
715 return rv;
716 }
717
718 static CK_RV
wrap_C_Logout(CK_SESSION_HANDLE handle)719 wrap_C_Logout (CK_SESSION_HANDLE handle)
720 {
721 Mapping map;
722 CK_RV rv;
723
724 rv = map_session_to_real (&handle, &map, NULL);
725 if (rv != CKR_OK)
726 return rv;
727 return (map.funcs->C_Logout) (handle);
728 }
729
730 static CK_RV
wrap_C_CreateObject(CK_SESSION_HANDLE handle,CK_ATTRIBUTE_PTR template,CK_ULONG count,CK_OBJECT_HANDLE_PTR new_object)731 wrap_C_CreateObject (CK_SESSION_HANDLE handle, CK_ATTRIBUTE_PTR template,
732 CK_ULONG count, CK_OBJECT_HANDLE_PTR new_object)
733 {
734 Mapping map;
735 CK_RV rv;
736
737 rv = map_session_to_real (&handle, &map, NULL);
738 if (rv != CKR_OK)
739 return rv;
740
741 return (map.funcs->C_CreateObject) (handle, template, count, new_object);
742 }
743
744 static CK_RV
auth_C_CreateObject(CK_SESSION_HANDLE handle,CK_ATTRIBUTE_PTR template,CK_ULONG count,CK_OBJECT_HANDLE_PTR new_object)745 auth_C_CreateObject (CK_SESSION_HANDLE handle, CK_ATTRIBUTE_PTR template,
746 CK_ULONG count, CK_OBJECT_HANDLE_PTR new_object)
747 {
748 GkmWrapPrompt *prompt = NULL;
749 CK_RV rv;
750
751 for (;;) {
752 rv = wrap_C_CreateObject (handle, template, count, new_object);
753
754 if (rv != CKR_PIN_INCORRECT)
755 break;
756
757 if (!prompt) {
758 prompt = gkm_wrap_prompt_for_credential (gkm_wrap_layer_get_functions_no_prompts(),
759 handle, template, count);
760 if (prompt == NULL)
761 break;
762 }
763
764 if (!gkm_wrap_prompt_do_credential (prompt, &template, &count))
765 break;
766 }
767
768
769 if (prompt) {
770 gkm_wrap_prompt_done_credential (prompt, rv);
771 g_object_unref (prompt);
772 }
773
774 return rv;
775 }
776
777 static CK_RV
wrap_C_CopyObject(CK_SESSION_HANDLE handle,CK_OBJECT_HANDLE object,CK_ATTRIBUTE_PTR template,CK_ULONG count,CK_OBJECT_HANDLE_PTR new_object)778 wrap_C_CopyObject (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object,
779 CK_ATTRIBUTE_PTR template, CK_ULONG count,
780 CK_OBJECT_HANDLE_PTR new_object)
781 {
782 Mapping map;
783 CK_RV rv;
784
785 rv = map_session_to_real (&handle, &map, NULL);
786 if (rv != CKR_OK)
787 return rv;
788 return (map.funcs->C_CopyObject) (handle, object, template, count, new_object);
789 }
790
791 static CK_RV
wrap_C_DestroyObject(CK_SESSION_HANDLE handle,CK_OBJECT_HANDLE object)792 wrap_C_DestroyObject (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object)
793 {
794 Mapping map;
795 CK_RV rv;
796
797 rv = map_session_to_real (&handle, &map, NULL);
798 if (rv != CKR_OK)
799 return rv;
800 return (map.funcs->C_DestroyObject) (handle, object);
801 }
802
803 static CK_RV
wrap_C_GetObjectSize(CK_SESSION_HANDLE handle,CK_OBJECT_HANDLE object,CK_ULONG_PTR size)804 wrap_C_GetObjectSize (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object,
805 CK_ULONG_PTR size)
806 {
807 Mapping map;
808 CK_RV rv;
809
810 rv = map_session_to_real (&handle, &map, NULL);
811 if (rv != CKR_OK)
812 return rv;
813 return (map.funcs->C_GetObjectSize) (handle, object, size);
814 }
815
816 static CK_RV
wrap_C_GetAttributeValue(CK_SESSION_HANDLE handle,CK_OBJECT_HANDLE object,CK_ATTRIBUTE_PTR template,CK_ULONG count)817 wrap_C_GetAttributeValue (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object,
818 CK_ATTRIBUTE_PTR template, CK_ULONG count)
819 {
820 Mapping map;
821 CK_RV rv;
822
823 rv = map_session_to_real (&handle, &map, NULL);
824 if (rv != CKR_OK)
825 return rv;
826 return (map.funcs->C_GetAttributeValue) (handle, object, template, count);
827 }
828
829 static CK_RV
wrap_C_SetAttributeValue(CK_SESSION_HANDLE handle,CK_OBJECT_HANDLE object,CK_ATTRIBUTE_PTR template,CK_ULONG count)830 wrap_C_SetAttributeValue (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object,
831 CK_ATTRIBUTE_PTR template, CK_ULONG count)
832 {
833 Mapping map;
834 CK_RV rv;
835
836 rv = map_session_to_real (&handle, &map, NULL);
837 if (rv != CKR_OK)
838 return rv;
839 return (map.funcs->C_SetAttributeValue) (handle, object, template, count);
840 }
841
842 static CK_RV
wrap_C_FindObjectsInit(CK_SESSION_HANDLE handle,CK_ATTRIBUTE_PTR template,CK_ULONG count)843 wrap_C_FindObjectsInit (CK_SESSION_HANDLE handle, CK_ATTRIBUTE_PTR template,
844 CK_ULONG count)
845 {
846 Mapping map;
847 CK_RV rv;
848
849 rv = map_session_to_real (&handle, &map, NULL);
850 if (rv != CKR_OK)
851 return rv;
852 return (map.funcs->C_FindObjectsInit) (handle, template, count);
853 }
854
855 static CK_RV
wrap_C_FindObjects(CK_SESSION_HANDLE handle,CK_OBJECT_HANDLE_PTR objects,CK_ULONG max_count,CK_ULONG_PTR count)856 wrap_C_FindObjects (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE_PTR objects,
857 CK_ULONG max_count, CK_ULONG_PTR count)
858 {
859 Mapping map;
860 CK_RV rv;
861
862 rv = map_session_to_real (&handle, &map, NULL);
863 if (rv != CKR_OK)
864 return rv;
865 return (map.funcs->C_FindObjects) (handle, objects, max_count, count);
866 }
867
868 static CK_RV
wrap_C_FindObjectsFinal(CK_SESSION_HANDLE handle)869 wrap_C_FindObjectsFinal (CK_SESSION_HANDLE handle)
870 {
871 Mapping map;
872 CK_RV rv;
873
874 rv = map_session_to_real (&handle, &map, NULL);
875 if (rv != CKR_OK)
876 return rv;
877 return (map.funcs->C_FindObjectsFinal) (handle);
878 }
879
880 static CK_RV
wrap_C_EncryptInit(CK_SESSION_HANDLE handle,CK_MECHANISM_PTR mechanism,CK_OBJECT_HANDLE key)881 wrap_C_EncryptInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
882 CK_OBJECT_HANDLE key)
883 {
884 Mapping map;
885 CK_RV rv;
886
887 rv = map_session_to_real (&handle, &map, NULL);
888 if (rv != CKR_OK)
889 return rv;
890 return (map.funcs->C_EncryptInit) (handle, mechanism, key);
891 }
892
893 static CK_RV
auth_C_EncryptInit(CK_SESSION_HANDLE handle,CK_MECHANISM_PTR mechanism,CK_OBJECT_HANDLE key)894 auth_C_EncryptInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
895 CK_OBJECT_HANDLE key)
896 {
897 CK_RV rv = wrap_C_EncryptInit (handle, mechanism, key);
898 if (rv == CKR_OK)
899 store_session_specific (handle, key);
900 return rv;
901 }
902
903 static CK_RV
wrap_C_Encrypt(CK_SESSION_HANDLE handle,CK_BYTE_PTR data,CK_ULONG data_len,CK_BYTE_PTR encrypted_data,CK_ULONG_PTR encrypted_data_len)904 wrap_C_Encrypt (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len,
905 CK_BYTE_PTR encrypted_data, CK_ULONG_PTR encrypted_data_len)
906 {
907 Mapping map;
908 CK_RV rv;
909
910 rv = map_session_to_real (&handle, &map, NULL);
911 if (rv != CKR_OK)
912 return rv;
913 return (map.funcs->C_Encrypt) (handle, data, data_len, encrypted_data, encrypted_data_len);
914 }
915
916 static CK_RV
wrap_C_EncryptUpdate(CK_SESSION_HANDLE handle,CK_BYTE_PTR part,CK_ULONG part_len,CK_BYTE_PTR encrypted_part,CK_ULONG_PTR encrypted_part_len)917 wrap_C_EncryptUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part,
918 CK_ULONG part_len, CK_BYTE_PTR encrypted_part,
919 CK_ULONG_PTR encrypted_part_len)
920 {
921 Mapping map;
922 CK_RV rv;
923
924 rv = map_session_to_real (&handle, &map, NULL);
925 if (rv != CKR_OK)
926 return rv;
927 return (map.funcs->C_EncryptUpdate) (handle, part, part_len, encrypted_part, encrypted_part_len);
928 }
929
930 static CK_RV
wrap_C_EncryptFinal(CK_SESSION_HANDLE handle,CK_BYTE_PTR last_part,CK_ULONG_PTR last_part_len)931 wrap_C_EncryptFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR last_part,
932 CK_ULONG_PTR last_part_len)
933 {
934 Mapping map;
935 CK_RV rv;
936
937 rv = map_session_to_real (&handle, &map, NULL);
938 if (rv != CKR_OK)
939 return rv;
940 return (map.funcs->C_EncryptFinal) (handle, last_part, last_part_len);
941 }
942
943 static CK_RV
wrap_C_DecryptInit(CK_SESSION_HANDLE handle,CK_MECHANISM_PTR mechanism,CK_OBJECT_HANDLE key)944 wrap_C_DecryptInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
945 CK_OBJECT_HANDLE key)
946 {
947 Mapping map;
948 CK_RV rv;
949
950 rv = map_session_to_real (&handle, &map, NULL);
951 if (rv != CKR_OK)
952 return rv;
953 return (map.funcs->C_DecryptInit) (handle, mechanism, key);
954 }
955
956 static CK_RV
auth_C_DecryptInit(CK_SESSION_HANDLE handle,CK_MECHANISM_PTR mechanism,CK_OBJECT_HANDLE key)957 auth_C_DecryptInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
958 CK_OBJECT_HANDLE key)
959 {
960 CK_RV rv = wrap_C_DecryptInit (handle, mechanism, key);
961 if (rv == CKR_OK)
962 store_session_specific (handle, key);
963 return rv;
964 }
965
966 static CK_RV
wrap_C_Decrypt(CK_SESSION_HANDLE handle,CK_BYTE_PTR enc_data,CK_ULONG enc_data_len,CK_BYTE_PTR data,CK_ULONG_PTR data_len)967 wrap_C_Decrypt (CK_SESSION_HANDLE handle, CK_BYTE_PTR enc_data,
968 CK_ULONG enc_data_len, CK_BYTE_PTR data, CK_ULONG_PTR data_len)
969 {
970 Mapping map;
971 CK_RV rv;
972
973 rv = map_session_to_real (&handle, &map, NULL);
974 if (rv != CKR_OK)
975 return rv;
976 return (map.funcs->C_Decrypt) (handle, enc_data, enc_data_len, data, data_len);
977 }
978
979 static CK_RV
wrap_C_DecryptUpdate(CK_SESSION_HANDLE handle,CK_BYTE_PTR enc_part,CK_ULONG enc_part_len,CK_BYTE_PTR part,CK_ULONG_PTR part_len)980 wrap_C_DecryptUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR enc_part,
981 CK_ULONG enc_part_len, CK_BYTE_PTR part, CK_ULONG_PTR part_len)
982 {
983 Mapping map;
984 CK_RV rv;
985
986 rv = map_session_to_real (&handle, &map, NULL);
987 if (rv != CKR_OK)
988 return rv;
989 return (map.funcs->C_DecryptUpdate) (handle, enc_part, enc_part_len, part, part_len);
990 }
991
992 static CK_RV
wrap_C_DecryptFinal(CK_SESSION_HANDLE handle,CK_BYTE_PTR last_part,CK_ULONG_PTR last_part_len)993 wrap_C_DecryptFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR last_part,
994 CK_ULONG_PTR last_part_len)
995 {
996 Mapping map;
997 CK_RV rv;
998
999 rv = map_session_to_real (&handle, &map, NULL);
1000 if (rv != CKR_OK)
1001 return rv;
1002 return (map.funcs->C_DecryptFinal) (handle, last_part, last_part_len);
1003 }
1004
1005 static CK_RV
wrap_C_DigestInit(CK_SESSION_HANDLE handle,CK_MECHANISM_PTR mechanism)1006 wrap_C_DigestInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism)
1007 {
1008 Mapping map;
1009 CK_RV rv;
1010
1011 rv = map_session_to_real (&handle, &map, NULL);
1012 if (rv != CKR_OK)
1013 return rv;
1014 return (map.funcs->C_DigestInit) (handle, mechanism);
1015 }
1016
1017 static CK_RV
wrap_C_Digest(CK_SESSION_HANDLE handle,CK_BYTE_PTR data,CK_ULONG data_len,CK_BYTE_PTR digest,CK_ULONG_PTR digest_len)1018 wrap_C_Digest (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len,
1019 CK_BYTE_PTR digest, CK_ULONG_PTR digest_len)
1020 {
1021 Mapping map;
1022 CK_RV rv;
1023
1024 rv = map_session_to_real (&handle, &map, NULL);
1025 if (rv != CKR_OK)
1026 return rv;
1027 return (map.funcs->C_Digest) (handle, data, data_len, digest, digest_len);
1028 }
1029
1030 static CK_RV
wrap_C_DigestUpdate(CK_SESSION_HANDLE handle,CK_BYTE_PTR part,CK_ULONG part_len)1031 wrap_C_DigestUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part, CK_ULONG part_len)
1032 {
1033 Mapping map;
1034 CK_RV rv;
1035
1036 rv = map_session_to_real (&handle, &map, NULL);
1037 if (rv != CKR_OK)
1038 return rv;
1039 return (map.funcs->C_DigestUpdate) (handle, part, part_len);
1040 }
1041
1042 static CK_RV
wrap_C_DigestKey(CK_SESSION_HANDLE handle,CK_OBJECT_HANDLE key)1043 wrap_C_DigestKey (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE key)
1044 {
1045 Mapping map;
1046 CK_RV rv;
1047
1048 rv = map_session_to_real (&handle, &map, NULL);
1049 if (rv != CKR_OK)
1050 return rv;
1051 return (map.funcs->C_DigestKey) (handle, key);
1052 }
1053
1054 static CK_RV
wrap_C_DigestFinal(CK_SESSION_HANDLE handle,CK_BYTE_PTR digest,CK_ULONG_PTR digest_len)1055 wrap_C_DigestFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR digest,
1056 CK_ULONG_PTR digest_len)
1057 {
1058 Mapping map;
1059 CK_RV rv;
1060
1061 rv = map_session_to_real (&handle, &map, NULL);
1062 if (rv != CKR_OK)
1063 return rv;
1064 return (map.funcs->C_DigestFinal) (handle, digest, digest_len);
1065 }
1066
1067 static CK_RV
wrap_C_SignInit(CK_SESSION_HANDLE handle,CK_MECHANISM_PTR mechanism,CK_OBJECT_HANDLE key)1068 wrap_C_SignInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
1069 CK_OBJECT_HANDLE key)
1070 {
1071 Mapping map;
1072 CK_RV rv;
1073
1074 rv = map_session_to_real (&handle, &map, NULL);
1075 if (rv != CKR_OK)
1076 return rv;
1077 return (map.funcs->C_SignInit) (handle, mechanism, key);
1078 }
1079
1080 static CK_RV
auth_C_SignInit(CK_SESSION_HANDLE handle,CK_MECHANISM_PTR mechanism,CK_OBJECT_HANDLE key)1081 auth_C_SignInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
1082 CK_OBJECT_HANDLE key)
1083 {
1084 CK_RV rv = wrap_C_SignInit (handle, mechanism, key);
1085 if (rv == CKR_OK)
1086 store_session_specific (handle, key);
1087 return rv;
1088 }
1089
1090 static CK_RV
wrap_C_Sign(CK_SESSION_HANDLE handle,CK_BYTE_PTR data,CK_ULONG data_len,CK_BYTE_PTR signature,CK_ULONG_PTR signature_len)1091 wrap_C_Sign (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len,
1092 CK_BYTE_PTR signature, CK_ULONG_PTR signature_len)
1093 {
1094 Mapping map;
1095 CK_RV rv;
1096
1097 rv = map_session_to_real (&handle, &map, NULL);
1098 if (rv != CKR_OK)
1099 return rv;
1100 return (map.funcs->C_Sign) (handle, data, data_len, signature, signature_len);
1101 }
1102
1103 static CK_RV
wrap_C_SignUpdate(CK_SESSION_HANDLE handle,CK_BYTE_PTR part,CK_ULONG part_len)1104 wrap_C_SignUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part, CK_ULONG part_len)
1105 {
1106 Mapping map;
1107 CK_RV rv;
1108
1109 rv = map_session_to_real (&handle, &map, NULL);
1110 if (rv != CKR_OK)
1111 return rv;
1112 return (map.funcs->C_SignUpdate) (handle, part, part_len);
1113 }
1114
1115 static CK_RV
wrap_C_SignFinal(CK_SESSION_HANDLE handle,CK_BYTE_PTR signature,CK_ULONG_PTR signature_len)1116 wrap_C_SignFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR signature,
1117 CK_ULONG_PTR signature_len)
1118 {
1119 Mapping map;
1120 CK_RV rv;
1121
1122 rv = map_session_to_real (&handle, &map, NULL);
1123 if (rv != CKR_OK)
1124 return rv;
1125 return (map.funcs->C_SignFinal) (handle, signature, signature_len);
1126 }
1127
1128 static CK_RV
wrap_C_SignRecoverInit(CK_SESSION_HANDLE handle,CK_MECHANISM_PTR mechanism,CK_OBJECT_HANDLE key)1129 wrap_C_SignRecoverInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
1130 CK_OBJECT_HANDLE key)
1131 {
1132 Mapping map;
1133 CK_RV rv;
1134
1135 rv = map_session_to_real (&handle, &map, NULL);
1136 if (rv != CKR_OK)
1137 return rv;
1138 return (map.funcs->C_SignRecoverInit) (handle, mechanism, key);
1139 }
1140
1141 static CK_RV
auth_C_SignRecoverInit(CK_SESSION_HANDLE handle,CK_MECHANISM_PTR mechanism,CK_OBJECT_HANDLE key)1142 auth_C_SignRecoverInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
1143 CK_OBJECT_HANDLE key)
1144 {
1145 CK_RV rv = wrap_C_SignRecoverInit (handle, mechanism, key);
1146 if (rv == CKR_OK)
1147 store_session_specific (handle, key);
1148 return rv;
1149 }
1150
1151 static CK_RV
wrap_C_SignRecover(CK_SESSION_HANDLE handle,CK_BYTE_PTR data,CK_ULONG data_len,CK_BYTE_PTR signature,CK_ULONG_PTR signature_len)1152 wrap_C_SignRecover (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len,
1153 CK_BYTE_PTR signature, CK_ULONG_PTR signature_len)
1154 {
1155 Mapping map;
1156 CK_RV rv;
1157
1158 rv = map_session_to_real (&handle, &map, NULL);
1159 if (rv != CKR_OK)
1160 return rv;
1161 return (map.funcs->C_SignRecover) (handle, data, data_len, signature, signature_len);
1162 }
1163
1164 static CK_RV
wrap_C_VerifyInit(CK_SESSION_HANDLE handle,CK_MECHANISM_PTR mechanism,CK_OBJECT_HANDLE key)1165 wrap_C_VerifyInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
1166 CK_OBJECT_HANDLE key)
1167 {
1168 Mapping map;
1169 CK_RV rv;
1170
1171 rv = map_session_to_real (&handle, &map, NULL);
1172 if (rv != CKR_OK)
1173 return rv;
1174 return (map.funcs->C_VerifyInit) (handle, mechanism, key);
1175 }
1176
1177 static CK_RV
auth_C_VerifyInit(CK_SESSION_HANDLE handle,CK_MECHANISM_PTR mechanism,CK_OBJECT_HANDLE key)1178 auth_C_VerifyInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
1179 CK_OBJECT_HANDLE key)
1180 {
1181 CK_RV rv = wrap_C_VerifyInit (handle, mechanism, key);
1182 if (rv == CKR_OK)
1183 store_session_specific (handle, key);
1184 return rv;
1185 }
1186
1187 static CK_RV
wrap_C_Verify(CK_SESSION_HANDLE handle,CK_BYTE_PTR data,CK_ULONG data_len,CK_BYTE_PTR signature,CK_ULONG signature_len)1188 wrap_C_Verify (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len,
1189 CK_BYTE_PTR signature, CK_ULONG signature_len)
1190 {
1191 Mapping map;
1192 CK_RV rv;
1193
1194 rv = map_session_to_real (&handle, &map, NULL);
1195 if (rv != CKR_OK)
1196 return rv;
1197 return (map.funcs->C_Verify) (handle, data, data_len, signature, signature_len);
1198 }
1199
1200 static CK_RV
wrap_C_VerifyUpdate(CK_SESSION_HANDLE handle,CK_BYTE_PTR part,CK_ULONG part_len)1201 wrap_C_VerifyUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part, CK_ULONG part_len)
1202 {
1203 Mapping map;
1204 CK_RV rv;
1205
1206 rv = map_session_to_real (&handle, &map, NULL);
1207 if (rv != CKR_OK)
1208 return rv;
1209 return (map.funcs->C_VerifyUpdate) (handle, part, part_len);
1210 }
1211
1212 static CK_RV
wrap_C_VerifyFinal(CK_SESSION_HANDLE handle,CK_BYTE_PTR signature,CK_ULONG signature_len)1213 wrap_C_VerifyFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR signature,
1214 CK_ULONG signature_len)
1215 {
1216 Mapping map;
1217 CK_RV rv;
1218
1219 rv = map_session_to_real (&handle, &map, NULL);
1220 if (rv != CKR_OK)
1221 return rv;
1222 return (map.funcs->C_VerifyFinal) (handle, signature, signature_len);
1223 }
1224
1225 static CK_RV
wrap_C_VerifyRecoverInit(CK_SESSION_HANDLE handle,CK_MECHANISM_PTR mechanism,CK_OBJECT_HANDLE key)1226 wrap_C_VerifyRecoverInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
1227 CK_OBJECT_HANDLE key)
1228 {
1229 Mapping map;
1230 CK_RV rv;
1231
1232 rv = map_session_to_real (&handle, &map, NULL);
1233 if (rv != CKR_OK)
1234 return rv;
1235 return (map.funcs->C_VerifyRecoverInit) (handle, mechanism, key);
1236 }
1237
1238 static CK_RV
auth_C_VerifyRecoverInit(CK_SESSION_HANDLE handle,CK_MECHANISM_PTR mechanism,CK_OBJECT_HANDLE key)1239 auth_C_VerifyRecoverInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
1240 CK_OBJECT_HANDLE key)
1241 {
1242 CK_RV rv = wrap_C_VerifyInit (handle, mechanism, key);
1243 if (rv == CKR_OK)
1244 store_session_specific (handle, key);
1245 return rv;
1246 }
1247
1248 static CK_RV
wrap_C_VerifyRecover(CK_SESSION_HANDLE handle,CK_BYTE_PTR signature,CK_ULONG signature_len,CK_BYTE_PTR data,CK_ULONG_PTR data_len)1249 wrap_C_VerifyRecover (CK_SESSION_HANDLE handle, CK_BYTE_PTR signature,
1250 CK_ULONG signature_len, CK_BYTE_PTR data, CK_ULONG_PTR data_len)
1251 {
1252 Mapping map;
1253 CK_RV rv;
1254
1255 rv = map_session_to_real (&handle, &map, NULL);
1256 if (rv != CKR_OK)
1257 return rv;
1258 return (map.funcs->C_VerifyRecover) (handle, signature, signature_len, data, data_len);
1259 }
1260
1261 static CK_RV
wrap_C_DigestEncryptUpdate(CK_SESSION_HANDLE handle,CK_BYTE_PTR part,CK_ULONG part_len,CK_BYTE_PTR enc_part,CK_ULONG_PTR enc_part_len)1262 wrap_C_DigestEncryptUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part,
1263 CK_ULONG part_len, CK_BYTE_PTR enc_part,
1264 CK_ULONG_PTR enc_part_len)
1265 {
1266 Mapping map;
1267 CK_RV rv;
1268
1269 rv = map_session_to_real (&handle, &map, NULL);
1270 if (rv != CKR_OK)
1271 return rv;
1272 return (map.funcs->C_DigestEncryptUpdate) (handle, part, part_len, enc_part, enc_part_len);
1273 }
1274
1275 static CK_RV
wrap_C_DecryptDigestUpdate(CK_SESSION_HANDLE handle,CK_BYTE_PTR enc_part,CK_ULONG enc_part_len,CK_BYTE_PTR part,CK_ULONG_PTR part_len)1276 wrap_C_DecryptDigestUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR enc_part,
1277 CK_ULONG enc_part_len, CK_BYTE_PTR part,
1278 CK_ULONG_PTR part_len)
1279 {
1280 Mapping map;
1281 CK_RV rv;
1282
1283 rv = map_session_to_real (&handle, &map, NULL);
1284 if (rv != CKR_OK)
1285 return rv;
1286 return (map.funcs->C_DecryptDigestUpdate) (handle, enc_part, enc_part_len, part, part_len);
1287 }
1288
1289 static CK_RV
wrap_C_SignEncryptUpdate(CK_SESSION_HANDLE handle,CK_BYTE_PTR part,CK_ULONG part_len,CK_BYTE_PTR enc_part,CK_ULONG_PTR enc_part_len)1290 wrap_C_SignEncryptUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part,
1291 CK_ULONG part_len, CK_BYTE_PTR enc_part,
1292 CK_ULONG_PTR enc_part_len)
1293 {
1294 Mapping map;
1295 CK_RV rv;
1296
1297 rv = map_session_to_real (&handle, &map, NULL);
1298 if (rv != CKR_OK)
1299 return rv;
1300 return (map.funcs->C_SignEncryptUpdate) (handle, part, part_len, enc_part, enc_part_len);
1301 }
1302
1303 static CK_RV
wrap_C_DecryptVerifyUpdate(CK_SESSION_HANDLE handle,CK_BYTE_PTR enc_part,CK_ULONG enc_part_len,CK_BYTE_PTR part,CK_ULONG_PTR part_len)1304 wrap_C_DecryptVerifyUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR enc_part,
1305 CK_ULONG enc_part_len, CK_BYTE_PTR part,
1306 CK_ULONG_PTR part_len)
1307 {
1308 Mapping map;
1309 CK_RV rv;
1310
1311 rv = map_session_to_real (&handle, &map, NULL);
1312 if (rv != CKR_OK)
1313 return rv;
1314 return (map.funcs->C_DecryptVerifyUpdate) (handle, enc_part, enc_part_len, part, part_len);
1315 }
1316
1317 static CK_RV
wrap_C_GenerateKey(CK_SESSION_HANDLE handle,CK_MECHANISM_PTR mechanism,CK_ATTRIBUTE_PTR template,CK_ULONG count,CK_OBJECT_HANDLE_PTR key)1318 wrap_C_GenerateKey (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
1319 CK_ATTRIBUTE_PTR template, CK_ULONG count,
1320 CK_OBJECT_HANDLE_PTR key)
1321 {
1322 Mapping map;
1323 CK_RV rv;
1324
1325 rv = map_session_to_real (&handle, &map, NULL);
1326 if (rv != CKR_OK)
1327 return rv;
1328 return (map.funcs->C_GenerateKey) (handle, mechanism, template, count, key);
1329 }
1330
1331 static CK_RV
wrap_C_GenerateKeyPair(CK_SESSION_HANDLE handle,CK_MECHANISM_PTR mechanism,CK_ATTRIBUTE_PTR pub_template,CK_ULONG pub_count,CK_ATTRIBUTE_PTR priv_template,CK_ULONG priv_count,CK_OBJECT_HANDLE_PTR pub_key,CK_OBJECT_HANDLE_PTR priv_key)1332 wrap_C_GenerateKeyPair (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
1333 CK_ATTRIBUTE_PTR pub_template, CK_ULONG pub_count,
1334 CK_ATTRIBUTE_PTR priv_template, CK_ULONG priv_count,
1335 CK_OBJECT_HANDLE_PTR pub_key, CK_OBJECT_HANDLE_PTR priv_key)
1336 {
1337 Mapping map;
1338 CK_RV rv;
1339
1340 rv = map_session_to_real (&handle, &map, NULL);
1341 if (rv != CKR_OK)
1342 return rv;
1343 return (map.funcs->C_GenerateKeyPair) (handle, mechanism, pub_template, pub_count, priv_template, priv_count, pub_key, priv_key);
1344 }
1345
1346 static CK_RV
wrap_C_WrapKey(CK_SESSION_HANDLE handle,CK_MECHANISM_PTR mechanism,CK_OBJECT_HANDLE wrapping_key,CK_OBJECT_HANDLE key,CK_BYTE_PTR wrapped_key,CK_ULONG_PTR wrapped_key_len)1347 wrap_C_WrapKey (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
1348 CK_OBJECT_HANDLE wrapping_key, CK_OBJECT_HANDLE key,
1349 CK_BYTE_PTR wrapped_key, CK_ULONG_PTR wrapped_key_len)
1350 {
1351 Mapping map;
1352 CK_RV rv;
1353
1354 rv = map_session_to_real (&handle, &map, NULL);
1355 if (rv != CKR_OK)
1356 return rv;
1357 return (map.funcs->C_WrapKey) (handle, mechanism, wrapping_key, key, wrapped_key, wrapped_key_len);
1358 }
1359
1360 static CK_RV
wrap_C_UnwrapKey(CK_SESSION_HANDLE handle,CK_MECHANISM_PTR mechanism,CK_OBJECT_HANDLE unwrapping_key,CK_BYTE_PTR wrapped_key,CK_ULONG wrapped_key_len,CK_ATTRIBUTE_PTR template,CK_ULONG count,CK_OBJECT_HANDLE_PTR key)1361 wrap_C_UnwrapKey (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
1362 CK_OBJECT_HANDLE unwrapping_key, CK_BYTE_PTR wrapped_key,
1363 CK_ULONG wrapped_key_len, CK_ATTRIBUTE_PTR template,
1364 CK_ULONG count, CK_OBJECT_HANDLE_PTR key)
1365 {
1366 Mapping map;
1367 CK_RV rv;
1368
1369 rv = map_session_to_real (&handle, &map, NULL);
1370 if (rv != CKR_OK)
1371 return rv;
1372 return (map.funcs->C_UnwrapKey) (handle, mechanism, unwrapping_key, wrapped_key, wrapped_key_len, template, count, key);
1373 }
1374
1375 static CK_RV
wrap_C_DeriveKey(CK_SESSION_HANDLE handle,CK_MECHANISM_PTR mechanism,CK_OBJECT_HANDLE base_key,CK_ATTRIBUTE_PTR template,CK_ULONG count,CK_OBJECT_HANDLE_PTR key)1376 wrap_C_DeriveKey (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
1377 CK_OBJECT_HANDLE base_key, CK_ATTRIBUTE_PTR template,
1378 CK_ULONG count, CK_OBJECT_HANDLE_PTR key)
1379 {
1380 Mapping map;
1381 CK_RV rv;
1382
1383 rv = map_session_to_real (&handle, &map, NULL);
1384 if (rv != CKR_OK)
1385 return rv;
1386 return (map.funcs->C_DeriveKey) (handle, mechanism, base_key, template, count, key);
1387 }
1388
1389 static CK_RV
wrap_C_SeedRandom(CK_SESSION_HANDLE handle,CK_BYTE_PTR seed,CK_ULONG seed_len)1390 wrap_C_SeedRandom (CK_SESSION_HANDLE handle, CK_BYTE_PTR seed, CK_ULONG seed_len)
1391 {
1392 Mapping map;
1393 CK_RV rv;
1394
1395 rv = map_session_to_real (&handle, &map, NULL);
1396 if (rv != CKR_OK)
1397 return rv;
1398 return (map.funcs->C_SeedRandom) (handle, seed, seed_len);
1399 }
1400
1401 static CK_RV
wrap_C_GenerateRandom(CK_SESSION_HANDLE handle,CK_BYTE_PTR random_data,CK_ULONG random_len)1402 wrap_C_GenerateRandom (CK_SESSION_HANDLE handle, CK_BYTE_PTR random_data,
1403 CK_ULONG random_len)
1404 {
1405 Mapping map;
1406 CK_RV rv;
1407
1408 rv = map_session_to_real (&handle, &map, NULL);
1409 if (rv != CKR_OK)
1410 return rv;
1411 return (map.funcs->C_GenerateRandom) (handle, random_data, random_len);
1412 }
1413
1414 /* --------------------------------------------------------------------
1415 * MODULE ENTRY POINT
1416 */
1417
1418 static CK_FUNCTION_LIST wrap_function_list = {
1419 { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, /* version */
1420 wrap_C_Initialize,
1421 wrap_C_Finalize,
1422 wrap_C_GetInfo,
1423 wrap_C_GetFunctionList,
1424 wrap_C_GetSlotList,
1425 wrap_C_GetSlotInfo,
1426 wrap_C_GetTokenInfo,
1427 wrap_C_GetMechanismList,
1428 wrap_C_GetMechanismInfo,
1429 wrap_C_InitToken,
1430 wrap_C_InitPIN,
1431 wrap_C_SetPIN,
1432 wrap_C_OpenSession,
1433 wrap_C_CloseSession,
1434 wrap_C_CloseAllSessions,
1435 wrap_C_GetSessionInfo,
1436 wrap_C_GetOperationState,
1437 wrap_C_SetOperationState,
1438 wrap_C_Login,
1439 wrap_C_Logout,
1440 wrap_C_CreateObject,
1441 wrap_C_CopyObject,
1442 wrap_C_DestroyObject,
1443 wrap_C_GetObjectSize,
1444 wrap_C_GetAttributeValue,
1445 wrap_C_SetAttributeValue,
1446 wrap_C_FindObjectsInit,
1447 wrap_C_FindObjects,
1448 wrap_C_FindObjectsFinal,
1449 wrap_C_EncryptInit,
1450 wrap_C_Encrypt,
1451 wrap_C_EncryptUpdate,
1452 wrap_C_EncryptFinal,
1453 wrap_C_DecryptInit,
1454 wrap_C_Decrypt,
1455 wrap_C_DecryptUpdate,
1456 wrap_C_DecryptFinal,
1457 wrap_C_DigestInit,
1458 wrap_C_Digest,
1459 wrap_C_DigestUpdate,
1460 wrap_C_DigestKey,
1461 wrap_C_DigestFinal,
1462 wrap_C_SignInit,
1463 wrap_C_Sign,
1464 wrap_C_SignUpdate,
1465 wrap_C_SignFinal,
1466 wrap_C_SignRecoverInit,
1467 wrap_C_SignRecover,
1468 wrap_C_VerifyInit,
1469 wrap_C_Verify,
1470 wrap_C_VerifyUpdate,
1471 wrap_C_VerifyFinal,
1472 wrap_C_VerifyRecoverInit,
1473 wrap_C_VerifyRecover,
1474 wrap_C_DigestEncryptUpdate,
1475 wrap_C_DecryptDigestUpdate,
1476 wrap_C_SignEncryptUpdate,
1477 wrap_C_DecryptVerifyUpdate,
1478 wrap_C_GenerateKey,
1479 wrap_C_GenerateKeyPair,
1480 wrap_C_WrapKey,
1481 wrap_C_UnwrapKey,
1482 wrap_C_DeriveKey,
1483 wrap_C_SeedRandom,
1484 wrap_C_GenerateRandom,
1485 wrap_C_GetFunctionStatus,
1486 wrap_C_CancelFunction,
1487 wrap_C_WaitForSlotEvent
1488 };
1489
1490 static CK_FUNCTION_LIST auth_function_list = {
1491 { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, /* version */
1492 wrap_C_Initialize,
1493 wrap_C_Finalize,
1494 wrap_C_GetInfo,
1495 auth_C_GetFunctionList,
1496 wrap_C_GetSlotList,
1497 wrap_C_GetSlotInfo,
1498 auth_C_GetTokenInfo,
1499 wrap_C_GetMechanismList,
1500 wrap_C_GetMechanismInfo,
1501 wrap_C_InitToken,
1502 auth_C_InitPIN,
1503 auth_C_SetPIN,
1504 wrap_C_OpenSession,
1505 wrap_C_CloseSession,
1506 wrap_C_CloseAllSessions,
1507 wrap_C_GetSessionInfo,
1508 wrap_C_GetOperationState,
1509 wrap_C_SetOperationState,
1510 auth_C_Login,
1511 wrap_C_Logout,
1512 auth_C_CreateObject,
1513 wrap_C_CopyObject,
1514 wrap_C_DestroyObject,
1515 wrap_C_GetObjectSize,
1516 wrap_C_GetAttributeValue,
1517 wrap_C_SetAttributeValue,
1518 wrap_C_FindObjectsInit,
1519 wrap_C_FindObjects,
1520 wrap_C_FindObjectsFinal,
1521 auth_C_EncryptInit,
1522 wrap_C_Encrypt,
1523 wrap_C_EncryptUpdate,
1524 wrap_C_EncryptFinal,
1525 auth_C_DecryptInit,
1526 wrap_C_Decrypt,
1527 wrap_C_DecryptUpdate,
1528 wrap_C_DecryptFinal,
1529 wrap_C_DigestInit,
1530 wrap_C_Digest,
1531 wrap_C_DigestUpdate,
1532 wrap_C_DigestKey,
1533 wrap_C_DigestFinal,
1534 auth_C_SignInit,
1535 wrap_C_Sign,
1536 wrap_C_SignUpdate,
1537 wrap_C_SignFinal,
1538 auth_C_SignRecoverInit,
1539 wrap_C_SignRecover,
1540 auth_C_VerifyInit,
1541 wrap_C_Verify,
1542 wrap_C_VerifyUpdate,
1543 wrap_C_VerifyFinal,
1544 auth_C_VerifyRecoverInit,
1545 wrap_C_VerifyRecover,
1546 wrap_C_DigestEncryptUpdate,
1547 wrap_C_DecryptDigestUpdate,
1548 wrap_C_SignEncryptUpdate,
1549 wrap_C_DecryptVerifyUpdate,
1550 wrap_C_GenerateKey,
1551 wrap_C_GenerateKeyPair,
1552 wrap_C_WrapKey,
1553 wrap_C_UnwrapKey,
1554 wrap_C_DeriveKey,
1555 wrap_C_SeedRandom,
1556 wrap_C_GenerateRandom,
1557 wrap_C_GetFunctionStatus,
1558 wrap_C_CancelFunction,
1559 wrap_C_WaitForSlotEvent
1560 };
1561
1562 /* -----------------------------------------------------------------------------------------
1563 * PUBLIC FUNCTIONS
1564 */
1565
1566 CK_FUNCTION_LIST_PTR
gkm_wrap_layer_get_functions(void)1567 gkm_wrap_layer_get_functions (void)
1568 {
1569 return &auth_function_list;
1570 }
1571
1572 CK_FUNCTION_LIST_PTR
gkm_wrap_layer_get_functions_no_prompts(void)1573 gkm_wrap_layer_get_functions_no_prompts (void)
1574 {
1575 return &wrap_function_list;
1576 }
1577
1578 void
gkm_wrap_layer_reset_modules(void)1579 gkm_wrap_layer_reset_modules (void)
1580 {
1581 G_LOCK (wrap_layer);
1582
1583 g_assert (!wrap_mappings);
1584 g_assert (!wrap_sessions);
1585 g_list_free (wrap_modules);
1586 wrap_modules = NULL;
1587
1588 G_UNLOCK (wrap_layer);
1589 }
1590
1591 void
gkm_wrap_layer_add_module(CK_FUNCTION_LIST_PTR funcs)1592 gkm_wrap_layer_add_module (CK_FUNCTION_LIST_PTR funcs)
1593 {
1594 g_assert (funcs);
1595
1596 G_LOCK (wrap_layer);
1597
1598 g_assert (!wrap_mappings);
1599 g_assert (!wrap_sessions);
1600 wrap_modules = g_list_append (wrap_modules, funcs);
1601
1602 G_UNLOCK (wrap_layer);
1603 }
1604