1 /*
2 * COPYRIGHT (c) International Business Machines Corp. 2015-2017
3 *
4 * This program is provided under the terms of the Common Public License,
5 * version 1.0 (CPL-1.0). Any use, reproduction or distribution for this
6 * software constitutes recipient's acceptance of CPL-1.0 terms which can be
7 * found in the file LICENSE file or at
8 * https://opensource.org/licenses/cpl1.0.php
9 */
10
11 #define _GNU_SOURCE
12 #include <pthread.h>
13 #include <stdio.h>
14 #include <time.h>
15 #include <string.h>
16 #include <strings.h>
17 #include <errno.h>
18 #include <syslog.h>
19
20 #include <stdlib.h>
21 #include <unistd.h>
22 #include <sys/types.h>
23 #include <grp.h>
24 #include <pwd.h>
25
26 #include "pkcs11types.h"
27 #include "stdll.h"
28
29 #include "defs.h"
30 #include "host_defs.h"
31 #include "h_extern.h"
32 #include "tok_spec_struct.h"
33 #include "pkcs32.h"
34 #include "trace.h"
35 #include "slotmgr.h"
36 #include "icsf_specific.h"
37 #include "../api/apiproto.h"
38
39 void SC_SetFunctionList(void);
40
41 CK_ULONG usage_count = 0; /* track DLL usage */
42
Fork_Initializer(void)43 void Fork_Initializer(void)
44 {
45
46
47 /* Force logout. This cleans out the private session and list
48 * and cleans out the private object map
49 */
50 session_mgr_logout_all(NULL);
51
52 /* Clean out the public object map
53 * First parm is no longer used..
54 */
55 object_mgr_purge_map(NULL, (SESSION *) 0xFFFF, PUBLIC);
56 object_mgr_purge_map(NULL, (SESSION *) 0xFFFF, PRIVATE);
57
58 /* This should clear the entire session list out */
59 session_mgr_close_all_sessions();
60
61 /* Clean out the global login state variable
62 * When implemented... Although logout_all should clear this up.
63 */
64
65 bt_destroy(&priv_token_obj_btree, call_free);
66 bt_destroy(&publ_token_obj_btree, call_free);
67
68 /* Need to do something to prevent the shared memory from
69 * having the objects loaded again.... The most likely place
70 * is in the obj_mgr file where the object is added to shared
71 * memory (object_mgr_add_to_shm) a query should be done to
72 * the appropriate object list....
73 */
74 }
75
76 /* verify that the mech specified is in the
77 * mech list for this token...
78 */
valid_mech(STDLL_TokData_t * tokdata,CK_MECHANISM_PTR m,CK_FLAGS f)79 CK_RV valid_mech(STDLL_TokData_t * tokdata, CK_MECHANISM_PTR m, CK_FLAGS f)
80 {
81 CK_RV rc;
82 CK_MECHANISM_INFO info;
83
84 UNUSED(tokdata);
85
86 if (m) {
87 memset(&info, 0, sizeof(info));
88 rc = ock_generic_get_mechanism_info(m->mechanism, &info);
89 if (rc != CKR_OK || !(info.flags & (f)))
90 return CKR_MECHANISM_INVALID;
91 }
92
93 return CKR_OK;
94 }
95
96 /* In an STDLL this is called once for each card in the system
97 * therefore the initialized only flags certain one time things.
98 */
ST_Initialize(API_Slot_t * sltp,CK_SLOT_ID SlotNumber,SLOT_INFO * sinfp,struct trace_handle_t t)99 CK_RV ST_Initialize(API_Slot_t * sltp, CK_SLOT_ID SlotNumber,
100 SLOT_INFO * sinfp, struct trace_handle_t t)
101 {
102 CK_RV rc = CKR_OK;
103 char abs_tokdir_name[PATH_MAX];
104
105 if ((rc = check_user_and_group()) != CKR_OK)
106 return rc;
107
108 /* assume that the upper API prevents multiple calls of initialize
109 * since that only happens on C_Initialize and that is the
110 * resonsibility of the upper layer..
111 */
112
113 /* If we're not already initialized, grab the mutex and do the
114 * initialization. Check to see if another thread did so while we
115 * were waiting...
116 *
117 * One of the things we do during initialization is create the mutex
118 * for PKCS#11 operations; until we do so, we have to use the native
119 * mutex...
120 */
121 if (pthread_mutex_lock(&native_mutex)) {
122 rc = CKR_FUNCTION_FAILED;
123 TRACE_ERROR("Failed to lock mutex.\n");
124 }
125
126 /* SAB need to call Fork_Initializer here
127 * instead of at the end of the loop...
128 * it may also need to call destroy of the following 3 mutexes..
129 * it may not matter...
130 */
131 Fork_Initializer();
132
133 /* set trace info */
134 set_trace(t);
135
136 MY_CreateMutex(&pkcs_mutex);
137 MY_CreateMutex(&obj_list_mutex);
138 MY_CreateMutex(&sess_list_mutex);
139 MY_CreateMutex(&login_mutex);
140
141 /*
142 * Create separate memory area for each token specific data
143 */
144 sltp->TokData = (STDLL_TokData_t *) calloc(1, sizeof(STDLL_TokData_t));
145 if (!sltp->TokData) {
146 TRACE_ERROR("Allocating host memory failed.\n");
147 goto done;
148 }
149
150 if (strlen(sinfp->tokname)) {
151 sprintf(abs_tokdir_name, "%s/%s", CONFIG_PATH, sinfp->tokname);
152 TRACE_DEVEL("Token directory: %s\n", abs_tokdir_name);
153 init_data_store((char *) abs_tokdir_name, sltp->TokData->data_store);
154 } else {
155 init_data_store((char *) PK_DIR, sltp->TokData->data_store);
156 }
157
158 /* Initialize lock */
159 XProcLock_Init(sltp->TokData);
160
161 /* Create lockfile */
162 if (CreateXProcLock(sinfp->tokname, sltp->TokData) != CKR_OK) {
163 TRACE_ERROR("Process lock failed.\n");
164 rc = CKR_FUNCTION_FAILED;
165 goto done;
166 }
167
168 /* Handle global initialization issues first if we have not
169 * been initialized.
170 */
171 if (sltp->TokData->initialized == FALSE) {
172
173 rc = attach_shm(sltp->TokData, SlotNumber);
174 if (rc != CKR_OK) {
175 TRACE_ERROR("Could not attach to shared memory.\n");
176 goto done;
177 }
178
179 sltp->TokData->nv_token_data =
180 &(sltp->TokData->global_shm->nv_token_data);
181 SC_SetFunctionList();
182
183 rc = icsftok_init(sltp->TokData, SlotNumber, sinfp->confname);
184 if (rc != 0) {
185 sltp->FcnList = NULL;
186 if (sltp->TokData)
187 free(sltp->TokData);
188 sltp->TokData = NULL;
189 TRACE_DEVEL("Token Specific Init failed.\n");
190 goto done;
191 }
192 sltp->TokData->initialized = TRUE;
193 }
194
195 rc = load_token_data(sltp->TokData, SlotNumber);
196 if (rc != CKR_OK) {
197 sltp->FcnList = NULL;
198 if (sltp->TokData)
199 free(sltp->TokData);
200 sltp->TokData = NULL;
201 TRACE_DEVEL("Failed to load token data.\n");
202 goto done;
203 }
204
205 rc = XProcLock(sltp->TokData);
206 if (rc != CKR_OK)
207 goto done;
208
209 /* no need to return error here, we load the token data we can
210 * and syslog the rest
211 */
212 load_public_token_objects(sltp->TokData);
213
214 sltp->TokData->global_shm->publ_loaded = TRUE;
215
216 rc = XProcUnLock(sltp->TokData);
217 if (rc != CKR_OK)
218 goto done;
219
220 init_slotInfo(&(sltp->TokData->slot_info));
221
222 usage_count++;
223 (sltp->FcnList) = &function_list;
224
225 done:
226 if (pthread_mutex_unlock(&native_mutex)) {
227 TRACE_ERROR("Failed to unlock mutex.\n");
228 rc = CKR_FUNCTION_FAILED;
229 }
230
231 return rc;
232 }
233
234 /* What does this really have to do in this new token... probably
235 * need to close the adapters that are opened, and clear the other
236 * stuff
237 */
SC_Finalize(STDLL_TokData_t * tokdata,CK_SLOT_ID sid,SLOT_INFO * sinfp)238 CK_RV SC_Finalize(STDLL_TokData_t * tokdata, CK_SLOT_ID sid, SLOT_INFO * sinfp)
239 {
240 CK_RV rc;
241
242 UNUSED(sid);
243 UNUSED(sinfp);
244
245 if (tokdata->initialized == FALSE) {
246 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
247 return CKR_CRYPTOKI_NOT_INITIALIZED;
248 }
249
250 /* If somebody else has taken care of things, leave... */
251 if (tokdata->initialized == FALSE) {
252 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
253 return CKR_CRYPTOKI_NOT_INITIALIZED;
254 }
255 #ifdef ENABLE_LOCKS
256 MY_LockMutex(&pkcs_mutex);
257 #else
258 __transaction_atomic { /* start transaction */
259 #endif
260 usage_count--;
261 if (usage_count == 0) {
262 tokdata->initialized = FALSE;
263 }
264 #ifdef ENABLE_LOCKS
265 MY_UnlockMutex(&pkcs_mutex);
266 #else
267 } /* end transaction */
268 #endif
269
270 session_mgr_close_all_sessions();
271 object_mgr_purge_token_objects(tokdata);
272
273 /* Finally free the nodes on free list. */
274 bt_destroy(&sess_btree, NULL);
275 bt_destroy(&sess_obj_btree, NULL);
276 bt_destroy(&object_map_btree, NULL);
277 bt_destroy(&priv_token_obj_btree, NULL);
278 bt_destroy(&publ_token_obj_btree, NULL);
279
280 detach_shm(tokdata);
281 /* close spin lock file */
282 CloseXProcLock(tokdata);
283
284 rc = icsftok_close_all_sessions();
285 if (rc != CKR_OK) {
286 TRACE_ERROR("Token specific final call failed.\n");
287 return rc;
288 }
289
290 if (tokdata)
291 free(tokdata);
292
293 final_data_store();
294 return rc;
295 }
296
SC_GetTokenInfo(STDLL_TokData_t * tokdata,CK_SLOT_ID sid,CK_TOKEN_INFO_PTR pInfo)297 CK_RV SC_GetTokenInfo(STDLL_TokData_t * tokdata, CK_SLOT_ID sid,
298 CK_TOKEN_INFO_PTR pInfo)
299 {
300 CK_RV rc = CKR_OK;
301 time_t now;
302
303 if (tokdata->initialized == FALSE) {
304 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
305 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
306 goto done;
307 }
308 if (!pInfo) {
309 TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD));
310 rc = CKR_ARGUMENTS_BAD;
311 goto done;
312 }
313 if (sid >= NUMBER_SLOTS_MANAGED) {
314 TRACE_ERROR("%s\n", ock_err(ERR_SLOT_ID_INVALID));
315 rc = CKR_SLOT_ID_INVALID;
316 goto done;
317 }
318 copy_token_contents_sensibly(pInfo, tokdata->nv_token_data);
319
320 /* Set the time */
321 now = time((time_t *) NULL);
322 strftime((char *) pInfo->utcTime, 16, "%Y%m%d%H%M%S", localtime(&now));
323 pInfo->utcTime[14] = '0';
324 pInfo->utcTime[15] = '0';
325
326 done:
327 TRACE_INFO("C_GetTokenInfo: rc = 0x%08lx\n", rc);
328
329 return rc;
330 }
331
SC_WaitForSlotEvent(STDLL_TokData_t * tokdata,CK_FLAGS flags,CK_SLOT_ID_PTR pSlot,CK_VOID_PTR pReserved)332 CK_RV SC_WaitForSlotEvent(STDLL_TokData_t * tokdata, CK_FLAGS flags,
333 CK_SLOT_ID_PTR pSlot, CK_VOID_PTR pReserved)
334 {
335 UNUSED(flags);
336 UNUSED(pSlot);
337 UNUSED(pReserved);
338
339 if (tokdata->initialized == FALSE) {
340 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
341 return CKR_CRYPTOKI_NOT_INITIALIZED;
342 }
343
344 TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_NOT_SUPPORTED));
345
346 return CKR_FUNCTION_NOT_SUPPORTED;
347 }
348
349 /*
350 * Get the mechanism type list for the current token.
351 */
SC_GetMechanismList(STDLL_TokData_t * tokdata,CK_SLOT_ID sid,CK_MECHANISM_TYPE_PTR pMechList,CK_ULONG_PTR count)352 CK_RV SC_GetMechanismList(STDLL_TokData_t * tokdata, CK_SLOT_ID sid,
353 CK_MECHANISM_TYPE_PTR pMechList, CK_ULONG_PTR count)
354 {
355 CK_RV rc = CKR_OK;
356
357 if (tokdata->initialized == FALSE) {
358 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
359 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
360 goto out;
361 }
362 if (count == NULL) {
363 TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD));
364 rc = CKR_ARGUMENTS_BAD;
365 goto out;
366 }
367 if (sid >= NUMBER_SLOTS_MANAGED) {
368 TRACE_ERROR("%s\n", ock_err(ERR_SLOT_ID_INVALID));
369 rc = CKR_SLOT_ID_INVALID;
370 goto out;
371 }
372 rc = ock_generic_get_mechanism_list(pMechList, count);
373 if (rc == CKR_OK) {
374 /* To accomodate certain special cases, we may need to
375 * make adjustments to the token's mechanism list.
376 */
377 mechanism_list_transformations(pMechList, count);
378 }
379 out:
380 TRACE_INFO("C_GetMechanismList: rc = 0x%08lx, # mechanisms: %lu\n",
381 rc, (count ? *count : 0));
382
383 return rc;
384 }
385
386
387 /*
388 * Get the mechanism info for the current type and token.
389 */
SC_GetMechanismInfo(STDLL_TokData_t * tokdata,CK_SLOT_ID sid,CK_MECHANISM_TYPE type,CK_MECHANISM_INFO_PTR pInfo)390 CK_RV SC_GetMechanismInfo(STDLL_TokData_t * tokdata, CK_SLOT_ID sid,
391 CK_MECHANISM_TYPE type, CK_MECHANISM_INFO_PTR pInfo)
392 {
393 CK_RV rc = CKR_OK;
394
395 if (tokdata->initialized == FALSE) {
396 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
397 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
398 goto out;
399 }
400 if (pInfo == NULL) {
401 TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD));
402 rc = CKR_ARGUMENTS_BAD;
403 goto out;
404 }
405 if (sid >= NUMBER_SLOTS_MANAGED) {
406 TRACE_ERROR("%s\n", ock_err(ERR_SLOT_ID_INVALID));
407 rc = CKR_SLOT_ID_INVALID;
408 goto out;
409 }
410 rc = ock_generic_get_mechanism_info(type, pInfo);
411 out:
412 TRACE_INFO("C_GetMechanismInfo: rc = 0x%08lx, mech type = 0x%08lx\n",
413 rc, type);
414
415 return rc;
416 }
417
418
419 /*
420 * This routine should only be called if no other processes are
421 * attached to the token. we need to somehow check that this is the
422 * only process Meta API should prevent this since it knows session
423 * states in the shared memory.
424 */
SC_InitToken(STDLL_TokData_t * tokdata,CK_SLOT_ID sid,CK_CHAR_PTR pPin,CK_ULONG ulPinLen,CK_CHAR_PTR pLabel)425 CK_RV SC_InitToken(STDLL_TokData_t * tokdata, CK_SLOT_ID sid, CK_CHAR_PTR pPin,
426 CK_ULONG ulPinLen, CK_CHAR_PTR pLabel)
427 {
428 CK_RV rc = CKR_OK;
429
430 if (tokdata->initialized == FALSE) {
431 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
432 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
433 goto done;
434 }
435 if (!pPin || !pLabel) {
436 TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD));
437 rc = CKR_ARGUMENTS_BAD;
438 goto done;
439 }
440 if (tokdata->nv_token_data->token_info.flags & CKF_SO_PIN_LOCKED) {
441 TRACE_ERROR("%s\n", ock_err(ERR_PIN_LOCKED));
442 rc = CKR_PIN_LOCKED;
443 goto done;
444 }
445
446 rc = icsftok_init_token(tokdata, sid, pPin, ulPinLen, pLabel);
447 if (rc != CKR_OK) {
448 TRACE_ERROR("%s\n", ock_err(ERR_PIN_INCORRECT));
449 rc = CKR_PIN_INCORRECT;
450 }
451 done:
452 TRACE_INFO("C_InitToken: rc = 0x%08lx\n", rc);
453
454 return rc;
455 }
456
457
SC_InitPIN(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_CHAR_PTR pPin,CK_ULONG ulPinLen)458 CK_RV SC_InitPIN(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
459 CK_CHAR_PTR pPin, CK_ULONG ulPinLen)
460 {
461 SESSION *sess = NULL;
462 CK_RV rc = CKR_OK;
463 CK_FLAGS_32 *flags = NULL;
464
465 if (tokdata->initialized == FALSE) {
466 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
467 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
468 goto done;
469 }
470 if (!pPin) {
471 TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD));
472 rc = CKR_ARGUMENTS_BAD;
473 goto done;
474 }
475 sess = session_mgr_find(sSession->sessionh);
476 if (!sess) {
477 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
478 rc = CKR_SESSION_HANDLE_INVALID;
479 goto done;
480 }
481 //set the handle here as handle is never set into session during creation
482 sess->handle = sSession->sessionh;
483
484 if (pin_locked(&sess->session_info,
485 tokdata->nv_token_data->token_info.flags) == TRUE) {
486 TRACE_ERROR("%s\n", ock_err(ERR_PIN_LOCKED));
487 rc = CKR_PIN_LOCKED;
488 goto done;
489 }
490 if (sess->session_info.state != CKS_RW_SO_FUNCTIONS) {
491 TRACE_ERROR("%s\n", ock_err(ERR_USER_NOT_LOGGED_IN));
492 rc = CKR_USER_NOT_LOGGED_IN;
493 goto done;
494 }
495
496 rc = icsftok_init_pin(tokdata, sess, pPin, ulPinLen);
497 if (rc == CKR_OK) {
498 flags = &tokdata->nv_token_data->token_info.flags;
499 *flags &= ~(CKF_USER_PIN_LOCKED | CKF_USER_PIN_FINAL_TRY |
500 CKF_USER_PIN_COUNT_LOW);
501 rc = save_token_data(tokdata, sess->session_info.slotID);
502 if (rc != CKR_OK)
503 TRACE_DEVEL("Failed to save token data.\n");
504 }
505 done:
506 TRACE_INFO("C_InitPin: rc = 0x%08lx, session = %lu\n",
507 rc, sSession->sessionh);
508
509 return rc;
510 }
511
SC_SetPIN(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_CHAR_PTR pOldPin,CK_ULONG ulOldLen,CK_CHAR_PTR pNewPin,CK_ULONG ulNewLen)512 CK_RV SC_SetPIN(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
513 CK_CHAR_PTR pOldPin, CK_ULONG ulOldLen, CK_CHAR_PTR pNewPin,
514 CK_ULONG ulNewLen)
515 {
516 SESSION *sess = NULL;
517 CK_RV rc = CKR_OK;
518
519 if (tokdata->initialized == FALSE) {
520 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
521 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
522 goto done;
523 }
524 sess = session_mgr_find(sSession->sessionh);
525 if (!sess) {
526 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
527 rc = CKR_SESSION_HANDLE_INVALID;
528 goto done;
529 }
530 //set the handle here as handle is never set into session during creation
531 sess->handle = sSession->sessionh;
532
533 if (pin_locked(&sess->session_info,
534 tokdata->nv_token_data->token_info.flags) == TRUE) {
535 TRACE_ERROR("%s\n", ock_err(ERR_PIN_LOCKED));
536 rc = CKR_PIN_LOCKED;
537 goto done;
538 }
539
540 rc = icsftok_set_pin(tokdata, sess, pOldPin, ulOldLen, pNewPin, ulNewLen);
541
542 done:
543 TRACE_INFO("C_SetPin: rc = 0x%08lx, session = %lu\n",
544 rc, sSession->sessionh);
545
546 return rc;
547 }
548
SC_OpenSession(STDLL_TokData_t * tokdata,CK_SLOT_ID sid,CK_FLAGS flags,CK_SESSION_HANDLE_PTR phSession)549 CK_RV SC_OpenSession(STDLL_TokData_t * tokdata, CK_SLOT_ID sid, CK_FLAGS flags,
550 CK_SESSION_HANDLE_PTR phSession)
551 {
552 CK_RV rc = CKR_OK;
553 SESSION *sess;
554
555 if (tokdata->initialized == FALSE) {
556 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
557 return CKR_CRYPTOKI_NOT_INITIALIZED;
558 }
559 if (phSession == NULL) {
560 TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD));
561 return CKR_ARGUMENTS_BAD;
562 }
563 if (sid >= NUMBER_SLOTS_MANAGED) {
564 TRACE_ERROR("%s\n", ock_err(ERR_SLOT_ID_INVALID));
565 return CKR_SLOT_ID_INVALID;
566 }
567 flags |= CKF_SERIAL_SESSION;
568 if ((flags & CKF_RW_SESSION) == 0) {
569 if (session_mgr_so_session_exists()) {
570 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_READ_WRITE_SO_EXISTS));
571 return CKR_SESSION_READ_WRITE_SO_EXISTS;
572 }
573 }
574
575 rc = session_mgr_new(flags, sid, phSession);
576 if (rc != CKR_OK) {
577 TRACE_DEVEL("session_mgr_new() failed\n");
578 return rc;
579 }
580
581 sess = session_mgr_find(*phSession);
582 if (!sess) {
583 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
584 return CKR_SESSION_HANDLE_INVALID;
585 }
586 sess->handle = *phSession;
587 rc = icsftok_open_session(tokdata, sess);
588
589 TRACE_INFO("C_OpenSession: rc = 0x%08lx sess = %lu\n", rc, sess->handle);
590
591 return rc;
592 }
593
SC_CloseSession(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession)594 CK_RV SC_CloseSession(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession)
595 {
596 CK_RV rc = CKR_OK;
597 SESSION *sess = NULL;
598
599 if (tokdata->initialized == FALSE) {
600 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
601 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
602 goto done;
603 }
604
605 sess = session_mgr_find(sSession->sessionh);
606 if (!sess) {
607 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
608 rc = CKR_SESSION_HANDLE_INVALID;
609 goto done;
610 }
611 //set the handle here as handle is never set into session during creation
612 sess->handle = sSession->sessionh;
613 rc = icsftok_close_session(tokdata, sess);
614 if (rc)
615 goto done;
616
617 rc = session_mgr_close_session(tokdata, sSession->sessionh);
618
619 done:
620 TRACE_INFO("C_CloseSession: rc = 0x%08lx sess = %lu\n",
621 rc, sSession->sessionh);
622
623 return rc;
624 }
625
SC_CloseAllSessions(STDLL_TokData_t * tokdata,CK_SLOT_ID sid)626 CK_RV SC_CloseAllSessions(STDLL_TokData_t * tokdata, CK_SLOT_ID sid)
627 {
628 CK_RV rc = CKR_OK;
629
630 if (tokdata->initialized == FALSE) {
631 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
632 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
633 goto done;
634 }
635 rc = session_mgr_close_all_sessions();
636 if (rc != CKR_OK) {
637 TRACE_DEVEL("session_mgr_close_all_sessions() failed.\n");
638 goto done;
639 }
640
641 rc = icsftok_close_all_sessions();
642 if (rc != CKR_OK)
643 TRACE_DEVEL("Failed to remove icsf specific session_states.\n");
644
645 done:
646 TRACE_INFO("C_CloseAllSessions: rc = 0x%08lx slot = %lu\n", rc, sid);
647
648 return rc;
649 }
650
SC_GetSessionInfo(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_SESSION_INFO_PTR pInfo)651 CK_RV SC_GetSessionInfo(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
652 CK_SESSION_INFO_PTR pInfo)
653 {
654 SESSION *sess = NULL;
655 CK_RV rc = CKR_OK;
656
657 if (tokdata->initialized == FALSE) {
658 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
659 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
660 goto done;
661 }
662
663 if (!pInfo) {
664 TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD));
665 rc = CKR_ARGUMENTS_BAD;
666 goto done;
667 }
668
669 sess = session_mgr_find(sSession->sessionh);
670 if (!sess) {
671 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
672 rc = CKR_SESSION_HANDLE_INVALID;
673 goto done;
674 }
675
676 memcpy(pInfo, &sess->session_info, sizeof(CK_SESSION_INFO));
677
678 done:
679 TRACE_INFO("C_GetSessionInfo: session = %lu\n", sSession->sessionh);
680
681 return rc;
682 }
683
SC_GetOperationState(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_BYTE_PTR pOperationState,CK_ULONG_PTR pulOperationStateLen)684 CK_RV SC_GetOperationState(STDLL_TokData_t * tokdata,
685 ST_SESSION_HANDLE * sSession,
686 CK_BYTE_PTR pOperationState,
687 CK_ULONG_PTR pulOperationStateLen)
688 {
689 SESSION *sess = NULL;
690 CK_BBOOL length_only = FALSE;
691 CK_RV rc = CKR_OK;
692
693 if (tokdata->initialized == FALSE) {
694 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
695 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
696 goto done;
697 }
698
699 if (!pulOperationStateLen) {
700 TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD));
701 rc = CKR_ARGUMENTS_BAD;
702 goto done;
703 }
704
705 if (!pOperationState)
706 length_only = TRUE;
707
708 sess = session_mgr_find(sSession->sessionh);
709 if (!sess) {
710 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
711 rc = CKR_SESSION_HANDLE_INVALID;
712 goto done;
713 }
714 //set the handle into the session.
715 sess->handle = sSession->sessionh;
716
717 rc = session_mgr_get_op_state(sess, length_only, pOperationState,
718 pulOperationStateLen);
719 if (rc != CKR_OK)
720 TRACE_DEVEL("session_mgr_get_op_state() failed.\n");
721 done:
722 TRACE_INFO("C_GetOperationState: rc = 0x%08lx, session = %lu\n",
723 rc, sSession->sessionh);
724
725 return rc;
726 }
727
728
SC_SetOperationState(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_BYTE_PTR pOperationState,CK_ULONG ulOperationStateLen,CK_OBJECT_HANDLE hEncryptionKey,CK_OBJECT_HANDLE hAuthenticationKey)729 CK_RV SC_SetOperationState(STDLL_TokData_t * tokdata,
730 ST_SESSION_HANDLE * sSession,
731 CK_BYTE_PTR pOperationState,
732 CK_ULONG ulOperationStateLen,
733 CK_OBJECT_HANDLE hEncryptionKey,
734 CK_OBJECT_HANDLE hAuthenticationKey)
735 {
736 SESSION *sess = NULL;
737 CK_RV rc = CKR_OK;
738
739 if (tokdata->initialized == FALSE) {
740 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
741 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
742 goto done;
743 }
744
745 if (!pOperationState || (ulOperationStateLen == 0)) {
746 TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD));
747 rc = CKR_ARGUMENTS_BAD;
748 goto done;
749 }
750
751 sess = session_mgr_find(sSession->sessionh);
752 if (!sess) {
753 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
754 rc = CKR_SESSION_HANDLE_INVALID;
755 goto done;
756 }
757 //set the handle into the session.
758 sess->handle = sSession->sessionh;
759
760 rc = session_mgr_set_op_state(sess, hEncryptionKey, hAuthenticationKey,
761 pOperationState, ulOperationStateLen);
762
763 if (rc != CKR_OK)
764 TRACE_DEVEL("session_mgr_set_op_state() failed.\n");
765 done:
766 TRACE_INFO("C_SetOperationState: rc = 0x%08lx, session = %lu\n",
767 rc, sSession->sessionh);
768
769 return rc;
770 }
771
772
SC_Login(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_USER_TYPE userType,CK_CHAR_PTR pPin,CK_ULONG ulPinLen)773 CK_RV SC_Login(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
774 CK_USER_TYPE userType, CK_CHAR_PTR pPin, CK_ULONG ulPinLen)
775 {
776 SESSION *sess = NULL;
777 CK_FLAGS_32 *flags = NULL;
778 CK_RV rc = CKR_OK;
779
780 rc = MY_LockMutex(&login_mutex);
781 if (rc != CKR_OK) {
782 TRACE_ERROR("Failed to get mutex lock.\n");
783 return CKR_FUNCTION_FAILED;
784 }
785
786 if (tokdata->initialized == FALSE) {
787 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
788 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
789 goto done;
790 }
791
792 sess = session_mgr_find(sSession->sessionh);
793 if (!sess) {
794 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
795 rc = CKR_SESSION_HANDLE_INVALID;
796 goto done;
797 }
798 //set the handle into the session.
799 sess->handle = sSession->sessionh;
800
801 flags = &tokdata->nv_token_data->token_info.flags;
802
803 if (!pPin || ulPinLen > MAX_PIN_LEN) {
804 set_login_flags(userType, flags);
805 TRACE_ERROR("%s\n", ock_err(ERR_PIN_INCORRECT));
806 rc = CKR_PIN_INCORRECT;
807 goto done;
808 }
809
810 /* PKCS #11 v2.01 requires that all sessions have the same login status:
811 * --> all sessions are public, all are SO or all are USER
812 */
813 if (userType == CKU_USER) {
814 if (session_mgr_so_session_exists()) {
815 TRACE_ERROR("%s\n", ock_err(ERR_USER_ANOTHER_ALREADY_LOGGED_IN));
816 rc = CKR_USER_ANOTHER_ALREADY_LOGGED_IN;
817 }
818 if (session_mgr_user_session_exists()) {
819 TRACE_ERROR("%s\n", ock_err(ERR_USER_ALREADY_LOGGED_IN));
820 rc = CKR_USER_ALREADY_LOGGED_IN;
821 }
822 } else if (userType == CKU_SO) {
823 if (session_mgr_user_session_exists()) {
824 TRACE_ERROR("%s\n", ock_err(ERR_USER_ANOTHER_ALREADY_LOGGED_IN));
825 rc = CKR_USER_ANOTHER_ALREADY_LOGGED_IN;
826 }
827 if (session_mgr_so_session_exists()) {
828 TRACE_ERROR("%s\n", ock_err(ERR_USER_ALREADY_LOGGED_IN));
829 rc = CKR_USER_ALREADY_LOGGED_IN;
830 }
831 if (session_mgr_readonly_session_exists()) {
832 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_READ_ONLY_EXISTS));
833 rc = CKR_SESSION_READ_ONLY_EXISTS;
834 }
835 } else {
836 rc = CKR_USER_TYPE_INVALID;
837 TRACE_ERROR("%s\n", ock_err(ERR_USER_TYPE_INVALID));
838 }
839 if (rc != CKR_OK)
840 goto done;
841
842
843 if (userType == CKU_USER) {
844 if (*flags & CKF_USER_PIN_LOCKED) {
845 TRACE_ERROR("%s\n", ock_err(ERR_PIN_LOCKED));
846 rc = CKR_PIN_LOCKED;
847 goto done;
848 }
849
850 rc = icsftok_login(tokdata, sess, userType, pPin, ulPinLen);
851 if (rc == CKR_OK) {
852 *flags &= ~(CKF_USER_PIN_LOCKED |
853 CKF_USER_PIN_FINAL_TRY | CKF_USER_PIN_COUNT_LOW);
854 } else if (rc == CKR_PIN_INCORRECT) {
855 set_login_flags(userType, flags);
856 }
857 } else {
858 if (*flags & CKF_SO_PIN_LOCKED) {
859 TRACE_ERROR("%s\n", ock_err(ERR_PIN_LOCKED));
860 rc = CKR_PIN_LOCKED;
861 goto done;
862 }
863
864 rc = icsftok_login(tokdata, sess, userType, pPin, ulPinLen);
865 if (rc == CKR_OK) {
866 *flags &= ~(CKF_SO_PIN_LOCKED |
867 CKF_SO_PIN_FINAL_TRY | CKF_SO_PIN_COUNT_LOW);
868 } else if (rc == CKR_PIN_INCORRECT) {
869 set_login_flags(userType, flags);
870 }
871 }
872 done:
873 if (rc == CKR_OK) {
874 rc = session_mgr_login_all(tokdata, userType);
875 if (rc != CKR_OK) {
876 TRACE_DEVEL("session_mgr_login_all failed.\n");
877 } else {
878 if (sess)
879 rc = icsf_get_handles(tokdata, sess->session_info.slotID);
880 }
881 }
882
883 TRACE_INFO("C_Login: rc = 0x%08lx\n", rc);
884 if (sess)
885 save_token_data(tokdata, sess->session_info.slotID);
886
887 MY_UnlockMutex(&login_mutex);
888
889 return rc;
890 }
891
892
SC_Logout(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession)893 CK_RV SC_Logout(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession)
894 {
895 SESSION *sess = NULL;
896 CK_RV rc = CKR_OK;
897
898 if (tokdata->initialized == FALSE) {
899 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
900 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
901 goto done;
902 }
903
904 sess = session_mgr_find(sSession->sessionh);
905 if (!sess) {
906 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
907 rc = CKR_SESSION_HANDLE_INVALID;
908 goto done;
909 }
910 //set the handle into the session.
911 sess->handle = sSession->sessionh;
912
913 /* all sessions have the same state so we just have to check one */
914 if (session_mgr_public_session_exists()) {
915 TRACE_ERROR("%s\n", ock_err(ERR_USER_NOT_LOGGED_IN));
916 rc = CKR_USER_NOT_LOGGED_IN;
917 goto done;
918 }
919
920 rc = session_mgr_logout_all(tokdata);
921 if (rc != CKR_OK)
922 TRACE_DEVEL("session_mgr_logout_all failed.\n");
923
924
925 memset(tokdata->user_pin_md5, 0x0, MD5_HASH_SIZE);
926 memset(tokdata->so_pin_md5, 0x0, MD5_HASH_SIZE);
927
928 object_mgr_purge_private_token_objects(tokdata);
929
930 done:
931 TRACE_INFO("C_Logout: rc = 0x%08lx\n", rc);
932
933 return rc;
934 }
935
936
SC_CreateObject(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount,CK_OBJECT_HANDLE_PTR phObject)937 CK_RV SC_CreateObject(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
938 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
939 CK_OBJECT_HANDLE_PTR phObject)
940 {
941 SESSION *sess = NULL;
942 CK_RV rc = CKR_OK;
943
944 if (tokdata->initialized == FALSE) {
945 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
946 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
947 goto done;
948 }
949
950 sess = session_mgr_find(sSession->sessionh);
951 if (!sess) {
952 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
953 rc = CKR_SESSION_HANDLE_INVALID;
954 goto done;
955 }
956 //set the handle into the session.
957 sess->handle = sSession->sessionh;
958
959 if (pin_expired(&sess->session_info,
960 tokdata->nv_token_data->token_info.flags)) {
961 TRACE_ERROR("%s\n", ock_err(ERR_PIN_EXPIRED));
962 rc = CKR_PIN_EXPIRED;
963 goto done;
964 }
965
966 rc = icsftok_create_object(tokdata, sess, pTemplate, ulCount, phObject);
967 if (rc != CKR_OK)
968 TRACE_DEVEL("icsftok_create_object() failed.\n");
969 done:
970 TRACE_INFO("C_CreateObject: rc = 0x%08lx\n", rc);
971
972 #ifdef DEBUG
973 CK_ULONG i;
974
975 for (i = 0; i < ulCount; i++) {
976 if (pTemplate[i].type == CKA_CLASS) {
977 TRACE_DEBUG("Object Type: 0x%02lx\n",
978 *((CK_ULONG *) pTemplate[i].pValue));
979 }
980 }
981 if (rc == CKR_OK)
982 TRACE_DEBUG("Handle: %lu\n", *phObject);
983 #endif
984
985 return rc;
986 }
987
988
SC_CopyObject(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_OBJECT_HANDLE hObject,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount,CK_OBJECT_HANDLE_PTR phNewObject)989 CK_RV SC_CopyObject(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
990 CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate,
991 CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phNewObject)
992 {
993 SESSION *sess = NULL;
994 CK_RV rc = CKR_OK;
995
996 if (tokdata->initialized == FALSE) {
997 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
998 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
999 goto done;
1000 }
1001
1002 sess = session_mgr_find(sSession->sessionh);
1003 if (!sess) {
1004 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
1005 rc = CKR_SESSION_HANDLE_INVALID;
1006 goto done;
1007 }
1008 //set the handle into the session.
1009 sess->handle = sSession->sessionh;
1010
1011 if (pin_expired(&sess->session_info,
1012 tokdata->nv_token_data->token_info.flags) == TRUE) {
1013 TRACE_ERROR("%s\n", ock_err(ERR_PIN_EXPIRED));
1014 rc = CKR_PIN_EXPIRED;
1015 goto done;
1016 }
1017
1018 rc = icsftok_copy_object(sess, pTemplate, ulCount, hObject, phNewObject);
1019 if (rc != CKR_OK)
1020 TRACE_DEVEL("icsftok_copy_object() failed\n");
1021
1022 done:
1023 TRACE_INFO("C_CopyObject:rc = 0x%08lx, old handle = %lu, "
1024 "new handle = %lu\n", rc, hObject, *phNewObject);
1025
1026 return rc;
1027 }
1028
1029
SC_DestroyObject(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_OBJECT_HANDLE hObject)1030 CK_RV SC_DestroyObject(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
1031 CK_OBJECT_HANDLE hObject)
1032 {
1033 SESSION *sess = NULL;
1034 CK_RV rc = CKR_OK;
1035
1036 if (tokdata->initialized == FALSE) {
1037 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
1038 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1039 goto done;
1040 }
1041
1042 sess = session_mgr_find(sSession->sessionh);
1043 if (!sess) {
1044 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
1045 rc = CKR_SESSION_HANDLE_INVALID;
1046 goto done;
1047 }
1048 //set the handle into the session.
1049 sess->handle = sSession->sessionh;
1050
1051 if (pin_expired(&sess->session_info,
1052 tokdata->nv_token_data->token_info.flags) == TRUE) {
1053 TRACE_ERROR("%s\n", ock_err(ERR_PIN_EXPIRED));
1054 rc = CKR_PIN_EXPIRED;
1055 goto done;
1056 }
1057
1058 rc = icsftok_destroy_object(tokdata, sess, hObject);
1059 if (rc != CKR_OK)
1060 TRACE_DEVEL("icsftok_destroy_object() failed\n");
1061 done:
1062 TRACE_INFO("C_DestroyObject:rc = 0x%08lx, handle = %lu\n", rc, hObject);
1063
1064 return rc;
1065 }
1066
1067
SC_GetObjectSize(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_OBJECT_HANDLE hObject,CK_ULONG_PTR pulSize)1068 CK_RV SC_GetObjectSize(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
1069 CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize)
1070 {
1071 SESSION *sess = NULL;
1072 CK_RV rc = CKR_OK;
1073 /**
1074 * ock does not do object management for icsf token. To get the
1075 * object size call CSFPGAV and extract the attr_length returned.
1076 * icsf_get_attribute does not pass the user provided template
1077 * attributes to remote icsf, instead gets all the attributes from
1078 * remote icsf and returns only the user requested attributes.
1079 * icsf_get_object_size tries to do the same and extracts only the
1080 * attribute_list_length from the result. Setting attribute list to
1081 * NULL here and providing a dummy count value.
1082 **/
1083 CK_ATTRIBUTE_PTR pTemplate = NULL;
1084 CK_ULONG ulCount = 1;
1085
1086 if (tokdata->initialized == FALSE) {
1087 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
1088 return CKR_CRYPTOKI_NOT_INITIALIZED;
1089 }
1090
1091 sess = session_mgr_find(sSession->sessionh);
1092 if (!sess) {
1093 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
1094 rc = CKR_SESSION_HANDLE_INVALID;
1095 goto done;
1096 }
1097 //set the handle into the session.
1098 sess->handle = sSession->sessionh;
1099
1100 rc = icsftok_get_attribute_value(sess, hObject, pTemplate,
1101 ulCount, pulSize);
1102 if (rc != CKR_OK)
1103 TRACE_DEVEL("icsftok_get_attribute_value() failed.\n");
1104
1105
1106 done:
1107 TRACE_INFO("C_GetObjectSize: rc = 0x%08lx, handle = %lu\n", rc, hObject);
1108
1109 return rc;
1110 }
1111
1112
SC_GetAttributeValue(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_OBJECT_HANDLE hObject,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount)1113 CK_RV SC_GetAttributeValue(STDLL_TokData_t * tokdata,
1114 ST_SESSION_HANDLE * sSession,
1115 CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate,
1116 CK_ULONG ulCount)
1117 {
1118 SESSION *sess = NULL;
1119 CK_RV rc = CKR_OK;
1120
1121 if (tokdata->initialized == FALSE) {
1122 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
1123 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1124 goto done;
1125 }
1126
1127 sess = session_mgr_find(sSession->sessionh);
1128 if (!sess) {
1129 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
1130 rc = CKR_SESSION_HANDLE_INVALID;
1131 goto done;
1132 }
1133 //set the handle into the session.
1134 sess->handle = sSession->sessionh;
1135
1136 rc = icsftok_get_attribute_value(sess, hObject, pTemplate, ulCount, NULL);
1137 if (rc != CKR_OK)
1138 TRACE_DEVEL("icsftok_get_attribute_value() failed.\n");
1139
1140 done:
1141 TRACE_INFO("C_GetAttributeValue: rc = 0x%08lx, handle = %lu\n",
1142 rc, hObject);
1143
1144 #ifdef DEBUG
1145 CK_ULONG i;
1146 CK_BYTE *ptr = NULL;
1147 CK_ATTRIBUTE *attr = NULL;
1148
1149 attr = pTemplate;
1150 for (i = 0; i < ulCount; i++, attr++) {
1151 ptr = (CK_BYTE *) attr->pValue;
1152
1153 TRACE_DEBUG("%lu: Attribute type: 0x%08lx, Value Length: %lu\n",
1154 i, attr->type, attr->ulValueLen);
1155
1156 if (attr->ulValueLen != (CK_ULONG) (-1) && (ptr != NULL))
1157 TRACE_DEBUG("First 4 bytes: %02x %02x %02x %02x\n",
1158 ptr[0], ptr[1], ptr[2], ptr[3]);
1159 }
1160 #endif
1161
1162 return rc;
1163 }
1164
1165
SC_SetAttributeValue(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_OBJECT_HANDLE hObject,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount)1166 CK_RV SC_SetAttributeValue(STDLL_TokData_t * tokdata,
1167 ST_SESSION_HANDLE * sSession,
1168 CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate,
1169 CK_ULONG ulCount)
1170 {
1171 SESSION *sess = NULL;
1172 CK_RV rc = CKR_OK;
1173
1174 if (tokdata->initialized == FALSE) {
1175 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
1176 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1177 goto done;
1178 }
1179
1180 sess = session_mgr_find(sSession->sessionh);
1181 if (!sess) {
1182 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
1183 rc = CKR_SESSION_HANDLE_INVALID;
1184 goto done;
1185 }
1186 //set the handle into the session.
1187 sess->handle = sSession->sessionh;
1188
1189 rc = icsftok_set_attribute_value(sess, hObject, pTemplate, ulCount);
1190 if (rc != CKR_OK)
1191 TRACE_DEVEL("icsftok_set_attribute_values() failed.\n");
1192
1193 done:
1194 TRACE_INFO("C_SetAttributeValue: rc = 0x%08lx, handle = %lu\n",
1195 rc, hObject);
1196 #ifdef DEBUG
1197 CK_ULONG i;
1198 CK_ATTRIBUTE *attr = NULL;
1199
1200 attr = pTemplate;
1201 for (i = 0; i < ulCount; i++, attr++) {
1202 CK_BYTE *ptr = (CK_BYTE *) attr->pValue;
1203
1204 TRACE_DEBUG("%lu: Attribute type: 0x%08lx, Value Length: %lu\n",
1205 i, attr->type, attr->ulValueLen);
1206
1207 if (attr->ulValueLen != (CK_ULONG) (-1) && (ptr != NULL))
1208 TRACE_DEBUG("First 4 bytes: %02x %02x %02x %02x\n",
1209 ptr[0], ptr[1], ptr[2], ptr[3]);
1210 }
1211 #endif
1212
1213 return rc;
1214 }
1215
1216
SC_FindObjectsInit(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount)1217 CK_RV SC_FindObjectsInit(STDLL_TokData_t * tokdata,
1218 ST_SESSION_HANDLE * sSession,
1219 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)
1220 {
1221 SESSION *sess = NULL;
1222 CK_RV rc = CKR_OK;
1223
1224 if (tokdata->initialized == FALSE) {
1225 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
1226 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1227 goto done;
1228 }
1229
1230 sess = session_mgr_find(sSession->sessionh);
1231 if (!sess) {
1232 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
1233 rc = CKR_SESSION_HANDLE_INVALID;
1234 goto done;
1235 }
1236 //set the handle into the session.
1237 sess->handle = sSession->sessionh;
1238
1239 if (pin_expired(&sess->session_info,
1240 tokdata->nv_token_data->token_info.flags) == TRUE) {
1241 TRACE_ERROR("%s\n", ock_err(ERR_PIN_EXPIRED));
1242 rc = CKR_PIN_EXPIRED;
1243 goto done;
1244 }
1245
1246 if (sess->find_active == TRUE) {
1247 TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_ACTIVE));
1248 rc = CKR_OPERATION_ACTIVE;
1249 goto done;
1250 }
1251
1252 rc = icsftok_find_objects_init(tokdata, sess, pTemplate, ulCount);
1253
1254 done:
1255 TRACE_INFO("C_FindObjectsInit: rc = 0x%08lx\n", rc);
1256
1257 #ifdef DEBUG
1258 CK_ULONG i;
1259 CK_ATTRIBUTE *attr = NULL;
1260
1261 attr = pTemplate;
1262 for (i = 0; i < ulCount; i++, attr++) {
1263 CK_BYTE *ptr = (CK_BYTE *) attr->pValue;
1264
1265 TRACE_DEBUG("%lu: Attribute type: 0x%08lx, Value Length: %lu\n",
1266 i, attr->type, attr->ulValueLen);
1267
1268 if (attr->ulValueLen != (CK_ULONG) (-1) && (ptr != NULL))
1269 TRACE_DEBUG("First 4 bytes: %02x %02x %02x %02x\n",
1270 ptr[0], ptr[1], ptr[2], ptr[3]);
1271 }
1272 #endif
1273
1274 return rc;
1275 }
1276
1277
SC_FindObjects(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_OBJECT_HANDLE_PTR phObject,CK_ULONG ulMaxObjectCount,CK_ULONG_PTR pulObjectCount)1278 CK_RV SC_FindObjects(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
1279 CK_OBJECT_HANDLE_PTR phObject, CK_ULONG ulMaxObjectCount,
1280 CK_ULONG_PTR pulObjectCount)
1281 {
1282 SESSION *sess = NULL;
1283 CK_ULONG count = 0;
1284 CK_RV rc = CKR_OK;
1285
1286 if (tokdata->initialized == FALSE) {
1287 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
1288 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1289 goto done;
1290 }
1291
1292 if (!phObject || !pulObjectCount) {
1293 TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD));
1294 rc = CKR_ARGUMENTS_BAD;
1295 goto done;
1296 }
1297
1298 sess = session_mgr_find(sSession->sessionh);
1299 if (!sess) {
1300 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
1301 rc = CKR_SESSION_HANDLE_INVALID;
1302 goto done;
1303 }
1304 //set the handle into the session.
1305 sess->handle = sSession->sessionh;
1306
1307 if (sess->find_active == FALSE) {
1308 TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));
1309 rc = CKR_OPERATION_NOT_INITIALIZED;
1310 goto done;
1311 }
1312
1313 if (!sess->find_list) {
1314 TRACE_DEVEL("sess->find_list is NULL.\n");
1315 rc = CKR_FUNCTION_FAILED;
1316 goto done;
1317 }
1318 count = MIN(ulMaxObjectCount, (sess->find_count - sess->find_idx));
1319
1320 memcpy(phObject, sess->find_list + sess->find_idx,
1321 count * sizeof(CK_OBJECT_HANDLE));
1322 *pulObjectCount = count;
1323
1324 sess->find_idx += count;
1325 rc = CKR_OK;
1326
1327 done:
1328 TRACE_INFO("C_FindObjects: rc = 0x%08lx, returned %lu objects\n",
1329 rc, count);
1330
1331 return rc;
1332 }
1333
1334
SC_FindObjectsFinal(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession)1335 CK_RV SC_FindObjectsFinal(STDLL_TokData_t * tokdata,
1336 ST_SESSION_HANDLE * sSession)
1337 {
1338 SESSION *sess = NULL;
1339 CK_RV rc = CKR_OK;
1340
1341 if (tokdata->initialized == FALSE) {
1342 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
1343 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1344 goto done;
1345 }
1346
1347 sess = session_mgr_find(sSession->sessionh);
1348 if (!sess) {
1349 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
1350 rc = CKR_SESSION_HANDLE_INVALID;
1351 goto done;
1352 }
1353 //set the handle into the session.
1354 sess->handle = sSession->sessionh;
1355
1356 if (sess->find_active == FALSE) {
1357 TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));
1358 rc = CKR_OPERATION_NOT_INITIALIZED;
1359 goto done;
1360 }
1361
1362 if (sess->find_list)
1363 free(sess->find_list);
1364
1365 sess->find_list = NULL;
1366 sess->find_len = 0;
1367 sess->find_idx = 0;
1368 sess->find_active = FALSE;
1369
1370 rc = CKR_OK;
1371
1372 done:
1373 TRACE_INFO("C_FindObjectsFinal: rc = 0x%08lx\n", rc);
1374
1375 return rc;
1376 }
1377
1378
SC_EncryptInit(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey)1379 CK_RV SC_EncryptInit(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
1380 CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
1381 {
1382 SESSION *sess = NULL;
1383 CK_RV rc = CKR_OK;
1384
1385 if (tokdata->initialized == FALSE) {
1386 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
1387 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1388 goto done;
1389 }
1390
1391 if (!pMechanism) {
1392 TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD));
1393 rc = CKR_ARGUMENTS_BAD;
1394 goto done;
1395 }
1396
1397 rc = valid_mech(tokdata, pMechanism, CKF_ENCRYPT);
1398 if (rc != CKR_OK)
1399 goto done;
1400
1401 sess = session_mgr_find(sSession->sessionh);
1402 if (!sess) {
1403 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
1404 rc = CKR_SESSION_HANDLE_INVALID;
1405 goto done;
1406 }
1407 //set the handle into the session.
1408 sess->handle = sSession->sessionh;
1409
1410 if (pin_expired(&sess->session_info,
1411 tokdata->nv_token_data->token_info.flags) == TRUE) {
1412 TRACE_ERROR("%s\n", ock_err(ERR_PIN_EXPIRED));
1413 rc = CKR_PIN_EXPIRED;
1414 goto done;
1415 }
1416
1417 if (sess->encr_ctx.active == TRUE) {
1418 TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_ACTIVE));
1419 rc = CKR_OPERATION_ACTIVE;
1420 goto done;
1421 }
1422
1423 rc = icsftok_encrypt_init(sess, pMechanism, hKey);
1424
1425 done:
1426 TRACE_INFO("C_EncryptInit: rc = 0x%08lx, sess = %ld, mech = 0x%lx\n",
1427 rc, (sess == NULL) ? -1 : (CK_LONG) sess->handle,
1428 (pMechanism ? pMechanism->mechanism : (CK_ULONG)(-1)));
1429
1430 return rc;
1431 }
1432
1433
SC_Encrypt(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_BYTE_PTR pData,CK_ULONG ulDataLen,CK_BYTE_PTR pEncryptedData,CK_ULONG_PTR pulEncryptedDataLen)1434 CK_RV SC_Encrypt(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
1435 CK_BYTE_PTR pData, CK_ULONG ulDataLen,
1436 CK_BYTE_PTR pEncryptedData, CK_ULONG_PTR pulEncryptedDataLen)
1437 {
1438 SESSION *sess = NULL;
1439 CK_BBOOL length_only = FALSE;
1440 CK_RV rc = CKR_OK;
1441
1442 if (tokdata->initialized == FALSE) {
1443 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
1444 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1445 goto done;
1446 }
1447
1448 sess = session_mgr_find(sSession->sessionh);
1449 if (!sess) {
1450 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
1451 rc = CKR_SESSION_HANDLE_INVALID;
1452 goto done;
1453 }
1454 //set the handle into the session.
1455 sess->handle = sSession->sessionh;
1456
1457 if (!pData || !pulEncryptedDataLen) {
1458 TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD));
1459 rc = CKR_ARGUMENTS_BAD;
1460 goto done;
1461 }
1462
1463 if (sess->encr_ctx.active == FALSE) {
1464 TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));
1465 rc = CKR_OPERATION_NOT_INITIALIZED;
1466 goto done;
1467 }
1468
1469 if (!pEncryptedData)
1470 length_only = TRUE;
1471
1472 rc = icsftok_encrypt(sess, pData, ulDataLen, pEncryptedData,
1473 pulEncryptedDataLen);
1474 if (rc != CKR_OK)
1475 TRACE_DEVEL("icsftok_encrypt() failed.\n");
1476
1477 done:
1478 if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) {
1479 if (sess)
1480 encr_mgr_cleanup(&sess->encr_ctx);
1481 }
1482
1483 TRACE_INFO("C_Encrypt: rc = 0x%08lx, sess = %ld, amount = %lu\n",
1484 rc, (sess == NULL) ? -1 : (CK_LONG) sess->handle, ulDataLen);
1485
1486 return rc;
1487 }
1488
1489
SC_EncryptUpdate(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_BYTE_PTR pPart,CK_ULONG ulPartLen,CK_BYTE_PTR pEncryptedPart,CK_ULONG_PTR pulEncryptedPartLen)1490 CK_RV SC_EncryptUpdate(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
1491 CK_BYTE_PTR pPart, CK_ULONG ulPartLen,
1492 CK_BYTE_PTR pEncryptedPart,
1493 CK_ULONG_PTR pulEncryptedPartLen)
1494 {
1495 SESSION *sess = NULL;
1496 CK_RV rc = CKR_OK;
1497
1498 if (tokdata->initialized == FALSE) {
1499 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
1500 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1501 goto done;
1502 }
1503
1504 sess = session_mgr_find(sSession->sessionh);
1505 if (!sess) {
1506 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
1507 rc = CKR_SESSION_HANDLE_INVALID;
1508 goto done;
1509 }
1510 //set the handle into the session.
1511 sess->handle = sSession->sessionh;
1512
1513 if ((!pPart && ulPartLen != 0) || !pulEncryptedPartLen) {
1514 TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD));
1515 rc = CKR_ARGUMENTS_BAD;
1516 goto done;
1517 }
1518
1519 if (sess->encr_ctx.active == FALSE) {
1520 TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));
1521 rc = CKR_OPERATION_NOT_INITIALIZED;
1522 goto done;
1523 }
1524
1525 rc = icsftok_encrypt_update(sess, pPart, ulPartLen, pEncryptedPart,
1526 pulEncryptedPartLen);
1527 if (rc != CKR_OK)
1528 TRACE_DEVEL("icsftok_encrypt_update() failed.\n");
1529
1530 done:
1531 if (rc != CKR_OK && rc != CKR_BUFFER_TOO_SMALL) {
1532 if (sess)
1533 encr_mgr_cleanup(&sess->encr_ctx);
1534 }
1535
1536 TRACE_INFO("C_EncryptUpdate: rc = 0x%08lx, sess = %ld, amount = %lu\n",
1537 rc, (sess == NULL) ? -1 : (CK_LONG) sess->handle, ulPartLen);
1538
1539 return rc;
1540 }
1541
1542
SC_EncryptFinal(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_BYTE_PTR pLastEncryptedPart,CK_ULONG_PTR pulLastEncryptedPartLen)1543 CK_RV SC_EncryptFinal(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
1544 CK_BYTE_PTR pLastEncryptedPart,
1545 CK_ULONG_PTR pulLastEncryptedPartLen)
1546 {
1547 SESSION *sess = NULL;
1548 CK_BBOOL length_only = FALSE;
1549 CK_RV rc = CKR_OK;
1550
1551 if (tokdata->initialized == FALSE) {
1552 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
1553 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1554 goto done;
1555 }
1556
1557 sess = session_mgr_find(sSession->sessionh);
1558 if (!sess) {
1559 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
1560 rc = CKR_SESSION_HANDLE_INVALID;
1561 goto done;
1562 }
1563 //set the handle into the session.
1564 sess->handle = sSession->sessionh;
1565
1566 if (!pulLastEncryptedPartLen) {
1567 TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD));
1568 rc = CKR_ARGUMENTS_BAD;
1569 goto done;
1570 }
1571
1572 if (sess->encr_ctx.active == FALSE) {
1573 TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));
1574 rc = CKR_OPERATION_NOT_INITIALIZED;
1575 goto done;
1576 }
1577
1578 if (!pLastEncryptedPart)
1579 length_only = TRUE;
1580
1581 rc = icsftok_encrypt_final(sess, pLastEncryptedPart,
1582 pulLastEncryptedPartLen);
1583 if (rc != CKR_OK)
1584 TRACE_ERROR("icsftok_encrypt_final() failed.\n");
1585
1586 done:
1587 if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) {
1588 if (sess)
1589 encr_mgr_cleanup(&sess->encr_ctx);
1590 }
1591
1592 TRACE_INFO("C_EncryptFinal: rc = 0x%08lx, sess = %ld\n",
1593 rc, (sess == NULL) ? -1 : (CK_LONG) sess->handle);
1594
1595 return rc;
1596 }
1597
1598
SC_DecryptInit(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey)1599 CK_RV SC_DecryptInit(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
1600 CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
1601 {
1602 SESSION *sess = NULL;
1603 CK_RV rc = CKR_OK;
1604
1605 if (tokdata->initialized == FALSE) {
1606 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
1607 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1608 goto done;
1609 }
1610
1611 if (!pMechanism) {
1612 TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD));
1613 rc = CKR_ARGUMENTS_BAD;
1614 goto done;
1615 }
1616
1617 rc = valid_mech(tokdata, pMechanism, CKF_DECRYPT);
1618 if (rc != CKR_OK)
1619 goto done;
1620
1621 sess = session_mgr_find(sSession->sessionh);
1622 if (!sess) {
1623 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
1624 rc = CKR_SESSION_HANDLE_INVALID;
1625 goto done;
1626 }
1627 //set the handle into the session.
1628 sess->handle = sSession->sessionh;
1629
1630 if (pin_expired(&sess->session_info,
1631 tokdata->nv_token_data->token_info.flags) == TRUE) {
1632 TRACE_ERROR("%s\n", ock_err(ERR_PIN_EXPIRED));
1633 rc = CKR_PIN_EXPIRED;
1634 goto done;
1635 }
1636
1637 if (sess->decr_ctx.active == TRUE) {
1638 TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_ACTIVE));
1639 rc = CKR_OPERATION_ACTIVE;
1640 goto done;
1641 }
1642
1643 rc = icsftok_decrypt_init(sess, pMechanism, hKey);
1644 if (rc != CKR_OK)
1645 TRACE_DEVEL("icsftok_decrypt_init() failed.\n");
1646
1647 done:
1648 TRACE_INFO("C_DecryptInit: rc = 0x%08lx, sess = %ld, mech = 0x%lx\n",
1649 rc, (sess == NULL) ? -1 : (CK_LONG) sess->handle,
1650 (pMechanism ? pMechanism->mechanism : (CK_ULONG)(-1)));
1651
1652 return rc;
1653 }
1654
1655
SC_Decrypt(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_BYTE_PTR pEncryptedData,CK_ULONG ulEncryptedDataLen,CK_BYTE_PTR pData,CK_ULONG_PTR pulDataLen)1656 CK_RV SC_Decrypt(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
1657 CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen,
1658 CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
1659 {
1660 SESSION *sess = NULL;
1661 CK_BBOOL length_only = FALSE;
1662 CK_RV rc = CKR_OK;
1663
1664 if (tokdata->initialized == FALSE) {
1665 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
1666 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1667 goto done;
1668 }
1669
1670 sess = session_mgr_find(sSession->sessionh);
1671 if (!sess) {
1672 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
1673 rc = CKR_SESSION_HANDLE_INVALID;
1674 goto done;
1675 }
1676 //set the handle into the session.
1677 sess->handle = sSession->sessionh;
1678
1679 if (!pEncryptedData || !pulDataLen) {
1680 TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD));
1681 rc = CKR_ARGUMENTS_BAD;
1682 goto done;
1683 }
1684
1685 if (sess->decr_ctx.active == FALSE) {
1686 TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));
1687 rc = CKR_OPERATION_NOT_INITIALIZED;
1688 goto done;
1689 }
1690
1691 if (!pData)
1692 length_only = TRUE;
1693
1694 rc = icsftok_decrypt(sess, pEncryptedData, ulEncryptedDataLen, pData,
1695 pulDataLen);
1696 if (rc != CKR_OK)
1697 TRACE_DEVEL("icsftok_decrypt() failed.\n");
1698
1699 done:
1700 if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) {
1701 if (sess)
1702 decr_mgr_cleanup(&sess->decr_ctx);
1703 }
1704
1705 TRACE_INFO("C_Decrypt: rc = 0x%08lx, sess = %ld, amount = %lu\n",
1706 rc, (sess == NULL) ? -1 : (CK_LONG) sess->handle,
1707 ulEncryptedDataLen);
1708
1709 return rc;
1710 }
1711
1712
SC_DecryptUpdate(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_BYTE_PTR pEncryptedPart,CK_ULONG ulEncryptedPartLen,CK_BYTE_PTR pPart,CK_ULONG_PTR pulPartLen)1713 CK_RV SC_DecryptUpdate(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
1714 CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen,
1715 CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen)
1716 {
1717 SESSION *sess = NULL;
1718 CK_RV rc = CKR_OK;
1719
1720 if (tokdata->initialized == FALSE) {
1721 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
1722 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1723 goto done;
1724 }
1725
1726 sess = session_mgr_find(sSession->sessionh);
1727 if (!sess) {
1728 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
1729 rc = CKR_SESSION_HANDLE_INVALID;
1730 goto done;
1731 }
1732 //set the handle into the session.
1733 sess->handle = sSession->sessionh;
1734
1735 if ((!pEncryptedPart && ulEncryptedPartLen != 0) || !pulPartLen) {
1736 TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD));
1737 rc = CKR_ARGUMENTS_BAD;
1738 goto done;
1739 }
1740
1741 if (sess->decr_ctx.active == FALSE) {
1742 TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));
1743 rc = CKR_OPERATION_NOT_INITIALIZED;
1744 goto done;
1745 }
1746
1747 rc = icsftok_decrypt_update(sess, pEncryptedPart, ulEncryptedPartLen,
1748 pPart, pulPartLen);
1749 if (rc != CKR_OK)
1750 TRACE_DEVEL("icsftok_decrypt_update() failed.\n");
1751
1752 done:
1753 if (rc != CKR_OK && rc != CKR_BUFFER_TOO_SMALL && sess != NULL) {
1754 if (sess)
1755 decr_mgr_cleanup(&sess->decr_ctx);
1756 }
1757
1758 TRACE_INFO("C_DecryptUpdate: rc = 0x%08lx, sess = %ld, amount = %lu\n",
1759 rc, (sess == NULL) ? -1 : (CK_LONG) sess->handle,
1760 ulEncryptedPartLen);
1761
1762 return rc;
1763 }
1764
1765
SC_DecryptFinal(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_BYTE_PTR pLastPart,CK_ULONG_PTR pulLastPartLen)1766 CK_RV SC_DecryptFinal(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
1767 CK_BYTE_PTR pLastPart, CK_ULONG_PTR pulLastPartLen)
1768 {
1769 SESSION *sess = NULL;
1770 CK_BBOOL length_only = FALSE;
1771 CK_RV rc = CKR_OK;
1772
1773 if (tokdata->initialized == FALSE) {
1774 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
1775 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1776 goto done;
1777 }
1778
1779 sess = session_mgr_find(sSession->sessionh);
1780 if (!sess) {
1781 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
1782 rc = CKR_SESSION_HANDLE_INVALID;
1783 goto done;
1784 }
1785 //set the handle into the session.
1786 sess->handle = sSession->sessionh;
1787
1788 if (!pulLastPartLen) {
1789 TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD));
1790 rc = CKR_ARGUMENTS_BAD;
1791 goto done;
1792 }
1793
1794 if (sess->decr_ctx.active == FALSE) {
1795 TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));
1796 rc = CKR_OPERATION_NOT_INITIALIZED;
1797 goto done;
1798 }
1799
1800 if (!pLastPart)
1801 length_only = TRUE;
1802
1803 rc = icsftok_decrypt_final(sess, pLastPart, pulLastPartLen);
1804 if (rc != CKR_OK)
1805 TRACE_DEVEL("icsftok_decrypt_final() failed.\n");
1806 done:
1807 if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || length_only != TRUE)) {
1808 if (sess)
1809 decr_mgr_cleanup(&sess->decr_ctx);
1810 }
1811
1812 TRACE_INFO("C_DecryptFinal: rc = 0x%08lx, sess = %ld, amount = %lu\n",
1813 rc, (sess == NULL) ? -1 : (CK_LONG) sess->handle,
1814 (pulLastPartLen ? *pulLastPartLen : (CK_ULONG)(-1)));
1815
1816 return rc;
1817 }
1818
1819
SC_DigestInit(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_MECHANISM_PTR pMechanism)1820 CK_RV SC_DigestInit(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
1821 CK_MECHANISM_PTR pMechanism)
1822 {
1823 SESSION *sess = NULL;
1824 CK_RV rc = CKR_OK;
1825
1826 if (tokdata->initialized == FALSE) {
1827 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
1828 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1829 goto done;
1830 }
1831 if (!pMechanism) {
1832 TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD));
1833 rc = CKR_ARGUMENTS_BAD;
1834 goto done;
1835 }
1836
1837 rc = valid_mech(tokdata, pMechanism, CKF_DIGEST);
1838 if (rc != CKR_OK)
1839 goto done;
1840
1841 sess = session_mgr_find(sSession->sessionh);
1842 if (!sess) {
1843 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
1844 rc = CKR_SESSION_HANDLE_INVALID;
1845 goto done;
1846 }
1847 //set the handle into the session.
1848 sess->handle = sSession->sessionh;
1849
1850 if (pin_expired(&sess->session_info,
1851 tokdata->nv_token_data->token_info.flags) == TRUE) {
1852 TRACE_ERROR("%s\n", ock_err(ERR_PIN_EXPIRED));
1853 rc = CKR_PIN_EXPIRED;
1854 goto done;
1855 }
1856
1857 if (sess->digest_ctx.active == TRUE) {
1858 TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_ACTIVE));
1859 rc = CKR_OPERATION_ACTIVE;
1860 goto done;
1861 }
1862
1863 rc = digest_mgr_init(tokdata, sess, &sess->digest_ctx, pMechanism);
1864 if (rc != CKR_OK)
1865 TRACE_DEVEL("digest_mgr_init() failed.\n");
1866
1867 done:
1868 TRACE_INFO("C_DigestInit: rc = 0x%08lx, sess = %ld, mech = %lx\n",
1869 rc, (sess == NULL) ? -1 : (CK_LONG) sess->handle,
1870 (pMechanism ? pMechanism->mechanism : (CK_ULONG)(-1)));
1871
1872 return rc;
1873 }
1874
1875
SC_Digest(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_BYTE_PTR pData,CK_ULONG ulDataLen,CK_BYTE_PTR pDigest,CK_ULONG_PTR pulDigestLen)1876 CK_RV SC_Digest(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
1877 CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pDigest,
1878 CK_ULONG_PTR pulDigestLen)
1879 {
1880 SESSION *sess = NULL;
1881 CK_BBOOL length_only = FALSE;
1882 CK_RV rc = CKR_OK;
1883
1884 if (tokdata->initialized == FALSE) {
1885 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
1886 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1887 goto done;
1888 }
1889
1890 sess = session_mgr_find(sSession->sessionh);
1891 if (!sess) {
1892 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
1893 rc = CKR_SESSION_HANDLE_INVALID;
1894 goto done;
1895 }
1896 //set the handle into the session.
1897 sess->handle = sSession->sessionh;
1898
1899 if (sess->digest_ctx.active == FALSE) {
1900 TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));
1901 rc = CKR_OPERATION_NOT_INITIALIZED;
1902 goto done;
1903 }
1904
1905 if (!pDigest)
1906 length_only = TRUE;
1907
1908 rc = digest_mgr_digest(tokdata, sess, length_only, &sess->digest_ctx,
1909 pData, ulDataLen, pDigest, pulDigestLen);
1910 if (rc != CKR_OK)
1911 TRACE_DEVEL("digest_mgr_digest() failed.\n");
1912
1913 done:
1914 TRACE_INFO("C_Digest: rc = 0x%08lx, sess = %ld, datalen = %lu\n",
1915 rc, (sess == NULL) ? -1 : (CK_LONG) sess->handle, ulDataLen);
1916
1917 return rc;
1918 }
1919
1920
SC_DigestUpdate(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_BYTE_PTR pPart,CK_ULONG ulPartLen)1921 CK_RV SC_DigestUpdate(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
1922 CK_BYTE_PTR pPart, CK_ULONG ulPartLen)
1923 {
1924 SESSION *sess = NULL;
1925 CK_RV rc = CKR_OK;
1926
1927 if (tokdata->initialized == FALSE) {
1928 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
1929 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1930 goto done;
1931 }
1932
1933 sess = session_mgr_find(sSession->sessionh);
1934 if (!sess) {
1935 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
1936 rc = CKR_SESSION_HANDLE_INVALID;
1937 goto done;
1938 }
1939 //set the handle into the session.
1940 sess->handle = sSession->sessionh;
1941
1942 if (sess->digest_ctx.active == FALSE) {
1943 TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));
1944 rc = CKR_OPERATION_NOT_INITIALIZED;
1945 goto done;
1946 }
1947
1948 /* If there is data to hash, do so. */
1949 if (ulPartLen) {
1950 rc = digest_mgr_digest_update(tokdata, sess, &sess->digest_ctx,
1951 pPart, ulPartLen);
1952 if (rc != CKR_OK)
1953 TRACE_DEVEL("digest_mgr_digest_update() failed.\n");
1954 }
1955 done:
1956 TRACE_INFO("C_DigestUpdate: rc = %08lx, sess = %ld, datalen = %lu\n",
1957 rc, (sess == NULL) ? -1 : (CK_LONG) sess->handle, ulPartLen);
1958
1959 return rc;
1960 }
1961
1962
SC_DigestKey(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_OBJECT_HANDLE hKey)1963 CK_RV SC_DigestKey(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
1964 CK_OBJECT_HANDLE hKey)
1965 {
1966 SESSION *sess = NULL;
1967 CK_RV rc = CKR_OK;
1968
1969 if (tokdata->initialized == FALSE) {
1970 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
1971 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
1972 goto done;
1973 }
1974
1975 sess = session_mgr_find(sSession->sessionh);
1976 if (!sess) {
1977 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
1978 rc = CKR_SESSION_HANDLE_INVALID;
1979 goto done;
1980 }
1981 //set the handle into the session.
1982 sess->handle = sSession->sessionh;
1983
1984 if (sess->digest_ctx.active == FALSE) {
1985 TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));
1986 rc = CKR_OPERATION_NOT_INITIALIZED;
1987 goto done;
1988 }
1989
1990 rc = digest_mgr_digest_key(tokdata, sess, &sess->digest_ctx, hKey);
1991 if (rc != CKR_OK)
1992 TRACE_DEVEL("digest_mgr_digest_key() failed.\n");
1993
1994 done:
1995 TRACE_INFO("C_DigestKey: rc = %08lx, sess = %ld, key = %lu\n",
1996 rc, (sess == NULL) ? -1 : (CK_LONG) sess->handle, hKey);
1997
1998 return rc;
1999 }
2000
2001
SC_DigestFinal(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_BYTE_PTR pDigest,CK_ULONG_PTR pulDigestLen)2002 CK_RV SC_DigestFinal(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
2003 CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen)
2004 {
2005 SESSION *sess = NULL;
2006 CK_BBOOL length_only = FALSE;
2007 CK_RV rc = CKR_OK;
2008
2009 if (tokdata->initialized == FALSE) {
2010 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
2011 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
2012 goto done;
2013 }
2014
2015 sess = session_mgr_find(sSession->sessionh);
2016 if (!sess) {
2017 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
2018 rc = CKR_SESSION_HANDLE_INVALID;
2019 goto done;
2020 }
2021 //set the handle into the session.
2022 sess->handle = sSession->sessionh;
2023
2024 if (sess->digest_ctx.active == FALSE) {
2025 TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));
2026 rc = CKR_OPERATION_NOT_INITIALIZED;
2027 goto done;
2028 }
2029
2030 if (!pDigest)
2031 length_only = TRUE;
2032
2033 rc = digest_mgr_digest_final(tokdata, sess, length_only,
2034 &sess->digest_ctx, pDigest, pulDigestLen);
2035 if (rc != CKR_OK)
2036 TRACE_ERROR("digest_mgr_digest_final() failed.\n");
2037
2038 done:
2039 TRACE_INFO("C_DigestFinal: rc = %08lx, sess = %ld\n",
2040 rc, (sess == NULL) ? -1 : (CK_LONG) sess->handle);
2041
2042 return rc;
2043 }
2044
2045
SC_SignInit(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey)2046 CK_RV SC_SignInit(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
2047 CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
2048 {
2049 SESSION *sess = NULL;
2050 CK_RV rc = CKR_OK;
2051
2052 if (tokdata->initialized == FALSE) {
2053 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
2054 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
2055 goto done;
2056 }
2057
2058 if (!pMechanism) {
2059 TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD));
2060 rc = CKR_ARGUMENTS_BAD;
2061 goto done;
2062 }
2063
2064 sess = session_mgr_find(sSession->sessionh);
2065 if (!sess) {
2066 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
2067 rc = CKR_SESSION_HANDLE_INVALID;
2068 goto done;
2069 }
2070 //set the handle into the session.
2071 sess->handle = sSession->sessionh;
2072
2073 rc = valid_mech(tokdata, pMechanism, CKF_SIGN);
2074 if (rc != CKR_OK)
2075 goto done;
2076
2077 if (pin_expired(&sess->session_info,
2078 tokdata->nv_token_data->token_info.flags) == TRUE) {
2079 TRACE_ERROR("%s\n", ock_err(ERR_PIN_EXPIRED));
2080 rc = CKR_PIN_EXPIRED;
2081 goto done;
2082 }
2083
2084 if (sess->sign_ctx.active == TRUE) {
2085 rc = CKR_OPERATION_ACTIVE;
2086 TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_ACTIVE));
2087 goto done;
2088 }
2089
2090 rc = icsftok_sign_init(sess, pMechanism, hKey);
2091 if (rc != CKR_OK)
2092 TRACE_DEVEL("icsftok_sign_init() failed.\n");
2093
2094 done:
2095 TRACE_INFO("C_SignInit: rc = %08lx, sess = %ld, mech = %lx\n",
2096 rc, (sess == NULL) ? -1 : (CK_LONG) sess->handle,
2097 (pMechanism ? pMechanism->mechanism : (CK_ULONG)(-1)));
2098
2099 return rc;
2100 }
2101
2102
SC_Sign(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_BYTE_PTR pData,CK_ULONG ulDataLen,CK_BYTE_PTR pSignature,CK_ULONG_PTR pulSignatureLen)2103 CK_RV SC_Sign(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
2104 CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
2105 CK_ULONG_PTR pulSignatureLen)
2106 {
2107 SESSION *sess = NULL;
2108 CK_RV rc = CKR_OK;
2109
2110 if (tokdata->initialized == FALSE) {
2111 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
2112 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
2113 goto done;
2114 }
2115
2116 if (!pData || !pulSignatureLen) {
2117 TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD));
2118 rc = CKR_ARGUMENTS_BAD;
2119 goto done;
2120 }
2121
2122 sess = session_mgr_find(sSession->sessionh);
2123 if (!sess) {
2124 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
2125 rc = CKR_SESSION_HANDLE_INVALID;
2126 goto done;
2127 }
2128 //set the handle into the session.
2129 sess->handle = sSession->sessionh;
2130
2131 if (sess->sign_ctx.active == FALSE) {
2132 TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));
2133 rc = CKR_OPERATION_NOT_INITIALIZED;
2134 goto done;
2135 }
2136
2137 rc = icsftok_sign(sess, pData, ulDataLen, pSignature, pulSignatureLen);
2138 if (rc != CKR_OK)
2139 TRACE_DEVEL("icsftok_sign() failed.\n");
2140
2141 done:
2142 if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || pSignature))
2143 sign_mgr_cleanup(&sess->sign_ctx);
2144
2145 TRACE_INFO("C_Sign: rc = %08lx, sess = %ld, datalen = %lu\n",
2146 rc, (sess == NULL) ? -1 : (CK_LONG) sess->handle, ulDataLen);
2147
2148 return rc;
2149 }
2150
2151
SC_SignUpdate(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_BYTE_PTR pPart,CK_ULONG ulPartLen)2152 CK_RV SC_SignUpdate(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
2153 CK_BYTE_PTR pPart, CK_ULONG ulPartLen)
2154 {
2155 SESSION *sess = NULL;
2156 CK_RV rc = CKR_OK;
2157
2158 if (tokdata->initialized == FALSE) {
2159 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
2160 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
2161 goto done;
2162 }
2163
2164 if (!pPart && ulPartLen != 0) {
2165 TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD));
2166 rc = CKR_ARGUMENTS_BAD;
2167 goto done;
2168 }
2169
2170 sess = session_mgr_find(sSession->sessionh);
2171 if (!sess) {
2172 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
2173 rc = CKR_SESSION_HANDLE_INVALID;
2174 goto done;
2175 }
2176 //set the handle into the session.
2177 sess->handle = sSession->sessionh;
2178
2179 if (sess->sign_ctx.active == FALSE) {
2180 TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));
2181 rc = CKR_OPERATION_NOT_INITIALIZED;
2182 goto done;
2183 }
2184
2185 rc = icsftok_sign_update(sess, pPart, ulPartLen);
2186 if (rc != CKR_OK)
2187 TRACE_DEVEL("icsftok_sign_update() failed.\n");
2188 done:
2189 if (rc != CKR_OK)
2190 sign_mgr_cleanup(&sess->sign_ctx);
2191
2192 TRACE_INFO("C_SignUpdate: rc = %08lx, sess = %ld, datalen = %lu\n",
2193 rc, (sess == NULL) ? -1 : (CK_LONG) sess->handle, ulPartLen);
2194
2195 return rc;
2196 }
2197
2198
SC_SignFinal(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_BYTE_PTR pSignature,CK_ULONG_PTR pulSignatureLen)2199 CK_RV SC_SignFinal(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
2200 CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
2201 {
2202 SESSION *sess = NULL;
2203 CK_RV rc = CKR_OK;
2204
2205 if (tokdata->initialized == FALSE) {
2206 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
2207 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
2208 goto done;
2209 }
2210
2211 if (!pulSignatureLen) {
2212 TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD));
2213 rc = CKR_ARGUMENTS_BAD;
2214 goto done;
2215 }
2216
2217 sess = session_mgr_find(sSession->sessionh);
2218 if (!sess) {
2219 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
2220 rc = CKR_SESSION_HANDLE_INVALID;
2221 goto done;
2222 }
2223 //set the handle into the session.
2224 sess->handle = sSession->sessionh;
2225
2226 if (sess->sign_ctx.active == FALSE) {
2227 TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));
2228 rc = CKR_OPERATION_NOT_INITIALIZED;
2229 goto done;
2230 }
2231
2232 rc = icsftok_sign_final(sess, pSignature, pulSignatureLen);
2233 if (rc != CKR_OK)
2234 TRACE_ERROR("icsftok_sign_final() failed.\n");
2235
2236 done:
2237 if (rc != CKR_BUFFER_TOO_SMALL && (rc != CKR_OK || pSignature))
2238 sign_mgr_cleanup(&sess->sign_ctx);
2239
2240 TRACE_INFO("C_SignFinal: rc = %08lx, sess = %ld\n",
2241 rc, (sess == NULL) ? -1 : (CK_LONG) sess->handle);
2242
2243 return rc;
2244 }
2245
2246
SC_SignRecoverInit(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey)2247 CK_RV SC_SignRecoverInit(STDLL_TokData_t * tokdata,
2248 ST_SESSION_HANDLE * sSession,
2249 CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
2250 {
2251 UNUSED(sSession);
2252 UNUSED(pMechanism);
2253 UNUSED(hKey);
2254
2255 if (tokdata->initialized == FALSE) {
2256 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
2257 return CKR_CRYPTOKI_NOT_INITIALIZED;
2258 }
2259
2260 TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_NOT_SUPPORTED));
2261
2262 return CKR_FUNCTION_NOT_SUPPORTED;
2263 }
2264
2265
SC_SignRecover(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_BYTE_PTR pData,CK_ULONG ulDataLen,CK_BYTE_PTR pSignature,CK_ULONG_PTR pulSignatureLen)2266 CK_RV SC_SignRecover(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
2267 CK_BYTE_PTR pData, CK_ULONG ulDataLen,
2268 CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
2269 {
2270 UNUSED(sSession);
2271 UNUSED(pData);
2272 UNUSED(ulDataLen);
2273 UNUSED(pSignature);
2274 UNUSED(pulSignatureLen);
2275
2276 if (tokdata->initialized == FALSE) {
2277 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
2278 return CKR_CRYPTOKI_NOT_INITIALIZED;
2279 }
2280
2281 TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_NOT_SUPPORTED));
2282
2283 return CKR_FUNCTION_NOT_SUPPORTED;
2284 }
2285
2286
SC_VerifyInit(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey)2287 CK_RV SC_VerifyInit(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
2288 CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
2289 {
2290 SESSION *sess = NULL;
2291 CK_RV rc = CKR_OK;
2292
2293 if (tokdata->initialized == FALSE) {
2294 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
2295 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
2296 goto done;
2297 }
2298 if (!pMechanism) {
2299 TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD));
2300 rc = CKR_ARGUMENTS_BAD;
2301 goto done;
2302 }
2303
2304 rc = valid_mech(tokdata, pMechanism, CKF_VERIFY);
2305 if (rc != CKR_OK)
2306 goto done;
2307
2308 sess = session_mgr_find(sSession->sessionh);
2309 if (!sess) {
2310 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
2311 rc = CKR_SESSION_HANDLE_INVALID;
2312 goto done;
2313 }
2314 //set the handle into the session.
2315 sess->handle = sSession->sessionh;
2316
2317 if (pin_expired(&sess->session_info,
2318 tokdata->nv_token_data->token_info.flags) == TRUE) {
2319 TRACE_ERROR("%s\n", ock_err(ERR_PIN_EXPIRED));
2320 rc = CKR_PIN_EXPIRED;
2321 goto done;
2322 }
2323
2324 if (sess->verify_ctx.active == TRUE) {
2325 rc = CKR_OPERATION_ACTIVE;
2326 TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_ACTIVE));
2327 goto done;
2328 }
2329
2330 rc = icsftok_verify_init(sess, pMechanism, hKey);
2331 if (rc != CKR_OK)
2332 TRACE_DEVEL("icsftok_verify_init() failed.\n");
2333
2334 done:
2335 TRACE_INFO("C_VerifyInit: rc = %08lx, sess = %ld, mech = %lx\n",
2336 rc, (sess == NULL) ? -1 : (CK_LONG) sess->handle,
2337 (pMechanism ? pMechanism->mechanism : (CK_ULONG)(-1)));
2338
2339 return rc;
2340 }
2341
2342
SC_Verify(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_BYTE_PTR pData,CK_ULONG ulDataLen,CK_BYTE_PTR pSignature,CK_ULONG ulSignatureLen)2343 CK_RV SC_Verify(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
2344 CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
2345 CK_ULONG ulSignatureLen)
2346 {
2347 SESSION *sess = NULL;
2348 CK_RV rc = CKR_OK;
2349
2350 if (tokdata->initialized == FALSE) {
2351 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
2352 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
2353 goto done;
2354 }
2355
2356 if (!pData || !pSignature) {
2357 TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD));
2358 rc = CKR_ARGUMENTS_BAD;
2359 goto done;
2360 }
2361
2362 sess = session_mgr_find(sSession->sessionh);
2363 if (!sess) {
2364 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
2365 rc = CKR_SESSION_HANDLE_INVALID;
2366 goto done;
2367 }
2368 //set the handle into the session.
2369 sess->handle = sSession->sessionh;
2370
2371 if (sess->verify_ctx.active == FALSE) {
2372 rc = CKR_OPERATION_NOT_INITIALIZED;
2373 TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));
2374 goto done;
2375 }
2376
2377 rc = icsftok_verify(sess, pData, ulDataLen, pSignature, ulSignatureLen);
2378 if (rc != CKR_OK)
2379 TRACE_DEVEL("icsftok_verify() failed.\n");
2380
2381 done:
2382 verify_mgr_cleanup(&sess->verify_ctx);
2383
2384 TRACE_INFO("C_Verify: rc = %08lx, sess = %ld, datalen = %lu\n",
2385 rc, (sess == NULL) ? -1 : (CK_LONG) sess->handle, ulDataLen);
2386
2387 return rc;
2388 }
2389
2390
SC_VerifyUpdate(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_BYTE_PTR pPart,CK_ULONG ulPartLen)2391 CK_RV SC_VerifyUpdate(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
2392 CK_BYTE_PTR pPart, CK_ULONG ulPartLen)
2393 {
2394 SESSION *sess = NULL;
2395 CK_RV rc = CKR_OK;
2396
2397 if (tokdata->initialized == FALSE) {
2398 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
2399 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
2400 goto done;
2401 }
2402
2403 if (!pPart && ulPartLen != 0) {
2404 TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD));
2405 rc = CKR_ARGUMENTS_BAD;
2406 goto done;
2407 }
2408
2409 sess = session_mgr_find(sSession->sessionh);
2410 if (!sess) {
2411 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
2412 rc = CKR_SESSION_HANDLE_INVALID;
2413 goto done;
2414 }
2415 //set the handle into the session.
2416 sess->handle = sSession->sessionh;
2417
2418 if (sess->verify_ctx.active == FALSE) {
2419 rc = CKR_OPERATION_NOT_INITIALIZED;
2420 TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));
2421 goto done;
2422 }
2423
2424 rc = icsftok_verify_update(sess, pPart, ulPartLen);
2425 if (rc != CKR_OK)
2426 TRACE_DEVEL("icsftok_verify_update() failed.\n");
2427
2428 done:
2429 if (rc != CKR_OK)
2430 verify_mgr_cleanup(&sess->verify_ctx);
2431
2432 TRACE_INFO("C_VerifyUpdate: rc = %08lx, sess = %ld, datalen = %lu\n",
2433 rc, (sess == NULL) ? -1 : (CK_LONG) sess->handle, ulPartLen);
2434
2435 return rc;
2436 }
2437
2438
SC_VerifyFinal(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_BYTE_PTR pSignature,CK_ULONG ulSignatureLen)2439 CK_RV SC_VerifyFinal(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
2440 CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)
2441 {
2442 SESSION *sess = NULL;
2443 CK_RV rc = CKR_OK;
2444
2445 if (tokdata->initialized == FALSE) {
2446 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
2447 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
2448 goto done;
2449 }
2450
2451 if (!pSignature) {
2452 TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD));
2453 rc = CKR_ARGUMENTS_BAD;
2454 goto done;
2455 }
2456
2457 sess = session_mgr_find(sSession->sessionh);
2458 if (!sess) {
2459 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
2460 rc = CKR_SESSION_HANDLE_INVALID;
2461 goto done;
2462 }
2463 //set the handle into the session.
2464 sess->handle = sSession->sessionh;
2465
2466 if (sess->verify_ctx.active == FALSE) {
2467 rc = CKR_OPERATION_NOT_INITIALIZED;
2468 TRACE_ERROR("%s\n", ock_err(ERR_OPERATION_NOT_INITIALIZED));
2469 goto done;
2470 }
2471
2472 rc = icsftok_verify_final(sess, pSignature, ulSignatureLen);
2473 if (rc != CKR_OK)
2474 TRACE_DEVEL("icsftok_verify_final() failed.\n");
2475
2476 done:
2477 verify_mgr_cleanup(&sess->verify_ctx);
2478
2479 TRACE_INFO("C_VerifyFinal: rc = %08lx, sess = %ld\n",
2480 rc, (sess == NULL) ? -1 : (CK_LONG) sess->handle);
2481
2482 return rc;
2483 }
2484
2485
SC_VerifyRecoverInit(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey)2486 CK_RV SC_VerifyRecoverInit(STDLL_TokData_t * tokdata,
2487 ST_SESSION_HANDLE * sSession,
2488 CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
2489 {
2490 UNUSED(sSession);
2491 UNUSED(pMechanism);
2492 UNUSED(hKey);
2493
2494 if (tokdata->initialized == FALSE) {
2495 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
2496 return CKR_CRYPTOKI_NOT_INITIALIZED;
2497 }
2498
2499 TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_NOT_SUPPORTED));
2500
2501 return CKR_FUNCTION_NOT_SUPPORTED;
2502 }
2503
2504
SC_VerifyRecover(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_BYTE_PTR pSignature,CK_ULONG ulSignatureLen,CK_BYTE_PTR pData,CK_ULONG_PTR pulDataLen)2505 CK_RV SC_VerifyRecover(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
2506 CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen,
2507 CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
2508 {
2509 UNUSED(sSession);
2510 UNUSED(pSignature);
2511 UNUSED(ulSignatureLen);
2512 UNUSED(pData);
2513 UNUSED(pulDataLen);
2514
2515 if (tokdata->initialized == FALSE) {
2516 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
2517 return CKR_CRYPTOKI_NOT_INITIALIZED;
2518 }
2519
2520 TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_NOT_SUPPORTED));
2521
2522 return CKR_FUNCTION_NOT_SUPPORTED;
2523 }
2524
2525
SC_DigestEncryptUpdate(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_BYTE_PTR pPart,CK_ULONG ulPartLen,CK_BYTE_PTR pEncryptedPart,CK_ULONG_PTR pulEncryptedPartLen)2526 CK_RV SC_DigestEncryptUpdate(STDLL_TokData_t * tokdata,
2527 ST_SESSION_HANDLE * sSession, CK_BYTE_PTR pPart,
2528 CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart,
2529 CK_ULONG_PTR pulEncryptedPartLen)
2530 {
2531 UNUSED(sSession);
2532 UNUSED(pPart);
2533 UNUSED(ulPartLen);
2534 UNUSED(pEncryptedPart);
2535 UNUSED(pulEncryptedPartLen);
2536
2537 if (tokdata->initialized == FALSE) {
2538 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
2539 return CKR_CRYPTOKI_NOT_INITIALIZED;
2540 }
2541
2542 TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_NOT_SUPPORTED));
2543
2544 return CKR_FUNCTION_NOT_SUPPORTED;
2545 }
2546
2547
SC_DecryptDigestUpdate(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_BYTE_PTR pEncryptedPart,CK_ULONG ulEncryptedPartLen,CK_BYTE_PTR pPart,CK_ULONG_PTR pulPartLen)2548 CK_RV SC_DecryptDigestUpdate(STDLL_TokData_t * tokdata,
2549 ST_SESSION_HANDLE * sSession,
2550 CK_BYTE_PTR pEncryptedPart,
2551 CK_ULONG ulEncryptedPartLen, CK_BYTE_PTR pPart,
2552 CK_ULONG_PTR pulPartLen)
2553 {
2554 UNUSED(sSession);
2555 UNUSED(pEncryptedPart);
2556 UNUSED(ulEncryptedPartLen);
2557 UNUSED(pPart);
2558 UNUSED(pulPartLen);
2559
2560 if (tokdata->initialized == FALSE) {
2561 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
2562 return CKR_CRYPTOKI_NOT_INITIALIZED;
2563 }
2564
2565 TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_NOT_SUPPORTED));
2566
2567 return CKR_FUNCTION_NOT_SUPPORTED;
2568 }
2569
2570
SC_SignEncryptUpdate(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_BYTE_PTR pPart,CK_ULONG ulPartLen,CK_BYTE_PTR pEncryptedPart,CK_ULONG_PTR pulEncryptedPartLen)2571 CK_RV SC_SignEncryptUpdate(STDLL_TokData_t * tokdata,
2572 ST_SESSION_HANDLE * sSession, CK_BYTE_PTR pPart,
2573 CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart,
2574 CK_ULONG_PTR pulEncryptedPartLen)
2575 {
2576 UNUSED(sSession);
2577 UNUSED(pPart);
2578 UNUSED(ulPartLen);
2579 UNUSED(pEncryptedPart);
2580 UNUSED(pulEncryptedPartLen);
2581
2582 if (tokdata->initialized == FALSE) {
2583 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
2584 return CKR_CRYPTOKI_NOT_INITIALIZED;
2585 }
2586
2587 TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_NOT_SUPPORTED));
2588
2589 return CKR_FUNCTION_NOT_SUPPORTED;
2590 }
2591
2592
SC_DecryptVerifyUpdate(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_BYTE_PTR pEncryptedPart,CK_ULONG ulEncryptedPartLen,CK_BYTE_PTR pPart,CK_ULONG_PTR pulPartLen)2593 CK_RV SC_DecryptVerifyUpdate(STDLL_TokData_t * tokdata,
2594 ST_SESSION_HANDLE * sSession,
2595 CK_BYTE_PTR pEncryptedPart,
2596 CK_ULONG ulEncryptedPartLen, CK_BYTE_PTR pPart,
2597 CK_ULONG_PTR pulPartLen)
2598 {
2599 UNUSED(sSession);
2600 UNUSED(pEncryptedPart);
2601 UNUSED(ulEncryptedPartLen);
2602 UNUSED(pPart);
2603 UNUSED(pulPartLen);
2604
2605 if (tokdata->initialized == FALSE) {
2606 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
2607 return CKR_CRYPTOKI_NOT_INITIALIZED;
2608 }
2609
2610 TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_NOT_SUPPORTED));
2611
2612 return CKR_FUNCTION_NOT_SUPPORTED;
2613 }
2614
2615
SC_GenerateKey(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_MECHANISM_PTR pMechanism,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount,CK_OBJECT_HANDLE_PTR phKey)2616 CK_RV SC_GenerateKey(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
2617 CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pTemplate,
2618 CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phKey)
2619 {
2620 SESSION *sess = NULL;
2621 CK_RV rc = CKR_OK;
2622
2623 if (tokdata->initialized == FALSE) {
2624 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
2625 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
2626 goto done;
2627 }
2628
2629 if (!pMechanism || !phKey || (pTemplate == NULL && ulCount != 0)) {
2630 TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD));
2631 rc = CKR_ARGUMENTS_BAD;
2632 goto done;
2633 }
2634
2635 rc = valid_mech(tokdata, pMechanism, CKF_GENERATE);
2636 if (rc != CKR_OK)
2637 goto done;
2638
2639 sess = session_mgr_find(sSession->sessionh);
2640 if (!sess) {
2641 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
2642 rc = CKR_SESSION_HANDLE_INVALID;
2643 goto done;
2644 }
2645 //set the handle into the session.
2646 sess->handle = sSession->sessionh;
2647
2648 if (pin_expired(&sess->session_info,
2649 tokdata->nv_token_data->token_info.flags) == TRUE) {
2650 TRACE_ERROR("%s\n", ock_err(ERR_PIN_EXPIRED));
2651 rc = CKR_PIN_EXPIRED;
2652 goto done;
2653 }
2654
2655 rc = icsftok_generate_key(tokdata, sess, pMechanism, pTemplate,
2656 ulCount, phKey);
2657 if (rc != CKR_OK)
2658 TRACE_DEVEL("icsftok_generate_key() failed.\n");
2659
2660 done:
2661 TRACE_INFO("C_GenerateKey: rc = %08lx, sess = %ld, mech = %lu\n", rc,
2662 (sess == NULL) ? -1 : (CK_LONG) sess->handle,
2663 (pMechanism ? pMechanism->mechanism : (CK_ULONG)(-1)));
2664
2665 #ifdef DEBUG
2666 CK_ULONG i;
2667 CK_ATTRIBUTE *attr = NULL;
2668
2669 attr = pTemplate;
2670 if (attr != NULL) {
2671 for (i = 0; i < ulCount; i++, attr++) {
2672 CK_BYTE *ptr = (CK_BYTE *) attr->pValue;
2673 TRACE_DEBUG("%lu: Attribute type: 0x%08lx,Value Length: %lu\n",
2674 i, attr->type, attr->ulValueLen);
2675 if (attr->ulValueLen != ((CK_ULONG) - 1) && (ptr != NULL)) {
2676 TRACE_DEBUG("First 4 bytes: %02x %02x %02x %02x\n",
2677 ptr[0], ptr[1], ptr[2], ptr[3]);
2678 }
2679 }
2680 } else {
2681 TRACE_DEBUG("No attributes\n");
2682 }
2683 #endif
2684
2685 return rc;
2686 }
2687
2688
SC_GenerateKeyPair(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_MECHANISM_PTR pMechanism,CK_ATTRIBUTE_PTR pPublicKeyTemplate,CK_ULONG ulPublicKeyAttributeCount,CK_ATTRIBUTE_PTR pPrivateKeyTemplate,CK_ULONG ulPrivateKeyAttributeCount,CK_OBJECT_HANDLE_PTR phPublicKey,CK_OBJECT_HANDLE_PTR phPrivateKey)2689 CK_RV SC_GenerateKeyPair(STDLL_TokData_t * tokdata,
2690 ST_SESSION_HANDLE * sSession,
2691 CK_MECHANISM_PTR pMechanism,
2692 CK_ATTRIBUTE_PTR pPublicKeyTemplate,
2693 CK_ULONG ulPublicKeyAttributeCount,
2694 CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
2695 CK_ULONG ulPrivateKeyAttributeCount,
2696 CK_OBJECT_HANDLE_PTR phPublicKey,
2697 CK_OBJECT_HANDLE_PTR phPrivateKey)
2698 {
2699 SESSION *sess = NULL;
2700 CK_RV rc = CKR_OK;
2701
2702 if (tokdata->initialized == FALSE) {
2703 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
2704 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
2705 goto done;
2706 }
2707
2708 if (!pMechanism || !phPublicKey || !phPrivateKey ||
2709 (!pPublicKeyTemplate && (ulPublicKeyAttributeCount != 0)) ||
2710 (!pPrivateKeyTemplate && (ulPrivateKeyAttributeCount != 0))) {
2711 TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD));
2712 rc = CKR_ARGUMENTS_BAD;
2713 goto done;
2714 }
2715
2716 rc = valid_mech(tokdata, pMechanism, CKF_GENERATE_KEY_PAIR);
2717 if (rc != CKR_OK)
2718 goto done;
2719
2720 sess = session_mgr_find(sSession->sessionh);
2721 if (!sess) {
2722 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
2723 rc = CKR_SESSION_HANDLE_INVALID;
2724 goto done;
2725 }
2726 //set the handle into the session.
2727 sess->handle = sSession->sessionh;
2728
2729 if (pin_expired(&sess->session_info,
2730 tokdata->nv_token_data->token_info.flags) == TRUE) {
2731 TRACE_ERROR("%s\n", ock_err(ERR_PIN_EXPIRED));
2732 rc = CKR_PIN_EXPIRED;
2733 goto done;
2734 }
2735
2736 rc = icsftok_generate_key_pair(tokdata, sess, pMechanism,
2737 pPublicKeyTemplate,
2738 ulPublicKeyAttributeCount,
2739 pPrivateKeyTemplate,
2740 ulPrivateKeyAttributeCount,
2741 phPublicKey, phPrivateKey);
2742 if (rc != CKR_OK)
2743 TRACE_DEVEL("icsftok_generate_key_pair() failed.\n");
2744 done:
2745 TRACE_INFO("C_GenerateKeyPair: rc = %08lx, sess = %ld, mech = %lx\n",
2746 rc, (sess == NULL) ? -1 : ((CK_LONG) sess->handle),
2747 (pMechanism ? pMechanism->mechanism : (CK_ULONG)(-1)));
2748
2749 #ifdef DEBUG
2750 CK_ULONG i;
2751 CK_ATTRIBUTE *attr = NULL;
2752
2753 if (rc == CKR_OK) {
2754 TRACE_DEBUG("Public handle: %lu, Private handle: %lu\n",
2755 *phPublicKey, *phPrivateKey);
2756 }
2757
2758 TRACE_DEBUG("Public Template:\n");
2759 attr = pPublicKeyTemplate;
2760 if (attr != NULL) {
2761 for (i = 0; i < ulPublicKeyAttributeCount; i++, attr++) {
2762 CK_BYTE *ptr = (CK_BYTE *) attr->pValue;
2763 TRACE_DEBUG("%lu: Attribute type: 0x%08lx, Value Length: %lu\n",
2764 i, attr->type, attr->ulValueLen);
2765 if (attr->ulValueLen != ((CK_ULONG) - 1) && (ptr != NULL))
2766 TRACE_DEBUG("First 4 bytes: %02x %02x %02x %02x\n",
2767 ptr[0], ptr[1], ptr[2], ptr[3]);
2768 }
2769 } else {
2770 TRACE_DEBUG("No Attributes\n");
2771 }
2772
2773 TRACE_DEBUG("Private Template:\n");
2774 attr = pPublicKeyTemplate;
2775 if (attr != NULL) {
2776 for (i = 0; i < ulPublicKeyAttributeCount; i++, attr++) {
2777 CK_BYTE *ptr = (CK_BYTE *) attr->pValue;
2778 TRACE_DEBUG("%lu: Attribute type: 0x%08lx, Value Length: %lu\n",
2779 i, attr->type, attr->ulValueLen);
2780 if (attr->ulValueLen != (CK_ULONG) (-1) && (ptr != NULL))
2781 TRACE_DEBUG("First 4 bytes: %02x %02x %02x %02x\n",
2782 ptr[0], ptr[1], ptr[2], ptr[3]);
2783 }
2784 } else {
2785 TRACE_DEBUG("No Attributes\n");
2786 }
2787 #endif
2788
2789 return rc;
2790 }
2791
2792
SC_WrapKey(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hWrappingKey,CK_OBJECT_HANDLE hKey,CK_BYTE_PTR pWrappedKey,CK_ULONG_PTR pulWrappedKeyLen)2793 CK_RV SC_WrapKey(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
2794 CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hWrappingKey,
2795 CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pWrappedKey,
2796 CK_ULONG_PTR pulWrappedKeyLen)
2797 {
2798 SESSION *sess = NULL;
2799 CK_RV rc = CKR_OK;
2800
2801 if (tokdata->initialized == FALSE) {
2802 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
2803 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
2804 goto done;
2805 }
2806
2807 if (!pMechanism || !pulWrappedKeyLen) {
2808 TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD));
2809 rc = CKR_ARGUMENTS_BAD;
2810 goto done;
2811 }
2812
2813 rc = valid_mech(tokdata, pMechanism, CKF_WRAP);
2814 if (rc != CKR_OK)
2815 goto done;
2816
2817 sess = session_mgr_find(sSession->sessionh);
2818 if (!sess) {
2819 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
2820 rc = CKR_SESSION_HANDLE_INVALID;
2821 goto done;
2822 }
2823 //set the handle into the session.
2824 sess->handle = sSession->sessionh;
2825
2826 if (pin_expired(&sess->session_info,
2827 tokdata->nv_token_data->token_info.flags) == TRUE) {
2828 TRACE_ERROR("%s\n", ock_err(ERR_PIN_EXPIRED));
2829 rc = CKR_PIN_EXPIRED;
2830 goto done;
2831 }
2832
2833 rc = icsftok_wrap_key(sess, pMechanism, hWrappingKey, hKey, pWrappedKey,
2834 pulWrappedKeyLen);
2835 if (rc != CKR_OK)
2836 TRACE_DEVEL("*_wrap_key() failed.\n");
2837
2838 done:
2839 TRACE_INFO("C_WrapKey: rc = %08lx, sess = %ld, encrypting key = %lu, "
2840 "wrapped key = %lu\n", rc,
2841 (sess == NULL) ? -1 : (CK_LONG) sess->handle,
2842 hWrappingKey, hKey);
2843
2844 return rc;
2845 }
2846
2847
SC_UnwrapKey(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hUnwrappingKey,CK_BYTE_PTR pWrappedKey,CK_ULONG ulWrappedKeyLen,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount,CK_OBJECT_HANDLE_PTR phKey)2848 CK_RV SC_UnwrapKey(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
2849 CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hUnwrappingKey,
2850 CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen,
2851 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
2852 CK_OBJECT_HANDLE_PTR phKey)
2853 {
2854 SESSION *sess = NULL;
2855 CK_RV rc = CKR_OK;
2856
2857 if (tokdata->initialized == FALSE) {
2858 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
2859 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
2860 goto done;
2861 }
2862
2863 if (!pMechanism || !pWrappedKey || (!pTemplate && ulCount != 0) || !phKey) {
2864 TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD));
2865 rc = CKR_ARGUMENTS_BAD;
2866 goto done;
2867 }
2868
2869 rc = valid_mech(tokdata, pMechanism, CKF_UNWRAP);
2870 if (rc != CKR_OK)
2871 goto done;
2872
2873 sess = session_mgr_find(sSession->sessionh);
2874 if (!sess) {
2875 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
2876 rc = CKR_SESSION_HANDLE_INVALID;
2877 goto done;
2878 }
2879 //set the handle into the session.
2880 sess->handle = sSession->sessionh;
2881
2882 if (pin_expired(&sess->session_info,
2883 tokdata->nv_token_data->token_info.flags) == TRUE) {
2884 TRACE_ERROR("%s\n", ock_err(ERR_PIN_EXPIRED));
2885 rc = CKR_PIN_EXPIRED;
2886 goto done;
2887 }
2888
2889 rc = icsftok_unwrap_key(sess, pMechanism, pTemplate, ulCount,
2890 pWrappedKey, ulWrappedKeyLen, hUnwrappingKey,
2891 phKey);
2892 if (rc != CKR_OK)
2893 TRACE_DEVEL("icsftok_unwrap_key() failed.\n");
2894
2895 done:
2896 TRACE_INFO("C_UnwrapKey: rc = %08lx, sess = %ld, decrypting key = %lu,"
2897 "unwrapped key = %lu\n", rc,
2898 (sess == NULL) ? -1 : (CK_LONG) sess->handle,
2899 hUnwrappingKey, (phKey ? *phKey : (CK_ULONG)(-1)));
2900
2901 #ifdef DEBUG
2902 CK_ULONG i;
2903 CK_ATTRIBUTE *attr = NULL;
2904 CK_BYTE *ptr = NULL;
2905
2906 attr = pTemplate;
2907 if (attr != NULL) {
2908 for (i = 0; i < ulCount; i++, attr++) {
2909 ptr = (CK_BYTE *) attr->pValue;
2910 TRACE_DEBUG("%lu: Attribute type: 0x%08lx,Value Length: %lu\n",
2911 i, attr->type, attr->ulValueLen);
2912 if (attr->ulValueLen != ((CK_ULONG) - 1) && (ptr != NULL)) {
2913 TRACE_DEBUG("First 4 bytes: %02x %02x %02x %02x\n",
2914 ptr[0], ptr[1], ptr[2], ptr[3]);
2915 }
2916 }
2917 } else {
2918 TRACE_DEBUG("No attributes\n");
2919 }
2920 #endif
2921
2922 return rc;
2923 }
2924
2925
SC_DeriveKey(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hBaseKey,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount,CK_OBJECT_HANDLE_PTR phKey)2926 CK_RV SC_DeriveKey(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
2927 CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hBaseKey,
2928 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
2929 CK_OBJECT_HANDLE_PTR phKey)
2930 {
2931 SESSION *sess = NULL;
2932 CK_RV rc = CKR_OK;
2933
2934 if (tokdata->initialized == FALSE) {
2935 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
2936 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
2937 goto done;
2938 }
2939
2940 if (!pMechanism || !phKey || (!pTemplate && ulCount != 0)) {
2941 TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD));
2942 rc = CKR_ARGUMENTS_BAD;
2943 goto done;
2944 }
2945
2946 rc = valid_mech(tokdata, pMechanism, CKF_DERIVE);
2947 if (rc != CKR_OK)
2948 goto done;
2949
2950 sess = session_mgr_find(sSession->sessionh);
2951 if (!sess) {
2952 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
2953 rc = CKR_SESSION_HANDLE_INVALID;
2954 goto done;
2955 }
2956 //set the handle into the session.
2957 sess->handle = sSession->sessionh;
2958
2959 if (pin_expired(&sess->session_info,
2960 tokdata->nv_token_data->token_info.flags) == TRUE) {
2961 TRACE_ERROR("%s\n", ock_err(ERR_PIN_EXPIRED));
2962 rc = CKR_PIN_EXPIRED;
2963 goto done;
2964 }
2965
2966 rc = icsftok_derive_key(tokdata, sess, pMechanism, hBaseKey, phKey,
2967 pTemplate, ulCount);
2968 if (rc != CKR_OK)
2969 TRACE_DEVEL("icsftok_derive_key() failed.\n");
2970
2971 done:
2972 TRACE_INFO("C_DeriveKey: rc = %08lx, sess = %ld, mech = %lu\n",
2973 rc, (sess == NULL) ? -1 : (CK_LONG) sess->handle,
2974 (pMechanism ? pMechanism->mechanism : (CK_ULONG)(-1)));
2975 #ifdef DEBUG
2976 CK_ULONG i;
2977 CK_ATTRIBUTE *attr = NULL;
2978 CK_BYTE *ptr = NULL;
2979
2980 if (rc == CKR_OK) {
2981 switch (pMechanism->mechanism) {
2982 case CKM_SSL3_KEY_AND_MAC_DERIVE:
2983 {
2984 CK_SSL3_KEY_MAT_PARAMS *pReq;
2985 CK_SSL3_KEY_MAT_OUT *pPtr;
2986 pReq = (CK_SSL3_KEY_MAT_PARAMS *) pMechanism->pParameter;
2987 pPtr = pReq->pReturnedKeyMaterial;
2988
2989 TRACE_DEBUG("Client MAC key: %lu, Server MAC key: %lu, "
2990 "Client Key: %lu, Server Key: %lu\n",
2991 pPtr->hClientMacSecret,
2992 pPtr->hServerMacSecret, pPtr->hClientKey,
2993 pPtr->hServerKey);
2994 }
2995 break;
2996 case CKM_DH_PKCS_DERIVE:
2997 TRACE_DEBUG("DH Shared Secret:\n");
2998 break;
2999 default:
3000 TRACE_DEBUG("Derived key: %lu\n", *phKey);
3001 }
3002 }
3003
3004 attr = pTemplate;
3005 if (attr != NULL) {
3006 for (i = 0; i < ulCount; i++, attr++) {
3007 ptr = (CK_BYTE *) attr->pValue;
3008 TRACE_DEBUG("%lu: Attribute type: 0x%08lx,Value Length: %lu\n",
3009 i, attr->type, attr->ulValueLen);
3010 if (attr->ulValueLen != ((CK_ULONG) - 1) && (ptr != NULL)) {
3011 TRACE_DEBUG("First 4 bytes: %02x %02x %02x %02x\n",
3012 ptr[0], ptr[1], ptr[2], ptr[3]);
3013 }
3014 }
3015 } else {
3016 TRACE_DEBUG("No attributes\n");
3017 }
3018 #endif /* DEBUG */
3019
3020 return rc;
3021 }
3022
3023
SC_SeedRandom(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_BYTE_PTR pSeed,CK_ULONG ulSeedLen)3024 CK_RV SC_SeedRandom(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
3025 CK_BYTE_PTR pSeed, CK_ULONG ulSeedLen)
3026 {
3027 UNUSED(sSession);
3028 UNUSED(pSeed);
3029 UNUSED(ulSeedLen);
3030
3031 if (tokdata->initialized == FALSE) {
3032 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
3033 return CKR_CRYPTOKI_NOT_INITIALIZED;
3034 }
3035
3036 TRACE_ERROR("%s\n", ock_err(ERR_RANDOM_SEED_NOT_SUPPORTED));
3037
3038 return CKR_RANDOM_SEED_NOT_SUPPORTED;
3039 }
3040
3041
SC_GenerateRandom(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession,CK_BYTE_PTR pRandomData,CK_ULONG ulRandomLen)3042 CK_RV SC_GenerateRandom(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession,
3043 CK_BYTE_PTR pRandomData, CK_ULONG ulRandomLen)
3044 {
3045 SESSION *sess = NULL;
3046 CK_RV rc = CKR_OK;
3047
3048 if (tokdata->initialized == FALSE) {
3049 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
3050 rc = CKR_CRYPTOKI_NOT_INITIALIZED;
3051 goto done;
3052 }
3053
3054 if (!pRandomData && ulRandomLen != 0) {
3055 TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD));
3056 rc = CKR_ARGUMENTS_BAD;
3057 goto done;
3058 }
3059
3060 sess = session_mgr_find(sSession->sessionh);
3061 if (!sess) {
3062 TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID));
3063 rc = CKR_SESSION_HANDLE_INVALID;
3064 goto done;
3065 }
3066 //set the handle into the session.
3067 sess->handle = sSession->sessionh;
3068
3069 rc = rng_generate(tokdata, pRandomData, ulRandomLen);
3070 if (rc != CKR_OK)
3071 TRACE_DEVEL("rng_generate() failed.\n");
3072
3073 done:
3074 TRACE_INFO("C_GenerateRandom: rc = %08lx, %lu bytes\n", rc, ulRandomLen);
3075
3076 return rc;
3077 }
3078
3079
SC_GetFunctionStatus(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession)3080 CK_RV SC_GetFunctionStatus(STDLL_TokData_t * tokdata,
3081 ST_SESSION_HANDLE * sSession)
3082 {
3083 UNUSED(sSession);
3084
3085 if (tokdata->initialized == FALSE) {
3086 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
3087 return CKR_CRYPTOKI_NOT_INITIALIZED;
3088 }
3089
3090 TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_NOT_PARALLEL));
3091
3092 return CKR_FUNCTION_NOT_PARALLEL;
3093 }
3094
3095
SC_CancelFunction(STDLL_TokData_t * tokdata,ST_SESSION_HANDLE * sSession)3096 CK_RV SC_CancelFunction(STDLL_TokData_t * tokdata, ST_SESSION_HANDLE * sSession)
3097 {
3098 UNUSED(sSession);
3099
3100 if (tokdata->initialized == FALSE) {
3101 TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED));
3102 return CKR_CRYPTOKI_NOT_INITIALIZED;
3103 }
3104
3105 TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_NOT_PARALLEL));
3106
3107 return CKR_FUNCTION_NOT_PARALLEL;
3108 }
3109
3110
SC_SetFunctionList(void)3111 void SC_SetFunctionList(void)
3112 {
3113 function_list.ST_Initialize = ST_Initialize;
3114 function_list.ST_GetTokenInfo = SC_GetTokenInfo;
3115 function_list.ST_GetMechanismList = SC_GetMechanismList;
3116 function_list.ST_GetMechanismInfo = SC_GetMechanismInfo;
3117 function_list.ST_InitToken = SC_InitToken;
3118 function_list.ST_InitPIN = SC_InitPIN;
3119 function_list.ST_SetPIN = SC_SetPIN;
3120 function_list.ST_OpenSession = SC_OpenSession;
3121 function_list.ST_CloseSession = SC_CloseSession;
3122 function_list.ST_GetSessionInfo = SC_GetSessionInfo;
3123 function_list.ST_GetOperationState = SC_GetOperationState;
3124 function_list.ST_SetOperationState = SC_SetOperationState;
3125 function_list.ST_Login = SC_Login;
3126 function_list.ST_Logout = SC_Logout;
3127 function_list.ST_CreateObject = SC_CreateObject;
3128 function_list.ST_CopyObject = SC_CopyObject;
3129 function_list.ST_DestroyObject = SC_DestroyObject;
3130 function_list.ST_GetObjectSize = SC_GetObjectSize;
3131 function_list.ST_GetAttributeValue = SC_GetAttributeValue;
3132 function_list.ST_SetAttributeValue = SC_SetAttributeValue;
3133 function_list.ST_FindObjectsInit = SC_FindObjectsInit;
3134 function_list.ST_FindObjects = SC_FindObjects;
3135 function_list.ST_FindObjectsFinal = SC_FindObjectsFinal;
3136 function_list.ST_EncryptInit = SC_EncryptInit;
3137 function_list.ST_Encrypt = SC_Encrypt;
3138 function_list.ST_EncryptUpdate = SC_EncryptUpdate;
3139 function_list.ST_EncryptFinal = SC_EncryptFinal;
3140 function_list.ST_DecryptInit = SC_DecryptInit;
3141 function_list.ST_Decrypt = SC_Decrypt;
3142 function_list.ST_DecryptUpdate = SC_DecryptUpdate;
3143 function_list.ST_DecryptFinal = SC_DecryptFinal;
3144 function_list.ST_DigestInit = SC_DigestInit;
3145 function_list.ST_Digest = SC_Digest;
3146 function_list.ST_DigestUpdate = SC_DigestUpdate;
3147 function_list.ST_DigestKey = SC_DigestKey;
3148 function_list.ST_DigestFinal = SC_DigestFinal;
3149 function_list.ST_SignInit = SC_SignInit;
3150 function_list.ST_Sign = SC_Sign;
3151 function_list.ST_SignUpdate = SC_SignUpdate;
3152 function_list.ST_SignFinal = SC_SignFinal;
3153 function_list.ST_SignRecoverInit = SC_SignRecoverInit;
3154 function_list.ST_SignRecover = SC_SignRecover;
3155 function_list.ST_VerifyInit = SC_VerifyInit;
3156 function_list.ST_Verify = SC_Verify;
3157 function_list.ST_VerifyUpdate = SC_VerifyUpdate;
3158 function_list.ST_VerifyFinal = SC_VerifyFinal;
3159 function_list.ST_VerifyRecoverInit = SC_VerifyRecoverInit;
3160 function_list.ST_VerifyRecover = SC_VerifyRecover;
3161 function_list.ST_DigestEncryptUpdate = NULL; // SC_DigestEncryptUpdate;
3162 function_list.ST_DecryptDigestUpdate = NULL; // SC_DecryptDigestUpdate;
3163 function_list.ST_SignEncryptUpdate = NULL; //SC_SignEncryptUpdate;
3164 function_list.ST_DecryptVerifyUpdate = NULL; // SC_DecryptVerifyUpdate;
3165 function_list.ST_GenerateKey = SC_GenerateKey;
3166 function_list.ST_GenerateKeyPair = SC_GenerateKeyPair;
3167 function_list.ST_WrapKey = SC_WrapKey;
3168 function_list.ST_UnwrapKey = SC_UnwrapKey;
3169 function_list.ST_DeriveKey = SC_DeriveKey;
3170 function_list.ST_SeedRandom = SC_SeedRandom;
3171 function_list.ST_GenerateRandom = SC_GenerateRandom;
3172 function_list.ST_GetFunctionStatus = NULL; // SC_GetFunctionStatus;
3173 function_list.ST_CancelFunction = NULL; // SC_CancelFunction;
3174 }
3175