Mercurial > illumos > illumos-gate
changeset 4338:7e63f9575e99
6543159 metaslot should check for function availability before trying hardware provider
| author | dinak |
|---|---|
| date | Tue, 29 May 2007 09:35:41 -0700 |
| parents | de62fddc0969 |
| children | 24b45a78e29e |
| files | usr/src/lib/pkcs11/libpkcs11/common/metaCrypt.c usr/src/lib/pkcs11/libpkcs11/common/metaDigest.c usr/src/lib/pkcs11/libpkcs11/common/metaGlobal.h usr/src/lib/pkcs11/libpkcs11/common/metaMechManager.c usr/src/lib/pkcs11/libpkcs11/common/metaObjectManager.c usr/src/lib/pkcs11/libpkcs11/common/metaSession.c usr/src/lib/pkcs11/libpkcs11/common/metaSessionManager.c usr/src/lib/pkcs11/libpkcs11/common/metaSign.c usr/src/lib/pkcs11/libpkcs11/common/metaSlotToken.c usr/src/lib/pkcs11/libpkcs11/common/metaUtil.c usr/src/lib/pkcs11/libpkcs11/common/metaVerify.c |
| diffstat | 11 files changed, 251 insertions(+), 260 deletions(-) [+] |
line wrap: on
line diff
--- a/usr/src/lib/pkcs11/libpkcs11/common/metaCrypt.c Tue May 29 09:22:11 2007 -0700 +++ b/usr/src/lib/pkcs11/libpkcs11/common/metaCrypt.c Tue May 29 09:35:41 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -59,7 +58,7 @@ return (rv); } - rv = meta_operation_init(OP_ENCRYPT, session, pMechanism, key); + rv = meta_operation_init(CKF_ENCRYPT, session, pMechanism, key); OBJRELEASE(key); REFRELEASE(session); @@ -85,12 +84,12 @@ return (rv); if (pData == NULL || pulEncryptedDataLen == NULL) { - meta_operation_cleanup(session, OP_ENCRYPT, FALSE); + meta_operation_cleanup(session, CKF_ENCRYPT, FALSE); REFRELEASE(session); return (CKR_ARGUMENTS_BAD); } - rv = meta_do_operation(OP_ENCRYPT, MODE_SINGLE, session, NULL, + rv = meta_do_operation(CKF_ENCRYPT, MODE_SINGLE, session, NULL, pData, ulDataLen, pEncryptedData, pulEncryptedDataLen); REFRELEASE(session); @@ -116,12 +115,12 @@ return (rv); if (pPart == NULL || pulEncryptedPartLen == NULL) { - meta_operation_cleanup(session, OP_ENCRYPT, FALSE); + meta_operation_cleanup(session, CKF_ENCRYPT, FALSE); REFRELEASE(session); return (CKR_ARGUMENTS_BAD); } - rv = meta_do_operation(OP_ENCRYPT, MODE_UPDATE, session, NULL, + rv = meta_do_operation(CKF_ENCRYPT, MODE_UPDATE, session, NULL, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen); REFRELEASE(session); @@ -146,12 +145,12 @@ return (rv); if (pulLastEncryptedPartLen == NULL) { - meta_operation_cleanup(session, OP_ENCRYPT, FALSE); + meta_operation_cleanup(session, CKF_ENCRYPT, FALSE); REFRELEASE(session); return (CKR_ARGUMENTS_BAD); } - rv = meta_do_operation(OP_ENCRYPT, MODE_FINAL, session, NULL, + rv = meta_do_operation(CKF_ENCRYPT, MODE_FINAL, session, NULL, NULL, 0, pLastEncryptedPart, pulLastEncryptedPartLen); REFRELEASE(session); @@ -185,7 +184,7 @@ return (rv); } - rv = meta_operation_init(OP_DECRYPT, session, pMechanism, key); + rv = meta_operation_init(CKF_DECRYPT, session, pMechanism, key); OBJRELEASE(key); REFRELEASE(session); @@ -211,12 +210,12 @@ return (rv); if (pEncryptedData == NULL || pulDataLen == NULL) { - meta_operation_cleanup(session, OP_DECRYPT, FALSE); + meta_operation_cleanup(session, CKF_DECRYPT, FALSE); REFRELEASE(session); return (CKR_ARGUMENTS_BAD); } - rv = meta_do_operation(OP_DECRYPT, MODE_SINGLE, session, NULL, + rv = meta_do_operation(CKF_DECRYPT, MODE_SINGLE, session, NULL, pEncryptedData, ulEncryptedDataLen, pData, pulDataLen); REFRELEASE(session); @@ -242,12 +241,12 @@ return (rv); if (pEncryptedPart == NULL || pulPartLen == NULL) { - meta_operation_cleanup(session, OP_DECRYPT, FALSE); + meta_operation_cleanup(session, CKF_DECRYPT, FALSE); REFRELEASE(session); return (CKR_ARGUMENTS_BAD); } - rv = meta_do_operation(OP_DECRYPT, MODE_UPDATE, session, NULL, + rv = meta_do_operation(CKF_DECRYPT, MODE_UPDATE, session, NULL, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen); REFRELEASE(session); @@ -272,12 +271,12 @@ return (rv); if (pulLastPartLen == NULL) { - meta_operation_cleanup(session, OP_DECRYPT, FALSE); + meta_operation_cleanup(session, CKF_DECRYPT, FALSE); REFRELEASE(session); return (CKR_ARGUMENTS_BAD); } - rv = meta_do_operation(OP_DECRYPT, MODE_FINAL, session, NULL, + rv = meta_do_operation(CKF_DECRYPT, MODE_FINAL, session, NULL, NULL, 0, pLastPart, pulLastPartLen); REFRELEASE(session);
--- a/usr/src/lib/pkcs11/libpkcs11/common/metaDigest.c Tue May 29 09:22:11 2007 -0700 +++ b/usr/src/lib/pkcs11/libpkcs11/common/metaDigest.c Tue May 29 09:35:41 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -51,7 +50,7 @@ if (rv != CKR_OK) return (rv); - rv = meta_operation_init(OP_DIGEST, session, pMechanism, NULL); + rv = meta_operation_init(CKF_DIGEST, session, pMechanism, NULL); REFRELEASE(session); @@ -78,8 +77,8 @@ if (rv != CKR_OK) return (rv); - rv = meta_do_operation(OP_DIGEST, MODE_SINGLE, session, NULL, - pData, ulDataLen, pDigest, pulDigestLen); + rv = meta_do_operation(CKF_DIGEST, MODE_SINGLE, session, NULL, + pData, ulDataLen, pDigest, pulDigestLen); REFRELEASE(session); @@ -106,8 +105,8 @@ if (rv != CKR_OK) return (rv); - rv = meta_do_operation(OP_DIGEST, MODE_UPDATE, session, NULL, - pPart, ulPartLen, NULL, NULL); + rv = meta_do_operation(CKF_DIGEST, MODE_UPDATE, session, NULL, + pPart, ulPartLen, NULL, NULL); REFRELEASE(session); @@ -143,7 +142,7 @@ } /* meta_do_operation() will clone the key, if needed. */ - rv = meta_do_operation(OP_DIGEST, MODE_UPDATE_WITHKEY, session, key, + rv = meta_do_operation(CKF_DIGEST, MODE_UPDATE_WITHKEY, session, key, NULL, 0, NULL, NULL); OBJRELEASE(key); @@ -171,8 +170,8 @@ if (rv != CKR_OK) return (rv); - rv = meta_do_operation(OP_DIGEST, MODE_FINAL, session, NULL, - NULL, 0, pDigest, pulDigestLen); + rv = meta_do_operation(CKF_DIGEST, MODE_FINAL, session, NULL, + NULL, 0, pDigest, pulDigestLen); REFRELEASE(session);
--- a/usr/src/lib/pkcs11/libpkcs11/common/metaGlobal.h Tue May 29 09:22:11 2007 -0700 +++ b/usr/src/lib/pkcs11/libpkcs11/common/metaGlobal.h Tue May 29 09:35:41 2007 -0700 @@ -23,8 +23,8 @@ * Use is subject to license terms. */ -#ifndef _METAGLOBAL_H -#define _METAGLOBAL_H +#ifndef _META_GLOBAL_H +#define _META_GLOBAL_H #pragma ident "%Z%%M% %I% %E% SMI" @@ -81,21 +81,9 @@ (!(session_flag & CKF_RW_SESSION)) /* - * Operation types passed to meta_init_operation() / meta_do_operation() * Operation modes passed to meta_do_operation() - * - * OP_* and MODE_* must be disjoint (treat as a bitmask), see meta_do_operation - * * MODE_UPDATE_WITHKEY is only used for C_DigestKey. */ -#define OP_UNUSED 0x0000 -#define OP_ENCRYPT 0x0001 -#define OP_DECRYPT 0x0002 -#define OP_DIGEST 0x0004 -#define OP_SIGN 0x0008 -#define OP_VERIFY 0x0010 -#define OP_SIGNRECOVER 0x0020 -#define OP_VERIFYRECOVER 0x0040 #define MODE_SINGLE 0x0100 #define MODE_UPDATE 0x0200 #define MODE_UPDATE_WITHKEY 0x0400 @@ -301,7 +289,7 @@ * Part of a meta_session_t, used to track active operations. */ typedef struct opinfo { - int type; + CK_FLAGS type; slot_session_t *session; mechinfo_t *stats; } operation_info_t; @@ -414,7 +402,7 @@ * C_GetOperationState. */ typedef struct opstate_data { - int op_type; + CK_FLAGS op_type; CK_ULONG op_slotnum; CK_ULONG op_state_len; } opstate_data_t; @@ -562,18 +550,18 @@ void meta_mechManager_finalize(); CK_RV meta_mechManager_get_mechs(CK_MECHANISM_TYPE *list, CK_ULONG *listsize); CK_RV meta_mechManager_get_slots(mech_support_info_t *mech_support_info, - boolean_t force_update); + boolean_t force_update, CK_MECHANISM_INFO *mech_info); CK_RV meta_mechManager_slot_supports_mech(CK_MECHANISM_TYPE mechanism, CK_ULONG slotnum, boolean_t *supports, mechinfo_t **slot_info, - boolean_t force_update); + boolean_t force_update, CK_MECHANISM_INFO *mech_info); -CK_RV meta_operation_init(int optype, meta_session_t *session, +CK_RV meta_operation_init(CK_FLAGS optype, meta_session_t *session, CK_MECHANISM *pMechanism, meta_object_t *key); -CK_RV meta_do_operation(int optype, int mode, +CK_RV meta_do_operation(CK_FLAGS optype, int mode, meta_session_t *session, meta_object_t *object, CK_BYTE *in, CK_ULONG inLen, CK_BYTE *out, CK_ULONG *outLen); -void meta_operation_cleanup(meta_session_t *session, int optype, +void meta_operation_cleanup(meta_session_t *session, CK_FLAGS optype, boolean_t finished_normally); CK_RV meta_generate_keys(meta_session_t *session, CK_MECHANISM *pMechanism, @@ -826,4 +814,4 @@ } #endif -#endif /* _METAGLOBAL_H */ +#endif /* _META_GLOBAL_H */
--- a/usr/src/lib/pkcs11/libpkcs11/common/metaMechManager.c Tue May 29 09:22:11 2007 -0700 +++ b/usr/src/lib/pkcs11/libpkcs11/common/metaMechManager.c Tue May 29 09:35:41 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -214,12 +213,13 @@ */ CK_RV meta_mechManager_get_slots(mech_support_info_t *mech_support_info, - boolean_t force_update) + boolean_t force_update, CK_MECHANISM_INFO *mech_info) { CK_RV rv; boolean_t found; CK_ULONG i, num_slots; unsigned long index, num_found = 0; + CK_MECHANISM_INFO info; rv = meta_mechManager_update_mech(mech_support_info->mech, force_update); @@ -240,6 +240,13 @@ !mechlist[index].slots[i].supported) continue; + if (mech_info) { + info = mechlist[index].slots[i].mechanism_info; + if (!(info.flags & mech_info->flags)) { + continue; + } + } + num_found++; (mech_support_info->supporting_slots)[num_found - 1] = &mechlist[index].slots[i]; @@ -384,11 +391,11 @@ /* Sort the mechanisms by value. */ qsort(slot_mechlist, slot_mechlistsize, sizeof (CK_MECHANISM_TYPE), - qsort_mechtypes); + qsort_mechtypes); /* Ensure list contains the mechanisms. */ rv = meta_mechManager_allocmechs(slot_mechlist, slot_mechlistsize, - &index); + &index); if (rv != CKR_OK) goto finish; @@ -459,7 +466,7 @@ mechlist[index].slots[slotnum].initialized = B_TRUE; mechlist[index].slots[slotnum].supported = B_FALSE; bzero(&mechlist[index].slots[slotnum].mechanism_info, - sizeof (CK_MECHANISM_INFO)); + sizeof (CK_MECHANISM_INFO)); goto finish; } @@ -473,7 +480,7 @@ mechlist[index].slots[slotnum].initialized = B_TRUE; mechlist[index].slots[slotnum].supported = B_FALSE; bzero(&mechlist[index].slots[slotnum].mechanism_info, - sizeof (CK_MECHANISM_INFO)); + sizeof (CK_MECHANISM_INFO)); } finish: @@ -530,7 +537,7 @@ mechinfo_t *new_mechinfos; new_mechinfos = calloc(meta_slotManager_get_slotcount(), - sizeof (mechinfo_t)); + sizeof (mechinfo_t)); if (new_mechinfos == NULL) { rv = CKR_HOST_MEMORY; goto finish; @@ -544,8 +551,8 @@ mechlist_t *newmechlist; newmechlist = realloc(mechlist, - 2 * true_mechlist_size * - sizeof (mechlist_t)); + 2 * true_mechlist_size * + sizeof (mechlist_t)); if (newmechlist == NULL) { rv = CKR_HOST_MEMORY; @@ -559,7 +566,7 @@ /* Shift existing entries to make space. */ (void) memmove(&mechlist[index+1], &mechlist[index], - (num_mechs - index) * sizeof (mechlist_t)); + (num_mechs - index) * sizeof (mechlist_t)); num_mechs++; mechlist[index].type = new_mechs[i]; @@ -638,12 +645,13 @@ CK_RV meta_mechManager_slot_supports_mech(CK_MECHANISM_TYPE mechanism, CK_ULONG slotnum, boolean_t *supports, mechinfo_t **slot_info, - boolean_t force_update) + boolean_t force_update, CK_MECHANISM_INFO *mech_info) { boolean_t found; CK_RV rv; unsigned long index; + CK_MECHANISM_INFO info; *supports = B_FALSE; @@ -660,6 +668,12 @@ if ((mechlist[index].slots[slotnum].initialized) && (mechlist[index].slots[slotnum].supported)) { + if (mech_info) { + info = mechlist[index].slots[slotnum].mechanism_info; + if (!(info.flags & mech_info->flags)) { + goto finish; + } + } *supports = B_TRUE; if (slot_info) { *slot_info = &(mechlist[index].slots[slotnum]);
--- a/usr/src/lib/pkcs11/libpkcs11/common/metaObjectManager.c Tue May 29 09:22:11 2007 -0700 +++ b/usr/src/lib/pkcs11/libpkcs11/common/metaObjectManager.c Tue May 29 09:35:41 2007 -0700 @@ -562,8 +562,8 @@ if (clone == NULL) continue; if (nukeSourceObj || (!object->isToken && - !(object->isFreeToken == FREE_ENABLED && - get_keystore_slotnum() == slotnum))) { + !(object->isFreeToken == FREE_ENABLED && + get_keystore_slotnum() == slotnum))) { rv = meta_get_slot_session(slotnum, &obj_session, object->creator_session->session_flags); @@ -999,10 +999,9 @@ object->clone_template_size, &(new_clone->hObject)); if (free_token_index != -1) { - free_token_index = set_template_boolean( - CKA_TOKEN, object->clone_template, - object->clone_template_size, - B_FALSE, &falsevalue); + free_token_index = set_template_boolean(CKA_TOKEN, + object->clone_template, object->clone_template_size, + B_FALSE, &falsevalue); } if (rv != CKR_OK) { @@ -1027,6 +1026,9 @@ int i; boolean_t src_supports, dst_supports; CK_RV rv; + CK_MECHANISM_INFO mech_info; + + mech_info.flags = CKF_WRAP; for (i = 0; i < num_info; i++) { src_supports = B_FALSE; @@ -1034,14 +1036,14 @@ rv = meta_mechManager_slot_supports_mech( (wrap_info[i]).mech_type, src_slotnum, - &src_supports, NULL, B_FALSE); + &src_supports, NULL, B_FALSE, &mech_info); if (rv != CKR_OK) { return (rv); } rv = meta_mechManager_slot_supports_mech( (wrap_info[i]).mech_type, dst_slotnum, - &dst_supports, NULL, B_FALSE); + &dst_supports, NULL, B_FALSE, &mech_info); if (rv != CKR_OK) { return (rv); } @@ -1078,6 +1080,9 @@ int i; boolean_t src_supports = B_FALSE, dst_supports = B_FALSE; int first_src_mech, rsa_first_src_mech, first_both_mech; + CK_MECHANISM_INFO mech_info; + + mech_info.flags = CKF_WRAP; if ((obj_class == CKO_PRIVATE_KEY) && (key_type == CKK_KEA)) { /* @@ -1096,14 +1101,14 @@ rv = meta_mechManager_slot_supports_mech( (special_wrap_info[i]).mech_type, src_slotnum, - &src_supports, NULL, B_FALSE); + &src_supports, NULL, B_FALSE, &mech_info); if (rv != CKR_OK) { goto finish; } rv = meta_mechManager_slot_supports_mech( (special_wrap_info[i]).mech_type, dst_slotnum, - &dst_supports, NULL, B_FALSE); + &dst_supports, NULL, B_FALSE, &mech_info); if (rv != CKR_OK) { goto finish; } @@ -1625,7 +1630,7 @@ for (i = 0; i < num_attributes; i++) { if (!attributes[i].isCloneAttr || (attributes[i].attribute.type == CKA_TOKEN && - object->isFreeToken == FREE_DISABLED)) { + object->isFreeToken == FREE_DISABLED)) { continue; } if ((!(attributes[i].hasValueForClone)) && @@ -1635,7 +1640,7 @@ clone_template[c].type = attributes[i].attribute.type; clone_template[c].ulValueLen = - attributes[i].attribute.ulValueLen; + attributes[i].attribute.ulValueLen; /* Allocate space to store the attribute value. */ clone_template[c].pValue = malloc(clone_template[c].ulValueLen); if (clone_template[c].pValue == NULL) { @@ -1836,7 +1841,7 @@ */ if (!metaslot_auto_key_migrate || (!object->isToken && !object->isSensitive && - meta_slotManager_get_slotcount() < 2)) + meta_slotManager_get_slotcount() < 2)) goto failure; /* @@ -1857,8 +1862,7 @@ * for supported FreeObject mechs */ } else if (tmpl_len > 0) { - if (!get_template_ulong(CKA_KEY_TYPE, tmpl, tmpl_len, - &keytype)) + if (!get_template_ulong(CKA_KEY_TYPE, tmpl, tmpl_len, &keytype)) goto failure; switch (keytype) { @@ -1878,7 +1882,7 @@ goto failure; /* Get the slot that support this mech... */ - if (meta_mechManager_get_slots(info, B_FALSE) != CKR_OK) + if (meta_mechManager_get_slots(info, B_FALSE, NULL) != CKR_OK) goto failure; /* @@ -1928,8 +1932,8 @@ if (!create) { /* Turn off the Sensitive flag */ if (object->isSensitive) { - if (set_template_boolean(CKA_SENSITIVE, tmpl, - tmpl_len, B_TRUE, &falsevalue) == -1) + if (set_template_boolean(CKA_SENSITIVE, tmpl, tmpl_len, + B_TRUE, &falsevalue) == -1) goto failure; object->isFreeObject = FREE_ENABLED; @@ -1937,8 +1941,8 @@ /* Turn off the Private flag */ if (object->isPrivate) { - if (set_template_boolean(CKA_PRIVATE, tmpl, - tmpl_len, B_TRUE, &falsevalue) == -1) + if (set_template_boolean(CKA_PRIVATE, tmpl, tmpl_len, + B_TRUE, &falsevalue) == -1) goto failure; object->isFreeObject = FREE_ENABLED; @@ -1986,7 +1990,7 @@ return (CKR_OK); if (set_template_boolean(CKA_TOKEN, tmpl, tmpl_len, B_TRUE, - &truevalue) == -1) + &truevalue) == -1) return (CKR_FUNCTION_FAILED); } else { @@ -1995,7 +1999,7 @@ return (CKR_OK); if (set_template_boolean(CKA_TOKEN, tmpl, tmpl_len, B_TRUE, - &falsevalue) == -1) + &falsevalue) == -1) return (CKR_FUNCTION_FAILED); *current_value = FALSE; @@ -2088,7 +2092,7 @@ /* Create the new CKA_PRIVATE one */ rv = FUNCLIST(slot_session->fw_st_id)->\ C_CopyObject(slot_session->hSession, - object->clones[slotnum]->hObject, attr, 1, &new_clone); + object->clones[slotnum]->hObject, attr, 1, &new_clone); if (rv == CKR_USER_NOT_LOGGED_IN) { /* @@ -2117,7 +2121,7 @@ /* Remove the old object */ rv = FUNCLIST(slot_session->fw_st_id)-> \ C_DestroyObject(slot_session->hSession, - object->clones[slotnum]->hObject); + object->clones[slotnum]->hObject); if (rv != CKR_OK) { meta_release_slot_session(slot_session); goto failure; @@ -2149,7 +2153,7 @@ if (rv == CKR_OK) { rv = FUNCLIST(slot_session->fw_st_id)-> \ C_SetAttributeValue(slot_session->hSession, - object->clones[slotnum]->hObject, attr, 1); + object->clones[slotnum]->hObject, attr, 1); meta_release_slot_session(slot_session); }
--- a/usr/src/lib/pkcs11/libpkcs11/common/metaSession.c Tue May 29 09:22:11 2007 -0700 +++ b/usr/src/lib/pkcs11/libpkcs11/common/metaSession.c Tue May 29 09:35:41 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -224,7 +223,7 @@ CK_ULONG length; *out_length = sizeof (meta_opstate_t); - if (session->op1.type != OP_UNUSED) { + if (session->op1.type != 0) { slot_session = session->op1.session; rv = FUNCLIST(slot_session->fw_st_id)->C_GetOperationState( slot_session->hSession, NULL, &length); @@ -257,7 +256,7 @@ /* * If no operation is active, then bail out. */ - if (session->op1.type == OP_UNUSED) { + if (session->op1.type == 0) { rv = CKR_OPERATION_NOT_INITIALIZED; goto endgetopstate; } @@ -308,12 +307,12 @@ (void) memset(&opstate, 0, sizeof (meta_opstate_t)); opstate.magic_marker = METASLOT_OPSTATE_MAGIC; - if (session->op1.type != OP_UNUSED) { + if (session->op1.type != 0) { slot_session = session->op1.session; opstate.state[0].op_type = session->op1.type; opstate.state[0].op_slotnum = slot_session->slotnum; opstate.state[0].op_state_len = *pulOperationStateLen - - sizeof (meta_opstate_t); + sizeof (meta_opstate_t); rv = FUNCLIST(slot_session->fw_st_id)->C_GetOperationState( slot_session->hSession, pOperationState + sizeof (meta_opstate_t), @@ -337,10 +336,10 @@ endgetopstate: if (rv == CKR_OK && pOperationState != NULL) { (void) memcpy(pOperationState, (void *)&opstate, - sizeof (meta_opstate_t)); + sizeof (meta_opstate_t)); *pulOperationStateLen = sizeof (meta_opstate_t) + - opstate.state[0].op_state_len; + opstate.state[0].op_state_len; } REFRELEASE(session); @@ -355,23 +354,21 @@ CK_BYTE *databuf) { CK_RV rv; - static CK_ULONG encrypt_optypes = (OP_ENCRYPT | OP_DECRYPT); - static CK_ULONG sign_optypes = (OP_SIGN | OP_VERIFY | - OP_SIGNRECOVER | OP_VERIFYRECOVER); + static CK_ULONG encrypt_optypes = (CKF_ENCRYPT | CKF_DECRYPT); + static CK_ULONG sign_optypes = (CKF_SIGN | CKF_VERIFY | + CKF_SIGN_RECOVER | CKF_VERIFY_RECOVER); slot_object_t *enc_key_obj = NULL, *auth_key_obj = NULL; if (state->op_type & encrypt_optypes) { - rv = meta_object_get_clone(meta_enc_key, - slot_session->slotnum, - slot_session, &enc_key_obj); + rv = meta_object_get_clone(meta_enc_key, slot_session->slotnum, + slot_session, &enc_key_obj); if (rv != CKR_OK) { return (rv); } } if (state->op_type & sign_optypes) { - rv = meta_object_get_clone(meta_auth_key, - slot_session->slotnum, - slot_session, &auth_key_obj); + rv = meta_object_get_clone(meta_auth_key, slot_session->slotnum, + slot_session, &auth_key_obj); if (rv != CKR_OK) { return (rv); } @@ -443,7 +440,7 @@ * data is present. Length of state provided must be exact. */ if (ulOperationStateLen != (sizeof (meta_opstate_t) + - opstate.state[0].op_state_len)) + opstate.state[0].op_state_len)) return (CKR_SAVED_STATE_INVALID); rv = meta_handle2session(hSession, &session); @@ -461,27 +458,26 @@ goto cleanup; } - if (opstate.state[0].op_type != OP_UNUSED) { - if (session->op1.type != OP_UNUSED) + if (opstate.state[0].op_type != 0) { + if (session->op1.type != 0) meta_operation_cleanup(session, session->op1.type, - B_FALSE); + B_FALSE); rv = meta_get_slot_session(opstate.state[0].op_slotnum, - &slot_session, session->session_flags); + &slot_session, session->session_flags); if (rv != CKR_OK) goto cleanup; session->op1.type = opstate.state[0].op_type; session->op1.session = slot_session; - rv = meta_set_opstate(slot_session, - meta_enc_key, meta_auth_key, - &(opstate.state[0]), - pOperationState + sizeof (meta_opstate_t)); + rv = meta_set_opstate(slot_session, meta_enc_key, + meta_auth_key, &(opstate.state[0]), + pOperationState + sizeof (meta_opstate_t)); if (rv != CKR_OK) { meta_operation_cleanup(session, session->op1.type, - FALSE); + FALSE); goto cleanup; } }
--- a/usr/src/lib/pkcs11/libpkcs11/common/metaSessionManager.c Tue May 29 09:22:11 2007 -0700 +++ b/usr/src/lib/pkcs11/libpkcs11/common/metaSessionManager.c Tue May 29 09:35:41 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -246,7 +245,7 @@ (void) pthread_rwlock_unlock(&session->session_lock); /* Cleanup any in-progress operations. */ - if (session->op1.type != OP_UNUSED) { + if (session->op1.type != 0) { meta_operation_cleanup(session, session->op1.type, FALSE); } @@ -328,7 +327,7 @@ * it can be reused (otherwise provider might complain that an * operation is active). */ - if (session->op1.type != OP_UNUSED) + if (session->op1.type != 0) meta_operation_cleanup(session, session->op1.type, FALSE); /* Final object cleanup. */
--- a/usr/src/lib/pkcs11/libpkcs11/common/metaSign.c Tue May 29 09:22:11 2007 -0700 +++ b/usr/src/lib/pkcs11/libpkcs11/common/metaSign.c Tue May 29 09:35:41 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -59,7 +58,7 @@ return (rv); } - rv = meta_operation_init(OP_SIGN, session, pMechanism, key); + rv = meta_operation_init(CKF_SIGN, session, pMechanism, key); OBJRELEASE(key); REFRELEASE(session); @@ -85,12 +84,12 @@ return (rv); if (pData == NULL || pulSignatureLen == NULL) { - meta_operation_cleanup(session, OP_SIGN, FALSE); + meta_operation_cleanup(session, CKF_SIGN, FALSE); REFRELEASE(session); return (CKR_ARGUMENTS_BAD); } - rv = meta_do_operation(OP_SIGN, MODE_SINGLE, session, NULL, + rv = meta_do_operation(CKF_SIGN, MODE_SINGLE, session, NULL, pData, ulDataLen, pSignature, pulSignatureLen); REFRELEASE(session); @@ -115,12 +114,12 @@ return (rv); if (pPart == NULL) { - meta_operation_cleanup(session, OP_SIGN, FALSE); + meta_operation_cleanup(session, CKF_SIGN, FALSE); REFRELEASE(session); return (CKR_ARGUMENTS_BAD); } - rv = meta_do_operation(OP_SIGN, MODE_UPDATE, session, NULL, + rv = meta_do_operation(CKF_SIGN, MODE_UPDATE, session, NULL, pPart, ulPartLen, NULL, NULL); REFRELEASE(session); @@ -145,12 +144,12 @@ return (rv); if (pulSignatureLen == NULL) { - meta_operation_cleanup(session, OP_SIGN, FALSE); + meta_operation_cleanup(session, CKF_SIGN, FALSE); REFRELEASE(session); return (CKR_ARGUMENTS_BAD); } - rv = meta_do_operation(OP_SIGN, MODE_FINAL, session, NULL, + rv = meta_do_operation(CKF_SIGN, MODE_FINAL, session, NULL, NULL, 0, pSignature, pulSignatureLen); REFRELEASE(session); @@ -183,7 +182,7 @@ return (rv); } - rv = meta_operation_init(OP_SIGNRECOVER, session, pMechanism, key); + rv = meta_operation_init(CKF_SIGN_RECOVER, session, pMechanism, key); OBJRELEASE(key); REFRELEASE(session); @@ -208,12 +207,12 @@ return (rv); if (pData == NULL || pulSignatureLen == NULL) { - meta_operation_cleanup(session, OP_SIGNRECOVER, FALSE); + meta_operation_cleanup(session, CKF_SIGN_RECOVER, FALSE); REFRELEASE(session); return (CKR_ARGUMENTS_BAD); } - rv = meta_do_operation(OP_SIGNRECOVER, MODE_SINGLE, session, NULL, + rv = meta_do_operation(CKF_SIGN_RECOVER, MODE_SINGLE, session, NULL, pData, ulDataLen, pSignature, pulSignatureLen); REFRELEASE(session);
--- a/usr/src/lib/pkcs11/libpkcs11/common/metaSlotToken.c Tue May 29 09:22:11 2007 -0700 +++ b/usr/src/lib/pkcs11/libpkcs11/common/metaSlotToken.c Tue May 29 09:35:41 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -295,7 +294,7 @@ mech_support_info.mech = type; - rv = meta_mechManager_get_slots(&mech_support_info, TRUE); + rv = meta_mechManager_get_slots(&mech_support_info, TRUE, NULL); if (rv != CKR_OK) { free(mech_support_info.supporting_slots); return (rv);
--- a/usr/src/lib/pkcs11/libpkcs11/common/metaUtil.c Tue May 29 09:22:11 2007 -0700 +++ b/usr/src/lib/pkcs11/libpkcs11/common/metaUtil.c Tue May 29 09:35:41 2007 -0700 @@ -37,7 +37,7 @@ * */ CK_RV -meta_operation_init(int optype, meta_session_t *session, +meta_operation_init(CK_FLAGS optype, meta_session_t *session, CK_MECHANISM *pMechanism, meta_object_t *key) { CK_RV rv, save_rv; @@ -45,15 +45,18 @@ CK_ULONG slotnum; unsigned long i, slotCount = 0; slot_session_t *init_session = NULL; + CK_MECHANISM_INFO mech_info; /* * If an operation is already active, cleanup existing operation * and start a new one. */ - if (session->op1.type != OP_UNUSED) { + if (session->op1.type != 0) { meta_operation_cleanup(session, session->op1.type, B_FALSE); } + mech_info.flags = optype; + /* * Get a list of capable slots. * @@ -65,7 +68,7 @@ ((session->mech_support_info).num_supporting_slots == 0)) { (session->mech_support_info).mech = pMechanism->mechanism; rv = meta_mechManager_get_slots(&(session->mech_support_info), - B_FALSE); + B_FALSE, &mech_info); if (rv != CKR_OK) { goto finish; } @@ -121,9 +124,9 @@ } /* if necessary, ensure a clone of the obj exists in slot */ - if (optype != OP_DIGEST) { + if (optype != CKF_DIGEST) { rv = meta_object_get_clone(key, slotnum, init_session, - &init_key); + &init_key); if (rv != CKR_OK) { goto loop_cleanup; @@ -132,39 +135,39 @@ fw_st_id = init_session->fw_st_id; switch (optype) { - case OP_ENCRYPT: + case CKF_ENCRYPT: rv = FUNCLIST(fw_st_id)->C_EncryptInit( - init_session->hSession, pMechanism, - init_key->hObject); + init_session->hSession, pMechanism, + init_key->hObject); break; - case OP_DECRYPT: + case CKF_DECRYPT: rv = FUNCLIST(fw_st_id)->C_DecryptInit( - init_session->hSession, pMechanism, - init_key->hObject); + init_session->hSession, pMechanism, + init_key->hObject); break; - case OP_DIGEST: + case CKF_DIGEST: rv = FUNCLIST(fw_st_id)->C_DigestInit( - init_session->hSession, pMechanism); + init_session->hSession, pMechanism); break; - case OP_SIGN: + case CKF_SIGN: rv = FUNCLIST(fw_st_id)->C_SignInit( - init_session->hSession, pMechanism, - init_key->hObject); + init_session->hSession, pMechanism, + init_key->hObject); break; - case OP_VERIFY: + case CKF_VERIFY: rv = FUNCLIST(fw_st_id)->C_VerifyInit( - init_session->hSession, pMechanism, - init_key->hObject); + init_session->hSession, pMechanism, + init_key->hObject); break; - case OP_SIGNRECOVER: + case CKF_SIGN_RECOVER: rv = FUNCLIST(fw_st_id)->C_SignRecoverInit( - init_session->hSession, pMechanism, - init_key->hObject); + init_session->hSession, pMechanism, + init_key->hObject); break; - case OP_VERIFYRECOVER: + case CKF_VERIFY_RECOVER: rv = FUNCLIST(fw_st_id)->C_VerifyRecoverInit( - init_session->hSession, pMechanism, - init_key->hObject); + init_session->hSession, pMechanism, + init_key->hObject); break; default: @@ -231,7 +234,7 @@ * this argument (use NULL). */ CK_RV -meta_do_operation(int optype, int mode, +meta_do_operation(CK_FLAGS optype, int mode, meta_session_t *session, meta_object_t *object, CK_BYTE *in, CK_ULONG inLen, CK_BYTE *out, CK_ULONG *outLen) { @@ -259,43 +262,34 @@ /* Do the operation... */ - switch (optype | mode) { - case OP_ENCRYPT | MODE_SINGLE: + if (optype == CKF_ENCRYPT && mode == MODE_SINGLE) { rv = FUNCLIST(fw_st_id)->C_Encrypt(hSession, in, inLen, out, outLen); - break; - case OP_ENCRYPT | MODE_UPDATE: + } else if (optype == CKF_ENCRYPT && mode == MODE_UPDATE) { rv = FUNCLIST(fw_st_id)->C_EncryptUpdate(hSession, in, inLen, out, outLen); - break; - case OP_ENCRYPT | MODE_FINAL: + } else if (optype == CKF_ENCRYPT && mode == MODE_FINAL) { rv = FUNCLIST(fw_st_id)->C_EncryptFinal(hSession, out, outLen); - break; - case OP_DECRYPT | MODE_SINGLE: + } else if (optype == CKF_DECRYPT && mode == MODE_SINGLE) { rv = FUNCLIST(fw_st_id)->C_Decrypt(hSession, in, inLen, out, outLen); - break; - case OP_DECRYPT | MODE_UPDATE: + } else if (optype == CKF_DECRYPT && mode == MODE_UPDATE) { rv = FUNCLIST(fw_st_id)->C_DecryptUpdate(hSession, in, inLen, out, outLen); - break; - case OP_DECRYPT | MODE_FINAL: + } else if (optype == CKF_DECRYPT && mode == MODE_FINAL) { rv = FUNCLIST(fw_st_id)->C_DecryptFinal(hSession, out, outLen); - break; - case OP_DIGEST | MODE_SINGLE: + } else if (optype == CKF_DIGEST && mode == MODE_SINGLE) { rv = FUNCLIST(fw_st_id)->C_Digest(hSession, in, inLen, out, outLen); - break; - case OP_DIGEST | MODE_UPDATE: + } else if (optype == CKF_DIGEST && mode == MODE_UPDATE) { /* noOutputForOp = TRUE; */ rv = FUNCLIST(fw_st_id)->C_DigestUpdate(hSession, in, inLen); - break; - case OP_DIGEST | MODE_UPDATE_WITHKEY: + } else if (optype == CKF_DIGEST && mode == MODE_UPDATE_WITHKEY) { /* noOutputForOp = TRUE; */ /* * For C_DigestKey, a key is provided and @@ -306,60 +300,48 @@ if (rv == CKR_OK) rv = FUNCLIST(fw_st_id)->C_DigestKey(hSession, slot_object->hObject); - break; - case OP_DIGEST | MODE_FINAL: + } else if (optype == CKF_DIGEST && mode == MODE_FINAL) { rv = FUNCLIST(fw_st_id)->C_DigestFinal(hSession, out, outLen); - break; - - case OP_SIGN | MODE_SINGLE: + } else if (optype == CKF_SIGN && mode == MODE_SINGLE) { rv = FUNCLIST(fw_st_id)->C_Sign(hSession, in, inLen, out, outLen); - break; - case OP_SIGN | MODE_UPDATE: + } else if (optype == CKF_SIGN && mode == MODE_UPDATE) { /* noOutputForOp = TRUE; */ rv = FUNCLIST(fw_st_id)->C_SignUpdate(hSession, in, inLen); - break; - case OP_SIGN | MODE_FINAL: + } else if (optype == CKF_SIGN && mode == MODE_FINAL) { rv = FUNCLIST(fw_st_id)->C_SignFinal(hSession, out, outLen); - break; - case OP_VERIFY | MODE_SINGLE: + } else if (optype == CKF_VERIFY && mode == MODE_SINGLE) { /* noOutputForOp = TRUE; */ /* Yes, use *outLen not outLen (think in2/in2Len) */ rv = FUNCLIST(fw_st_id)->C_Verify(hSession, in, inLen, out, *outLen); - break; - case OP_VERIFY | MODE_UPDATE: + } else if (optype == CKF_VERIFY && mode == MODE_UPDATE) { /* noOutputForOp = TRUE; */ rv = FUNCLIST(fw_st_id)->C_VerifyUpdate(hSession, in, inLen); - break; - case OP_VERIFY | MODE_FINAL: + } else if (optype == CKF_VERIFY && mode == MODE_FINAL) { /* noOutputForOp = TRUE; */ /* Yes, use in/inLen instead of out/outLen */ rv = FUNCLIST(fw_st_id)->C_VerifyFinal(hSession, in, inLen); - break; - case OP_SIGNRECOVER | MODE_SINGLE: + } else if (optype == CKF_SIGN_RECOVER && mode == MODE_SINGLE) { rv = FUNCLIST(fw_st_id)->C_SignRecover(hSession, in, inLen, out, outLen); - break; - case OP_VERIFYRECOVER | MODE_SINGLE: + } else if (optype == CKF_VERIFY_RECOVER && mode == MODE_SINGLE) { rv = FUNCLIST(fw_st_id)->C_VerifyRecover(hSession, in, inLen, out, outLen); - break; - default: + } else { rv = CKR_FUNCTION_FAILED; } - /* * Mark the operation type as inactive if an abnormal error * happens, or if the operation normally results in an inactive @@ -377,7 +359,7 @@ * the spec, the operation will remain active. */ if (rv == CKR_BUFFER_TOO_SMALL || - (rv == CKR_OK && out == NULL && optype != OP_VERIFY)) { + (rv == CKR_OK && out == NULL && optype != CKF_VERIFY)) { /* Leave op active for retry (with larger buffer). */ shutdown = B_FALSE; } else if (rv != CKR_OK) { @@ -406,7 +388,7 @@ * the operation to terminate. */ void -meta_operation_cleanup(meta_session_t *session, int optype, +meta_operation_cleanup(meta_session_t *session, CK_FLAGS optype, boolean_t finished_normally) { operation_info_t *op; @@ -438,35 +420,35 @@ */ switch (optype) { - case OP_ENCRYPT: + case CKF_ENCRYPT: (void) FUNCLIST(fw_st_id)->C_EncryptUpdate(hSession, NULL, 8, dummy_buf, NULL); break; - case OP_DECRYPT: + case CKF_DECRYPT: (void) FUNCLIST(fw_st_id)->C_DecryptUpdate(hSession, NULL, 8, dummy_buf, NULL); break; - case OP_DIGEST: + case CKF_DIGEST: (void) FUNCLIST(fw_st_id)->C_DigestUpdate(hSession, NULL, 8); break; - case OP_SIGN: + case CKF_SIGN: (void) FUNCLIST(fw_st_id)->C_SignUpdate(hSession, NULL, 8); break; - case OP_SIGNRECOVER: + case CKF_SIGN_RECOVER: (void) FUNCLIST(fw_st_id)->C_SignRecover(hSession, NULL, 8, dummy_buf, NULL); break; - case OP_VERIFY: + case CKF_VERIFY: (void) FUNCLIST(fw_st_id)->C_VerifyUpdate(hSession, NULL, 8); break; - case OP_VERIFYRECOVER: + case CKF_VERIFY_RECOVER: (void) FUNCLIST(fw_st_id)->C_VerifyRecover(hSession, NULL, 8, dummy_buf, NULL); break; - default: + default: /*NOTREACHED*/ break; } @@ -474,7 +456,7 @@ session->op1.session = NULL; } - session->op1.type = OP_UNUSED; + session->op1.type = 0; } /* @@ -489,7 +471,8 @@ static CK_RV get_slotlist_for_mech(CK_MECHANISM_TYPE mech_type, mech_support_info_t *mech_support_info, - mechinfo_t ***slots, unsigned long *slot_count, boolean_t token_only) + mechinfo_t ***slots, unsigned long *slot_count, boolean_t token_only, + CK_MECHANISM_INFO *mech_info) { boolean_t mech_supported = B_FALSE; CK_RV rv = CKR_OK; @@ -497,7 +480,8 @@ if (token_only) { rv = meta_mechManager_slot_supports_mech(mech_type, get_keystore_slotnum(), &mech_supported, - &((mech_support_info->supporting_slots)[0]), B_FALSE); + &((mech_support_info->supporting_slots)[0]), B_FALSE, + mech_info); if (rv != CKR_OK) { return (rv); @@ -529,7 +513,7 @@ (mech_support_info->num_supporting_slots == 0)) { mech_support_info->mech = mech_type; rv = meta_mechManager_get_slots(mech_support_info, - B_FALSE); + B_FALSE, mech_info); if (rv != CKR_OK) { return (CKR_FUNCTION_FAILED); } @@ -558,6 +542,7 @@ unsigned long i, slotCount = 0; boolean_t doKeyPair = B_FALSE, token_only = B_FALSE; CK_ULONG slotnum; + CK_MECHANISM_INFO mech_info; /* * Since the keygen call is in a loop, it is performance-wise useful * to keep track of the token value @@ -572,12 +557,14 @@ &(key1->isPrivate)); if (!get_template_boolean(CKA_EXTRACTABLE, k1Template, k1AttrCount, - &(key1->isExtractable))) + &(key1->isExtractable))) key1->isExtractable = B_TRUE; if (key1->isToken) current_token1_value = TRUE; + mech_info.flags = CKF_GENERATE; + if (key2) { (void) get_template_boolean(CKA_TOKEN, k2Template, k2AttrCount, &(key2->isToken)); @@ -594,6 +581,7 @@ current_token2_value = TRUE; doKeyPair = B_TRUE; + mech_info.flags = CKF_GENERATE_KEY_PAIR; } @@ -604,20 +592,20 @@ } if (meta_freeobject_check(session, key1, pMechanism, k1Template, - k1AttrCount, NULL)) { + k1AttrCount, NULL)) { if ((key1->isPrivate || (doKeyPair && key2->isPrivate)) && !metaslot_logged_in()) return (CKR_USER_NOT_LOGGED_IN); if (!meta_freeobject_set(key1, k1Template, k1AttrCount, - B_FALSE)) + B_FALSE)) return (CKR_FUNCTION_FAILED); if (doKeyPair) { key2->isFreeObject = FREE_ALLOWED_KEY; if (!meta_freeobject_set(key2, k2Template, k2AttrCount, - B_FALSE)) + B_FALSE)) return (CKR_FUNCTION_FAILED); } @@ -641,7 +629,8 @@ } rv = get_slotlist_for_mech(pMechanism->mechanism, - &(session->mech_support_info), &slots, &slotCount, token_only); + &(session->mech_support_info), &slots, &slotCount, token_only, + &mech_info); if (rv != CKR_OK) { goto finish; @@ -812,14 +801,16 @@ mechinfo_t **slots = NULL; unsigned long i, slotCount = 0; CK_ULONG slotnum; + CK_MECHANISM_INFO mech_info; /* * If the key to be wrapped is a token object, * the operation can only be done in the token object slot. */ + mech_info.flags = CKF_WRAP; rv = get_slotlist_for_mech(pMechanism->mechanism, &(session->mech_support_info), &slots, &slotCount, - inputkey->isToken); + inputkey->isToken, &mech_info); if (rv != CKR_OK) { return (rv); @@ -926,6 +917,7 @@ mechinfo_t **slots = NULL; unsigned long i, slotCount = 0; CK_ULONG slotnum; + CK_MECHANISM_INFO mech_info; /* Can't create token objects in a read-only session. */ if ((IS_READ_ONLY_SESSION(session->session_flags)) && @@ -938,9 +930,10 @@ * needs to be a token object, the operation can only * be performed in the token slot, if it is supported. */ + mech_info.flags = CKF_UNWRAP; rv = get_slotlist_for_mech(pMechanism->mechanism, &(session->mech_support_info), &slots, &slotCount, - unwrapped_key->isToken); + unwrapped_key->isToken, &mech_info); if (rv != CKR_OK) { return (rv); @@ -1082,8 +1075,9 @@ unsigned long i, slot_count = 0; slot_session_t *derive_session = NULL; slot_object_t *slot_basekey1 = NULL, *slot_basekey2 = NULL; - slot_object_t *slotkey1 = NULL, *slotkey2 = NULL, - *slotkey3 = NULL, *slotkey4 = NULL; + slot_object_t *slotkey1 = NULL, *slotkey2 = NULL, *slotkey3 = NULL, + *slotkey4 = NULL; + CK_MECHANISM_INFO mech_info; CK_BBOOL current_token_value = FALSE; /* @@ -1108,19 +1102,20 @@ } if (meta_freeobject_check(session, newKey1, pMechanism, pTemplate, - ulAttributeCount, NULL)) { + ulAttributeCount, NULL)) { if (newKey1->isPrivate && !metaslot_logged_in()) return (CKR_USER_NOT_LOGGED_IN); if (!meta_freeobject_set(newKey1, pTemplate, ulAttributeCount, - B_FALSE)) + B_FALSE)) return (CKR_FUNCTION_FAILED); } + mech_info.flags = CKF_DERIVE; rv = get_slotlist_for_mech(pMechanism->mechanism, &(session->mech_support_info), &slots, &slot_count, - newKey1->isToken); + newKey1->isToken, &mech_info); if (rv != CKR_OK) { return (rv); @@ -1275,16 +1270,16 @@ newKey4->master_clone_slotnum = slotnum; meta_slot_object_activate(slotkey1, derive_session, - newKey1->isToken); + newKey1->isToken); slotkey1 = NULL; meta_slot_object_activate(slotkey2, derive_session, - newKey2->isToken); + newKey2->isToken); slotkey2 = NULL; meta_slot_object_activate(slotkey3, derive_session, - newKey3->isToken); + newKey3->isToken); slotkey3 = NULL; meta_slot_object_activate(slotkey4, derive_session, - newKey4->isToken); + newKey4->isToken); slotkey4 = NULL; } else { @@ -1299,7 +1294,7 @@ } meta_slot_object_activate(slotkey1, derive_session, - newKey1->isToken); + newKey1->isToken); slotkey1 = NULL; }
--- a/usr/src/lib/pkcs11/libpkcs11/common/metaVerify.c Tue May 29 09:22:11 2007 -0700 +++ b/usr/src/lib/pkcs11/libpkcs11/common/metaVerify.c Tue May 29 09:35:41 2007 -0700 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -59,7 +58,7 @@ return (rv); } - rv = meta_operation_init(OP_VERIFY, session, pMechanism, key); + rv = meta_operation_init(CKF_VERIFY, session, pMechanism, key); OBJRELEASE(key); REFRELEASE(session); @@ -85,13 +84,13 @@ /* Note: unlike other ops, both buffers are inputs, and required. */ if (pData == NULL || pSignature == NULL) { - meta_operation_cleanup(session, OP_VERIFY, FALSE); + meta_operation_cleanup(session, CKF_VERIFY, FALSE); REFRELEASE(session); return (CKR_ARGUMENTS_BAD); } - rv = meta_do_operation(OP_VERIFY, MODE_SINGLE, session, NULL, - pData, ulDataLen, pSignature, &ulSignatureLen); + rv = meta_do_operation(CKF_VERIFY, MODE_SINGLE, session, NULL, + pData, ulDataLen, pSignature, &ulSignatureLen); REFRELEASE(session); @@ -115,13 +114,13 @@ return (rv); if (pPart == NULL) { - meta_operation_cleanup(session, OP_VERIFY, FALSE); + meta_operation_cleanup(session, CKF_VERIFY, FALSE); REFRELEASE(session); return (CKR_ARGUMENTS_BAD); } - rv = meta_do_operation(OP_VERIFY, MODE_UPDATE, session, NULL, - pPart, ulPartLen, NULL, NULL); + rv = meta_do_operation(CKF_VERIFY, MODE_UPDATE, session, NULL, + pPart, ulPartLen, NULL, NULL); REFRELEASE(session); @@ -149,13 +148,13 @@ * no more input. */ if (pSignature == NULL && ulSignatureLen != 0) { - meta_operation_cleanup(session, OP_VERIFY, FALSE); + meta_operation_cleanup(session, CKF_VERIFY, FALSE); REFRELEASE(session); return (CKR_ARGUMENTS_BAD); } - rv = meta_do_operation(OP_VERIFY, MODE_FINAL, session, NULL, - pSignature, ulSignatureLen, NULL, NULL); + rv = meta_do_operation(CKF_VERIFY, MODE_FINAL, session, NULL, + pSignature, ulSignatureLen, NULL, NULL); REFRELEASE(session); @@ -188,7 +187,7 @@ return (rv); } - rv = meta_operation_init(OP_VERIFYRECOVER, session, pMechanism, key); + rv = meta_operation_init(CKF_VERIFY_RECOVER, session, pMechanism, key); OBJRELEASE(key); REFRELEASE(session); @@ -213,13 +212,13 @@ return (rv); if (pSignature == NULL || pulDataLen == NULL) { - meta_operation_cleanup(session, OP_VERIFYRECOVER, FALSE); + meta_operation_cleanup(session, CKF_VERIFY_RECOVER, FALSE); REFRELEASE(session); return (CKR_ARGUMENTS_BAD); } - rv = meta_do_operation(OP_VERIFYRECOVER, MODE_SINGLE, session, NULL, - pSignature, ulSignatureLen, pData, pulDataLen); + rv = meta_do_operation(CKF_VERIFY_RECOVER, MODE_SINGLE, session, NULL, + pSignature, ulSignatureLen, pData, pulDataLen); REFRELEASE(session);