Mercurial > illumos > nfs4.1
changeset 6145:0f466480ceaf onnv_85
6665767 create pkcs11 sessions based on criteria beyond just matching mechanism
author | dinak |
---|---|
date | Mon, 03 Mar 2008 19:46:59 -0800 |
parents | 5a5f883be4e5 |
children | 2fbb017f4700 |
files | usr/src/lib/pkcs11/include/cryptoki.h usr/src/lib/pkcs11/libpkcs11/common/mapfile-vers usr/src/lib/pkcs11/libpkcs11/common/pkcs11SUNWExtensions.c |
diffstat | 3 files changed, 119 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/usr/src/lib/pkcs11/include/cryptoki.h Mon Mar 03 17:05:43 2008 -0800 +++ b/usr/src/lib/pkcs11/include/cryptoki.h Mon Mar 03 19:46:59 2008 -0800 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2007 Sun Microsystems, Inc. All rights reserved. + * Copyright 2008 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -85,6 +85,16 @@ #include <stdlib.h> /* + * pkcs11_GetCriteriaSession will initialize the framework and do all + * the necessary work of calling C_GetSlotList(), C_GetMechanismInfo() + * C_OpenSession() to create a session that meets all the criteria in + * the given function pointer. + */ +CK_RV pkcs11_GetCriteriaSession( + boolean_t (*criteria)(CK_SLOT_ID slot_id, void *args, CK_RV *rv), + void *args, CK_SESSION_HANDLE_PTR hSession); + +/* * SUNW_C_GetMechSession will initialize the framework and do all * the necessary PKCS#11 calls to create a session capable of * providing operations on the requested mechanism
--- a/usr/src/lib/pkcs11/libpkcs11/common/mapfile-vers Mon Mar 03 17:05:43 2008 -0800 +++ b/usr/src/lib/pkcs11/libpkcs11/common/mapfile-vers Mon Mar 03 19:46:59 2008 -0800 @@ -19,7 +19,7 @@ # CDDL HEADER END # # -# Copyright 2007 Sun Microsystems, Inc. All rights reserved. +# Copyright 2008 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # ident "%Z%%M% %I% %E% SMI" @@ -103,6 +103,7 @@ SUNWprivate { global: + pkcs11_GetCriteriaSession; pkcs11_ObjectToKey; pkcs11_PasswdToPBKD2Object; pkcs11_PasswdToKey;
--- a/usr/src/lib/pkcs11/libpkcs11/common/pkcs11SUNWExtensions.c Mon Mar 03 17:05:43 2008 -0800 +++ b/usr/src/lib/pkcs11/libpkcs11/common/pkcs11SUNWExtensions.c Mon Mar 03 19:46:59 2008 -0800 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2007 Sun Microsystems, Inc. All rights reserved. + * Copyright 2008 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -91,11 +91,108 @@ {CKK_CDMF, 8}, {CKK_SKIPJACK, 12}, {CKK_BATON, 40}, {CKK_JUNIPER, 40} }; +/* + * match_mech is an example of many possible criteria functions. + * It matches the given mech type (in args) with the slot's mech info. + * If no match is found, pkcs11_GetCriteriaSession is asked to return + * CKR_MECHANISM_INVALID. + */ +boolean_t +match_mech(CK_SLOT_ID slot_id, void *args, CK_RV *rv) +{ + CK_MECHANISM_INFO mech_info; + CK_MECHANISM_TYPE mech = (CK_MECHANISM_TYPE)args; + + *rv = CKR_MECHANISM_INVALID; + return (C_GetMechanismInfo(slot_id, mech, &mech_info) == CKR_OK); +} + +/* + * pkcs11_GetCriteriaSession will initialize the framework and do all + * the necessary work of calling C_GetSlotList(), C_GetMechanismInfo() + * C_OpenSession() to create a session that meets all the criteria in + * the given function pointer. + * + * The criteria function must return a boolean value of true or false. + * The arguments to the function are the current slot id, an opaque + * args value that is passed through to the function, and the error + * value pkcs11_GetCriteriaSession should return if no slot id meets the + * criteria. + * + * If the function is called multiple times, it will return a new session + * without reinitializing the framework. + */ +CK_RV +pkcs11_GetCriteriaSession( + boolean_t (*criteria)(CK_SLOT_ID slot_id, void *args, CK_RV *rv), + void *args, CK_SESSION_HANDLE_PTR hSession) +{ + CK_RV rv; + CK_ULONG slotcount; + CK_SLOT_ID_PTR slot_list; + CK_SLOT_ID slot_id; + CK_ULONG i; + + if (hSession == NULL || criteria == NULL) { + return (CKR_ARGUMENTS_BAD); + } + + /* initialize PKCS #11 */ + if (!pkcs11_initialized) { + rv = C_Initialize(NULL); + if ((rv != CKR_OK) && + (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED)) { + return (rv); + } + } + + /* get slot count */ + rv = C_GetSlotList(0, NULL, &slotcount); + if (rv != CKR_OK) { + return (rv); + } + + if (slotcount == 0) { + return (CKR_FUNCTION_FAILED); + } + + + /* allocate memory for slot list */ + slot_list = malloc(slotcount * sizeof (CK_SLOT_ID)); + if (slot_list == NULL) { + return (CKR_HOST_MEMORY); + } + + if ((rv = C_GetSlotList(0, slot_list, &slotcount)) != CKR_OK) { + free(slot_list); + return (rv); + } + + /* find slot with matching criteria */ + for (i = 0; i < slotcount; i++) { + slot_id = slot_list[i]; + if ((*criteria)(slot_id, args, &rv)) { + break; + } + } + + if (i == slotcount) { + /* no matching slot found */ + free(slot_list); + return (rv); /* this rv is from the criteria function */ + } + + rv = C_OpenSession(slot_id, CKF_SERIAL_SESSION, NULL, + NULL, hSession); + + free(slot_list); + return (rv); +} /* * SUNW_C_GetMechSession will initialize the framework and do all * of the neccessary work of calling C_GetSlotList(), C_GetMechanismInfo() - * C_OpenSession() to provide a session capable of providing the requested + * C_OpenSession() to create a session capable of providing the requested * mechanism. * * If the function is called multiple times, it will return a new session @@ -104,6 +201,13 @@ CK_RV SUNW_C_GetMechSession(CK_MECHANISM_TYPE mech, CK_SESSION_HANDLE_PTR hSession) { + /* + * All the code in this function can be replaced with one line: + * + * return (pkcs11_GetCriteriaSession(match_mech, (void *)mech, + * hSession)); + * + */ CK_RV rv; CK_ULONG slotcount; CK_SLOT_ID_PTR slot_list;