Mercurial > illumos > nfs4.1

changeset 6145:0f466480ceaf onnv_85

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
6665767 create pkcs11 sessions based on criteria beyond just matching mechanism
author dinak
date Mon, 03 Mar 2008 19:46:59 -0800
parents 5a5f883be4e5
children 2fbb017f4700
files usr/src/lib/pkcs11/include/cryptoki.h usr/src/lib/pkcs11/libpkcs11/common/mapfile-vers usr/src/lib/pkcs11/libpkcs11/common/pkcs11SUNWExtensions.c
diffstat 3 files changed, 119 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/usr/src/lib/pkcs11/include/cryptoki.h	Mon Mar 03 17:05:43 2008 -0800
+++ b/usr/src/lib/pkcs11/include/cryptoki.h	Mon Mar 03 19:46:59 2008 -0800
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2007 Sun Microsystems, Inc.   All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc.   All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -85,6 +85,16 @@
 #include <stdlib.h>
 
 /*
+ * pkcs11_GetCriteriaSession will initialize the framework and do all
+ * the necessary work of calling C_GetSlotList(), C_GetMechanismInfo()
+ * C_OpenSession() to create a session that meets all the criteria in
+ * the given function pointer.
+ */
+CK_RV pkcs11_GetCriteriaSession(
+    boolean_t (*criteria)(CK_SLOT_ID slot_id, void *args, CK_RV *rv),
+    void *args, CK_SESSION_HANDLE_PTR hSession);
+
+/*
  * SUNW_C_GetMechSession will initialize the framework and do all
  * the necessary PKCS#11 calls to create a session capable of
  * providing operations on the requested mechanism
--- a/usr/src/lib/pkcs11/libpkcs11/common/mapfile-vers	Mon Mar 03 17:05:43 2008 -0800
+++ b/usr/src/lib/pkcs11/libpkcs11/common/mapfile-vers	Mon Mar 03 19:46:59 2008 -0800
@@ -19,7 +19,7 @@
 # CDDL HEADER END
 #
 #
-# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
 # ident	"%Z%%M%	%I%	%E% SMI"
@@ -103,6 +103,7 @@
 
 SUNWprivate {
     global:
+	pkcs11_GetCriteriaSession;
 	pkcs11_ObjectToKey;
 	pkcs11_PasswdToPBKD2Object;
 	pkcs11_PasswdToKey;
--- a/usr/src/lib/pkcs11/libpkcs11/common/pkcs11SUNWExtensions.c	Mon Mar 03 17:05:43 2008 -0800
+++ b/usr/src/lib/pkcs11/libpkcs11/common/pkcs11SUNWExtensions.c	Mon Mar 03 19:46:59 2008 -0800
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -91,11 +91,108 @@
 	{CKK_CDMF, 8}, {CKK_SKIPJACK, 12}, {CKK_BATON, 40}, {CKK_JUNIPER, 40}
 };
 
+/*
+ * match_mech is an example of many possible criteria functions.
+ * It matches the given mech type (in args) with the slot's mech info.
+ * If no match is found, pkcs11_GetCriteriaSession is asked to return
+ * CKR_MECHANISM_INVALID.
+ */
+boolean_t
+match_mech(CK_SLOT_ID slot_id, void *args, CK_RV *rv)
+{
+	CK_MECHANISM_INFO mech_info;
+	CK_MECHANISM_TYPE mech = (CK_MECHANISM_TYPE)args;
+
+	*rv = CKR_MECHANISM_INVALID;
+	return (C_GetMechanismInfo(slot_id, mech, &mech_info) == CKR_OK);
+}
+
+/*
+ * pkcs11_GetCriteriaSession will initialize the framework and do all
+ * the necessary work of calling C_GetSlotList(), C_GetMechanismInfo()
+ * C_OpenSession() to create a session that meets all the criteria in
+ * the given function pointer.
+ *
+ * The criteria function must return a boolean value of true or false.
+ * The arguments to the function are the current slot id, an opaque
+ * args value that is passed through to the function, and the error
+ * value pkcs11_GetCriteriaSession should return if no slot id meets the
+ * criteria.
+ *
+ * If the function is called multiple times, it will return a new session
+ * without reinitializing the framework.
+ */
+CK_RV
+pkcs11_GetCriteriaSession(
+    boolean_t (*criteria)(CK_SLOT_ID slot_id, void *args, CK_RV *rv),
+    void *args, CK_SESSION_HANDLE_PTR hSession)
+{
+	CK_RV rv;
+	CK_ULONG slotcount;
+	CK_SLOT_ID_PTR slot_list;
+	CK_SLOT_ID slot_id;
+	CK_ULONG i;
+
+	if (hSession == NULL || criteria == NULL) {
+		return (CKR_ARGUMENTS_BAD);
+	}
+
+	/* initialize PKCS #11 */
+	if (!pkcs11_initialized) {
+		rv = C_Initialize(NULL);
+		if ((rv != CKR_OK) &&
+		    (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED)) {
+			return (rv);
+		}
+	}
+
+	/* get slot count */
+	rv = C_GetSlotList(0, NULL, &slotcount);
+	if (rv != CKR_OK) {
+		return (rv);
+	}
+
+	if (slotcount == 0) {
+		return (CKR_FUNCTION_FAILED);
+	}
+
+
+	/* allocate memory for slot list */
+	slot_list = malloc(slotcount * sizeof (CK_SLOT_ID));
+	if (slot_list == NULL) {
+		return (CKR_HOST_MEMORY);
+	}
+
+	if ((rv = C_GetSlotList(0, slot_list, &slotcount)) != CKR_OK) {
+		free(slot_list);
+		return (rv);
+	}
+
+	/* find slot with matching criteria */
+	for (i = 0; i < slotcount; i++) {
+		slot_id = slot_list[i];
+		if ((*criteria)(slot_id, args, &rv)) {
+			break;
+		}
+	}
+
+	if (i == slotcount) {
+		/* no matching slot found */
+		free(slot_list);
+		return (rv);	/* this rv is from the criteria function */
+	}
+
+	rv = C_OpenSession(slot_id, CKF_SERIAL_SESSION, NULL,
+	    NULL, hSession);
+
+	free(slot_list);
+	return (rv);
+}
 
 /*
  * SUNW_C_GetMechSession will initialize the framework and do all
  * of the neccessary work of calling C_GetSlotList(), C_GetMechanismInfo()
- * C_OpenSession() to provide a session capable of providing the requested
+ * C_OpenSession() to create a session capable of providing the requested
  * mechanism.
  *
  * If the function is called multiple times, it will return a new session
@@ -104,6 +201,13 @@
 CK_RV
 SUNW_C_GetMechSession(CK_MECHANISM_TYPE mech, CK_SESSION_HANDLE_PTR hSession)
 {
+	/*
+	 * All the code in this function can be replaced with one line:
+	 *
+	 * return (pkcs11_GetCriteriaSession(match_mech, (void *)mech,
+	 *	hSession));
+	 *
+	 */
 	CK_RV rv;
 	CK_ULONG slotcount;
 	CK_SLOT_ID_PTR slot_list;