From 561ee23f218c7a68a2ef46525502f978e56fc1bb Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Tue, 29 Nov 2016 13:30:55 +0100 Subject: MOVED TO: https://github.com/p11-glue/p11-kit This repository has moved to GitHub to allow further contributions and more flexibility who can merge changes. More details here: https://lists.freedesktop.org/archives/p11-glue/2016-November/000626.html --- trust/module.c | 1837 -------------------------------------------------------- 1 file changed, 1837 deletions(-) delete mode 100644 trust/module.c (limited to 'trust/module.c') diff --git a/trust/module.c b/trust/module.c deleted file mode 100644 index 7fce465..0000000 --- a/trust/module.c +++ /dev/null @@ -1,1837 +0,0 @@ -/* - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#define CRYPTOKI_EXPORTS - -#include "argv.h" -#include "array.h" -#include "attrs.h" -#define P11_DEBUG_FLAG P11_DEBUG_TRUST -#include "debug.h" -#include "dict.h" -#include "library.h" -#include "message.h" -#include "module.h" -#include "parser.h" -#include "path.h" -#include "pkcs11.h" -#include "pkcs11x.h" -#include "session.h" -#include "token.h" - -#include -#include -#include -#include - -#define MANUFACTURER_ID "PKCS#11 Kit " -#define LIBRARY_DESCRIPTION "PKCS#11 Kit Trust Module " -#define TOKEN_MODEL "p11-kit-trust " -#define TOKEN_SERIAL_NUMBER "1 " - -/* Initial slot id: non-zero and non-one */ -#define BASE_SLOT_ID 18UL - -static struct _Shared { - int initialized; - p11_dict *sessions; - p11_array *tokens; - char *paths; -} gl = { 0, NULL, NULL, NULL }; - -/* Used during FindObjects */ -typedef struct _FindObjects { - CK_ATTRIBUTE *match; - CK_OBJECT_HANDLE *snapshot; - CK_ULONG iterator; -} FindObjects; - -static CK_FUNCTION_LIST sys_function_list; - -static void -find_objects_free (void *data) -{ - FindObjects *find = data; - p11_attrs_free (find->match); - free (find->snapshot); - free (find); -} - -static CK_RV -lookup_session (CK_SESSION_HANDLE handle, - p11_session **session) -{ - p11_session *sess; - - if (!gl.sessions) - return CKR_CRYPTOKI_NOT_INITIALIZED; - - sess = p11_dict_get (gl.sessions, &handle); - if (!sess) - return CKR_SESSION_HANDLE_INVALID; - - if (sess && session) - *session = sess; - return CKR_OK; -} - -static CK_ATTRIBUTE * -lookup_object_inlock (p11_session *session, - CK_OBJECT_HANDLE handle, - p11_index **index) -{ - CK_ATTRIBUTE *attrs; - - assert (session != NULL); - - attrs = p11_index_lookup (session->index, handle); - if (attrs) { - if (index) - *index = session->index; - return attrs; - } - - attrs = p11_index_lookup (p11_token_index (session->token), handle); - if (attrs) { - if (index) - *index = p11_token_index (session->token); - return attrs; - } - - return NULL; -} - -static CK_RV -check_index_writable (p11_session *session, - p11_index *index) -{ - if (index == p11_token_index (session->token)) { - if (!p11_token_is_writable (session->token)) - return CKR_TOKEN_WRITE_PROTECTED; - else if (!session->read_write) - return CKR_SESSION_READ_ONLY; - } - - return CKR_OK; -} - -static CK_RV -lookup_slot_inlock (CK_SLOT_ID id, - p11_token **token) -{ - /* - * These are invalid inputs, that well behaved callers should - * not produce, so have them fail precondations - */ - - return_val_if_fail (gl.tokens != NULL, - CKR_CRYPTOKI_NOT_INITIALIZED); - - return_val_if_fail (id >= BASE_SLOT_ID && id - BASE_SLOT_ID < gl.tokens->num, - CKR_SLOT_ID_INVALID); - - if (token) - *token = gl.tokens->elem[id - BASE_SLOT_ID]; - return CKR_OK; -} - -static bool -check_slot (CK_SLOT_ID id) -{ - bool ret; - - p11_lock (); - ret = lookup_slot_inlock (id, NULL) == CKR_OK; - p11_unlock (); - - return ret; -} - -static bool -create_tokens_inlock (p11_array *tokens, - const char *paths) -{ - /* - * TRANSLATORS: These label strings are used in PKCS#11 URIs and - * unfortunately cannot be marked translatable. If localization is - * desired they should be translated in GUI applications. These - * strings will not change arbitrarily. - */ - - struct { - const char *prefix; - const char *label; - } labels[] = { - { "~/", "User Trust" }, - { DATA_DIR, "Default Trust" }, - { SYSCONFDIR, "System Trust" }, - { NULL }, - }; - - p11_token *token; - p11_token *check; - CK_SLOT_ID slot; - const char *path; - const char *label; - char *alloc; - char *remaining; - char *base; - char *pos; - int i; - - p11_debug ("using paths: %s", paths); - - alloc = remaining = strdup (paths); - return_val_if_fail (remaining != NULL, false); - - while (remaining) { - path = remaining; - pos = strchr (remaining, P11_PATH_SEP_C); - if (pos == NULL) { - remaining = NULL; - } else { - pos[0] = '\0'; - remaining = pos + 1; - } - - if (path[0] != '\0') { - /* The slot for the new token */ - slot = BASE_SLOT_ID + tokens->num; - - label = NULL; - base = NULL; - - /* Claim the various labels based on prefix */ - for (i = 0; label == NULL && labels[i].prefix != NULL; i++) { - if (strncmp (path, labels[i].prefix, strlen (labels[i].prefix)) == 0) { - label = labels[i].label; - labels[i].label = NULL; - } - } - - /* Didn't find a label above, then make one based on the path */ - if (!label) { - label = base = p11_path_base (path); - return_val_if_fail (base != NULL, false); - } - - token = p11_token_new (slot, path, label); - return_val_if_fail (token != NULL, false); - - if (!p11_array_push (tokens, token)) - return_val_if_reached (false); - - free (base); - assert (lookup_slot_inlock (slot, &check) == CKR_OK && check == token); - } - } - - free (alloc); - return true; -} - -static void -parse_argument (char *arg, - void *unused) -{ - char *value; - - value = arg + strcspn (arg, ":="); - if (!*value) - value = NULL; - else - *(value++) = 0; - - if (strcmp (arg, "paths") == 0) { - free (gl.paths); - gl.paths = value ? strdup (value) : NULL; - - } else { - p11_message ("unrecognized module argument: %s", arg); - } -} - -static CK_RV -sys_C_Finalize (CK_VOID_PTR reserved) -{ - CK_RV rv = CKR_OK; - - p11_debug ("in"); - - /* WARNING: This function must be reentrant */ - - if (reserved) { - rv = CKR_ARGUMENTS_BAD; - - } else { - p11_lock (); - - if (gl.initialized == 0) { - p11_debug ("trust module is not initialized"); - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - - } else if (gl.initialized == 1) { - p11_debug ("doing finalization"); - - free (gl.paths); - gl.paths = NULL; - - p11_dict_free (gl.sessions); - gl.sessions = NULL; - - p11_array_free (gl.tokens); - gl.tokens = NULL; - - rv = CKR_OK; - gl.initialized = 0; - - } else { - gl.initialized--; - p11_debug ("trust module still initialized %d times", gl.initialized); - } - - p11_unlock (); - } - - p11_debug ("out: 0x%lx", rv); - return rv; -} - -static CK_RV -sys_C_Initialize (CK_VOID_PTR init_args) -{ - static const CK_C_INITIALIZE_ARGS def_args = - { NULL, NULL, NULL, NULL, CKF_OS_LOCKING_OK, NULL, }; - const CK_C_INITIALIZE_ARGS *args = NULL; - int supplied_ok; - CK_RV rv; - - p11_library_init_once (); - - /* WARNING: This function must be reentrant */ - - p11_debug ("in"); - - p11_lock (); - - rv = CKR_OK; - - args = init_args; - if (args == NULL) - args = &def_args; - - /* ALL supplied function pointers need to have the value either NULL or non-NULL. */ - supplied_ok = (args->CreateMutex == NULL && args->DestroyMutex == NULL && - args->LockMutex == NULL && args->UnlockMutex == NULL) || - (args->CreateMutex != NULL && args->DestroyMutex != NULL && - args->LockMutex != NULL && args->UnlockMutex != NULL); - if (!supplied_ok) { - p11_message ("invalid set of mutex calls supplied"); - rv = CKR_ARGUMENTS_BAD; - } - - /* - * When the CKF_OS_LOCKING_OK flag isn't set return an error. - * We must be able to use our pthread functionality. - */ - if (!(args->flags & CKF_OS_LOCKING_OK)) { - p11_message ("can't do without os locking"); - rv = CKR_CANT_LOCK; - } - - if (rv == CKR_OK && gl.initialized != 0) { - p11_debug ("trust module already initialized %d times", - gl.initialized); - - /* - * We support setting the socket path and other arguments from from the - * pReserved pointer, similar to how NSS PKCS#11 components are initialized. - */ - } else if (rv == CKR_OK) { - p11_debug ("doing initialization"); - - if (args->pReserved) - p11_argv_parse ((const char*)args->pReserved, parse_argument, NULL); - - gl.sessions = p11_dict_new (p11_dict_ulongptr_hash, - p11_dict_ulongptr_equal, - NULL, p11_session_free); - - gl.tokens = p11_array_new ((p11_destroyer)p11_token_free); - if (gl.tokens && !create_tokens_inlock (gl.tokens, gl.paths ? gl.paths : TRUST_PATHS)) - gl.tokens = NULL; - - if (gl.sessions == NULL || gl.tokens == NULL) { - warn_if_reached (); - rv = CKR_GENERAL_ERROR; - } - } - - gl.initialized++; - - p11_unlock (); - - if (rv != CKR_OK) - sys_C_Finalize (NULL); - - p11_debug ("out: 0x%lx", rv); - return rv; -} - -static CK_RV -sys_C_GetInfo (CK_INFO_PTR info) -{ - CK_RV rv = CKR_OK; - - p11_library_init_once (); - - p11_debug ("in"); - - return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD); - - p11_lock (); - - if (!gl.sessions) - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - - p11_unlock (); - - if (rv == CKR_OK) { - memset (info, 0, sizeof (*info)); - info->cryptokiVersion.major = CRYPTOKI_VERSION_MAJOR; - info->cryptokiVersion.minor = CRYPTOKI_VERSION_MINOR; - info->libraryVersion.major = PACKAGE_MAJOR; - info->libraryVersion.minor = PACKAGE_MINOR; - info->flags = 0; - strncpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32); - strncpy ((char*)info->libraryDescription, LIBRARY_DESCRIPTION, 32); - } - - p11_debug ("out: 0x%lx", rv); - - return rv; -} - -static CK_RV -sys_C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) -{ - /* Can be called before C_Initialize */ - return_val_if_fail (list != NULL, CKR_ARGUMENTS_BAD); - - *list = &sys_function_list; - return CKR_OK; -} - -static CK_RV -sys_C_GetSlotList (CK_BBOOL token_present, - CK_SLOT_ID_PTR slot_list, - CK_ULONG_PTR count) -{ - CK_RV rv = CKR_OK; - int i; - - return_val_if_fail (count != NULL, CKR_ARGUMENTS_BAD); - - p11_debug ("in"); - - p11_lock (); - - if (!gl.sessions) - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - - p11_unlock (); - - if (rv != CKR_OK) { - /* already failed */ - - } else if (!slot_list) { - *count = gl.tokens->num; - rv = CKR_OK; - - } else if (*count < gl.tokens->num) { - *count = gl.tokens->num; - rv = CKR_BUFFER_TOO_SMALL; - - } else { - for (i = 0; i < gl.tokens->num; i++) - slot_list[i] = BASE_SLOT_ID + i; - *count = gl.tokens->num; - rv = CKR_OK; - } - - p11_debug ("out: 0x%lx", rv); - - return rv; -} - -static CK_RV -sys_C_GetSlotInfo (CK_SLOT_ID id, - CK_SLOT_INFO_PTR info) -{ - CK_RV rv = CKR_OK; - p11_token *token; - const char *path; - size_t length; - - return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD); - - p11_debug ("in"); - p11_lock (); - - rv = lookup_slot_inlock (id, &token); - if (rv == CKR_OK) { - memset (info, 0, sizeof (*info)); - info->firmwareVersion.major = 0; - info->firmwareVersion.minor = 0; - info->hardwareVersion.major = PACKAGE_MAJOR; - info->hardwareVersion.minor = PACKAGE_MINOR; - info->flags = CKF_TOKEN_PRESENT; - strncpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32); - - /* If too long, copy the first 64 characters into buffer */ - path = p11_token_get_path (token); - length = strlen (path); - if (length > sizeof (info->slotDescription)) - length = sizeof (info->slotDescription); - memset (info->slotDescription, ' ', sizeof (info->slotDescription)); - memcpy (info->slotDescription, path, length); - } - - p11_unlock (); - p11_debug ("out: 0x%lx", rv); - - return rv; -} - -static CK_RV -sys_C_GetTokenInfo (CK_SLOT_ID id, - CK_TOKEN_INFO_PTR info) -{ - CK_RV rv = CKR_OK; - p11_token *token; - const char *label; - size_t length; - - return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD); - - p11_debug ("in"); - - p11_lock (); - - rv = lookup_slot_inlock (id, &token); - if (rv == CKR_OK) { - memset (info, 0, sizeof (*info)); - info->firmwareVersion.major = 0; - info->firmwareVersion.minor = 0; - info->hardwareVersion.major = PACKAGE_MAJOR; - info->hardwareVersion.minor = PACKAGE_MINOR; - info->flags = CKF_TOKEN_INITIALIZED; - strncpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32); - strncpy ((char*)info->model, TOKEN_MODEL, 16); - strncpy ((char*)info->serialNumber, TOKEN_SERIAL_NUMBER, 16); - info->ulMaxSessionCount = CK_EFFECTIVELY_INFINITE; - info->ulSessionCount = CK_UNAVAILABLE_INFORMATION; - info->ulMaxRwSessionCount = 0; - info->ulRwSessionCount = CK_UNAVAILABLE_INFORMATION; - info->ulMaxPinLen = 0; - info->ulMinPinLen = 0; - info->ulTotalPublicMemory = CK_UNAVAILABLE_INFORMATION; - info->ulFreePublicMemory = CK_UNAVAILABLE_INFORMATION; - info->ulTotalPrivateMemory = CK_UNAVAILABLE_INFORMATION; - info->ulFreePrivateMemory = CK_UNAVAILABLE_INFORMATION; - - /* If too long, copy the first 32 characters into buffer */ - label = p11_token_get_label (token); - length = strlen (label); - if (length > sizeof (info->label)) - length = sizeof (info->label); - memset (info->label, ' ', sizeof (info->label)); - memcpy (info->label, label, length); - - if (!p11_token_is_writable (token)) - info->flags |= CKF_WRITE_PROTECTED; - } - - p11_unlock (); - p11_debug ("out: 0x%lx", rv); - - return rv; -} - -static CK_RV -sys_C_GetMechanismList (CK_SLOT_ID id, - CK_MECHANISM_TYPE_PTR mechanism_list, - CK_ULONG_PTR count) -{ - CK_RV rv = CKR_OK; - - return_val_if_fail (count != NULL, CKR_ARGUMENTS_BAD); - - p11_debug ("in"); - - *count = 0; - - p11_debug ("out: 0x%lx", rv); - return rv; -} - -static CK_RV -sys_C_GetMechanismInfo (CK_SLOT_ID id, - CK_MECHANISM_TYPE type, - CK_MECHANISM_INFO_PTR info) -{ - return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD); - return_val_if_fail (check_slot (id), CKR_SLOT_ID_INVALID); - return_val_if_reached (CKR_MECHANISM_INVALID); -} - -static CK_RV -sys_C_InitToken (CK_SLOT_ID id, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len, - CK_UTF8CHAR_PTR label) -{ - p11_debug ("not supported"); - return CKR_FUNCTION_NOT_SUPPORTED; -} - -static CK_RV -sys_C_WaitForSlotEvent (CK_FLAGS flags, - CK_SLOT_ID_PTR slot, - CK_VOID_PTR reserved) -{ - p11_debug ("not supported"); - return CKR_FUNCTION_NOT_SUPPORTED; -} - -static CK_RV -sys_C_OpenSession (CK_SLOT_ID id, - CK_FLAGS flags, - CK_VOID_PTR user_data, - CK_NOTIFY callback, - CK_SESSION_HANDLE_PTR handle) -{ - p11_session *session; - p11_token *token; - CK_RV rv = CKR_OK; - - return_val_if_fail (check_slot (id), CKR_SLOT_ID_INVALID); - return_val_if_fail (handle != NULL, CKR_ARGUMENTS_BAD); - - p11_debug ("in"); - - p11_lock (); - - rv = lookup_slot_inlock (id, &token); - if (rv != CKR_OK) { - /* fail below */; - - } else if (!(flags & CKF_SERIAL_SESSION)) { - rv = CKR_SESSION_PARALLEL_NOT_SUPPORTED; - - } else if ((flags & CKF_RW_SESSION) && - !p11_token_is_writable (token)) { - rv = CKR_TOKEN_WRITE_PROTECTED; - - } else { - session = p11_session_new (token); - if (p11_dict_set (gl.sessions, &session->handle, session)) { - rv = CKR_OK; - if (flags & CKF_RW_SESSION) - session->read_write = true; - *handle = session->handle; - p11_debug ("session: %lu", *handle); - } else { - warn_if_reached (); - rv = CKR_GENERAL_ERROR; - } - } - - p11_unlock (); - - p11_debug ("out: 0x%lx", rv); - - return rv; -} - -static CK_RV -sys_C_CloseSession (CK_SESSION_HANDLE handle) -{ - CK_RV rv = CKR_OK; - - p11_debug ("in"); - - p11_lock (); - - if (!gl.sessions) { - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - - } else if (p11_dict_remove (gl.sessions, &handle)) { - rv = CKR_OK; - - } else { - rv = CKR_SESSION_HANDLE_INVALID; - } - - p11_unlock (); - - p11_debug ("out: 0x%lx", rv); - - return rv; -} - -static CK_RV -sys_C_CloseAllSessions (CK_SLOT_ID id) -{ - CK_SESSION_HANDLE *handle; - p11_session *session; - p11_token *token; - p11_dictiter iter; - CK_RV rv; - - p11_debug ("in"); - - p11_lock (); - - rv = lookup_slot_inlock (id, &token); - if (rv == CKR_OK) { - p11_dict_iterate (gl.sessions, &iter); - while (p11_dict_next (&iter, (void **)&handle, (void **)&session)) { - if (session->token == token) - p11_dict_remove (gl.sessions, handle); - } - } - - p11_unlock (); - - p11_debug ("out: 0x%lx", rv); - - return rv; -} - -static CK_RV -sys_C_GetFunctionStatus (CK_SESSION_HANDLE handle) -{ - return CKR_SESSION_PARALLEL_NOT_SUPPORTED; -} - -static CK_RV -sys_C_CancelFunction (CK_SESSION_HANDLE handle) -{ - return CKR_SESSION_PARALLEL_NOT_SUPPORTED; -} - -static CK_RV -sys_C_GetSessionInfo (CK_SESSION_HANDLE handle, - CK_SESSION_INFO_PTR info) -{ - p11_session *session; - CK_RV rv; - - return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD); - - p11_debug ("in"); - - p11_lock (); - - rv = lookup_session (handle, &session); - if (rv == CKR_OK) { - info->flags = CKF_SERIAL_SESSION; - info->state = CKS_RO_PUBLIC_SESSION; - info->slotID = p11_token_get_slot (session->token); - info->ulDeviceError = 0; - } - - - p11_unlock (); - - p11_debug ("out: 0x%lx", rv); - - return rv; -} - -static CK_RV -sys_C_InitPIN (CK_SESSION_HANDLE handle, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len) -{ - p11_debug ("not supported"); - return CKR_FUNCTION_NOT_SUPPORTED; -} - -static CK_RV -sys_C_SetPIN (CK_SESSION_HANDLE handle, - CK_UTF8CHAR_PTR old_pin, - CK_ULONG old_pin_len, - CK_UTF8CHAR_PTR new_pin, - CK_ULONG new_pin_len) -{ - p11_debug ("not supported"); - return CKR_FUNCTION_NOT_SUPPORTED; -} - -static CK_RV -sys_C_GetOperationState (CK_SESSION_HANDLE handle, - CK_BYTE_PTR operation_state, - CK_ULONG_PTR operation_state_len) -{ - p11_debug ("not supported"); - return CKR_FUNCTION_NOT_SUPPORTED; -} - -static CK_RV -sys_C_SetOperationState (CK_SESSION_HANDLE handle, - CK_BYTE_PTR operation_state, - CK_ULONG operation_state_len, - CK_OBJECT_HANDLE encryption_key, - CK_OBJECT_HANDLE authentication_key) -{ - p11_debug ("not supported"); - return CKR_FUNCTION_NOT_SUPPORTED; -} - -static CK_RV -sys_C_Login (CK_SESSION_HANDLE handle, - CK_USER_TYPE user_type, - CK_UTF8CHAR_PTR pin, - CK_ULONG pin_len) -{ - CK_RV rv; - - p11_debug ("in"); - - p11_lock (); - - rv = lookup_session (handle, NULL); - if (rv == CKR_OK) - rv = CKR_USER_TYPE_INVALID; - - p11_unlock (); - - p11_debug ("out: 0x%lx", rv); - - return rv; -} - -static CK_RV -sys_C_Logout (CK_SESSION_HANDLE handle) -{ - CK_RV rv; - - p11_debug ("in"); - - p11_lock (); - - rv = lookup_session (handle, NULL); - if (rv == CKR_OK) - rv = CKR_USER_NOT_LOGGED_IN; - - p11_unlock (); - - p11_debug ("out: 0x%lx", rv); - - return rv; -} - -static CK_RV -sys_C_CreateObject (CK_SESSION_HANDLE handle, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR new_object) -{ - p11_session *session; - p11_index *index; - CK_BBOOL val; - CK_RV rv; - - return_val_if_fail (new_object != NULL, CKR_ARGUMENTS_BAD); - - p11_debug ("in"); - - p11_lock (); - - rv = lookup_session (handle, &session); - if (rv == CKR_OK) { - if (p11_attrs_findn_bool (template, count, CKA_TOKEN, &val) && val) - index = p11_token_index (session->token); - else - index = session->index; - rv = check_index_writable (session, index); - } - - if (rv == CKR_OK) - rv = p11_index_add (index, template, count, new_object); - - p11_unlock (); - - p11_debug ("out: 0x%lx", rv); - - return rv; -} - -static CK_RV -sys_C_CopyObject (CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR new_object) -{ - CK_BBOOL vfalse = CK_FALSE; - CK_ATTRIBUTE token = { CKA_TOKEN, &vfalse, sizeof (vfalse) }; - p11_session *session; - CK_ATTRIBUTE *original; - CK_ATTRIBUTE *attrs; - p11_index *index; - CK_BBOOL val; - CK_RV rv; - - return_val_if_fail (new_object != NULL, CKR_ARGUMENTS_BAD); - - p11_debug ("in"); - - p11_lock (); - - rv = lookup_session (handle, &session); - if (rv == CKR_OK) { - original = lookup_object_inlock (session, object, &index); - if (original == NULL) - rv = CKR_OBJECT_HANDLE_INVALID; - } - - if (rv == CKR_OK) { - if (p11_attrs_findn_bool (template, count, CKA_TOKEN, &val)) - index = val ? p11_token_index (session->token) : session->index; - rv = check_index_writable (session, index); - } - - if (rv == CKR_OK) { - attrs = p11_attrs_dup (original); - attrs = p11_attrs_buildn (attrs, template, count); - attrs = p11_attrs_build (attrs, &token, NULL); - rv = p11_index_take (index, attrs, new_object); - } - - p11_unlock (); - - p11_debug ("out: 0x%lx", rv); - - return rv; -} - -static CK_RV -sys_C_DestroyObject (CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE object) -{ - p11_session *session; - CK_ATTRIBUTE *attrs; - p11_index *index; - CK_BBOOL val; - CK_RV rv; - - p11_debug ("in"); - - p11_lock (); - - rv = lookup_session (handle, &session); - if (rv == CKR_OK) { - attrs = lookup_object_inlock (session, object, &index); - if (attrs == NULL) - rv = CKR_OBJECT_HANDLE_INVALID; - else - rv = check_index_writable (session, index); - - if (rv == CKR_OK && p11_attrs_find_bool (attrs, CKA_MODIFIABLE, &val) && !val) { - /* TODO: This should be replaced with CKR_ACTION_PROHIBITED */ - rv = CKR_ATTRIBUTE_READ_ONLY; - } - - if (rv == CKR_OK) - rv = p11_index_remove (index, object); - } - - p11_unlock (); - - p11_debug ("out: 0x%lx", rv); - - return rv; -} - -static CK_RV -sys_C_GetObjectSize (CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE object, - CK_ULONG_PTR size) -{ - p11_session *session; - CK_RV rv; - - return_val_if_fail (size != NULL, CKR_ARGUMENTS_BAD); - - p11_debug ("in"); - - p11_lock (); - - rv = lookup_session (handle, &session); - if (rv == CKR_OK) { - if (lookup_object_inlock (session, object, NULL)) { - *size = CK_UNAVAILABLE_INFORMATION; - rv = CKR_OK; - } else { - rv = CKR_OBJECT_HANDLE_INVALID; - } - } - - p11_unlock (); - - p11_debug ("out: 0x%lx", rv); - - return rv; -} - -static CK_RV -sys_C_GetAttributeValue (CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - CK_ATTRIBUTE *attrs; - CK_ATTRIBUTE *result; - CK_ATTRIBUTE *attr; - p11_session *session; - char *string; - CK_ULONG i; - CK_RV rv; - - p11_debug ("in: %lu, %lu", handle, object); - - p11_lock (); - - rv = lookup_session (handle, &session); - if (rv == CKR_OK) { - attrs = lookup_object_inlock (session, object, NULL); - if (attrs == NULL) - rv = CKR_OBJECT_HANDLE_INVALID; - } - - if (rv == CKR_OK) { - for (i = 0; i < count; i++) { - result = template + i; - attr = p11_attrs_find (attrs, result->type); - if (!attr) { - result->ulValueLen = (CK_ULONG)-1; - rv = CKR_ATTRIBUTE_TYPE_INVALID; - continue; - } - - if (!result->pValue) { - result->ulValueLen = attr->ulValueLen; - continue; - } - - if (result->ulValueLen >= attr->ulValueLen) { - memcpy (result->pValue, attr->pValue, attr->ulValueLen); - result->ulValueLen = attr->ulValueLen; - continue; - } - - result->ulValueLen = (CK_ULONG)-1; - rv = CKR_BUFFER_TOO_SMALL; - } - } - - p11_unlock (); - - if (p11_debugging) { - string = p11_attrs_to_string (template, count); - p11_debug ("out: 0x%lx %s", rv, string); - free (string); - } - - return rv; -} - -static CK_RV -sys_C_SetAttributeValue (CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - p11_session *session; - CK_ATTRIBUTE *attrs; - p11_index *index; - CK_BBOOL val; - CK_RV rv; - - p11_debug ("in"); - - p11_lock (); - - rv = lookup_session (handle, &session); - if (rv == CKR_OK) { - attrs = lookup_object_inlock (session, object, &index); - if (attrs == NULL) { - rv = CKR_OBJECT_HANDLE_INVALID; - } else if (p11_attrs_find_bool (attrs, CKA_MODIFIABLE, &val) && !val) { - /* TODO: This should be replaced with CKR_ACTION_PROHIBITED */ - rv = CKR_ATTRIBUTE_READ_ONLY; - } - - if (rv == CKR_OK) - rv = check_index_writable (session, index); - - /* Reload the item if applicable */ - if (rv == CKR_OK && index == p11_token_index (session->token)) { - if (p11_token_reload (session->token, attrs)) { - attrs = p11_index_lookup (index, object); - if (p11_attrs_find_bool (attrs, CKA_MODIFIABLE, &val) && !val) { - /* TODO: This should be replaced with CKR_ACTION_PROHIBITED */ - rv = CKR_ATTRIBUTE_READ_ONLY; - } - } - } - - if (rv == CKR_OK) - rv = p11_index_set (index, object, template, count); - } - - p11_unlock (); - - p11_debug ("out: 0x%lx", rv); - - return rv; -} - -static CK_RV -sys_C_FindObjectsInit (CK_SESSION_HANDLE handle, - CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - p11_index *indices[2] = { NULL, NULL }; - CK_BBOOL want_token_objects; - CK_BBOOL want_session_objects; - CK_BBOOL token; - FindObjects *find; - p11_session *session; - char *string; - CK_RV rv; - int n = 0; - - if (p11_debugging) { - string = p11_attrs_to_string (template, count); - p11_debug ("in: %lu, %s", handle, string); - free (string); - } - - p11_lock (); - - /* Are we searching for token objects? */ - if (p11_attrs_findn_bool (template, count, CKA_TOKEN, &token)) { - want_token_objects = token; - want_session_objects = !token; - } else { - want_token_objects = CK_TRUE; - want_session_objects = CK_TRUE; - } - - rv = lookup_session (handle, &session); - - /* Refresh from disk if this session hasn't yet */ - if (rv == CKR_OK) { - if (want_session_objects) - indices[n++] = session->index; - if (want_token_objects) { - if (!session->loaded) - p11_token_load (session->token); - session->loaded = CK_TRUE; - indices[n++] = p11_token_index (session->token); - } - - find = calloc (1, sizeof (FindObjects)); - warn_if_fail (find != NULL); - - /* Make a snapshot of what we're matching */ - if (find) { - find->match = p11_attrs_buildn (NULL, template, count); - warn_if_fail (find->match != NULL); - - /* Build a session snapshot of all objects */ - find->iterator = 0; - find->snapshot = p11_index_snapshot (indices[0], indices[1], template, count); - warn_if_fail (find->snapshot != NULL); - } - - if (!find || !find->snapshot || !find->match) - rv = CKR_HOST_MEMORY; - else - p11_session_set_operation (session, find_objects_free, find); - } - - p11_unlock (); - - p11_debug ("out: 0x%lx", rv); - - return rv; -} - -static bool -match_for_broken_nss_serial_number_lookups (CK_ATTRIBUTE *attr, - CK_ATTRIBUTE *match) -{ - unsigned char der[32]; - unsigned char *val_val; - size_t der_len; - size_t val_len; - int len_len; - - if (!match->pValue || !match->ulValueLen || - match->ulValueLen == CKA_INVALID || - attr->ulValueLen == CKA_INVALID) - return false; - - der_len = sizeof (der); - der[0] = ASN1_TAG_INTEGER | ASN1_CLASS_UNIVERSAL; - len_len = der_len - 1; - asn1_length_der (match->ulValueLen, der + 1, &len_len); - assert (len_len < (der_len - 1)); - der_len = 1 + len_len; - - val_val = attr->pValue; - val_len = attr->ulValueLen; - - if (der_len + match->ulValueLen != val_len) - return false; - - if (memcmp (der, val_val, der_len) != 0 || - memcmp (match->pValue, val_val + der_len, match->ulValueLen) != 0) - return false; - - p11_debug ("worked around serial number lookup that's not DER encoded"); - return true; -} - -static bool -find_objects_match (CK_ATTRIBUTE *attrs, - CK_ATTRIBUTE *match) -{ - CK_OBJECT_CLASS klass; - CK_ATTRIBUTE *attr; - - for (; !p11_attrs_terminator (match); match++) { - attr = p11_attrs_find ((CK_ATTRIBUTE *)attrs, match->type); - if (!attr) - return false; - if (p11_attr_equal (attr, match)) - continue; - - /* - * WORKAROUND: NSS calls us asking for CKA_SERIAL_NUMBER items that are - * not DER encoded. It shouldn't be doing this. We never return any certificate - * serial numbers that are not DER encoded. - * - * So work around the issue here while the NSS guys fix this issue. - * This code should be removed in future versions. - */ - - if (attr->type == CKA_SERIAL_NUMBER && - p11_attrs_find_ulong (attrs, CKA_CLASS, &klass) && - klass == CKO_NSS_TRUST) { - if (match_for_broken_nss_serial_number_lookups (attr, match)) - continue; - } - - return false; - } - - return true; -} - -static CK_RV -sys_C_FindObjects (CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE_PTR objects, - CK_ULONG max_count, - CK_ULONG_PTR count) -{ - CK_OBJECT_HANDLE object; - CK_ATTRIBUTE *attrs; - FindObjects *find = NULL; - p11_session *session; - CK_ULONG matched; - p11_index *index; - CK_RV rv; - - return_val_if_fail (count != NULL, CKR_ARGUMENTS_BAD); - - p11_debug ("in: %lu, %lu", handle, max_count); - - p11_lock (); - - rv = lookup_session (handle, &session); - if (rv == CKR_OK) { - if (session->cleanup != find_objects_free) - rv = CKR_OPERATION_NOT_INITIALIZED; - find = session->operation; - } - - if (rv == CKR_OK) { - matched = 0; - while (matched < max_count) { - object = find->snapshot[find->iterator]; - if (!object) - break; - - find->iterator++; - - attrs = lookup_object_inlock (session, object, &index); - if (attrs == NULL) - continue; - - if (find_objects_match (attrs, find->match)) { - objects[matched] = object; - matched++; - } - } - - *count = matched; - } - - p11_unlock (); - - p11_debug ("out: 0x%lx, %lu", handle, *count); - - return rv; -} - -static CK_RV -sys_C_FindObjectsFinal (CK_SESSION_HANDLE handle) -{ - p11_session *session; - CK_RV rv; - - p11_debug ("in"); - - p11_lock (); - - rv = lookup_session (handle, &session); - if (rv == CKR_OK) { - if (session->cleanup != find_objects_free) - rv = CKR_OPERATION_NOT_INITIALIZED; - else - p11_session_set_operation (session, NULL, NULL); - } - - p11_unlock (); - - p11_debug ("out: 0x%lx", rv); - - return rv; -} - -static CK_RV -sys_C_EncryptInit (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return_val_if_reached (CKR_MECHANISM_INVALID); -} - -static CK_RV -sys_C_Encrypt (CK_SESSION_HANDLE handle, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR encrypted_data, - CK_ULONG_PTR encrypted_data_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_EncryptUpdate (CK_SESSION_HANDLE handle, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR encrypted_part, - CK_ULONG_PTR encrypted_part_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_EncryptFinal (CK_SESSION_HANDLE handle, - CK_BYTE_PTR last_part, - CK_ULONG_PTR last_part_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_DecryptInit (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return_val_if_reached (CKR_MECHANISM_INVALID); -} - -static CK_RV -sys_C_Decrypt (CK_SESSION_HANDLE handle, - CK_BYTE_PTR enc_data, - CK_ULONG enc_data_len, - CK_BYTE_PTR data, - CK_ULONG_PTR data_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_DecryptUpdate (CK_SESSION_HANDLE handle, - CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_DecryptFinal (CK_SESSION_HANDLE handle, - CK_BYTE_PTR last_part, - CK_ULONG_PTR last_part_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_DigestInit (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism) -{ - return_val_if_reached (CKR_MECHANISM_INVALID); -} - -static CK_RV -sys_C_Digest (CK_SESSION_HANDLE handle, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_DigestUpdate (CK_SESSION_HANDLE handle, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_DigestKey (CK_SESSION_HANDLE handle, - CK_OBJECT_HANDLE key) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_DigestFinal (CK_SESSION_HANDLE handle, - CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_SignInit (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return_val_if_reached (CKR_MECHANISM_INVALID); -} - -static CK_RV -sys_C_Sign (CK_SESSION_HANDLE handle, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_SignUpdate (CK_SESSION_HANDLE handle, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_SignFinal (CK_SESSION_HANDLE handle, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_SignRecoverInit (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return_val_if_reached (CKR_MECHANISM_INVALID); -} - -static CK_RV -sys_C_SignRecover (CK_SESSION_HANDLE handle, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_VerifyInit (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return_val_if_reached (CKR_MECHANISM_INVALID); -} - -static CK_RV -sys_C_Verify (CK_SESSION_HANDLE handle, - CK_BYTE_PTR data, - CK_ULONG data_len, - CK_BYTE_PTR signature, - CK_ULONG signature_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_VerifyUpdate (CK_SESSION_HANDLE handle, - CK_BYTE_PTR part, - CK_ULONG part_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_VerifyFinal (CK_SESSION_HANDLE handle, - CK_BYTE_PTR signature, - CK_ULONG signature_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_VerifyRecoverInit (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - return_val_if_reached (CKR_MECHANISM_INVALID); -} - -static CK_RV -sys_C_VerifyRecover (CK_SESSION_HANDLE handle, - CK_BYTE_PTR signature, - CK_ULONG signature_len, - CK_BYTE_PTR data, - CK_ULONG_PTR data_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_DigestEncryptUpdate (CK_SESSION_HANDLE handle, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR enc_part, - CK_ULONG_PTR enc_part_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_DecryptDigestUpdate (CK_SESSION_HANDLE handle, - CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_SignEncryptUpdate (CK_SESSION_HANDLE handle, - CK_BYTE_PTR part, - CK_ULONG part_len, - CK_BYTE_PTR enc_part, - CK_ULONG_PTR enc_part_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_DecryptVerifyUpdate (CK_SESSION_HANDLE handle, - CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, - CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED); -} - -static CK_RV -sys_C_GenerateKey (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - return_val_if_reached (CKR_MECHANISM_INVALID); -} - -static CK_RV -sys_C_GenerateKeyPair (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR pub_template, - CK_ULONG pub_count, - CK_ATTRIBUTE_PTR priv_template, - CK_ULONG priv_count, - CK_OBJECT_HANDLE_PTR pub_key, - CK_OBJECT_HANDLE_PTR priv_key) -{ - return_val_if_reached (CKR_MECHANISM_INVALID); -} - -static CK_RV -sys_C_WrapKey (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE wrapping_key, - CK_OBJECT_HANDLE key, - CK_BYTE_PTR wrapped_key, - CK_ULONG_PTR wrapped_key_len) -{ - return_val_if_reached (CKR_MECHANISM_INVALID); -} - -static CK_RV -sys_C_UnwrapKey (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE unwrapping_key, - CK_BYTE_PTR wrapped_key, - CK_ULONG wrapped_key_len, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - return_val_if_reached (CKR_MECHANISM_INVALID); -} - -static CK_RV -sys_C_DeriveKey (CK_SESSION_HANDLE handle, - CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE base_key, - CK_ATTRIBUTE_PTR template, - CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - return_val_if_reached (CKR_MECHANISM_INVALID); -} - -static CK_RV -sys_C_SeedRandom (CK_SESSION_HANDLE handle, - CK_BYTE_PTR seed, - CK_ULONG seed_len) -{ - return_val_if_reached (CKR_RANDOM_NO_RNG); -} - -static CK_RV -sys_C_GenerateRandom (CK_SESSION_HANDLE handle, - CK_BYTE_PTR random_data, - CK_ULONG random_len) -{ - return_val_if_reached (CKR_RANDOM_NO_RNG); -} - -/* -------------------------------------------------------------------- - * MODULE ENTRY POINT - */ - -static CK_FUNCTION_LIST sys_function_list = { - { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, /* version */ - sys_C_Initialize, - sys_C_Finalize, - sys_C_GetInfo, - sys_C_GetFunctionList, - sys_C_GetSlotList, - sys_C_GetSlotInfo, - sys_C_GetTokenInfo, - sys_C_GetMechanismList, - sys_C_GetMechanismInfo, - sys_C_InitToken, - sys_C_InitPIN, - sys_C_SetPIN, - sys_C_OpenSession, - sys_C_CloseSession, - sys_C_CloseAllSessions, - sys_C_GetSessionInfo, - sys_C_GetOperationState, - sys_C_SetOperationState, - sys_C_Login, - sys_C_Logout, - sys_C_CreateObject, - sys_C_CopyObject, - sys_C_DestroyObject, - sys_C_GetObjectSize, - sys_C_GetAttributeValue, - sys_C_SetAttributeValue, - sys_C_FindObjectsInit, - sys_C_FindObjects, - sys_C_FindObjectsFinal, - sys_C_EncryptInit, - sys_C_Encrypt, - sys_C_EncryptUpdate, - sys_C_EncryptFinal, - sys_C_DecryptInit, - sys_C_Decrypt, - sys_C_DecryptUpdate, - sys_C_DecryptFinal, - sys_C_DigestInit, - sys_C_Digest, - sys_C_DigestUpdate, - sys_C_DigestKey, - sys_C_DigestFinal, - sys_C_SignInit, - sys_C_Sign, - sys_C_SignUpdate, - sys_C_SignFinal, - sys_C_SignRecoverInit, - sys_C_SignRecover, - sys_C_VerifyInit, - sys_C_Verify, - sys_C_VerifyUpdate, - sys_C_VerifyFinal, - sys_C_VerifyRecoverInit, - sys_C_VerifyRecover, - sys_C_DigestEncryptUpdate, - sys_C_DecryptDigestUpdate, - sys_C_SignEncryptUpdate, - sys_C_DecryptVerifyUpdate, - sys_C_GenerateKey, - sys_C_GenerateKeyPair, - sys_C_WrapKey, - sys_C_UnwrapKey, - sys_C_DeriveKey, - sys_C_SeedRandom, - sys_C_GenerateRandom, - sys_C_GetFunctionStatus, - sys_C_CancelFunction, - sys_C_WaitForSlotEvent -}; - -#ifdef OS_WIN32 -__declspec(dllexport) -#endif - -CK_RV -C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) -{ - p11_library_init_once (); - return sys_C_GetFunctionList (list); -} - -CK_ULONG -p11_module_next_id (void) -{ - static CK_ULONG unique = 0x10; - return (unique)++; -} - -#ifdef OS_UNIX - -void p11_trust_module_init (void); - -void p11_trust_module_fini (void); - -#ifdef __GNUC__ -__attribute__((constructor)) -#endif -void -p11_trust_module_init (void) -{ - p11_library_init_once (); -} - -#ifdef __GNUC__ -__attribute__((destructor)) -#endif -void -p11_trust_module_fini (void) -{ - p11_library_uninit (); -} - -#endif /* OS_UNIX */ - -#ifdef OS_WIN32 - -BOOL WINAPI DllMain (HINSTANCE, DWORD, LPVOID); - -BOOL WINAPI -DllMain (HINSTANCE instance, - DWORD reason, - LPVOID reserved) -{ - switch (reason) { - case DLL_PROCESS_ATTACH: - p11_library_init (); - break; - case DLL_THREAD_DETACH: - p11_library_thread_cleanup (); - break; - case DLL_PROCESS_DETACH: - p11_library_uninit (); - break; - default: - break; - } - - return TRUE; -} - -#endif /* OS_WIN32 */ -- cgit v1.2.1