diff options
| author | Stef Walter <stefw@collabora.co.uk> | 2011-01-24 21:25:02 -0600 |
|---|---|---|
| committer | Stef Walter <stefw@collabora.co.uk> | 2011-01-24 21:25:02 -0600 |
| commit | b2b0acbc5789823a33de9eabec10e2b8656f3632 (patch) | |
| tree | b58da958f53ce32d560fa5290d30b0aa834cccd7 /module/p11-kit.c | |
| parent | 5a53e44a73d4fb62483e890fe348ea40d27ef573 (diff) | |
Initial implementation with new config system.
Diffstat (limited to 'module/p11-kit.c')
| -rw-r--r-- | module/p11-kit.c | 1974 |
1 files changed, 0 insertions, 1974 deletions
diff --git a/module/p11-kit.c b/module/p11-kit.c deleted file mode 100644 index ddce209..0000000 --- a/module/p11-kit.c +++ /dev/null @@ -1,1974 +0,0 @@ -/* - * Copyright (C) 2011 Collabora Ltd. - * Copyright (C) 2008 Stefan Walter - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@collabora.co.uk> - */ - -#include "config.h" - -#include "hash.h" -#include "pkcs11.h" -#include "p11-kit.h" - -#include <sys/types.h> -#include <assert.h> -#include <dirent.h> -#include <dlfcn.h> -#include <errno.h> -#include <pthread.h> -#include <stdarg.h> -#include <stddef.h> -#include <stdlib.h> -#include <stdio.h> -#include <string.h> - -/* Start wrap slots slightly higher for testing */ -#define MAPPING_OFFSET 0x10 -#define FIRST_HANDLE 0x10 - -typedef struct _Mapping { - CK_SLOT_ID wrap_slot; - CK_SLOT_ID real_slot; - CK_FUNCTION_LIST_PTR funcs; -} Mapping; - -typedef struct _Session { - CK_SESSION_HANDLE wrap_session; - CK_SESSION_HANDLE real_session; - CK_SLOT_ID wrap_slot; -} Session; - -typedef struct _Module { - char *name; - char *path; - void *dl_module; - CK_FUNCTION_LIST_PTR funcs; - int ref_count; - int initialize_count; - struct _Module *next; -} Module; - -/* Forward declaration */ -static CK_FUNCTION_LIST proxy_function_list; - -/* - * This is the mutex that protects the global data of this library - * and the pkcs11 proxy module. Note that we *never* call into our - * underlying pkcs11 modules while holding this mutex. Therefore it - * doesn't have to be recursive and we can keep things simple. - */ -static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; - -/* - * Shared data between threads, protected by the mutex, a structure so - * we can audit thread safety easier. - */ -static struct _Shared { - Mapping *mappings; - unsigned int n_mappings; - hsh_t *sessions; - Module *modules; - CK_ULONG last_handle; - int registered_loaded; -} gl = { NULL, 0, NULL, NULL, FIRST_HANDLE, 0 }; - -#define MANUFACTURER_ID "PKCS#11 Kit " -#define LIBRARY_DESCRIPTION "PKCS#11 Kit Proxy Module " -#define LIBRARY_VERSION_MAJOR 1 -#define LIBRARY_VERSION_MINOR 1 - -/* ----------------------------------------------------------------------------- - * UTILITIES - */ - -static void -warning (const char* msg, ...) -{ - char buffer[512]; - va_list va; - - va_start (va, msg); - - vsnprintf(buffer, sizeof (buffer) - 1, msg, va); - buffer[sizeof (buffer) - 1] = 0; - fprintf (stderr, "p11-kit: %s\n", buffer); - - va_end (va); -} - -static char* -strconcat (const char *first, ...) -{ - size_t length = 0; - const char *arg; - char *result, *at; - va_list va; - - va_start (va, first); - - for (arg = first; arg; arg = va_arg (va, const char*)) - length += strlen (arg); - - va_end (va); - - at = result = malloc (length); - if (!result) - return NULL; - - va_start (va, first); - - for (arg = first; arg; arg = va_arg (va, const char*)) { - length = strlen (arg); - memcpy (at, arg, length); - at += length; - } - - va_end (va); - - *at = 0; - return result; -} - -static int -ends_with (const char *haystack, const char *needle) -{ - size_t haystack_len, needle_len; - - assert (haystack); - assert (needle); - - haystack_len = strlen (haystack); - needle_len = strlen (needle); - - if (needle_len > haystack_len) - return 0; - return memcmp (haystack + (haystack_len - needle_len), - needle, needle_len) == 0; -} - -static void* -xrealloc (void * memory, size_t length) -{ - void *allocated = realloc (memory, length); - if (!allocated) - free (memory); - return allocated; -} - -/* ----------------------------------------------------------------------------- - * P11-KIT FUNCTIONALITY - */ - -static CK_RV -load_module_unlocked (const char *name, Module *module) -{ - CK_C_GetFunctionList gfl; - CK_RV rv; - - /* - * TODO: This function will change significantly once we're loading - * from a config, see below. - */ - assert (name); - assert (module); - - module->name = strdup (name); - if (!module->name) - return CKR_HOST_MEMORY; - - module->path = strconcat (PKCS11_MODULE_PATH, "/", name, NULL); - if (!module->path) - return CKR_HOST_MEMORY; - - module->dl_module = dlopen (module->path, RTLD_LOCAL | RTLD_NOW); - if (module->dl_module == NULL) { - warning ("couldn't load module: %s: %s", - module->path, dlerror ()); - return CKR_GENERAL_ERROR; - } - - gfl = dlsym (module->dl_module, "C_GetFunctionList"); - if (!gfl) { - warning ("couldn't find C_GetFunctionList entry point in module: %s: %s", - module->path, dlerror ()); - return CKR_GENERAL_ERROR; - } - - rv = gfl (&module->funcs); - if (rv != CKR_OK) { - warning ("call to C_GetFunctiontList failed in module: %s: %lu", - module->path, (unsigned long)rv); - return rv; - } - - return CKR_OK; -} - -static void -unload_module_unlocked (Module *module) -{ - assert (module); - - /* Should have been finalized before this */ - assert (!module->initialize_count); - - if (module->dl_module) { - dlclose (module->dl_module); - module->dl_module = NULL; - } - - free (module->path); - module->path = NULL; - - free (module->name); - module->name = NULL; - - module->funcs = NULL; -} - -static CK_RV -load_registered_modules_unlocked (void) -{ - struct dirent *dp; - Module *module; - DIR *dir; - CK_RV rv; - - /* First we load all the modules */ - dir = opendir (PKCS11_MODULE_PATH); - - /* We're within a global mutex, so readdir is safe */ - while ((dp = readdir(dir)) != NULL) { - if ((dp->d_type == DT_LNK || dp->d_type == DT_REG) && - !ends_with (dp->d_name, ".la")) { - - module = calloc (sizeof (Module), 1); - if (!module) - rv = CKR_HOST_MEMORY; - else - rv = load_module_unlocked (dp->d_name, module); - - /* Cleanup for failures happens at caller */ - module->next = gl.modules; - gl.modules = module; - - if (rv != CKR_OK) - break; - } - } - - closedir (dir); - - return rv; -} - -static CK_RV -create_mutex (CK_VOID_PTR_PTR mut) -{ - pthread_mutex_t *pmutex; - int err; - - pmutex = malloc (sizeof (pthread_mutex_t)); - if (!pmutex) - return CKR_HOST_MEMORY; - err = pthread_mutex_init (pmutex, NULL); - if (err == ENOMEM) - return CKR_HOST_MEMORY; - else if (err != 0) - return CKR_GENERAL_ERROR; - *mut = pmutex; - return CKR_OK; -} - -static CK_RV -destroy_mutex (CK_VOID_PTR mut) -{ - pthread_mutex_t *pmutex = mut; - int err; - - err = pthread_mutex_destroy (pmutex); - if (err == EINVAL) - return CKR_MUTEX_BAD; - else if (err != 0) - return CKR_GENERAL_ERROR; - free (pmutex); - return CKR_OK; -} - -static CK_RV -lock_mutex (CK_VOID_PTR mut) -{ - pthread_mutex_t *pmutex = mut; - int err; - - err = pthread_mutex_lock (pmutex); - if (err == EINVAL) - return CKR_MUTEX_BAD; - else if (err != 0) - return CKR_GENERAL_ERROR; - return CKR_OK; -} - -static CK_RV -unlock_mutex (CK_VOID_PTR mut) -{ - pthread_mutex_t *pmutex = mut; - int err; - - err = pthread_mutex_unlock (pmutex); - if (err == EINVAL) - return CKR_MUTEX_BAD; - else if (err == EPERM) - return CKR_MUTEX_NOT_LOCKED; - else if (err != 0) - return CKR_GENERAL_ERROR; - return CKR_OK; -} - -static CK_RV -initialize_module_unlocked_reentrant (Module *module, CK_C_INITIALIZE_ARGS_PTR args) -{ - CK_RV rv = CKR_OK; - - assert (module); - - /* - * Initialize first, so module doesn't get freed out from - * underneath us when the mutex is unlocked below. - */ - ++module->ref_count; - - if (!module->initialize_count) { - - pthread_mutex_unlock (&mutex); - - assert (module->funcs); - rv = module->funcs->C_Initialize (args); - - pthread_mutex_lock (&mutex); - - /* - * Because we have the mutex unlocked above, two initializes could - * race. Therefore we need to take CKR_CRYPTOKI_ALREADY_INITIALIZED - * into account. - * - * We also need to take into account where in a race both calls return - * CKR_OK (which is not according to the spec but may happen, I mean we - * do it in this module, so it's not unimaginable). - */ - - if (rv == CKR_OK) - ++module->initialize_count; - else if (rv == CKR_CRYPTOKI_ALREADY_INITIALIZED) - rv = CKR_OK; - else - --module->ref_count; - } - - return rv; -} - -static CK_RV -finalize_module_unlocked_reentrant (Module *module, CK_VOID_PTR args) -{ - Module *mod, *next; - - assert (module); - - /* - * We leave module info around until all are finalized - * so we can encounter these zombie Module structures. - */ - if (module->ref_count == 0) - return CKR_ARGUMENTS_BAD; - - if (--module->ref_count > 0) - return CKR_OK; - - /* - * Becuase of the mutex unlock below, we temporarily increase - * the ref count. This prevents module from being freed out - * from ounder us. - */ - ++module->ref_count; - - while (module->initialize_count > 0) { - - pthread_mutex_unlock (&mutex); - - assert (module->funcs); - module->funcs->C_Finalize (args); - - pthread_mutex_lock (&mutex); - - if (module->initialize_count > 0) - --module->initialize_count; - } - - /* Match the increment above */ - --module->ref_count; - - /* Check if any modules have a ref count */ - for (mod = gl.modules; mod; mod = mod->next) { - if (mod->ref_count) - break; - } - - /* No modules had a refcount? unload and free all info */ - if (mod == NULL) { - for (mod = gl.modules; mod; mod = next) { - next = mod->next; - unload_module_unlocked (mod); - free (mod); - } - gl.modules = NULL; - gl.registered_loaded = 0; - } - - return CKR_OK; -} - -static Module* -find_module_for_funcs_unlocked (CK_FUNCTION_LIST_PTR funcs) -{ - Module *module; - - assert (funcs); - - for (module = gl.modules; module; module = module->next) - if (module->ref_count && module->funcs == funcs) - return module; - return NULL; -} - -static Module* -find_module_for_name_unlocked (const char *name) -{ - Module *module; - - assert (name); - - for (module = gl.modules; module; module = module->next) - if (module->ref_count && module->name && strcmp (name, module->name)) - return module; - return NULL; -} - -static CK_RV -initialize_registered_unlocked_reentrant (CK_C_INITIALIZE_ARGS_PTR args) -{ - Module *module; - CK_RV rv; - - rv = load_registered_modules_unlocked (); - if (rv == CKR_OK) { - for (module = gl.modules; module; module = module->next) { - - /* Skip all modules that aren't registered */ - if (!module->name) - continue; - - rv = initialize_module_unlocked_reentrant (module, args); - - if (rv != CKR_OK) - break; - } - } - - return rv; -} - -CK_RV -p11_kit_initialize_registered (void) -{ - CK_C_INITIALIZE_ARGS args; - CK_RV rv; - - /* WARNING: This function must be reentrant */ - - memset (&args, 0, sizeof (args)); - args.CreateMutex = create_mutex; - args.DestroyMutex = destroy_mutex; - args.LockMutex = lock_mutex; - args.UnlockMutex = unlock_mutex; - args.flags = CKF_OS_LOCKING_OK; - - pthread_mutex_lock (&mutex); - - /* WARNING: Reentrancy can occur here */ - rv = initialize_registered_unlocked_reentrant (&args); - - pthread_mutex_unlock (&mutex); - - /* Cleanup any partial initialization */ - if (rv != CKR_OK) - p11_kit_finalize_registered (); - - return rv; -} - -static CK_RV -finalize_registered_unlocked_reentrant (CK_VOID_PTR args) -{ - Module *module; - - /* WARNING: This function must be reentrant */ - - for (module = gl.modules; module; module = module->next) { - - /* Skip all modules that aren't registered */ - if (!module->name) - continue; - - /* WARNING: Reentrant calls can occur here */ - finalize_module_unlocked_reentrant (module, args); - } - - return CKR_OK; -} -CK_RV -p11_kit_finalize_registered (void) -{ - CK_RV rv; - - /* WARNING: This function must be reentrant */ - - pthread_mutex_lock (&mutex); - - /* WARNING: Reentrant calls can occur here */ - rv = finalize_registered_unlocked_reentrant (NULL); - - pthread_mutex_unlock (&mutex); - - return rv; -} - -char** -p11_kit_registered_names (void) -{ - Module *module; - char **result; - int count, i; - - pthread_mutex_lock (&mutex); - - for (module = gl.modules, count = 0; - module; module = module->next) - ++count; - result = calloc (count + 1, sizeof (char*)); - if (result) { - for (module = gl.modules, i = 0; - module; module = module->next, ++i) - result[i] = strdup (module->name); - } - - pthread_mutex_unlock (&mutex); - - return result; -} - -CK_FUNCTION_LIST_PTR -p11_kit_registered_module (const char *module_name) -{ - CK_FUNCTION_LIST_PTR result; - Module *module; - - if (!module_name) - return NULL; - - pthread_mutex_lock (&mutex); - - module = find_module_for_name_unlocked (module_name); - if (module) { - assert (module); - result = module->funcs; - } - - pthread_mutex_unlock (&mutex); - - return result; -} - -void -p11_kit_free_names (char **module_names) -{ - char **name; - for (name = module_names; *name; ++name) - free (name); -} - -char* -p11_kit_registered_option (const char *module_name, const char *field) -{ - /* TODO: Need to implement */ - assert (0); - return NULL; -} - -CK_RV -p11_kit_initialize_module (CK_FUNCTION_LIST_PTR funcs, CK_C_INITIALIZE_ARGS_PTR init_args) -{ - Module *module; - Module *allocated = NULL; - CK_RV rv = CKR_OK; - - /* WARNING: This function must be reentrant for the same arguments */ - - pthread_mutex_lock (&mutex); - - module = find_module_for_funcs_unlocked (funcs); - if (module == NULL) { - allocated = module = calloc (1, sizeof (Module)); - module->name = NULL; - module->dl_module = NULL; - module->path = NULL; - module->funcs = funcs; - } - - /* WARNING: Reentrancy can occur here */ - rv = initialize_module_unlocked_reentrant (module, init_args); - - /* If this was newly allocated, add it to the list */ - if (rv == CKR_OK && allocated) { - allocated->next = gl.modules; - gl.modules = allocated; - allocated = NULL; - } - - free (allocated); - - pthread_mutex_unlock (&mutex); - - return rv; -} - -CK_RV -p11_kit_finalize_module (CK_FUNCTION_LIST_PTR funcs, CK_VOID_PTR reserved) -{ - Module *module; - CK_RV rv = CKR_OK; - - /* WARNING: This function must be reentrant for the same arguments */ - - pthread_mutex_lock (&mutex); - - module = find_module_for_funcs_unlocked (funcs); - if (module == NULL) { - rv = CKR_ARGUMENTS_BAD; - } else { - /* WARNING: Rentrancy can occur here */ - rv = finalize_module_unlocked_reentrant (module, reserved); - } - - pthread_mutex_unlock (&mutex); - - return rv; -} - -/* ----------------------------------------------------------------------------- - * PKCS#11 PROXY MODULE - */ - -static CK_RV -map_slot_unlocked (CK_SLOT_ID slot, Mapping *mapping) -{ - assert (mapping); - - if (slot < MAPPING_OFFSET) - return CKR_SLOT_ID_INVALID; - slot -= MAPPING_OFFSET; - - if (slot > gl.n_mappings) { - return CKR_SLOT_ID_INVALID; - } else { - assert (gl.mappings); - memcpy (mapping, &gl.mappings[slot], sizeof (Mapping)); - return CKR_OK; - } -} - -static CK_RV -map_slot_to_real (CK_SLOT_ID_PTR slot, Mapping *mapping) -{ - CK_RV rv; - - assert (mapping); - - pthread_mutex_lock (&mutex); - - if (!gl.mappings) - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - else - rv = map_slot_unlocked (*slot, mapping); - if (rv == CKR_OK) - *slot = mapping->real_slot; - - pthread_mutex_unlock (&mutex); - - return rv; -} - -static CK_RV -map_session_to_real (CK_SESSION_HANDLE_PTR handle, Mapping *mapping, Session *session) -{ - CK_RV rv = CKR_OK; - Session *sess; - - assert (handle); - assert (mapping); - - pthread_mutex_lock (&mutex); - - if (!gl.sessions) { - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - } else { - assert (gl.sessions); - sess = hsh_get (gl.sessions, handle, sizeof (handle)); - if (sess != NULL) { - *handle = sess->real_session; - rv = map_slot_unlocked (sess->wrap_slot, mapping); - if (session != NULL) - memcpy (session, sess, sizeof (Session)); - } else { - rv = CKR_SESSION_HANDLE_INVALID; - } - } - - pthread_mutex_unlock (&mutex); - - return rv; -} - -static void -finalize_mappings_unlocked (void) -{ - hsh_index_t *iter; - - /* No more mappings */ - free (gl.mappings); - gl.mappings = NULL; - gl.n_mappings = 0; - - /* no more sessions */ - if (gl.sessions) { - for (iter = hsh_first (gl.sessions); iter; iter = hsh_next (iter)) - free (hsh_this (iter, NULL, NULL)); - hsh_free (gl.sessions); - gl.sessions = NULL; - } -} - -static CK_RV -proxy_C_Finalize (CK_VOID_PTR reserved) -{ - CK_RV rv; - - /* WARNING: This function must be reentrant */ - - if (reserved) - return CKR_ARGUMENTS_BAD; - - pthread_mutex_lock (&mutex); - - /* WARNING: Reentrancy can occur here */ - rv = finalize_registered_unlocked_reentrant (reserved); - - /* - * If modules are all gone, then this was the last - * finalize, so cleanup our mappings - */ - if (gl.modules == NULL) - finalize_mappings_unlocked (); - - pthread_mutex_unlock (&mutex); - - return rv; -} - -static CK_RV -initialize_mappings_unlocked_reentrant (void) -{ - CK_FUNCTION_LIST_PTR funcs; - Mapping *mappings = NULL; - int n_mappings = 0; - CK_SLOT_ID_PTR slots; - CK_ULONG i, count; - Module *module; - CK_RV rv; - - assert (!gl.mappings); - - for (module = gl.modules; module; module = module->next) { - - /* Only do registered modules */ - if (module->ref_count && !module->name) - continue; - - funcs = module->funcs; - assert (funcs); - slots = NULL; - - pthread_mutex_unlock (&mutex); - - /* Ask module for its slots */ - rv = (funcs->C_GetSlotList) (FALSE, NULL, &count); - if (rv == CKR_OK && count) { - slots = calloc (sizeof (CK_SLOT_ID), count); - if (!slots) - rv = CKR_HOST_MEMORY; - else - rv = (funcs->C_GetSlotList) (FALSE, slots, &count); - } - - pthread_mutex_lock (&mutex); - - if (rv != CKR_OK) { - free (slots); - break; - } - - mappings = xrealloc (mappings, sizeof (Mapping) * (n_mappings + count)); - if (!mappings) { - free (slots); - rv = CKR_HOST_MEMORY; - break; - } - - /* And now add a mapping for each of those slots */ - for (i = 0; i < count; ++i) { - mappings[n_mappings].funcs = funcs; - mappings[n_mappings].wrap_slot = n_mappings + MAPPING_OFFSET; - mappings[n_mappings].real_slot = slots[i]; - ++n_mappings; - } - - free (slots); - } - - /* Another thread raced us here due to above reentrancy */ - if (gl.mappings) { - free (mappings); - return CKR_OK; - } - - assert (!gl.sessions); - gl.sessions = hsh_create (); - - /* Any cleanup necessary for failure will happen at caller */ - return rv; -} - -static CK_RV -proxy_C_Initialize (CK_VOID_PTR init_args) -{ - CK_RV rv; - - /* WARNING: This function must be reentrant */ - - pthread_mutex_lock (&mutex); - - /* WARNING: Reentrancy can occur here */ - rv = initialize_registered_unlocked_reentrant (init_args); - - /* WARNING: Reentrancy can occur here */ - if (rv == CKR_OK && !gl.mappings) - rv = initialize_mappings_unlocked_reentrant (); - - pthread_mutex_unlock (&mutex); - - if (rv != CKR_OK) - proxy_C_Finalize (NULL); - - return rv; -} - -static CK_RV -proxy_C_GetInfo (CK_INFO_PTR info) -{ - CK_RV rv = CKR_OK; - - if (info == NULL) - return CKR_ARGUMENTS_BAD; - - pthread_mutex_lock (&mutex); - - if (!gl.mappings) - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - - pthread_mutex_unlock (&mutex); - - if (rv != CKR_OK) - return rv; - - info->cryptokiVersion.major = CRYPTOKI_VERSION_MAJOR; - info->cryptokiVersion.minor = CRYPTOKI_VERSION_MINOR; - info->libraryVersion.major = LIBRARY_VERSION_MAJOR; - info->libraryVersion.minor = LIBRARY_VERSION_MINOR; - info->flags = 0; - strncpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32); - strncpy ((char*)info->libraryDescription, LIBRARY_DESCRIPTION, 32); - return CKR_OK; -} - -static CK_RV -proxy_C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) -{ - /* Can be called before C_Initialize */ - - if (!list) - return CKR_ARGUMENTS_BAD; - *list = &proxy_function_list; - return CKR_OK; -} - -static CK_RV -proxy_C_GetSlotList (CK_BBOOL token_present, CK_SLOT_ID_PTR slot_list, - CK_ULONG_PTR count) -{ - CK_SLOT_INFO info; - Mapping *mapping; - CK_ULONG index; - CK_RV rv = CKR_OK; - int i; - - if (!count) - return CKR_ARGUMENTS_BAD; - - pthread_mutex_lock (&mutex); - - if (!gl.mappings) { - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - } else { - index = 0; - - /* Go through and build up a map */ - for (i = 0; i < gl.n_mappings; ++i) { - mapping = &gl.mappings[i]; - - /* Skip ones without a token if requested */ - if (token_present) { - rv = (mapping->funcs->C_GetSlotInfo) (mapping->real_slot, &info); - if (rv != CKR_OK) - break; - if (!(info.flags & CKF_TOKEN_PRESENT)) - continue; - } - - /* Fill in the slot if we can */ - if (slot_list && *count > index) - slot_list[index] = mapping->wrap_slot; - - ++index; - } - - if (slot_list && *count < index) - rv = CKR_BUFFER_TOO_SMALL; - - *count = index; - } - - pthread_mutex_unlock (&mutex); - - return rv; -} - -static CK_RV -proxy_C_GetSlotInfo (CK_SLOT_ID id, CK_SLOT_INFO_PTR info) -{ - Mapping map; - CK_RV rv; - - rv = map_slot_to_real (&id, &map); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GetSlotInfo) (id, info); -} - -static CK_RV -proxy_C_GetTokenInfo (CK_SLOT_ID id, CK_TOKEN_INFO_PTR info) -{ - Mapping map; - CK_RV rv; - - rv = map_slot_to_real (&id, &map); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GetTokenInfo) (id, info); -} - -static CK_RV -proxy_C_GetMechanismList (CK_SLOT_ID id, CK_MECHANISM_TYPE_PTR mechanism_list, - CK_ULONG_PTR count) -{ - Mapping map; - CK_RV rv; - - rv = map_slot_to_real (&id, &map); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GetMechanismList) (id, mechanism_list, count); -} - -static CK_RV -proxy_C_GetMechanismInfo (CK_SLOT_ID id, CK_MECHANISM_TYPE type, - CK_MECHANISM_INFO_PTR info) -{ - Mapping map; - CK_RV rv; - - rv = map_slot_to_real (&id, &map); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GetMechanismInfo) (id, type, info); -} - -static CK_RV -proxy_C_InitToken (CK_SLOT_ID id, CK_UTF8CHAR_PTR pin, CK_ULONG pin_len, CK_UTF8CHAR_PTR label) -{ - Mapping map; - CK_RV rv; - - rv = map_slot_to_real (&id, &map); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_InitToken) (id, pin, pin_len, label); -} - -static CK_RV -proxy_C_WaitForSlotEvent (CK_FLAGS flags, CK_SLOT_ID_PTR slot, CK_VOID_PTR reserved) -{ - return CKR_FUNCTION_NOT_SUPPORTED; -} - -static CK_RV -proxy_C_OpenSession (CK_SLOT_ID id, CK_FLAGS flags, CK_VOID_PTR user_data, - CK_NOTIFY callback, CK_SESSION_HANDLE_PTR handle) -{ - Session *sess; - Mapping map; - CK_RV rv; - - if (handle == NULL) - return CKR_ARGUMENTS_BAD; - - rv = map_slot_to_real (&id, &map); - if (rv != CKR_OK) - return rv; - - rv = (map.funcs->C_OpenSession) (id, flags, user_data, callback, handle); - - if (rv == CKR_OK) { - pthread_mutex_lock (&mutex); - - if (!gl.sessions) { - /* - * The underlying module should have returned an error, so this - * code should never be reached with properly behaving modules. - * That's why we don't cleanup and close the newly opened session here - * or anything like that. - */ - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - - } else { - sess = calloc (1, sizeof (Session)); - sess->wrap_slot = map.wrap_slot; - sess->real_session = *handle; - sess->wrap_session = ++gl.last_handle; /* TODO: Handle wrapping, and then collisions */ - hsh_set (gl.sessions, &sess->wrap_session, sizeof (sess->wrap_session), sess); - *handle = sess->wrap_session; - } - - pthread_mutex_unlock (&mutex); - } - - return rv; -} - -static CK_RV -proxy_C_CloseSession (CK_SESSION_HANDLE handle) -{ - CK_SESSION_HANDLE key; - Mapping map; - CK_RV rv; - - key = handle; - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - rv = (map.funcs->C_CloseSession) (handle); - - if (rv == CKR_OK) { - pthread_mutex_lock (&mutex); - - if (gl.sessions) - hsh_rem (gl.sessions, &key, sizeof (key)); - - pthread_mutex_unlock (&mutex); - } - - return rv; -} - -static CK_RV -proxy_C_CloseAllSessions (CK_SLOT_ID id) -{ - CK_SESSION_HANDLE_PTR to_close; - CK_RV rv = CKR_OK; - Session *sess; - CK_ULONG i, count; - hsh_index_t *iter; - - pthread_mutex_lock (&mutex); - - if (!gl.sessions) { - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - } else { - to_close = calloc (sizeof (CK_SESSION_HANDLE), hsh_count (gl.sessions)); - if (!to_close) { - rv = CKR_HOST_MEMORY; - } else { - for (iter = hsh_first (gl.sessions), count = 0; - iter; iter = hsh_next (iter)) { - sess = hsh_this (iter, NULL, NULL); - if (sess->wrap_slot == id && to_close) - to_close[count++] = sess->wrap_session; - } - } - } - - pthread_mutex_unlock (&mutex); - - if (rv != CKR_OK) - return rv; - - for (i = 0; i < count; ++i) - proxy_C_CloseSession (to_close[i]); - - free (to_close); - return CKR_OK; -} - -static CK_RV -proxy_C_GetFunctionStatus (CK_SESSION_HANDLE handle) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GetFunctionStatus) (handle); -} - -static CK_RV -proxy_C_CancelFunction (CK_SESSION_HANDLE handle) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_CancelFunction) (handle); -} - -static CK_RV -proxy_C_GetSessionInfo (CK_SESSION_HANDLE handle, CK_SESSION_INFO_PTR info) -{ - Mapping map; - CK_RV rv; - - if (info == NULL) - return CKR_ARGUMENTS_BAD; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - - rv = (map.funcs->C_GetSessionInfo) (handle, info); - if (rv == CKR_OK) - info->slotID = map.wrap_slot; - - return rv; -} - -static CK_RV -proxy_C_InitPIN (CK_SESSION_HANDLE handle, CK_UTF8CHAR_PTR pin, CK_ULONG pin_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - - return (map.funcs->C_InitPIN) (handle, pin, pin_len); -} - -static CK_RV -proxy_C_SetPIN (CK_SESSION_HANDLE handle, CK_UTF8CHAR_PTR old_pin, CK_ULONG old_pin_len, - CK_UTF8CHAR_PTR new_pin, CK_ULONG new_pin_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - - return (map.funcs->C_SetPIN) (handle, old_pin, old_pin_len, new_pin, new_pin_len); -} - -static CK_RV -proxy_C_GetOperationState (CK_SESSION_HANDLE handle, CK_BYTE_PTR operation_state, CK_ULONG_PTR operation_state_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GetOperationState) (handle, operation_state, operation_state_len); -} - -static CK_RV -proxy_C_SetOperationState (CK_SESSION_HANDLE handle, CK_BYTE_PTR operation_state, - CK_ULONG operation_state_len, CK_OBJECT_HANDLE encryption_key, - CK_OBJECT_HANDLE authentication_key) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_SetOperationState) (handle, operation_state, operation_state_len, encryption_key, authentication_key); -} - -static CK_RV -proxy_C_Login (CK_SESSION_HANDLE handle, CK_USER_TYPE user_type, - CK_UTF8CHAR_PTR pin, CK_ULONG pin_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - - return (map.funcs->C_Login) (handle, user_type, pin, pin_len); -} - -static CK_RV -proxy_C_Logout (CK_SESSION_HANDLE handle) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_Logout) (handle); -} - -static CK_RV -proxy_C_CreateObject (CK_SESSION_HANDLE handle, CK_ATTRIBUTE_PTR template, - CK_ULONG count, CK_OBJECT_HANDLE_PTR new_object) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - - return (map.funcs->C_CreateObject) (handle, template, count, new_object); -} - -static CK_RV -proxy_C_CopyObject (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, CK_ULONG count, - CK_OBJECT_HANDLE_PTR new_object) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_CopyObject) (handle, object, template, count, new_object); -} - -static CK_RV -proxy_C_DestroyObject (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DestroyObject) (handle, object); -} - -static CK_RV -proxy_C_GetObjectSize (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object, - CK_ULONG_PTR size) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GetObjectSize) (handle, object, size); -} - -static CK_RV -proxy_C_GetAttributeValue (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, CK_ULONG count) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GetAttributeValue) (handle, object, template, count); -} - -static CK_RV -proxy_C_SetAttributeValue (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, CK_ULONG count) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_SetAttributeValue) (handle, object, template, count); -} - -static CK_RV -proxy_C_FindObjectsInit (CK_SESSION_HANDLE handle, CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_FindObjectsInit) (handle, template, count); -} - -static CK_RV -proxy_C_FindObjects (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE_PTR objects, - CK_ULONG max_count, CK_ULONG_PTR count) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_FindObjects) (handle, objects, max_count, count); -} - -static CK_RV -proxy_C_FindObjectsFinal (CK_SESSION_HANDLE handle) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_FindObjectsFinal) (handle); -} - -static CK_RV -proxy_C_EncryptInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_EncryptInit) (handle, mechanism, key); -} - -static CK_RV -proxy_C_Encrypt (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len, - CK_BYTE_PTR encrypted_data, CK_ULONG_PTR encrypted_data_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_Encrypt) (handle, data, data_len, encrypted_data, encrypted_data_len); -} - -static CK_RV -proxy_C_EncryptUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part, - CK_ULONG part_len, CK_BYTE_PTR encrypted_part, - CK_ULONG_PTR encrypted_part_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_EncryptUpdate) (handle, part, part_len, encrypted_part, encrypted_part_len); -} - -static CK_RV -proxy_C_EncryptFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR last_part, - CK_ULONG_PTR last_part_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_EncryptFinal) (handle, last_part, last_part_len); -} - -static CK_RV -proxy_C_DecryptInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DecryptInit) (handle, mechanism, key); -} - -static CK_RV -proxy_C_Decrypt (CK_SESSION_HANDLE handle, CK_BYTE_PTR enc_data, - CK_ULONG enc_data_len, CK_BYTE_PTR data, CK_ULONG_PTR data_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_Decrypt) (handle, enc_data, enc_data_len, data, data_len); -} - -static CK_RV -proxy_C_DecryptUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, CK_BYTE_PTR part, CK_ULONG_PTR part_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DecryptUpdate) (handle, enc_part, enc_part_len, part, part_len); -} - -static CK_RV -proxy_C_DecryptFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR last_part, - CK_ULONG_PTR last_part_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DecryptFinal) (handle, last_part, last_part_len); -} - -static CK_RV -proxy_C_DigestInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DigestInit) (handle, mechanism); -} - -static CK_RV -proxy_C_Digest (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len, - CK_BYTE_PTR digest, CK_ULONG_PTR digest_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_Digest) (handle, data, data_len, digest, digest_len); -} - -static CK_RV -proxy_C_DigestUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part, CK_ULONG part_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DigestUpdate) (handle, part, part_len); -} - -static CK_RV -proxy_C_DigestKey (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE key) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DigestKey) (handle, key); -} - -static CK_RV -proxy_C_DigestFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DigestFinal) (handle, digest, digest_len); -} - -static CK_RV -proxy_C_SignInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_SignInit) (handle, mechanism, key); -} - -static CK_RV -proxy_C_Sign (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len, - CK_BYTE_PTR signature, CK_ULONG_PTR signature_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_Sign) (handle, data, data_len, signature, signature_len); -} - -static CK_RV -proxy_C_SignUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part, CK_ULONG part_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_SignUpdate) (handle, part, part_len); -} - -static CK_RV -proxy_C_SignFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_SignFinal) (handle, signature, signature_len); -} - -static CK_RV -proxy_C_SignRecoverInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_SignRecoverInit) (handle, mechanism, key); -} - -static CK_RV -proxy_C_SignRecover (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len, - CK_BYTE_PTR signature, CK_ULONG_PTR signature_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_SignRecover) (handle, data, data_len, signature, signature_len); -} - -static CK_RV -proxy_C_VerifyInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_VerifyInit) (handle, mechanism, key); -} - -static CK_RV -proxy_C_Verify (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len, - CK_BYTE_PTR signature, CK_ULONG signature_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_Verify) (handle, data, data_len, signature, signature_len); -} - -static CK_RV -proxy_C_VerifyUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part, CK_ULONG part_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_VerifyUpdate) (handle, part, part_len); -} - -static CK_RV -proxy_C_VerifyFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR signature, - CK_ULONG signature_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_VerifyFinal) (handle, signature, signature_len); -} - -static CK_RV -proxy_C_VerifyRecoverInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_VerifyRecoverInit) (handle, mechanism, key); -} - -static CK_RV -proxy_C_VerifyRecover (CK_SESSION_HANDLE handle, CK_BYTE_PTR signature, - CK_ULONG signature_len, CK_BYTE_PTR data, CK_ULONG_PTR data_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_VerifyRecover) (handle, signature, signature_len, data, data_len); -} - -static CK_RV -proxy_C_DigestEncryptUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part, - CK_ULONG part_len, CK_BYTE_PTR enc_part, - CK_ULONG_PTR enc_part_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DigestEncryptUpdate) (handle, part, part_len, enc_part, enc_part_len); -} - -static CK_RV -proxy_C_DecryptDigestUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DecryptDigestUpdate) (handle, enc_part, enc_part_len, part, part_len); -} - -static CK_RV -proxy_C_SignEncryptUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part, - CK_ULONG part_len, CK_BYTE_PTR enc_part, - CK_ULONG_PTR enc_part_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_SignEncryptUpdate) (handle, part, part_len, enc_part, enc_part_len); -} - -static CK_RV -proxy_C_DecryptVerifyUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DecryptVerifyUpdate) (handle, enc_part, enc_part_len, part, part_len); -} - -static CK_RV -proxy_C_GenerateKey (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR template, CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GenerateKey) (handle, mechanism, template, count, key); -} - -static CK_RV -proxy_C_GenerateKeyPair (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR pub_template, CK_ULONG pub_count, - CK_ATTRIBUTE_PTR priv_template, CK_ULONG priv_count, - CK_OBJECT_HANDLE_PTR pub_key, CK_OBJECT_HANDLE_PTR priv_key) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GenerateKeyPair) (handle, mechanism, pub_template, pub_count, priv_template, priv_count, pub_key, priv_key); -} - -static CK_RV -proxy_C_WrapKey (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE wrapping_key, CK_OBJECT_HANDLE key, - CK_BYTE_PTR wrapped_key, CK_ULONG_PTR wrapped_key_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_WrapKey) (handle, mechanism, wrapping_key, key, wrapped_key, wrapped_key_len); -} - -static CK_RV -proxy_C_UnwrapKey (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE unwrapping_key, CK_BYTE_PTR wrapped_key, - CK_ULONG wrapped_key_len, CK_ATTRIBUTE_PTR template, - CK_ULONG count, CK_OBJECT_HANDLE_PTR key) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_UnwrapKey) (handle, mechanism, unwrapping_key, wrapped_key, wrapped_key_len, template, count, key); -} - -static CK_RV -proxy_C_DeriveKey (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE base_key, CK_ATTRIBUTE_PTR template, - CK_ULONG count, CK_OBJECT_HANDLE_PTR key) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DeriveKey) (handle, mechanism, base_key, template, count, key); -} - -static CK_RV -proxy_C_SeedRandom (CK_SESSION_HANDLE handle, CK_BYTE_PTR seed, CK_ULONG seed_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_SeedRandom) (handle, seed, seed_len); -} - -static CK_RV -proxy_C_GenerateRandom (CK_SESSION_HANDLE handle, CK_BYTE_PTR random_data, - CK_ULONG random_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GenerateRandom) (handle, random_data, random_len); -} - -/* -------------------------------------------------------------------- - * MODULE ENTRY POINT - */ - -static CK_FUNCTION_LIST proxy_function_list = { - { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, /* version */ - proxy_C_Initialize, - proxy_C_Finalize, - proxy_C_GetInfo, - proxy_C_GetFunctionList, - proxy_C_GetSlotList, - proxy_C_GetSlotInfo, - proxy_C_GetTokenInfo, - proxy_C_GetMechanismList, - proxy_C_GetMechanismInfo, - proxy_C_InitToken, - proxy_C_InitPIN, - proxy_C_SetPIN, - proxy_C_OpenSession, - proxy_C_CloseSession, - proxy_C_CloseAllSessions, - proxy_C_GetSessionInfo, - proxy_C_GetOperationState, - proxy_C_SetOperationState, - proxy_C_Login, - proxy_C_Logout, - proxy_C_CreateObject, - proxy_C_CopyObject, - proxy_C_DestroyObject, - proxy_C_GetObjectSize, - proxy_C_GetAttributeValue, - proxy_C_SetAttributeValue, - proxy_C_FindObjectsInit, - proxy_C_FindObjects, - proxy_C_FindObjectsFinal, - proxy_C_EncryptInit, - proxy_C_Encrypt, - proxy_C_EncryptUpdate, - proxy_C_EncryptFinal, - proxy_C_DecryptInit, - proxy_C_Decrypt, - proxy_C_DecryptUpdate, - proxy_C_DecryptFinal, - proxy_C_DigestInit, - proxy_C_Digest, - proxy_C_DigestUpdate, - proxy_C_DigestKey, - proxy_C_DigestFinal, - proxy_C_SignInit, - proxy_C_Sign, - proxy_C_SignUpdate, - proxy_C_SignFinal, - proxy_C_SignRecoverInit, - proxy_C_SignRecover, - proxy_C_VerifyInit, - proxy_C_Verify, - proxy_C_VerifyUpdate, - proxy_C_VerifyFinal, - proxy_C_VerifyRecoverInit, - proxy_C_VerifyRecover, - proxy_C_DigestEncryptUpdate, - proxy_C_DecryptDigestUpdate, - proxy_C_SignEncryptUpdate, - proxy_C_DecryptVerifyUpdate, - proxy_C_GenerateKey, - proxy_C_GenerateKeyPair, - proxy_C_WrapKey, - proxy_C_UnwrapKey, - proxy_C_DeriveKey, - proxy_C_SeedRandom, - proxy_C_GenerateRandom, - proxy_C_GetFunctionStatus, - proxy_C_CancelFunction, - proxy_C_WaitForSlotEvent -}; - -CK_RV -C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) -{ - return proxy_C_GetFunctionList (list); -} |