From a50ba779ff3e0a5d4f35fb2b6ab525a423575cc4 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Thu, 20 Jan 2011 13:36:33 -0600 Subject: Initial implementation of p11-unity --- module/Makefile.am | 18 + module/hash.c | 400 ++++++++++++++ module/hash.h | 158 ++++++ module/p11-unity.c | 1543 ++++++++++++++++++++++++++++++++++++++++++++++++++++ module/pkcs11.h | 1357 +++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 3476 insertions(+) create mode 100644 module/Makefile.am create mode 100644 module/hash.c create mode 100644 module/hash.h create mode 100644 module/p11-unity.c create mode 100644 module/pkcs11.h (limited to 'module') diff --git a/module/Makefile.am b/module/Makefile.am new file mode 100644 index 0000000..2aba99d --- /dev/null +++ b/module/Makefile.am @@ -0,0 +1,18 @@ + +INCLUDES = \ + -DPKCS11_MODULE_PATH=\"$(PKCS11_MODULE_PATH)\" + +MODULE_SRCS = \ + p11-unity.c \ + hash.c hash.h + +lib_LTLIBRARIES = p11-unity.la + +p11_unity_la_LDFLAGS = \ + -module -avoid-version \ + -no-undefined -export-symbols-regex 'C_GetFunctionList' + +p11_unity_la_SOURCES = $(MODULE_SRCS) + +EXTRA_DIST = \ + pkcs11.h \ No newline at end of file diff --git a/module/hash.c b/module/hash.c new file mode 100644 index 0000000..512a914 --- /dev/null +++ b/module/hash.c @@ -0,0 +1,400 @@ +/* + * Copyright (c) 2004, Stefan Walter + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + */ + +/* + * Originally from apache 2.0 + * Modifications for general use by + */ + +/* Copyright 2000-2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include "hash.h" + +#define KEY_DATA(he) ((he)->key) + +/* + * The internal form of a hash table. + * + * The table is an array indexed by the hash of the key; collisions + * are resolved by hanging a linked list of hash entries off each + * element of the array. Although this is a really simple design it + * isn't too bad given that pools have a low allocation overhead. + */ + +typedef struct hsh_entry_t hsh_entry_t; + +struct hsh_entry_t +{ + hsh_entry_t* next; + unsigned int hash; + const void* key; + size_t klen; + const void* val; +}; + +/* + * Data structure for iterating through a hash table. + * + * We keep a pointer to the next hash entry here to allow the current + * hash entry to be freed or otherwise mangled between calls to + * hsh_next(). + */ +struct hsh_index_t +{ + hsh_t* ht; + hsh_entry_t* ths; + hsh_entry_t* next; + unsigned int index; +}; + +/* + * The size of the array is always a power of two. We use the maximum + * index rather than the size so that we can use bitwise-AND for + * modular arithmetic. + * The count of hash entries may be greater depending on the chosen + * collision rate. + */ +struct hsh_t +{ + hsh_entry_t** array; + hsh_index_t iterator; /* For hsh_first(...) */ + unsigned int count; + unsigned int max; +}; + + +#define INITIAL_MAX 15 /* tunable == 2^n - 1 */ +#define int_malloc malloc +#define int_calloc calloc +#define int_free free + +/* + * Hash creation functions. + */ + +static hsh_entry_t** alloc_array(hsh_t* ht, unsigned int max) +{ + return (hsh_entry_t**)int_calloc(sizeof(*(ht->array)), (max + 1)); +} + +hsh_t* hsh_create() +{ + hsh_t* ht = int_malloc(sizeof(hsh_t)); + if(ht) + { + ht->count = 0; + ht->max = INITIAL_MAX; + ht->array = alloc_array(ht, ht->max); + if(!ht->array) + { + int_free(ht); + return NULL; + } + } + return ht; +} + +void hsh_free(hsh_t* ht) +{ + hsh_index_t* hi; + + for(hi = hsh_first(ht); hi; hi = hsh_next(hi)) + int_free(hi->ths); + + if(ht->array) + int_free(ht->array); + + int_free(ht); +} + +/* + * Hash iteration functions. + */ + +hsh_index_t* hsh_next(hsh_index_t* hi) +{ + hi->ths = hi->next; + while(!hi->ths) + { + if(hi->index > hi->ht->max) + return NULL; + + hi->ths = hi->ht->array[hi->index++]; + } + hi->next = hi->ths->next; + return hi; +} + +hsh_index_t* hsh_first(hsh_t* ht) +{ + hsh_index_t* hi = &ht->iterator; + + hi->ht = ht; + hi->index = 0; + hi->ths = NULL; + hi->next = NULL; + return hsh_next(hi); +} + +void* hsh_this(hsh_index_t* hi, const void** key, size_t* klen) +{ + if(key) + *key = KEY_DATA(hi->ths); + if(klen) + *klen = hi->ths->klen; + return (void*)hi->ths->val; +} + + +/* + * Expanding a hash table + */ + +static int expand_array(hsh_t* ht) +{ + hsh_index_t* hi; + hsh_entry_t** new_array; + unsigned int new_max; + + new_max = ht->max * 2 + 1; + new_array = alloc_array(ht, new_max); + + if(!new_array) + return 0; + + for(hi = hsh_first(ht); hi; hi = hsh_next(hi)) + { + unsigned int i = hi->ths->hash & new_max; + hi->ths->next = new_array[i]; + new_array[i] = hi->ths; + } + + if(ht->array) + free(ht->array); + + ht->array = new_array; + ht->max = new_max; + return 1; +} + +/* + * This is where we keep the details of the hash function and control + * the maximum collision rate. + * + * If val is non-NULL it creates and initializes a new hash entry if + * there isn't already one there; it returns an updatable pointer so + * that hash entries can be removed. + */ + +static hsh_entry_t** find_entry(hsh_t* ht, const void* key, size_t klen, const void* val) +{ + hsh_entry_t** hep; + hsh_entry_t* he; + const unsigned char* p; + unsigned int hash; + size_t i; + + /* + * This is the popular `times 33' hash algorithm which is used by + * perl and also appears in Berkeley DB. This is one of the best + * known hash functions for strings because it is both computed + * very fast and distributes very well. + * + * The originator may be Dan Bernstein but the code in Berkeley DB + * cites Chris Torek as the source. The best citation I have found + * is "Chris Torek, Hash function for text in C, Usenet message + * <27038@mimsy.umd.edu> in comp.lang.c , October, 1990." in Rich + * Salz's USENIX 1992 paper about INN which can be found at + * . + * + * The magic of number 33, i.e. why it works better than many other + * constants, prime or not, has never been adequately explained by + * anyone. So I try an explanation: if one experimentally tests all + * multipliers between 1 and 256 (as I did while writing a low-level + * data structure library some time ago) one detects that even + * numbers are not useable at all. The remaining 128 odd numbers + * (except for the number 1) work more or less all equally well. + * They all distribute in an acceptable way and this way fill a hash + * table with an average percent of approx. 86%. + * + * If one compares the chi^2 values of the variants (see + * Bob Jenkins ``Hashing Frequently Asked Questions'' at + * http://burtleburtle.net/bob/hash/hashfaq.html for a description + * of chi^2), the number 33 not even has the best value. But the + * number 33 and a few other equally good numbers like 17, 31, 63, + * 127 and 129 have nevertheless a great advantage to the remaining + * numbers in the large set of possible multipliers: their multiply + * operation can be replaced by a faster operation based on just one + * shift plus either a single addition or subtraction operation. And + * because a hash function has to both distribute good _and_ has to + * be very fast to compute, those few numbers should be preferred. + * + * -- Ralf S. Engelschall + */ + hash = 0; + + if(klen == HSH_KEY_STRING) + { + for(p = key; *p; p++) + hash = hash * 33 + *p; + + klen = p - (const unsigned char *)key; + } + else + { + for(p = key, i = klen; i; i--, p++) + hash = hash * 33 + *p; + } + + /* scan linked list */ + for(hep = &ht->array[hash & ht->max], he = *hep; + he; hep = &he->next, he = *hep) + { + if(he->hash == hash && + he->klen == klen && + memcmp(KEY_DATA(he), key, klen) == 0) + break; + } + + if(he || !val) + return hep; + + /* add a new entry for non-NULL val */ + he = int_malloc(sizeof(*he)); + + if(he) + { + /* Key points to external data */ + he->key = key; + he->klen = klen; + + he->next = NULL; + he->hash = hash; + he->val = val; + + *hep = he; + ht->count++; + } + + return hep; +} + +void* hsh_get(hsh_t* ht, const void *key, size_t klen) +{ + hsh_entry_t** he = find_entry(ht, key, klen, NULL); + + if(he && *he) + return (void*)((*he)->val); + else + return NULL; +} + +int hsh_set(hsh_t* ht, const void* key, size_t klen, void* val) +{ + hsh_entry_t** hep = find_entry(ht, key, klen, val); + + if(hep && *hep) + { + /* replace entry */ + (*hep)->val = val; + + /* check that the collision rate isn't too high */ + if(ht->count > ht->max) + { + if(!expand_array(ht)) + return 0; + } + + return 1; + } + + return 0; +} + +void* hsh_rem(hsh_t* ht, const void* key, size_t klen) +{ + hsh_entry_t** hep = find_entry(ht, key, klen, NULL); + void* val = NULL; + + if(hep && *hep) + { + hsh_entry_t* old = *hep; + *hep = (*hep)->next; + --ht->count; + val = (void*)old->val; + free(old); + } + + return val; +} + +void hsh_clear(hsh_t* ht) +{ + hsh_entry_t *he, *next; + int i; + + /* Free all entries in the array */ + for (i = 0; i < ht->max; ++i) { + he = ht->array[i]; + while (he) { + next = he->next; + free (he); + he = next; + } + } + + memset (ht->array, 0, ht->max * sizeof (hsh_entry_t*)); + ht->count = 0; +} + +unsigned int hsh_count(hsh_t* ht) +{ + return ht->count; +} + diff --git a/module/hash.h b/module/hash.h new file mode 100644 index 0000000..a02b8e3 --- /dev/null +++ b/module/hash.h @@ -0,0 +1,158 @@ +/* + * Copyright (c) 2004, Stefan Walter + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + */ + +/* + * Originally from apache 2.0 + * Modifications for general use by + */ + +/* Copyright 2000-2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __HSH_H__ +#define __HSH_H__ + +#include + +/* + * OPTIONAL FEATURES + * + * Features to define. You need to build both this file and + * the corresponding hash.c file with whatever options you set here. + * These affect the method signatures, so see the sections below + * for the actual options + */ + +/* + * ARGUMENT DOCUMENTATION + * + * ht: The hashtable + * key: Pointer to the key value + * klen: The length of the key + * val: Pointer to the value + * hi: A hashtable iterator + * stamp: A unix timestamp + */ + + +/* ---------------------------------------------------------------------------------- + * TYPES + */ + +/* Abstract type for hash tables. */ +typedef struct hsh_t hsh_t; + +/* Abstract type for scanning hash tables. */ +typedef struct hsh_index_t hsh_index_t; + +/* ----------------------------------------------------------------------------- + * MAIN + */ + +/* + * hsh_create : Create a hash table + * - returns an allocated hashtable + */ +hsh_t* hsh_create(void); + +/* + * hsh_free : Free a hash table + */ +void hsh_free(hsh_t* ht); + +/* + * hsh_count: Number of values in hash table + * - returns the number of entries in hash table + */ +unsigned int hsh_count(hsh_t* ht); + +/* + * hsh_get: Retrieves a value from the hash table + * - returns the value of the entry + */ +void* hsh_get(hsh_t* ht, const void* key, size_t klen); + +/* + * hsh_set: Set a value in the hash table + * - returns 1 if the entry was added properly + */ +int hsh_set(hsh_t* ht, const void* key, size_t klen, void* val); + +/* + * hsh_rem: Remove a value from the hash table + * - returns the value of the removed entry + */ +void* hsh_rem(hsh_t* ht, const void* key, size_t klen); + +/* + * hsh_first: Start enumerating through the hash table + * - returns a hash iterator + */ +hsh_index_t* hsh_first(hsh_t* ht); + +/* + * hsh_next: Enumerate through hash table + * - returns the hash iterator or null when no more entries + */ +hsh_index_t* hsh_next(hsh_index_t* hi); + +/* + * hsh_this: While enumerating get current value + * - returns the value that the iterator currently points to + */ +void* hsh_this(hsh_index_t* hi, const void** key, size_t* klen); + +/* + * hsh_clear: Clear all values from has htable. + */ +void hsh_clear(hsh_t* ht); + +/* + * This can be passed as 'klen' in any of the above functions to indicate + * a string-valued key, and have hash compute the length automatically. + */ +#define HSH_KEY_STRING (-1) + +#endif /* __HSH_H__ */ diff --git a/module/p11-unity.c b/module/p11-unity.c new file mode 100644 index 0000000..e6ea668 --- /dev/null +++ b/module/p11-unity.c @@ -0,0 +1,1543 @@ +/* + * Copyright (C) 2011 Collabora Ltd. + * Copyright (C) 2008 Stefan Walter + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "hash.h" +#include "pkcs11.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* Start wrap slots slightly higher for testing */ +#define MAPPING_OFFSET 0x10 +#define FIRST_HANDLE 0x10 + +typedef struct _Mapping { + CK_SLOT_ID wrap_slot; + CK_SLOT_ID real_slot; + CK_FUNCTION_LIST_PTR funcs; +} Mapping; + +typedef struct _Session { + CK_SESSION_HANDLE wrap_session; + CK_SESSION_HANDLE real_session; + CK_SLOT_ID wrap_slot; +} Session; + +typedef struct _Module { + char *path; + void *dl_module; + CK_FUNCTION_LIST_PTR funcs; + int initialized; + struct _Module *next; +} Module; + +/* Forward declaration */ +static CK_FUNCTION_LIST unity_function_list; + +static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; + +/* + * Shared data between threads, protected by the mutex, a structure so + * we can audit thread safety easier. + */ +static struct _Shared { + int initialize_count; + Mapping *mappings; + unsigned int n_mappings; + hsh_t *sessions; + Module *modules; + CK_ULONG last_handle; +} gl = { 0, NULL, 0, NULL, NULL, FIRST_HANDLE }; + +#define MANUFACTURER_ID "PKCS#11 Unity " +#define LIBRARY_DESCRIPTION "PKCS#11 Unity Proxy Module " +#define LIBRARY_VERSION_MAJOR 1 +#define LIBRARY_VERSION_MINOR 1 + +/* ----------------------------------------------------------------------------- + * UTILITIES + */ + +static void +warning (const char* msg, ...) +{ + char buffer[512]; + va_list va; + + va_start (va, msg); + + vsnprintf(buffer, sizeof (buffer) - 1, msg, va); + buffer[sizeof (buffer) - 1] = 0; + fprintf (stderr, "p11-unity: %s\n", buffer); + + va_end (va); +} + +static char* +strconcat (const char *first, ...) +{ + size_t length = 0; + const char *arg; + char *result, *at; + va_list va; + + va_start (va, first); + + for (arg = first; arg; arg = va_arg (va, const char*)) + length += strlen (arg); + + va_end (va); + + at = result = malloc (length); + if (!result) + return NULL; + + va_start (va, first); + + for (arg = first; arg; arg = va_arg (va, const char*)) { + length = strlen (arg); + memcpy (at, arg, length); + at += length; + } + + va_end (va); + + *at = 0; + return result; +} + +static int +ends_with (const char *haystack, const char *needle) +{ + size_t haystack_len, needle_len; + + assert (haystack); + assert (needle); + + haystack_len = strlen (haystack); + needle_len = strlen (needle); + + if (needle_len > haystack_len) + return 0; + return memcmp (haystack + (haystack_len - needle_len), + needle, needle_len) == 0; +} + +static void* +xrealloc (void * memory, size_t length) +{ + void *allocated = realloc (memory, length); + if (!allocated) + free (memory); + return allocated; +} + +/* ----------------------------------------------------------------------------- + * HELPER FUNCTIONS + */ + +static CK_RV +map_slot_unlocked (CK_SLOT_ID slot, Mapping *mapping) +{ + assert (mapping); + + if (slot < MAPPING_OFFSET) + return CKR_SLOT_ID_INVALID; + slot -= MAPPING_OFFSET; + + if (slot > gl.n_mappings) { + return CKR_SLOT_ID_INVALID; + } else { + assert (gl.mappings); + memcpy (mapping, &gl.mappings[slot], sizeof (Mapping)); + return CKR_OK; + } +} + +static CK_RV +map_slot_to_real (CK_SLOT_ID_PTR slot, Mapping *mapping) +{ + CK_RV rv; + + assert (mapping); + + pthread_mutex_lock (&mutex); + + if (gl.initialize_count == 0) + rv = CKR_CRYPTOKI_NOT_INITIALIZED; + else + rv = map_slot_unlocked (*slot, mapping); + if (rv == CKR_OK) + *slot = mapping->real_slot; + + pthread_mutex_unlock (&mutex); + + return rv; +} + +static CK_RV +map_session_to_real (CK_SESSION_HANDLE_PTR handle, Mapping *mapping, Session *session) +{ + CK_RV rv = CKR_OK; + Session *sess; + + assert (handle); + assert (mapping); + + pthread_mutex_lock (&mutex); + + if (gl.initialize_count == 0) { + rv = CKR_CRYPTOKI_NOT_INITIALIZED; + } else { + assert (gl.sessions); + sess = hsh_get (gl.sessions, handle, sizeof (handle)); + if (sess != NULL) { + *handle = sess->real_session; + rv = map_slot_unlocked (sess->wrap_slot, mapping); + if (session != NULL) + memcpy (session, sess, sizeof (Session)); + } else { + rv = CKR_SESSION_HANDLE_INVALID; + } + } + + pthread_mutex_unlock (&mutex); + + return rv; +} + +static CK_RV +load_module_unlocked (const char *name, Module *module) +{ + CK_C_GetFunctionList gfl; + CK_RV rv; + + module->path = strconcat (PKCS11_MODULE_PATH, "/", name, NULL); + if (!module->path) + return CKR_HOST_MEMORY; + + module->dl_module = dlopen (module->path, RTLD_LOCAL | RTLD_NOW); + if (module->dl_module == NULL) { + warning ("couldn't load module: %s: %s", + module->path, dlerror ()); + return CKR_GENERAL_ERROR; + } + + gfl = dlsym (module->dl_module, "C_GetFunctionList"); + if (!gfl) { + warning ("couldn't find C_GetFunctionList entry point in module: %s: %s", + module->path, dlerror ()); + return CKR_GENERAL_ERROR; + } + + rv = gfl (&module->funcs); + if (rv != CKR_OK) { + warning ("call to C_GetFunctiontList failed in module: %s: %lu", + module->path, (unsigned long)rv); + return rv; + } + + return CKR_OK; +} + +static void +unload_module_unlocked (Module *module) +{ + /* Should have been finalized before this */ + assert (!module->initialized); + + if (module->dl_module) { + dlclose (module->dl_module); + module->dl_module = NULL; + } + + if (module->path) { + free (module->path); + module->path = NULL; + } + + module->funcs = NULL; +} + +static CK_RV +initialize_unlocked (CK_VOID_PTR init_args) +{ + CK_SLOT_ID_PTR slots; + CK_ULONG i, count; + DIR *dir; + struct dirent *dp; + Module *module; + CK_RV rv; + + assert (!gl.mappings); + assert (gl.n_mappings == 0); + assert (!gl.modules); + + /* First we load all the modules */ + dir = opendir (PKCS11_MODULE_PATH); + + /* We're within a global mutex, so readdir is safe */ + while ((dp = readdir(dir)) != NULL) { + if ((dp->d_type == DT_LNK || dp->d_type == DT_REG) && + !ends_with (dp->d_name, ".la")) { + + module = calloc (sizeof (Module), 1); + if (!module) + rv = CKR_HOST_MEMORY; + else + rv = load_module_unlocked (dp->d_name, module); + if (rv != CKR_OK) { + if (module) + unload_module_unlocked (module); + free (module); + break; + } + + module->next = gl.modules; + gl.modules = module; + } + } + + closedir (dir); + + for (module = gl.modules; rv == CKR_OK && module; module = module->next) { + + /* Initialize each module */ + rv = (module->funcs->C_Initialize) (init_args); + if (rv == CKR_CRYPTOKI_ALREADY_INITIALIZED) + rv = CKR_OK; + else if (rv == CKR_OK) + module->initialized = 1; + else + break; + + /* And then ask it for its slots */ + rv = (module->funcs->C_GetSlotList) (FALSE, NULL, &count); + if (rv != CKR_OK) + break; + if (!count) + continue; + slots = calloc (sizeof (CK_SLOT_ID), count); + if (!slots) { + rv = CKR_HOST_MEMORY; + break; + } + rv = (module->funcs->C_GetSlotList) (FALSE, slots, &count); + if (rv != CKR_OK) { + free (slots); + break; + } + + gl.mappings = xrealloc (gl.mappings, sizeof (Mapping) * (gl.n_mappings + count)); + if (!gl.mappings) { + rv = CKR_HOST_MEMORY; + free (slots); + break; + } + + /* And now add a mapping for each of those slots */ + for (i = 0; i < count; ++i) { + gl.mappings[gl.n_mappings].funcs = module->funcs; + gl.mappings[gl.n_mappings].wrap_slot = gl.n_mappings + MAPPING_OFFSET; + gl.mappings[gl.n_mappings].real_slot = slots[i]; + ++gl.n_mappings; + } + + free (slots); + } + + gl.sessions = hsh_create (); + return rv; +} + +static CK_RV +finalize_unlocked (CK_VOID_PTR args) +{ + Module *module, *next; + hsh_index_t *iter; + + /* Finalize all the modules */ + for (module = gl.modules; module; module = next) { + next = module->next; + if (module->initialized) { + (module->funcs->C_Finalize) (args); + module->initialized = 0; + } + + unload_module_unlocked (module); + free (module); + } + gl.modules = NULL; + + /* No more mappings */ + free (gl.mappings); + gl.mappings = NULL; + gl.n_mappings = 0; + + /* no more sessions */ + if (gl.sessions) { + for (iter = hsh_first (gl.sessions); iter; iter = hsh_next (iter)) + free (hsh_this (iter, NULL, NULL)); + hsh_free (gl.sessions); + gl.sessions = NULL; + } + + return CKR_OK; +} + +/* ----------------------------------------------------------------------------- + * PKCS#11 FUNCTIONS + */ + +static CK_RV +unity_C_Finalize (CK_VOID_PTR reserved) +{ + CK_RV rv; + + if (reserved) + return CKR_ARGUMENTS_BAD; + + pthread_mutex_lock (&mutex); + + if (gl.initialize_count == 0) { + rv = CKR_CRYPTOKI_NOT_INITIALIZED; + } else { + rv = finalize_unlocked (reserved); + if (rv == CKR_OK) + --gl.initialize_count; + } + + pthread_mutex_unlock (&mutex); + + return rv; +} + +static CK_RV +unity_C_Initialize (CK_VOID_PTR init_args) +{ + CK_RV rv; + + pthread_mutex_lock (&mutex); + + /* + * We bend the rules of PKCS#11 here. We never return the + * CKR_ALREADY_INITIALIZED error code, but just increase + * an initialization ref count. + * + * C_Finalize must be called the same amount of times as + * C_Initialize. + */ + + if (gl.initialize_count > 0) { + ++gl.initialize_count; + rv = CKR_OK; + } else { + rv = initialize_unlocked (init_args); + gl.initialize_count = 1; + } + + pthread_mutex_unlock (&mutex); + + /* Finalize anything that was half initialized */ + if (rv != CKR_OK) + unity_C_Finalize (NULL); + + return rv; +} + +static CK_RV +unity_C_GetInfo (CK_INFO_PTR info) +{ + CK_RV rv = CKR_OK; + + if (info == NULL) + return CKR_ARGUMENTS_BAD; + + pthread_mutex_lock (&mutex); + + if (gl.initialize_count == 0) + rv = CKR_CRYPTOKI_NOT_INITIALIZED; + + pthread_mutex_unlock (&mutex); + + if (rv != CKR_OK) + return rv; + + info->cryptokiVersion.major = CRYPTOKI_VERSION_MAJOR; + info->cryptokiVersion.minor = CRYPTOKI_VERSION_MINOR; + info->libraryVersion.major = LIBRARY_VERSION_MAJOR; + info->libraryVersion.minor = LIBRARY_VERSION_MINOR; + info->flags = 0; + strncpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32); + strncpy ((char*)info->libraryDescription, LIBRARY_DESCRIPTION, 32); + return CKR_OK; +} + +static CK_RV +unity_C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) +{ + /* Can be called before C_Initialize */ + + if (!list) + return CKR_ARGUMENTS_BAD; + *list = &unity_function_list; + return CKR_OK; +} + +static CK_RV +unity_C_GetSlotList (CK_BBOOL token_present, CK_SLOT_ID_PTR slot_list, + CK_ULONG_PTR count) +{ + CK_SLOT_INFO info; + Mapping *mapping; + CK_ULONG index; + CK_RV rv = CKR_OK; + int i; + + if (!count) + return CKR_ARGUMENTS_BAD; + + pthread_mutex_lock (&mutex); + + if (gl.initialize_count == 0) { + rv = CKR_CRYPTOKI_NOT_INITIALIZED; + } else { + index = 0; + + /* Go through and build up a map */ + for (i = 0; i < gl.n_mappings; ++i) { + mapping = &gl.mappings[i]; + + /* Skip ones without a token if requested */ + if (token_present) { + rv = (mapping->funcs->C_GetSlotInfo) (mapping->real_slot, &info); + if (rv != CKR_OK) + break; + if (!(info.flags & CKF_TOKEN_PRESENT)) + continue; + } + + /* Fill in the slot if we can */ + if (slot_list && *count > index) + slot_list[index] = mapping->wrap_slot; + + ++index; + } + + if (slot_list && *count < index) + rv = CKR_BUFFER_TOO_SMALL; + + *count = index; + } + + pthread_mutex_unlock (&mutex); + + return rv; +} + +static CK_RV +unity_C_GetSlotInfo (CK_SLOT_ID id, CK_SLOT_INFO_PTR info) +{ + Mapping map; + CK_RV rv; + + rv = map_slot_to_real (&id, &map); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_GetSlotInfo) (id, info); +} + +static CK_RV +unity_C_GetTokenInfo (CK_SLOT_ID id, CK_TOKEN_INFO_PTR info) +{ + Mapping map; + CK_RV rv; + + rv = map_slot_to_real (&id, &map); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_GetTokenInfo) (id, info); +} + +static CK_RV +unity_C_GetMechanismList (CK_SLOT_ID id, CK_MECHANISM_TYPE_PTR mechanism_list, + CK_ULONG_PTR count) +{ + Mapping map; + CK_RV rv; + + rv = map_slot_to_real (&id, &map); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_GetMechanismList) (id, mechanism_list, count); +} + +static CK_RV +unity_C_GetMechanismInfo (CK_SLOT_ID id, CK_MECHANISM_TYPE type, + CK_MECHANISM_INFO_PTR info) +{ + Mapping map; + CK_RV rv; + + rv = map_slot_to_real (&id, &map); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_GetMechanismInfo) (id, type, info); +} + +static CK_RV +unity_C_InitToken (CK_SLOT_ID id, CK_UTF8CHAR_PTR pin, CK_ULONG pin_len, CK_UTF8CHAR_PTR label) +{ + Mapping map; + CK_RV rv; + + rv = map_slot_to_real (&id, &map); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_InitToken) (id, pin, pin_len, label); +} + +static CK_RV +unity_C_WaitForSlotEvent (CK_FLAGS flags, CK_SLOT_ID_PTR slot, CK_VOID_PTR reserved) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +static CK_RV +unity_C_OpenSession (CK_SLOT_ID id, CK_FLAGS flags, CK_VOID_PTR user_data, + CK_NOTIFY callback, CK_SESSION_HANDLE_PTR handle) +{ + Session *sess; + Mapping map; + CK_RV rv; + + if (handle == NULL) + return CKR_ARGUMENTS_BAD; + + rv = map_slot_to_real (&id, &map); + if (rv != CKR_OK) + return rv; + + rv = (map.funcs->C_OpenSession) (id, flags, user_data, callback, handle); + + if (rv == CKR_OK) { + pthread_mutex_lock (&mutex); + + if (gl.initialize_count == 0) { + rv = CKR_CRYPTOKI_NOT_INITIALIZED; + } else { + sess = calloc (1, sizeof (Session)); + sess->wrap_slot = map.wrap_slot; + sess->real_session = *handle; + sess->wrap_session = ++gl.last_handle; /* TODO: Handle wrapping, and then collisions */ + hsh_set (gl.sessions, &sess->wrap_session, sizeof (sess->wrap_session), sess); + *handle = sess->wrap_session; + } + + pthread_mutex_unlock (&mutex); + } + + return rv; +} + +static CK_RV +unity_C_CloseSession (CK_SESSION_HANDLE handle) +{ + CK_SESSION_HANDLE key; + Mapping map; + CK_RV rv; + + key = handle; + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + rv = (map.funcs->C_CloseSession) (handle); + + if (rv == CKR_OK) { + pthread_mutex_lock (&mutex); + + if (gl.initialize_count != 0) + hsh_rem (gl.sessions, &key, sizeof (key)); + + pthread_mutex_unlock (&mutex); + } + + return rv; +} + +static CK_RV +unity_C_CloseAllSessions (CK_SLOT_ID id) +{ + CK_SESSION_HANDLE_PTR to_close; + CK_RV rv = CKR_OK; + Session *sess; + CK_ULONG i, count; + hsh_index_t *iter; + + pthread_mutex_lock (&mutex); + + if (gl.initialize_count == 0) { + rv = CKR_CRYPTOKI_NOT_INITIALIZED; + } else { + to_close = calloc (sizeof (CK_SESSION_HANDLE), hsh_count (gl.sessions)); + if (!to_close) { + rv = CKR_HOST_MEMORY; + } else { + for (iter = hsh_first (gl.sessions), count = 0; + iter; iter = hsh_next (iter)) { + sess = hsh_this (iter, NULL, NULL); + if (sess->wrap_slot == id && to_close) + to_close[count++] = sess->wrap_session; + } + } + } + + pthread_mutex_unlock (&mutex); + + if (rv != CKR_OK) + return rv; + + for (i = 0; i < count; ++i) + unity_C_CloseSession (to_close[i]); + + free (to_close); + return CKR_OK; +} + +static CK_RV +unity_C_GetFunctionStatus (CK_SESSION_HANDLE handle) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_GetFunctionStatus) (handle); +} + +static CK_RV +unity_C_CancelFunction (CK_SESSION_HANDLE handle) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_CancelFunction) (handle); +} + +static CK_RV +unity_C_GetSessionInfo (CK_SESSION_HANDLE handle, CK_SESSION_INFO_PTR info) +{ + Mapping map; + CK_RV rv; + + if (info == NULL) + return CKR_ARGUMENTS_BAD; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + + rv = (map.funcs->C_GetSessionInfo) (handle, info); + if (rv == CKR_OK) + info->slotID = map.wrap_slot; + + return rv; +} + +static CK_RV +unity_C_InitPIN (CK_SESSION_HANDLE handle, CK_UTF8CHAR_PTR pin, CK_ULONG pin_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + + return (map.funcs->C_InitPIN) (handle, pin, pin_len); +} + +static CK_RV +unity_C_SetPIN (CK_SESSION_HANDLE handle, CK_UTF8CHAR_PTR old_pin, CK_ULONG old_pin_len, + CK_UTF8CHAR_PTR new_pin, CK_ULONG new_pin_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + + return (map.funcs->C_SetPIN) (handle, old_pin, old_pin_len, new_pin, new_pin_len); +} + +static CK_RV +unity_C_GetOperationState (CK_SESSION_HANDLE handle, CK_BYTE_PTR operation_state, CK_ULONG_PTR operation_state_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_GetOperationState) (handle, operation_state, operation_state_len); +} + +static CK_RV +unity_C_SetOperationState (CK_SESSION_HANDLE handle, CK_BYTE_PTR operation_state, + CK_ULONG operation_state_len, CK_OBJECT_HANDLE encryption_key, + CK_OBJECT_HANDLE authentication_key) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_SetOperationState) (handle, operation_state, operation_state_len, encryption_key, authentication_key); +} + +static CK_RV +unity_C_Login (CK_SESSION_HANDLE handle, CK_USER_TYPE user_type, + CK_UTF8CHAR_PTR pin, CK_ULONG pin_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + + return (map.funcs->C_Login) (handle, user_type, pin, pin_len); +} + +static CK_RV +unity_C_Logout (CK_SESSION_HANDLE handle) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_Logout) (handle); +} + +static CK_RV +unity_C_CreateObject (CK_SESSION_HANDLE handle, CK_ATTRIBUTE_PTR template, + CK_ULONG count, CK_OBJECT_HANDLE_PTR new_object) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + + return (map.funcs->C_CreateObject) (handle, template, count, new_object); +} + +static CK_RV +unity_C_CopyObject (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, CK_ULONG count, + CK_OBJECT_HANDLE_PTR new_object) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_CopyObject) (handle, object, template, count, new_object); +} + +static CK_RV +unity_C_DestroyObject (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_DestroyObject) (handle, object); +} + +static CK_RV +unity_C_GetObjectSize (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object, + CK_ULONG_PTR size) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_GetObjectSize) (handle, object, size); +} + +static CK_RV +unity_C_GetAttributeValue (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, CK_ULONG count) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_GetAttributeValue) (handle, object, template, count); +} + +static CK_RV +unity_C_SetAttributeValue (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, CK_ULONG count) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_SetAttributeValue) (handle, object, template, count); +} + +static CK_RV +unity_C_FindObjectsInit (CK_SESSION_HANDLE handle, CK_ATTRIBUTE_PTR template, + CK_ULONG count) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_FindObjectsInit) (handle, template, count); +} + +static CK_RV +unity_C_FindObjects (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE_PTR objects, + CK_ULONG max_count, CK_ULONG_PTR count) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_FindObjects) (handle, objects, max_count, count); +} + +static CK_RV +unity_C_FindObjectsFinal (CK_SESSION_HANDLE handle) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_FindObjectsFinal) (handle); +} + +static CK_RV +unity_C_EncryptInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_EncryptInit) (handle, mechanism, key); +} + +static CK_RV +unity_C_Encrypt (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len, + CK_BYTE_PTR encrypted_data, CK_ULONG_PTR encrypted_data_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_Encrypt) (handle, data, data_len, encrypted_data, encrypted_data_len); +} + +static CK_RV +unity_C_EncryptUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part, + CK_ULONG part_len, CK_BYTE_PTR encrypted_part, + CK_ULONG_PTR encrypted_part_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_EncryptUpdate) (handle, part, part_len, encrypted_part, encrypted_part_len); +} + +static CK_RV +unity_C_EncryptFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR last_part, + CK_ULONG_PTR last_part_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_EncryptFinal) (handle, last_part, last_part_len); +} + +static CK_RV +unity_C_DecryptInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_DecryptInit) (handle, mechanism, key); +} + +static CK_RV +unity_C_Decrypt (CK_SESSION_HANDLE handle, CK_BYTE_PTR enc_data, + CK_ULONG enc_data_len, CK_BYTE_PTR data, CK_ULONG_PTR data_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_Decrypt) (handle, enc_data, enc_data_len, data, data_len); +} + +static CK_RV +unity_C_DecryptUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR enc_part, + CK_ULONG enc_part_len, CK_BYTE_PTR part, CK_ULONG_PTR part_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_DecryptUpdate) (handle, enc_part, enc_part_len, part, part_len); +} + +static CK_RV +unity_C_DecryptFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR last_part, + CK_ULONG_PTR last_part_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_DecryptFinal) (handle, last_part, last_part_len); +} + +static CK_RV +unity_C_DigestInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_DigestInit) (handle, mechanism); +} + +static CK_RV +unity_C_Digest (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len, + CK_BYTE_PTR digest, CK_ULONG_PTR digest_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_Digest) (handle, data, data_len, digest, digest_len); +} + +static CK_RV +unity_C_DigestUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part, CK_ULONG part_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_DigestUpdate) (handle, part, part_len); +} + +static CK_RV +unity_C_DigestKey (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE key) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_DigestKey) (handle, key); +} + +static CK_RV +unity_C_DigestFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR digest, + CK_ULONG_PTR digest_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_DigestFinal) (handle, digest, digest_len); +} + +static CK_RV +unity_C_SignInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_SignInit) (handle, mechanism, key); +} + +static CK_RV +unity_C_Sign (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len, + CK_BYTE_PTR signature, CK_ULONG_PTR signature_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_Sign) (handle, data, data_len, signature, signature_len); +} + +static CK_RV +unity_C_SignUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part, CK_ULONG part_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_SignUpdate) (handle, part, part_len); +} + +static CK_RV +unity_C_SignFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_SignFinal) (handle, signature, signature_len); +} + +static CK_RV +unity_C_SignRecoverInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_SignRecoverInit) (handle, mechanism, key); +} + +static CK_RV +unity_C_SignRecover (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len, + CK_BYTE_PTR signature, CK_ULONG_PTR signature_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_SignRecover) (handle, data, data_len, signature, signature_len); +} + +static CK_RV +unity_C_VerifyInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_VerifyInit) (handle, mechanism, key); +} + +static CK_RV +unity_C_Verify (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len, + CK_BYTE_PTR signature, CK_ULONG signature_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_Verify) (handle, data, data_len, signature, signature_len); +} + +static CK_RV +unity_C_VerifyUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part, CK_ULONG part_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_VerifyUpdate) (handle, part, part_len); +} + +static CK_RV +unity_C_VerifyFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR signature, + CK_ULONG signature_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_VerifyFinal) (handle, signature, signature_len); +} + +static CK_RV +unity_C_VerifyRecoverInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_VerifyRecoverInit) (handle, mechanism, key); +} + +static CK_RV +unity_C_VerifyRecover (CK_SESSION_HANDLE handle, CK_BYTE_PTR signature, + CK_ULONG signature_len, CK_BYTE_PTR data, CK_ULONG_PTR data_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_VerifyRecover) (handle, signature, signature_len, data, data_len); +} + +static CK_RV +unity_C_DigestEncryptUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part, + CK_ULONG part_len, CK_BYTE_PTR enc_part, + CK_ULONG_PTR enc_part_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_DigestEncryptUpdate) (handle, part, part_len, enc_part, enc_part_len); +} + +static CK_RV +unity_C_DecryptDigestUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR enc_part, + CK_ULONG enc_part_len, CK_BYTE_PTR part, + CK_ULONG_PTR part_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_DecryptDigestUpdate) (handle, enc_part, enc_part_len, part, part_len); +} + +static CK_RV +unity_C_SignEncryptUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part, + CK_ULONG part_len, CK_BYTE_PTR enc_part, + CK_ULONG_PTR enc_part_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_SignEncryptUpdate) (handle, part, part_len, enc_part, enc_part_len); +} + +static CK_RV +unity_C_DecryptVerifyUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR enc_part, + CK_ULONG enc_part_len, CK_BYTE_PTR part, + CK_ULONG_PTR part_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_DecryptVerifyUpdate) (handle, enc_part, enc_part_len, part, part_len); +} + +static CK_RV +unity_C_GenerateKey (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, + CK_ATTRIBUTE_PTR template, CK_ULONG count, + CK_OBJECT_HANDLE_PTR key) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_GenerateKey) (handle, mechanism, template, count, key); +} + +static CK_RV +unity_C_GenerateKeyPair (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, + CK_ATTRIBUTE_PTR pub_template, CK_ULONG pub_count, + CK_ATTRIBUTE_PTR priv_template, CK_ULONG priv_count, + CK_OBJECT_HANDLE_PTR pub_key, CK_OBJECT_HANDLE_PTR priv_key) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_GenerateKeyPair) (handle, mechanism, pub_template, pub_count, priv_template, priv_count, pub_key, priv_key); +} + +static CK_RV +unity_C_WrapKey (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE wrapping_key, CK_OBJECT_HANDLE key, + CK_BYTE_PTR wrapped_key, CK_ULONG_PTR wrapped_key_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_WrapKey) (handle, mechanism, wrapping_key, key, wrapped_key, wrapped_key_len); +} + +static CK_RV +unity_C_UnwrapKey (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE unwrapping_key, CK_BYTE_PTR wrapped_key, + CK_ULONG wrapped_key_len, CK_ATTRIBUTE_PTR template, + CK_ULONG count, CK_OBJECT_HANDLE_PTR key) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_UnwrapKey) (handle, mechanism, unwrapping_key, wrapped_key, wrapped_key_len, template, count, key); +} + +static CK_RV +unity_C_DeriveKey (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE base_key, CK_ATTRIBUTE_PTR template, + CK_ULONG count, CK_OBJECT_HANDLE_PTR key) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_DeriveKey) (handle, mechanism, base_key, template, count, key); +} + +static CK_RV +unity_C_SeedRandom (CK_SESSION_HANDLE handle, CK_BYTE_PTR seed, CK_ULONG seed_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_SeedRandom) (handle, seed, seed_len); +} + +static CK_RV +unity_C_GenerateRandom (CK_SESSION_HANDLE handle, CK_BYTE_PTR random_data, + CK_ULONG random_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_GenerateRandom) (handle, random_data, random_len); +} + +/* -------------------------------------------------------------------- + * MODULE ENTRY POINT + */ + +static CK_FUNCTION_LIST unity_function_list = { + { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, /* version */ + unity_C_Initialize, + unity_C_Finalize, + unity_C_GetInfo, + unity_C_GetFunctionList, + unity_C_GetSlotList, + unity_C_GetSlotInfo, + unity_C_GetTokenInfo, + unity_C_GetMechanismList, + unity_C_GetMechanismInfo, + unity_C_InitToken, + unity_C_InitPIN, + unity_C_SetPIN, + unity_C_OpenSession, + unity_C_CloseSession, + unity_C_CloseAllSessions, + unity_C_GetSessionInfo, + unity_C_GetOperationState, + unity_C_SetOperationState, + unity_C_Login, + unity_C_Logout, + unity_C_CreateObject, + unity_C_CopyObject, + unity_C_DestroyObject, + unity_C_GetObjectSize, + unity_C_GetAttributeValue, + unity_C_SetAttributeValue, + unity_C_FindObjectsInit, + unity_C_FindObjects, + unity_C_FindObjectsFinal, + unity_C_EncryptInit, + unity_C_Encrypt, + unity_C_EncryptUpdate, + unity_C_EncryptFinal, + unity_C_DecryptInit, + unity_C_Decrypt, + unity_C_DecryptUpdate, + unity_C_DecryptFinal, + unity_C_DigestInit, + unity_C_Digest, + unity_C_DigestUpdate, + unity_C_DigestKey, + unity_C_DigestFinal, + unity_C_SignInit, + unity_C_Sign, + unity_C_SignUpdate, + unity_C_SignFinal, + unity_C_SignRecoverInit, + unity_C_SignRecover, + unity_C_VerifyInit, + unity_C_Verify, + unity_C_VerifyUpdate, + unity_C_VerifyFinal, + unity_C_VerifyRecoverInit, + unity_C_VerifyRecover, + unity_C_DigestEncryptUpdate, + unity_C_DecryptDigestUpdate, + unity_C_SignEncryptUpdate, + unity_C_DecryptVerifyUpdate, + unity_C_GenerateKey, + unity_C_GenerateKeyPair, + unity_C_WrapKey, + unity_C_UnwrapKey, + unity_C_DeriveKey, + unity_C_SeedRandom, + unity_C_GenerateRandom, + unity_C_GetFunctionStatus, + unity_C_CancelFunction, + unity_C_WaitForSlotEvent +}; + +CK_RV +C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) +{ + return unity_C_GetFunctionList (list); +} diff --git a/module/pkcs11.h b/module/pkcs11.h new file mode 100644 index 0000000..b8be30f --- /dev/null +++ b/module/pkcs11.h @@ -0,0 +1,1357 @@ +/* pkcs11.h + Copyright 2006, 2007 g10 Code GmbH + Copyright 2006 Andreas Jellinghaus + + This file is free software; as a special exception the author gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + + This file is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even + the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR + PURPOSE. */ + +/* Please submit changes back to the Scute project at + http://www.scute.org/ (or send them to marcus@g10code.com), so that + they can be picked up by other projects from there as well. */ + +/* This file is a modified implementation of the PKCS #11 standard by + RSA Security Inc. It is mostly a drop-in replacement, with the + following change: + + This header file does not require any macro definitions by the user + (like CK_DEFINE_FUNCTION etc). In fact, it defines those macros + for you (if useful, some are missing, let me know if you need + more). + + There is an additional API available that does comply better to the + GNU coding standard. It can be switched on by defining + CRYPTOKI_GNU before including this header file. For this, the + following changes are made to the specification: + + All structure types are changed to a "struct ck_foo" where CK_FOO + is the type name in PKCS #11. + + All non-structure types are changed to ck_foo_t where CK_FOO is the + lowercase version of the type name in PKCS #11. The basic types + (CK_ULONG et al.) are removed without substitute. + + All members of structures are modified in the following way: Type + indication prefixes are removed, and underscore characters are + inserted before words. Then the result is lowercased. + + Note that function names are still in the original case, as they + need for ABI compatibility. + + CK_FALSE, CK_TRUE and NULL_PTR are removed without substitute. Use + . + + If CRYPTOKI_COMPAT is defined before including this header file, + then none of the API changes above take place, and the API is the + one defined by the PKCS #11 standard. */ + +#ifndef PKCS11_H +#define PKCS11_H 1 + +#if defined(__cplusplus) +extern "C" { +#endif + + +/* The version of cryptoki we implement. The revision is changed with + each modification of this file. If you do not use the "official" + version of this file, please consider deleting the revision macro + (you may use a macro with a different name to keep track of your + versions). */ +#define CRYPTOKI_VERSION_MAJOR 2 +#define CRYPTOKI_VERSION_MINOR 20 +#define CRYPTOKI_VERSION_REVISION 6 + + +/* Compatibility interface is default, unless CRYPTOKI_GNU is + given. */ +#ifndef CRYPTOKI_GNU +#ifndef CRYPTOKI_COMPAT +#define CRYPTOKI_COMPAT 1 +#endif +#endif + +/* System dependencies. */ + +#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32) + +/* There is a matching pop below. */ +#pragma pack(push, cryptoki, 1) + +#ifdef CRYPTOKI_EXPORTS +#define CK_SPEC __declspec(dllexport) +#else +#define CK_SPEC __declspec(dllimport) +#endif + +#else + +#define CK_SPEC + +#endif + + +#ifdef CRYPTOKI_COMPAT + /* If we are in compatibility mode, switch all exposed names to the + PKCS #11 variant. There are corresponding #undefs below. */ + +#define ck_flags_t CK_FLAGS +#define ck_version _CK_VERSION + +#define ck_info _CK_INFO +#define cryptoki_version cryptokiVersion +#define manufacturer_id manufacturerID +#define library_description libraryDescription +#define library_version libraryVersion + +#define ck_notification_t CK_NOTIFICATION +#define ck_slot_id_t CK_SLOT_ID + +#define ck_slot_info _CK_SLOT_INFO +#define slot_description slotDescription +#define hardware_version hardwareVersion +#define firmware_version firmwareVersion + +#define ck_token_info _CK_TOKEN_INFO +#define serial_number serialNumber +#define max_session_count ulMaxSessionCount +#define session_count ulSessionCount +#define max_rw_session_count ulMaxRwSessionCount +#define rw_session_count ulRwSessionCount +#define max_pin_len ulMaxPinLen +#define min_pin_len ulMinPinLen +#define total_public_memory ulTotalPublicMemory +#define free_public_memory ulFreePublicMemory +#define total_private_memory ulTotalPrivateMemory +#define free_private_memory ulFreePrivateMemory +#define utc_time utcTime + +#define ck_session_handle_t CK_SESSION_HANDLE +#define ck_user_type_t CK_USER_TYPE +#define ck_state_t CK_STATE + +#define ck_session_info _CK_SESSION_INFO +#define slot_id slotID +#define device_error ulDeviceError + +#define ck_object_handle_t CK_OBJECT_HANDLE +#define ck_object_class_t CK_OBJECT_CLASS +#define ck_hw_feature_type_t CK_HW_FEATURE_TYPE +#define ck_key_type_t CK_KEY_TYPE +#define ck_certificate_type_t CK_CERTIFICATE_TYPE +#define ck_attribute_type_t CK_ATTRIBUTE_TYPE + +#define ck_attribute _CK_ATTRIBUTE +#define value pValue +#define value_len ulValueLen + +#define ck_date _CK_DATE + +#define ck_mechanism_type_t CK_MECHANISM_TYPE + +#define ck_mechanism _CK_MECHANISM +#define parameter pParameter +#define parameter_len ulParameterLen + +#define ck_mechanism_info _CK_MECHANISM_INFO +#define min_key_size ulMinKeySize +#define max_key_size ulMaxKeySize + +#define ck_rv_t CK_RV +#define ck_notify_t CK_NOTIFY + +#define ck_function_list _CK_FUNCTION_LIST + +#define ck_createmutex_t CK_CREATEMUTEX +#define ck_destroymutex_t CK_DESTROYMUTEX +#define ck_lockmutex_t CK_LOCKMUTEX +#define ck_unlockmutex_t CK_UNLOCKMUTEX + +#define ck_c_initialize_args _CK_C_INITIALIZE_ARGS +#define create_mutex CreateMutex +#define destroy_mutex DestroyMutex +#define lock_mutex LockMutex +#define unlock_mutex UnlockMutex +#define reserved pReserved + +#endif /* CRYPTOKI_COMPAT */ + + + +typedef unsigned long ck_flags_t; + +struct ck_version +{ + unsigned char major; + unsigned char minor; +}; + + +struct ck_info +{ + struct ck_version cryptoki_version; + unsigned char manufacturer_id[32]; + ck_flags_t flags; + unsigned char library_description[32]; + struct ck_version library_version; +}; + + +typedef unsigned long ck_notification_t; + +#define CKN_SURRENDER (0UL) + + +typedef unsigned long ck_slot_id_t; + + +struct ck_slot_info +{ + unsigned char slot_description[64]; + unsigned char manufacturer_id[32]; + ck_flags_t flags; + struct ck_version hardware_version; + struct ck_version firmware_version; +}; + + +#define CKF_TOKEN_PRESENT (1UL << 0) +#define CKF_REMOVABLE_DEVICE (1UL << 1) +#define CKF_HW_SLOT (1UL << 2) +#define CKF_ARRAY_ATTRIBUTE (1UL << 30) + + +struct ck_token_info +{ + unsigned char label[32]; + unsigned char manufacturer_id[32]; + unsigned char model[16]; + unsigned char serial_number[16]; + ck_flags_t flags; + unsigned long max_session_count; + unsigned long session_count; + unsigned long max_rw_session_count; + unsigned long rw_session_count; + unsigned long max_pin_len; + unsigned long min_pin_len; + unsigned long total_public_memory; + unsigned long free_public_memory; + unsigned long total_private_memory; + unsigned long free_private_memory; + struct ck_version hardware_version; + struct ck_version firmware_version; + unsigned char utc_time[16]; +}; + + +#define CKF_RNG (1UL << 0) +#define CKF_WRITE_PROTECTED (1UL << 1) +#define CKF_LOGIN_REQUIRED (1UL << 2) +#define CKF_USER_PIN_INITIALIZED (1UL << 3) +#define CKF_RESTORE_KEY_NOT_NEEDED (1UL << 5) +#define CKF_CLOCK_ON_TOKEN (1UL << 6) +#define CKF_PROTECTED_AUTHENTICATION_PATH (1UL << 8) +#define CKF_DUAL_CRYPTO_OPERATIONS (1UL << 9) +#define CKF_TOKEN_INITIALIZED (1UL << 10) +#define CKF_SECONDARY_AUTHENTICATION (1UL << 11) +#define CKF_USER_PIN_COUNT_LOW (1UL << 16) +#define CKF_USER_PIN_FINAL_TRY (1UL << 17) +#define CKF_USER_PIN_LOCKED (1UL << 18) +#define CKF_USER_PIN_TO_BE_CHANGED (1UL << 19) +#define CKF_SO_PIN_COUNT_LOW (1UL << 20) +#define CKF_SO_PIN_FINAL_TRY (1UL << 21) +#define CKF_SO_PIN_LOCKED (1UL << 22) +#define CKF_SO_PIN_TO_BE_CHANGED (1UL << 23) + +#define CK_UNAVAILABLE_INFORMATION ((unsigned long)-1L) +#define CK_EFFECTIVELY_INFINITE (0UL) + + +typedef unsigned long ck_session_handle_t; + +#define CK_INVALID_HANDLE (0UL) + + +typedef unsigned long ck_user_type_t; + +#define CKU_SO (0UL) +#define CKU_USER (1UL) +#define CKU_CONTEXT_SPECIFIC (2UL) + + +typedef unsigned long ck_state_t; + +#define CKS_RO_PUBLIC_SESSION (0UL) +#define CKS_RO_USER_FUNCTIONS (1UL) +#define CKS_RW_PUBLIC_SESSION (2UL) +#define CKS_RW_USER_FUNCTIONS (3UL) +#define CKS_RW_SO_FUNCTIONS (4UL) + + +struct ck_session_info +{ + ck_slot_id_t slot_id; + ck_state_t state; + ck_flags_t flags; + unsigned long device_error; +}; + +#define CKF_RW_SESSION (1UL << 1) +#define CKF_SERIAL_SESSION (1UL << 2) + + +typedef unsigned long ck_object_handle_t; + + +typedef unsigned long ck_object_class_t; + +#define CKO_DATA (0UL) +#define CKO_CERTIFICATE (1UL) +#define CKO_PUBLIC_KEY (2UL) +#define CKO_PRIVATE_KEY (3UL) +#define CKO_SECRET_KEY (4UL) +#define CKO_HW_FEATURE (5UL) +#define CKO_DOMAIN_PARAMETERS (6UL) +#define CKO_MECHANISM (7UL) +#define CKO_VENDOR_DEFINED ((unsigned long) (1UL << 31)) + + +typedef unsigned long ck_hw_feature_type_t; + +#define CKH_MONOTONIC_COUNTER (1UL) +#define CKH_CLOCK (2UL) +#define CKH_USER_INTERFACE (3UL) +#define CKH_VENDOR_DEFINED ((unsigned long) (1UL << 31)) + + +typedef unsigned long ck_key_type_t; + +#define CKK_RSA (0UL) +#define CKK_DSA (1UL) +#define CKK_DH (2UL) +#define CKK_ECDSA (3UL) +#define CKK_EC (3UL) +#define CKK_X9_42_DH (4UL) +#define CKK_KEA (5UL) +#define CKK_GENERIC_SECRET (0x10UL) +#define CKK_RC2 (0x11UL) +#define CKK_RC4 (0x12UL) +#define CKK_DES (0x13UL) +#define CKK_DES2 (0x14UL) +#define CKK_DES3 (0x15UL) +#define CKK_CAST (0x16UL) +#define CKK_CAST3 (0x17UL) +#define CKK_CAST128 (0x18UL) +#define CKK_RC5 (0x19UL) +#define CKK_IDEA (0x1aUL) +#define CKK_SKIPJACK (0x1bUL) +#define CKK_BATON (0x1cUL) +#define CKK_JUNIPER (0x1dUL) +#define CKK_CDMF (0x1eUL) +#define CKK_AES (0x1fUL) +#define CKK_BLOWFISH (0x20UL) +#define CKK_TWOFISH (0x21UL) +#define CKK_VENDOR_DEFINED ((unsigned long) (1UL << 31)) + + +typedef unsigned long ck_certificate_type_t; + +#define CKC_X_509 (0UL) +#define CKC_X_509_ATTR_CERT (1UL) +#define CKC_WTLS (2UL) +#define CKC_VENDOR_DEFINED ((unsigned long) (1UL << 31)) + + +typedef unsigned long ck_attribute_type_t; + +#define CKA_CLASS (0UL) +#define CKA_TOKEN (1UL) +#define CKA_PRIVATE (2UL) +#define CKA_LABEL (3UL) +#define CKA_APPLICATION (0x10UL) +#define CKA_VALUE (0x11UL) +#define CKA_OBJECT_ID (0x12UL) +#define CKA_CERTIFICATE_TYPE (0x80UL) +#define CKA_ISSUER (0x81UL) +#define CKA_SERIAL_NUMBER (0x82UL) +#define CKA_AC_ISSUER (0x83UL) +#define CKA_OWNER (0x84UL) +#define CKA_ATTR_TYPES (0x85UL) +#define CKA_TRUSTED (0x86UL) +#define CKA_CERTIFICATE_CATEGORY (0x87UL) +#define CKA_JAVA_MIDP_SECURITY_DOMAIN (0x88UL) +#define CKA_URL (0x89UL) +#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY (0x8aUL) +#define CKA_HASH_OF_ISSUER_PUBLIC_KEY (0x8bUL) +#define CKA_CHECK_VALUE (0x90UL) +#define CKA_KEY_TYPE (0x100UL) +#define CKA_SUBJECT (0x101UL) +#define CKA_ID (0x102UL) +#define CKA_SENSITIVE (0x103UL) +#define CKA_ENCRYPT (0x104UL) +#define CKA_DECRYPT (0x105UL) +#define CKA_WRAP (0x106UL) +#define CKA_UNWRAP (0x107UL) +#define CKA_SIGN (0x108UL) +#define CKA_SIGN_RECOVER (0x109UL) +#define CKA_VERIFY (0x10aUL) +#define CKA_VERIFY_RECOVER (0x10bUL) +#define CKA_DERIVE (0x10cUL) +#define CKA_START_DATE (0x110UL) +#define CKA_END_DATE (0x111UL) +#define CKA_MODULUS (0x120UL) +#define CKA_MODULUS_BITS (0x121UL) +#define CKA_PUBLIC_EXPONENT (0x122UL) +#define CKA_PRIVATE_EXPONENT (0x123UL) +#define CKA_PRIME_1 (0x124UL) +#define CKA_PRIME_2 (0x125UL) +#define CKA_EXPONENT_1 (0x126UL) +#define CKA_EXPONENT_2 (0x127UL) +#define CKA_COEFFICIENT (0x128UL) +#define CKA_PRIME (0x130UL) +#define CKA_SUBPRIME (0x131UL) +#define CKA_BASE (0x132UL) +#define CKA_PRIME_BITS (0x133UL) +#define CKA_SUB_PRIME_BITS (0x134UL) +#define CKA_VALUE_BITS (0x160UL) +#define CKA_VALUE_LEN (0x161UL) +#define CKA_EXTRACTABLE (0x162UL) +#define CKA_LOCAL (0x163UL) +#define CKA_NEVER_EXTRACTABLE (0x164UL) +#define CKA_ALWAYS_SENSITIVE (0x165UL) +#define CKA_KEY_GEN_MECHANISM (0x166UL) +#define CKA_MODIFIABLE (0x170UL) +#define CKA_ECDSA_PARAMS (0x180UL) +#define CKA_EC_PARAMS (0x180UL) +#define CKA_EC_POINT (0x181UL) +#define CKA_SECONDARY_AUTH (0x200UL) +#define CKA_AUTH_PIN_FLAGS (0x201UL) +#define CKA_ALWAYS_AUTHENTICATE (0x202UL) +#define CKA_WRAP_WITH_TRUSTED (0x210UL) +#define CKA_HW_FEATURE_TYPE (0x300UL) +#define CKA_RESET_ON_INIT (0x301UL) +#define CKA_HAS_RESET (0x302UL) +#define CKA_PIXEL_X (0x400UL) +#define CKA_PIXEL_Y (0x401UL) +#define CKA_RESOLUTION (0x402UL) +#define CKA_CHAR_ROWS (0x403UL) +#define CKA_CHAR_COLUMNS (0x404UL) +#define CKA_COLOR (0x405UL) +#define CKA_BITS_PER_PIXEL (0x406UL) +#define CKA_CHAR_SETS (0x480UL) +#define CKA_ENCODING_METHODS (0x481UL) +#define CKA_MIME_TYPES (0x482UL) +#define CKA_MECHANISM_TYPE (0x500UL) +#define CKA_REQUIRED_CMS_ATTRIBUTES (0x501UL) +#define CKA_DEFAULT_CMS_ATTRIBUTES (0x502UL) +#define CKA_SUPPORTED_CMS_ATTRIBUTES (0x503UL) +#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x211UL) +#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x212UL) +#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE | 0x600UL) +#define CKA_VENDOR_DEFINED ((unsigned long) (1UL << 31)) + + +struct ck_attribute +{ + ck_attribute_type_t type; + void *value; + unsigned long value_len; +}; + + +struct ck_date +{ + unsigned char year[4]; + unsigned char month[2]; + unsigned char day[2]; +}; + + +typedef unsigned long ck_mechanism_type_t; + +#define CKM_RSA_PKCS_KEY_PAIR_GEN (0UL) +#define CKM_RSA_PKCS (1UL) +#define CKM_RSA_9796 (2UL) +#define CKM_RSA_X_509 (3UL) +#define CKM_MD2_RSA_PKCS (4UL) +#define CKM_MD5_RSA_PKCS (5UL) +#define CKM_SHA1_RSA_PKCS (6UL) +#define CKM_RIPEMD128_RSA_PKCS (7UL) +#define CKM_RIPEMD160_RSA_PKCS (8UL) +#define CKM_RSA_PKCS_OAEP (9UL) +#define CKM_RSA_X9_31_KEY_PAIR_GEN (0xaUL) +#define CKM_RSA_X9_31 (0xbUL) +#define CKM_SHA1_RSA_X9_31 (0xcUL) +#define CKM_RSA_PKCS_PSS (0xdUL) +#define CKM_SHA1_RSA_PKCS_PSS (0xeUL) +#define CKM_DSA_KEY_PAIR_GEN (0x10UL) +#define CKM_DSA (0x11UL) +#define CKM_DSA_SHA1 (0x12UL) +#define CKM_DH_PKCS_KEY_PAIR_GEN (0x20UL) +#define CKM_DH_PKCS_DERIVE (0x21UL) +#define CKM_X9_42_DH_KEY_PAIR_GEN (0x30UL) +#define CKM_X9_42_DH_DERIVE (0x31UL) +#define CKM_X9_42_DH_HYBRID_DERIVE (0x32UL) +#define CKM_X9_42_MQV_DERIVE (0x33UL) +#define CKM_SHA256_RSA_PKCS (0x40UL) +#define CKM_SHA384_RSA_PKCS (0x41UL) +#define CKM_SHA512_RSA_PKCS (0x42UL) +#define CKM_SHA256_RSA_PKCS_PSS (0x43UL) +#define CKM_SHA384_RSA_PKCS_PSS (0x44UL) +#define CKM_SHA512_RSA_PKCS_PSS (0x45UL) +#define CKM_RC2_KEY_GEN (0x100UL) +#define CKM_RC2_ECB (0x101UL) +#define CKM_RC2_CBC (0x102UL) +#define CKM_RC2_MAC (0x103UL) +#define CKM_RC2_MAC_GENERAL (0x104UL) +#define CKM_RC2_CBC_PAD (0x105UL) +#define CKM_RC4_KEY_GEN (0x110UL) +#define CKM_RC4 (0x111UL) +#define CKM_DES_KEY_GEN (0x120UL) +#define CKM_DES_ECB (0x121UL) +#define CKM_DES_CBC (0x122UL) +#define CKM_DES_MAC (0x123UL) +#define CKM_DES_MAC_GENERAL (0x124UL) +#define CKM_DES_CBC_PAD (0x125UL) +#define CKM_DES2_KEY_GEN (0x130UL) +#define CKM_DES3_KEY_GEN (0x131UL) +#define CKM_DES3_ECB (0x132UL) +#define CKM_DES3_CBC (0x133UL) +#define CKM_DES3_MAC (0x134UL) +#define CKM_DES3_MAC_GENERAL (0x135UL) +#define CKM_DES3_CBC_PAD (0x136UL) +#define CKM_CDMF_KEY_GEN (0x140UL) +#define CKM_CDMF_ECB (0x141UL) +#define CKM_CDMF_CBC (0x142UL) +#define CKM_CDMF_MAC (0x143UL) +#define CKM_CDMF_MAC_GENERAL (0x144UL) +#define CKM_CDMF_CBC_PAD (0x145UL) +#define CKM_MD2 (0x200UL) +#define CKM_MD2_HMAC (0x201UL) +#define CKM_MD2_HMAC_GENERAL (0x202UL) +#define CKM_MD5 (0x210UL) +#define CKM_MD5_HMAC (0x211UL) +#define CKM_MD5_HMAC_GENERAL (0x212UL) +#define CKM_SHA_1 (0x220UL) +#define CKM_SHA_1_HMAC (0x221UL) +#define CKM_SHA_1_HMAC_GENERAL (0x222UL) +#define CKM_RIPEMD128 (0x230UL) +#define CKM_RIPEMD128_HMAC (0x231UL) +#define CKM_RIPEMD128_HMAC_GENERAL (0x232UL) +#define CKM_RIPEMD160 (0x240UL) +#define CKM_RIPEMD160_HMAC (0x241UL) +#define CKM_RIPEMD160_HMAC_GENERAL (0x242UL) +#define CKM_SHA256 (0x250UL) +#define CKM_SHA256_HMAC (0x251UL) +#define CKM_SHA256_HMAC_GENERAL (0x252UL) +#define CKM_SHA384 (0x260UL) +#define CKM_SHA384_HMAC (0x261UL) +#define CKM_SHA384_HMAC_GENERAL (0x262UL) +#define CKM_SHA512 (0x270UL) +#define CKM_SHA512_HMAC (0x271UL) +#define CKM_SHA512_HMAC_GENERAL (0x272UL) +#define CKM_CAST_KEY_GEN (0x300UL) +#define CKM_CAST_ECB (0x301UL) +#define CKM_CAST_CBC (0x302UL) +#define CKM_CAST_MAC (0x303UL) +#define CKM_CAST_MAC_GENERAL (0x304UL) +#define CKM_CAST_CBC_PAD (0x305UL) +#define CKM_CAST3_KEY_GEN (0x310UL) +#define CKM_CAST3_ECB (0x311UL) +#define CKM_CAST3_CBC (0x312UL) +#define CKM_CAST3_MAC (0x313UL) +#define CKM_CAST3_MAC_GENERAL (0x314UL) +#define CKM_CAST3_CBC_PAD (0x315UL) +#define CKM_CAST5_KEY_GEN (0x320UL) +#define CKM_CAST128_KEY_GEN (0x320UL) +#define CKM_CAST5_ECB (0x321UL) +#define CKM_CAST128_ECB (0x321UL) +#define CKM_CAST5_CBC (0x322UL) +#define CKM_CAST128_CBC (0x322UL) +#define CKM_CAST5_MAC (0x323UL) +#define CKM_CAST128_MAC (0x323UL) +#define CKM_CAST5_MAC_GENERAL (0x324UL) +#define CKM_CAST128_MAC_GENERAL (0x324UL) +#define CKM_CAST5_CBC_PAD (0x325UL) +#define CKM_CAST128_CBC_PAD (0x325UL) +#define CKM_RC5_KEY_GEN (0x330UL) +#define CKM_RC5_ECB (0x331UL) +#define CKM_RC5_CBC (0x332UL) +#define CKM_RC5_MAC (0x333UL) +#define CKM_RC5_MAC_GENERAL (0x334UL) +#define CKM_RC5_CBC_PAD (0x335UL) +#define CKM_IDEA_KEY_GEN (0x340UL) +#define CKM_IDEA_ECB (0x341UL) +#define CKM_IDEA_CBC (0x342UL) +#define CKM_IDEA_MAC (0x343UL) +#define CKM_IDEA_MAC_GENERAL (0x344UL) +#define CKM_IDEA_CBC_PAD (0x345UL) +#define CKM_GENERIC_SECRET_KEY_GEN (0x350UL) +#define CKM_CONCATENATE_BASE_AND_KEY (0x360UL) +#define CKM_CONCATENATE_BASE_AND_DATA (0x362UL) +#define CKM_CONCATENATE_DATA_AND_BASE (0x363UL) +#define CKM_XOR_BASE_AND_DATA (0x364UL) +#define CKM_EXTRACT_KEY_FROM_KEY (0x365UL) +#define CKM_SSL3_PRE_MASTER_KEY_GEN (0x370UL) +#define CKM_SSL3_MASTER_KEY_DERIVE (0x371UL) +#define CKM_SSL3_KEY_AND_MAC_DERIVE (0x372UL) +#define CKM_SSL3_MASTER_KEY_DERIVE_DH (0x373UL) +#define CKM_TLS_PRE_MASTER_KEY_GEN (0x374UL) +#define CKM_TLS_MASTER_KEY_DERIVE (0x375UL) +#define CKM_TLS_KEY_AND_MAC_DERIVE (0x376UL) +#define CKM_TLS_MASTER_KEY_DERIVE_DH (0x377UL) +#define CKM_SSL3_MD5_MAC (0x380UL) +#define CKM_SSL3_SHA1_MAC (0x381UL) +#define CKM_MD5_KEY_DERIVATION (0x390UL) +#define CKM_MD2_KEY_DERIVATION (0x391UL) +#define CKM_SHA1_KEY_DERIVATION (0x392UL) +#define CKM_PBE_MD2_DES_CBC (0x3a0UL) +#define CKM_PBE_MD5_DES_CBC (0x3a1UL) +#define CKM_PBE_MD5_CAST_CBC (0x3a2UL) +#define CKM_PBE_MD5_CAST3_CBC (0x3a3UL) +#define CKM_PBE_MD5_CAST5_CBC (0x3a4UL) +#define CKM_PBE_MD5_CAST128_CBC (0x3a4UL) +#define CKM_PBE_SHA1_CAST5_CBC (0x3a5UL) +#define CKM_PBE_SHA1_CAST128_CBC (0x3a5UL) +#define CKM_PBE_SHA1_RC4_128 (0x3a6UL) +#define CKM_PBE_SHA1_RC4_40 (0x3a7UL) +#define CKM_PBE_SHA1_DES3_EDE_CBC (0x3a8UL) +#define CKM_PBE_SHA1_DES2_EDE_CBC (0x3a9UL) +#define CKM_PBE_SHA1_RC2_128_CBC (0x3aaUL) +#define CKM_PBE_SHA1_RC2_40_CBC (0x3abUL) +#define CKM_PKCS5_PBKD2 (0x3b0UL) +#define CKM_PBA_SHA1_WITH_SHA1_HMAC (0x3c0UL) +#define CKM_KEY_WRAP_LYNKS (0x400UL) +#define CKM_KEY_WRAP_SET_OAEP (0x401UL) +#define CKM_SKIPJACK_KEY_GEN (0x1000UL) +#define CKM_SKIPJACK_ECB64 (0x1001UL) +#define CKM_SKIPJACK_CBC64 (0x1002UL) +#define CKM_SKIPJACK_OFB64 (0x1003UL) +#define CKM_SKIPJACK_CFB64 (0x1004UL) +#define CKM_SKIPJACK_CFB32 (0x1005UL) +#define CKM_SKIPJACK_CFB16 (0x1006UL) +#define CKM_SKIPJACK_CFB8 (0x1007UL) +#define CKM_SKIPJACK_WRAP (0x1008UL) +#define CKM_SKIPJACK_PRIVATE_WRAP (0x1009UL) +#define CKM_SKIPJACK_RELAYX (0x100aUL) +#define CKM_KEA_KEY_PAIR_GEN (0x1010UL) +#define CKM_KEA_KEY_DERIVE (0x1011UL) +#define CKM_FORTEZZA_TIMESTAMP (0x1020UL) +#define CKM_BATON_KEY_GEN (0x1030UL) +#define CKM_BATON_ECB128 (0x1031UL) +#define CKM_BATON_ECB96 (0x1032UL) +#define CKM_BATON_CBC128 (0x1033UL) +#define CKM_BATON_COUNTER (0x1034UL) +#define CKM_BATON_SHUFFLE (0x1035UL) +#define CKM_BATON_WRAP (0x1036UL) +#define CKM_ECDSA_KEY_PAIR_GEN (0x1040UL) +#define CKM_EC_KEY_PAIR_GEN (0x1040UL) +#define CKM_ECDSA (0x1041UL) +#define CKM_ECDSA_SHA1 (0x1042UL) +#define CKM_ECDH1_DERIVE (0x1050UL) +#define CKM_ECDH1_COFACTOR_DERIVE (0x1051UL) +#define CKM_ECMQV_DERIVE (0x1052UL) +#define CKM_JUNIPER_KEY_GEN (0x1060UL) +#define CKM_JUNIPER_ECB128 (0x1061UL) +#define CKM_JUNIPER_CBC128 (0x1062UL) +#define CKM_JUNIPER_COUNTER (0x1063UL) +#define CKM_JUNIPER_SHUFFLE (0x1064UL) +#define CKM_JUNIPER_WRAP (0x1065UL) +#define CKM_FASTHASH (0x1070UL) +#define CKM_AES_KEY_GEN (0x1080UL) +#define CKM_AES_ECB (0x1081UL) +#define CKM_AES_CBC (0x1082UL) +#define CKM_AES_MAC (0x1083UL) +#define CKM_AES_MAC_GENERAL (0x1084UL) +#define CKM_AES_CBC_PAD (0x1085UL) +#define CKM_DSA_PARAMETER_GEN (0x2000UL) +#define CKM_DH_PKCS_PARAMETER_GEN (0x2001UL) +#define CKM_X9_42_DH_PARAMETER_GEN (0x2002UL) +#define CKM_VENDOR_DEFINED ((unsigned long) (1UL << 31)) + + +struct ck_mechanism +{ + ck_mechanism_type_t mechanism; + void *parameter; + unsigned long parameter_len; +}; + + +struct ck_mechanism_info +{ + unsigned long min_key_size; + unsigned long max_key_size; + ck_flags_t flags; +}; + +#define CKF_HW (1UL << 0) +#define CKF_ENCRYPT (1UL << 8) +#define CKF_DECRYPT (1UL << 9) +#define CKF_DIGEST (1UL << 10) +#define CKF_SIGN (1UL << 11) +#define CKF_SIGN_RECOVER (1UL << 12) +#define CKF_VERIFY (1UL << 13) +#define CKF_VERIFY_RECOVER (1UL << 14) +#define CKF_GENERATE (1UL << 15) +#define CKF_GENERATE_KEY_PAIR (1UL << 16) +#define CKF_WRAP (1UL << 17) +#define CKF_UNWRAP (1UL << 18) +#define CKF_DERIVE (1UL << 19) +#define CKF_EXTENSION ((unsigned long) (1UL << 31)) + + +/* Flags for C_WaitForSlotEvent. */ +#define CKF_DONT_BLOCK (1UL) + + +typedef unsigned long ck_rv_t; + + +typedef ck_rv_t (*ck_notify_t) (ck_session_handle_t session, + ck_notification_t event, void *application); + +/* Forward reference. */ +struct ck_function_list; + +#define _CK_DECLARE_FUNCTION(name, args) \ +typedef ck_rv_t (*CK_ ## name) args; \ +ck_rv_t CK_SPEC name args + +_CK_DECLARE_FUNCTION (C_Initialize, (void *init_args)); +_CK_DECLARE_FUNCTION (C_Finalize, (void *reserved)); +_CK_DECLARE_FUNCTION (C_GetInfo, (struct ck_info *info)); +_CK_DECLARE_FUNCTION (C_GetFunctionList, + (struct ck_function_list **function_list)); + +_CK_DECLARE_FUNCTION (C_GetSlotList, + (unsigned char token_present, ck_slot_id_t *slot_list, + unsigned long *count)); +_CK_DECLARE_FUNCTION (C_GetSlotInfo, + (ck_slot_id_t slot_id, struct ck_slot_info *info)); +_CK_DECLARE_FUNCTION (C_GetTokenInfo, + (ck_slot_id_t slot_id, struct ck_token_info *info)); +_CK_DECLARE_FUNCTION (C_WaitForSlotEvent, + (ck_flags_t flags, ck_slot_id_t *slot, void *reserved)); +_CK_DECLARE_FUNCTION (C_GetMechanismList, + (ck_slot_id_t slot_id, + ck_mechanism_type_t *mechanism_list, + unsigned long *count)); +_CK_DECLARE_FUNCTION (C_GetMechanismInfo, + (ck_slot_id_t slot_id, ck_mechanism_type_t type, + struct ck_mechanism_info *info)); +_CK_DECLARE_FUNCTION (C_InitToken, + (ck_slot_id_t slot_id, unsigned char *pin, + unsigned long pin_len, unsigned char *label)); +_CK_DECLARE_FUNCTION (C_InitPIN, + (ck_session_handle_t session, unsigned char *pin, + unsigned long pin_len)); +_CK_DECLARE_FUNCTION (C_SetPIN, + (ck_session_handle_t session, unsigned char *old_pin, + unsigned long old_len, unsigned char *new_pin, + unsigned long new_len)); + +_CK_DECLARE_FUNCTION (C_OpenSession, + (ck_slot_id_t slot_id, ck_flags_t flags, + void *application, ck_notify_t notify, + ck_session_handle_t *session)); +_CK_DECLARE_FUNCTION (C_CloseSession, (ck_session_handle_t session)); +_CK_DECLARE_FUNCTION (C_CloseAllSessions, (ck_slot_id_t slot_id)); +_CK_DECLARE_FUNCTION (C_GetSessionInfo, + (ck_session_handle_t session, + struct ck_session_info *info)); +_CK_DECLARE_FUNCTION (C_GetOperationState, + (ck_session_handle_t session, + unsigned char *operation_state, + unsigned long *operation_state_len)); +_CK_DECLARE_FUNCTION (C_SetOperationState, + (ck_session_handle_t session, + unsigned char *operation_state, + unsigned long operation_state_len, + ck_object_handle_t encryption_key, + ck_object_handle_t authentiation_key)); +_CK_DECLARE_FUNCTION (C_Login, + (ck_session_handle_t session, ck_user_type_t user_type, + unsigned char *pin, unsigned long pin_len)); +_CK_DECLARE_FUNCTION (C_Logout, (ck_session_handle_t session)); + +_CK_DECLARE_FUNCTION (C_CreateObject, + (ck_session_handle_t session, + struct ck_attribute *templ, + unsigned long count, ck_object_handle_t *object)); +_CK_DECLARE_FUNCTION (C_CopyObject, + (ck_session_handle_t session, ck_object_handle_t object, + struct ck_attribute *templ, unsigned long count, + ck_object_handle_t *new_object)); +_CK_DECLARE_FUNCTION (C_DestroyObject, + (ck_session_handle_t session, + ck_object_handle_t object)); +_CK_DECLARE_FUNCTION (C_GetObjectSize, + (ck_session_handle_t session, + ck_object_handle_t object, + unsigned long *size)); +_CK_DECLARE_FUNCTION (C_GetAttributeValue, + (ck_session_handle_t session, + ck_object_handle_t object, + struct ck_attribute *templ, + unsigned long count)); +_CK_DECLARE_FUNCTION (C_SetAttributeValue, + (ck_session_handle_t session, + ck_object_handle_t object, + struct ck_attribute *templ, + unsigned long count)); +_CK_DECLARE_FUNCTION (C_FindObjectsInit, + (ck_session_handle_t session, + struct ck_attribute *templ, + unsigned long count)); +_CK_DECLARE_FUNCTION (C_FindObjects, + (ck_session_handle_t session, + ck_object_handle_t *object, + unsigned long max_object_count, + unsigned long *object_count)); +_CK_DECLARE_FUNCTION (C_FindObjectsFinal, + (ck_session_handle_t session)); + +_CK_DECLARE_FUNCTION (C_EncryptInit, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t key)); +_CK_DECLARE_FUNCTION (C_Encrypt, + (ck_session_handle_t session, + unsigned char *data, unsigned long data_len, + unsigned char *encrypted_data, + unsigned long *encrypted_data_len)); +_CK_DECLARE_FUNCTION (C_EncryptUpdate, + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len, + unsigned char *encrypted_part, + unsigned long *encrypted_part_len)); +_CK_DECLARE_FUNCTION (C_EncryptFinal, + (ck_session_handle_t session, + unsigned char *last_encrypted_part, + unsigned long *last_encrypted_part_len)); + +_CK_DECLARE_FUNCTION (C_DecryptInit, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t key)); +_CK_DECLARE_FUNCTION (C_Decrypt, + (ck_session_handle_t session, + unsigned char *encrypted_data, + unsigned long encrypted_data_len, + unsigned char *data, unsigned long *data_len)); +_CK_DECLARE_FUNCTION (C_DecryptUpdate, + (ck_session_handle_t session, + unsigned char *encrypted_part, + unsigned long encrypted_part_len, + unsigned char *part, unsigned long *part_len)); +_CK_DECLARE_FUNCTION (C_DecryptFinal, + (ck_session_handle_t session, + unsigned char *last_part, + unsigned long *last_part_len)); + +_CK_DECLARE_FUNCTION (C_DigestInit, + (ck_session_handle_t session, + struct ck_mechanism *mechanism)); +_CK_DECLARE_FUNCTION (C_Digest, + (ck_session_handle_t session, + unsigned char *data, unsigned long data_len, + unsigned char *digest, + unsigned long *digest_len)); +_CK_DECLARE_FUNCTION (C_DigestUpdate, + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len)); +_CK_DECLARE_FUNCTION (C_DigestKey, + (ck_session_handle_t session, ck_object_handle_t key)); +_CK_DECLARE_FUNCTION (C_DigestFinal, + (ck_session_handle_t session, + unsigned char *digest, + unsigned long *digest_len)); + +_CK_DECLARE_FUNCTION (C_SignInit, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t key)); +_CK_DECLARE_FUNCTION (C_Sign, + (ck_session_handle_t session, + unsigned char *data, unsigned long data_len, + unsigned char *signature, + unsigned long *signature_len)); +_CK_DECLARE_FUNCTION (C_SignUpdate, + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len)); +_CK_DECLARE_FUNCTION (C_SignFinal, + (ck_session_handle_t session, + unsigned char *signature, + unsigned long *signature_len)); +_CK_DECLARE_FUNCTION (C_SignRecoverInit, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t key)); +_CK_DECLARE_FUNCTION (C_SignRecover, + (ck_session_handle_t session, + unsigned char *data, unsigned long data_len, + unsigned char *signature, + unsigned long *signature_len)); + +_CK_DECLARE_FUNCTION (C_VerifyInit, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t key)); +_CK_DECLARE_FUNCTION (C_Verify, + (ck_session_handle_t session, + unsigned char *data, unsigned long data_len, + unsigned char *signature, + unsigned long signature_len)); +_CK_DECLARE_FUNCTION (C_VerifyUpdate, + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len)); +_CK_DECLARE_FUNCTION (C_VerifyFinal, + (ck_session_handle_t session, + unsigned char *signature, + unsigned long signature_len)); +_CK_DECLARE_FUNCTION (C_VerifyRecoverInit, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t key)); +_CK_DECLARE_FUNCTION (C_VerifyRecover, + (ck_session_handle_t session, + unsigned char *signature, + unsigned long signature_len, + unsigned char *data, + unsigned long *data_len)); + +_CK_DECLARE_FUNCTION (C_DigestEncryptUpdate, + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len, + unsigned char *encrypted_part, + unsigned long *encrypted_part_len)); +_CK_DECLARE_FUNCTION (C_DecryptDigestUpdate, + (ck_session_handle_t session, + unsigned char *encrypted_part, + unsigned long encrypted_part_len, + unsigned char *part, + unsigned long *part_len)); +_CK_DECLARE_FUNCTION (C_SignEncryptUpdate, + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len, + unsigned char *encrypted_part, + unsigned long *encrypted_part_len)); +_CK_DECLARE_FUNCTION (C_DecryptVerifyUpdate, + (ck_session_handle_t session, + unsigned char *encrypted_part, + unsigned long encrypted_part_len, + unsigned char *part, + unsigned long *part_len)); + +_CK_DECLARE_FUNCTION (C_GenerateKey, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + struct ck_attribute *templ, + unsigned long count, + ck_object_handle_t *key)); +_CK_DECLARE_FUNCTION (C_GenerateKeyPair, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + struct ck_attribute *public_key_template, + unsigned long public_key_attribute_count, + struct ck_attribute *private_key_template, + unsigned long private_key_attribute_count, + ck_object_handle_t *public_key, + ck_object_handle_t *private_key)); +_CK_DECLARE_FUNCTION (C_WrapKey, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t wrapping_key, + ck_object_handle_t key, + unsigned char *wrapped_key, + unsigned long *wrapped_key_len)); +_CK_DECLARE_FUNCTION (C_UnwrapKey, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t unwrapping_key, + unsigned char *wrapped_key, + unsigned long wrapped_key_len, + struct ck_attribute *templ, + unsigned long attribute_count, + ck_object_handle_t *key)); +_CK_DECLARE_FUNCTION (C_DeriveKey, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t base_key, + struct ck_attribute *templ, + unsigned long attribute_count, + ck_object_handle_t *key)); + +_CK_DECLARE_FUNCTION (C_SeedRandom, + (ck_session_handle_t session, unsigned char *seed, + unsigned long seed_len)); +_CK_DECLARE_FUNCTION (C_GenerateRandom, + (ck_session_handle_t session, + unsigned char *random_data, + unsigned long random_len)); + +_CK_DECLARE_FUNCTION (C_GetFunctionStatus, (ck_session_handle_t session)); +_CK_DECLARE_FUNCTION (C_CancelFunction, (ck_session_handle_t session)); + + +struct ck_function_list +{ + struct ck_version version; + CK_C_Initialize C_Initialize; + CK_C_Finalize C_Finalize; + CK_C_GetInfo C_GetInfo; + CK_C_GetFunctionList C_GetFunctionList; + CK_C_GetSlotList C_GetSlotList; + CK_C_GetSlotInfo C_GetSlotInfo; + CK_C_GetTokenInfo C_GetTokenInfo; + CK_C_GetMechanismList C_GetMechanismList; + CK_C_GetMechanismInfo C_GetMechanismInfo; + CK_C_InitToken C_InitToken; + CK_C_InitPIN C_InitPIN; + CK_C_SetPIN C_SetPIN; + CK_C_OpenSession C_OpenSession; + CK_C_CloseSession C_CloseSession; + CK_C_CloseAllSessions C_CloseAllSessions; + CK_C_GetSessionInfo C_GetSessionInfo; + CK_C_GetOperationState C_GetOperationState; + CK_C_SetOperationState C_SetOperationState; + CK_C_Login C_Login; + CK_C_Logout C_Logout; + CK_C_CreateObject C_CreateObject; + CK_C_CopyObject C_CopyObject; + CK_C_DestroyObject C_DestroyObject; + CK_C_GetObjectSize C_GetObjectSize; + CK_C_GetAttributeValue C_GetAttributeValue; + CK_C_SetAttributeValue C_SetAttributeValue; + CK_C_FindObjectsInit C_FindObjectsInit; + CK_C_FindObjects C_FindObjects; + CK_C_FindObjectsFinal C_FindObjectsFinal; + CK_C_EncryptInit C_EncryptInit; + CK_C_Encrypt C_Encrypt; + CK_C_EncryptUpdate C_EncryptUpdate; + CK_C_EncryptFinal C_EncryptFinal; + CK_C_DecryptInit C_DecryptInit; + CK_C_Decrypt C_Decrypt; + CK_C_DecryptUpdate C_DecryptUpdate; + CK_C_DecryptFinal C_DecryptFinal; + CK_C_DigestInit C_DigestInit; + CK_C_Digest C_Digest; + CK_C_DigestUpdate C_DigestUpdate; + CK_C_DigestKey C_DigestKey; + CK_C_DigestFinal C_DigestFinal; + CK_C_SignInit C_SignInit; + CK_C_Sign C_Sign; + CK_C_SignUpdate C_SignUpdate; + CK_C_SignFinal C_SignFinal; + CK_C_SignRecoverInit C_SignRecoverInit; + CK_C_SignRecover C_SignRecover; + CK_C_VerifyInit C_VerifyInit; + CK_C_Verify C_Verify; + CK_C_VerifyUpdate C_VerifyUpdate; + CK_C_VerifyFinal C_VerifyFinal; + CK_C_VerifyRecoverInit C_VerifyRecoverInit; + CK_C_VerifyRecover C_VerifyRecover; + CK_C_DigestEncryptUpdate C_DigestEncryptUpdate; + CK_C_DecryptDigestUpdate C_DecryptDigestUpdate; + CK_C_SignEncryptUpdate C_SignEncryptUpdate; + CK_C_DecryptVerifyUpdate C_DecryptVerifyUpdate; + CK_C_GenerateKey C_GenerateKey; + CK_C_GenerateKeyPair C_GenerateKeyPair; + CK_C_WrapKey C_WrapKey; + CK_C_UnwrapKey C_UnwrapKey; + CK_C_DeriveKey C_DeriveKey; + CK_C_SeedRandom C_SeedRandom; + CK_C_GenerateRandom C_GenerateRandom; + CK_C_GetFunctionStatus C_GetFunctionStatus; + CK_C_CancelFunction C_CancelFunction; + CK_C_WaitForSlotEvent C_WaitForSlotEvent; +}; + + +typedef ck_rv_t (*ck_createmutex_t) (void **mutex); +typedef ck_rv_t (*ck_destroymutex_t) (void *mutex); +typedef ck_rv_t (*ck_lockmutex_t) (void *mutex); +typedef ck_rv_t (*ck_unlockmutex_t) (void *mutex); + + +struct ck_c_initialize_args +{ + ck_createmutex_t create_mutex; + ck_destroymutex_t destroy_mutex; + ck_lockmutex_t lock_mutex; + ck_unlockmutex_t unlock_mutex; + ck_flags_t flags; + void *reserved; +}; + + +#define CKF_LIBRARY_CANT_CREATE_OS_THREADS (1UL << 0) +#define CKF_OS_LOCKING_OK (1UL << 1) + +#define CKR_OK (0UL) +#define CKR_CANCEL (1UL) +#define CKR_HOST_MEMORY (2UL) +#define CKR_SLOT_ID_INVALID (3UL) +#define CKR_GENERAL_ERROR (5UL) +#define CKR_FUNCTION_FAILED (6UL) +#define CKR_ARGUMENTS_BAD (7UL) +#define CKR_NO_EVENT (8UL) +#define CKR_NEED_TO_CREATE_THREADS (9UL) +#define CKR_CANT_LOCK (0xaUL) +#define CKR_ATTRIBUTE_READ_ONLY (0x10UL) +#define CKR_ATTRIBUTE_SENSITIVE (0x11UL) +#define CKR_ATTRIBUTE_TYPE_INVALID (0x12UL) +#define CKR_ATTRIBUTE_VALUE_INVALID (0x13UL) +#define CKR_DATA_INVALID (0x20UL) +#define CKR_DATA_LEN_RANGE (0x21UL) +#define CKR_DEVICE_ERROR (0x30UL) +#define CKR_DEVICE_MEMORY (0x31UL) +#define CKR_DEVICE_REMOVED (0x32UL) +#define CKR_ENCRYPTED_DATA_INVALID (0x40UL) +#define CKR_ENCRYPTED_DATA_LEN_RANGE (0x41UL) +#define CKR_FUNCTION_CANCELED (0x50UL) +#define CKR_FUNCTION_NOT_PARALLEL (0x51UL) +#define CKR_FUNCTION_NOT_SUPPORTED (0x54UL) +#define CKR_KEY_HANDLE_INVALID (0x60UL) +#define CKR_KEY_SIZE_RANGE (0x62UL) +#define CKR_KEY_TYPE_INCONSISTENT (0x63UL) +#define CKR_KEY_NOT_NEEDED (0x64UL) +#define CKR_KEY_CHANGED (0x65UL) +#define CKR_KEY_NEEDED (0x66UL) +#define CKR_KEY_INDIGESTIBLE (0x67UL) +#define CKR_KEY_FUNCTION_NOT_PERMITTED (0x68UL) +#define CKR_KEY_NOT_WRAPPABLE (0x69UL) +#define CKR_KEY_UNEXTRACTABLE (0x6aUL) +#define CKR_MECHANISM_INVALID (0x70UL) +#define CKR_MECHANISM_PARAM_INVALID (0x71UL) +#define CKR_OBJECT_HANDLE_INVALID (0x82UL) +#define CKR_OPERATION_ACTIVE (0x90UL) +#define CKR_OPERATION_NOT_INITIALIZED (0x91UL) +#define CKR_PIN_INCORRECT (0xa0UL) +#define CKR_PIN_INVALID (0xa1UL) +#define CKR_PIN_LEN_RANGE (0xa2UL) +#define CKR_PIN_EXPIRED (0xa3UL) +#define CKR_PIN_LOCKED (0xa4UL) +#define CKR_SESSION_CLOSED (0xb0UL) +#define CKR_SESSION_COUNT (0xb1UL) +#define CKR_SESSION_HANDLE_INVALID (0xb3UL) +#define CKR_SESSION_PARALLEL_NOT_SUPPORTED (0xb4UL) +#define CKR_SESSION_READ_ONLY (0xb5UL) +#define CKR_SESSION_EXISTS (0xb6UL) +#define CKR_SESSION_READ_ONLY_EXISTS (0xb7UL) +#define CKR_SESSION_READ_WRITE_SO_EXISTS (0xb8UL) +#define CKR_SIGNATURE_INVALID (0xc0UL) +#define CKR_SIGNATURE_LEN_RANGE (0xc1UL) +#define CKR_TEMPLATE_INCOMPLETE (0xd0UL) +#define CKR_TEMPLATE_INCONSISTENT (0xd1UL) +#define CKR_TOKEN_NOT_PRESENT (0xe0UL) +#define CKR_TOKEN_NOT_RECOGNIZED (0xe1UL) +#define CKR_TOKEN_WRITE_PROTECTED (0xe2UL) +#define CKR_UNWRAPPING_KEY_HANDLE_INVALID (0xf0UL) +#define CKR_UNWRAPPING_KEY_SIZE_RANGE (0xf1UL) +#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT (0xf2UL) +#define CKR_USER_ALREADY_LOGGED_IN (0x100UL) +#define CKR_USER_NOT_LOGGED_IN (0x101UL) +#define CKR_USER_PIN_NOT_INITIALIZED (0x102UL) +#define CKR_USER_TYPE_INVALID (0x103UL) +#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN (0x104UL) +#define CKR_USER_TOO_MANY_TYPES (0x105UL) +#define CKR_WRAPPED_KEY_INVALID (0x110UL) +#define CKR_WRAPPED_KEY_LEN_RANGE (0x112UL) +#define CKR_WRAPPING_KEY_HANDLE_INVALID (0x113UL) +#define CKR_WRAPPING_KEY_SIZE_RANGE (0x114UL) +#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT (0x115UL) +#define CKR_RANDOM_SEED_NOT_SUPPORTED (0x120UL) +#define CKR_RANDOM_NO_RNG (0x121UL) +#define CKR_DOMAIN_PARAMS_INVALID (0x130UL) +#define CKR_BUFFER_TOO_SMALL (0x150UL) +#define CKR_SAVED_STATE_INVALID (0x160UL) +#define CKR_INFORMATION_SENSITIVE (0x170UL) +#define CKR_STATE_UNSAVEABLE (0x180UL) +#define CKR_CRYPTOKI_NOT_INITIALIZED (0x190UL) +#define CKR_CRYPTOKI_ALREADY_INITIALIZED (0x191UL) +#define CKR_MUTEX_BAD (0x1a0UL) +#define CKR_MUTEX_NOT_LOCKED (0x1a1UL) +#define CKR_FUNCTION_REJECTED (0x200UL) +#define CKR_VENDOR_DEFINED ((unsigned long) (1UL << 31)) + + + +/* Compatibility layer. */ + +#ifdef CRYPTOKI_COMPAT + +#undef CK_DEFINE_FUNCTION +#define CK_DEFINE_FUNCTION(retval, name) retval CK_SPEC name + +/* For NULL. */ +#include + +typedef unsigned char CK_BYTE; +typedef unsigned char CK_CHAR; +typedef unsigned char CK_UTF8CHAR; +typedef unsigned char CK_BBOOL; +typedef unsigned long int CK_ULONG; +typedef long int CK_LONG; +typedef CK_BYTE *CK_BYTE_PTR; +typedef CK_CHAR *CK_CHAR_PTR; +typedef CK_UTF8CHAR *CK_UTF8CHAR_PTR; +typedef CK_ULONG *CK_ULONG_PTR; +typedef void *CK_VOID_PTR; +typedef void **CK_VOID_PTR_PTR; +#define CK_FALSE 0 +#define CK_TRUE 1 +#ifndef CK_DISABLE_TRUE_FALSE +#ifndef FALSE +#define FALSE 0 +#endif +#ifndef TRUE +#define TRUE 1 +#endif +#endif + +typedef struct ck_version CK_VERSION; +typedef struct ck_version *CK_VERSION_PTR; + +typedef struct ck_info CK_INFO; +typedef struct ck_info *CK_INFO_PTR; + +typedef ck_slot_id_t *CK_SLOT_ID_PTR; + +typedef struct ck_slot_info CK_SLOT_INFO; +typedef struct ck_slot_info *CK_SLOT_INFO_PTR; + +typedef struct ck_token_info CK_TOKEN_INFO; +typedef struct ck_token_info *CK_TOKEN_INFO_PTR; + +typedef ck_session_handle_t *CK_SESSION_HANDLE_PTR; + +typedef struct ck_session_info CK_SESSION_INFO; +typedef struct ck_session_info *CK_SESSION_INFO_PTR; + +typedef ck_object_handle_t *CK_OBJECT_HANDLE_PTR; + +typedef ck_object_class_t *CK_OBJECT_CLASS_PTR; + +typedef struct ck_attribute CK_ATTRIBUTE; +typedef struct ck_attribute *CK_ATTRIBUTE_PTR; + +typedef struct ck_date CK_DATE; +typedef struct ck_date *CK_DATE_PTR; + +typedef ck_mechanism_type_t *CK_MECHANISM_TYPE_PTR; + +typedef struct ck_mechanism CK_MECHANISM; +typedef struct ck_mechanism *CK_MECHANISM_PTR; + +typedef struct ck_mechanism_info CK_MECHANISM_INFO; +typedef struct ck_mechanism_info *CK_MECHANISM_INFO_PTR; + +typedef struct ck_function_list CK_FUNCTION_LIST; +typedef struct ck_function_list *CK_FUNCTION_LIST_PTR; +typedef struct ck_function_list **CK_FUNCTION_LIST_PTR_PTR; + +typedef struct ck_c_initialize_args CK_C_INITIALIZE_ARGS; +typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR; + +#define NULL_PTR NULL + +/* Delete the helper macros defined at the top of the file. */ +#undef ck_flags_t +#undef ck_version + +#undef ck_info +#undef cryptoki_version +#undef manufacturer_id +#undef library_description +#undef library_version + +#undef ck_notification_t +#undef ck_slot_id_t + +#undef ck_slot_info +#undef slot_description +#undef hardware_version +#undef firmware_version + +#undef ck_token_info +#undef serial_number +#undef max_session_count +#undef session_count +#undef max_rw_session_count +#undef rw_session_count +#undef max_pin_len +#undef min_pin_len +#undef total_public_memory +#undef free_public_memory +#undef total_private_memory +#undef free_private_memory +#undef utc_time + +#undef ck_session_handle_t +#undef ck_user_type_t +#undef ck_state_t + +#undef ck_session_info +#undef slot_id +#undef device_error + +#undef ck_object_handle_t +#undef ck_object_class_t +#undef ck_hw_feature_type_t +#undef ck_key_type_t +#undef ck_certificate_type_t +#undef ck_attribute_type_t + +#undef ck_attribute +#undef value +#undef value_len + +#undef ck_date + +#undef ck_mechanism_type_t + +#undef ck_mechanism +#undef parameter +#undef parameter_len + +#undef ck_mechanism_info +#undef min_key_size +#undef max_key_size + +#undef ck_rv_t +#undef ck_notify_t + +#undef ck_function_list + +#undef ck_createmutex_t +#undef ck_destroymutex_t +#undef ck_lockmutex_t +#undef ck_unlockmutex_t + +#undef ck_c_initialize_args +#undef create_mutex +#undef destroy_mutex +#undef lock_mutex +#undef unlock_mutex +#undef reserved + +#endif /* CRYPTOKI_COMPAT */ + + +/* System dependencies. */ +#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32) +#pragma pack(pop, cryptoki) +#endif + +#if defined(__cplusplus) +} +#endif + +#endif /* PKCS11_H */ -- cgit v1.2.3