1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. 24 * Copyright 2018, Joyent, Inc. 25 */ 26 27 #include <strings.h> 28 #include <cryptoutil.h> 29 #include <security/cryptoki.h> 30 #include <sys/crypto/common.h> 31 #include <arcfour.h> 32 #include "softGlobal.h" 33 #include "softSession.h" 34 #include <aes_impl.h> 35 #include <blowfish_impl.h> 36 #include <des_impl.h> 37 #include <ecc_impl.h> 38 #include "softDH.h" 39 #include "softObject.h" 40 #include "softKeystore.h" 41 #include "softKeystoreUtil.h" 42 43 44 static CK_MECHANISM_TYPE soft_mechanisms[] = { 45 CKM_DES_CBC, 46 CKM_DES_CBC_PAD, 47 CKM_DES_ECB, 48 CKM_DES_KEY_GEN, 49 CKM_DES_MAC_GENERAL, 50 CKM_DES_MAC, 51 CKM_DES3_CBC, 52 CKM_DES3_CBC_PAD, 53 CKM_DES3_ECB, 54 CKM_DES2_KEY_GEN, 55 CKM_DES3_KEY_GEN, 56 CKM_AES_CBC, 57 CKM_AES_CBC_PAD, 58 CKM_AES_CTR, 59 CKM_AES_CMAC_GENERAL, 60 CKM_AES_CMAC, 61 CKM_AES_ECB, 62 CKM_AES_KEY_GEN, 63 CKM_AES_GCM, 64 CKM_AES_CCM, 65 CKM_BLOWFISH_CBC, 66 CKM_BLOWFISH_KEY_GEN, 67 CKM_SHA_1, 68 CKM_SHA_1_HMAC, 69 CKM_SHA_1_HMAC_GENERAL, 70 CKM_SHA256, 71 CKM_SHA256_HMAC, 72 CKM_SHA256_HMAC_GENERAL, 73 CKM_SHA384, 74 CKM_SHA384_HMAC, 75 CKM_SHA384_HMAC_GENERAL, 76 CKM_SHA512, 77 CKM_SHA512_HMAC, 78 CKM_SHA512_HMAC_GENERAL, 79 CKM_SHA512_224, 80 CKM_SHA512_256, 81 CKM_SSL3_SHA1_MAC, 82 CKM_MD5, 83 CKM_MD5_HMAC, 84 CKM_MD5_HMAC_GENERAL, 85 CKM_SSL3_MD5_MAC, 86 CKM_RC4, 87 CKM_RC4_KEY_GEN, 88 CKM_DSA, 89 CKM_DSA_SHA1, 90 CKM_DSA_KEY_PAIR_GEN, 91 CKM_RSA_PKCS, 92 CKM_RSA_PKCS_KEY_PAIR_GEN, 93 CKM_RSA_X_509, 94 CKM_MD5_RSA_PKCS, 95 CKM_SHA1_RSA_PKCS, 96 CKM_SHA256_RSA_PKCS, 97 CKM_SHA384_RSA_PKCS, 98 CKM_SHA512_RSA_PKCS, 99 CKM_DH_PKCS_KEY_PAIR_GEN, 100 CKM_DH_PKCS_DERIVE, 101 CKM_MD5_KEY_DERIVATION, 102 CKM_SHA1_KEY_DERIVATION, 103 CKM_SHA256_KEY_DERIVATION, 104 CKM_SHA384_KEY_DERIVATION, 105 CKM_SHA512_KEY_DERIVATION, 106 CKM_SHA512_224_KEY_DERIVATION, 107 CKM_SHA512_256_KEY_DERIVATION, 108 CKM_PBE_SHA1_RC4_128, 109 CKM_PKCS5_PBKD2, 110 CKM_SSL3_PRE_MASTER_KEY_GEN, 111 CKM_TLS_PRE_MASTER_KEY_GEN, 112 CKM_SSL3_MASTER_KEY_DERIVE, 113 CKM_TLS_MASTER_KEY_DERIVE, 114 CKM_SSL3_MASTER_KEY_DERIVE_DH, 115 CKM_TLS_MASTER_KEY_DERIVE_DH, 116 CKM_SSL3_KEY_AND_MAC_DERIVE, 117 CKM_TLS_KEY_AND_MAC_DERIVE, 118 CKM_TLS_PRF, 119 CKM_EC_KEY_PAIR_GEN, 120 CKM_ECDSA, 121 CKM_ECDSA_SHA1, 122 CKM_ECDH1_DERIVE 123 }; 124 125 /* 126 * This is the table of CK_MECHANISM_INFO structs for the supported mechanisms. 127 * The index for this table is the same as the one above for the same 128 * mechanism. 129 * The minimum and maximum sizes of the key for the mechanism can be measured 130 * in bits or in bytes (i.e. mechanism-dependent). This table specifies the 131 * supported range of key sizes in bytes; unless noted as in bits. 132 */ 133 static CK_MECHANISM_INFO soft_mechanism_info[] = { 134 {DES_MINBYTES, DES_MAXBYTES, 135 CKF_ENCRYPT|CKF_DECRYPT| 136 CKF_WRAP|CKF_UNWRAP}, /* CKM_DES_CBC */ 137 {DES_MINBYTES, DES_MAXBYTES, 138 CKF_ENCRYPT|CKF_DECRYPT| 139 CKF_WRAP|CKF_UNWRAP}, /* CKM_DES_CBC_PAD */ 140 {DES_MINBYTES, DES_MAXBYTES, 141 CKF_ENCRYPT|CKF_DECRYPT| 142 CKF_WRAP|CKF_UNWRAP}, /* CKM_DES_ECB */ 143 {DES_MINBYTES, DES_MAXBYTES, 144 CKF_GENERATE}, /* CKM_DES_KEY_GEN */ 145 {DES_MINBYTES, DES_MAXBYTES, 146 CKF_SIGN|CKF_VERIFY}, /* CKM_DES_MAC_GENERAL */ 147 {DES_MINBYTES, DES_MAXBYTES, 148 CKF_SIGN|CKF_VERIFY}, /* CKM_DES_MAC */ 149 {DES3_MINBYTES, DES3_MAXBYTES, 150 CKF_ENCRYPT|CKF_DECRYPT| 151 CKF_WRAP|CKF_UNWRAP}, /* CKM_DES3_CBC */ 152 {DES3_MINBYTES, DES3_MAXBYTES, 153 CKF_ENCRYPT|CKF_DECRYPT| 154 CKF_WRAP|CKF_UNWRAP}, /* CKM_DES3_CBC_PAD */ 155 {DES3_MINBYTES, DES3_MAXBYTES, 156 CKF_ENCRYPT|CKF_DECRYPT| 157 CKF_WRAP|CKF_UNWRAP}, /* CKM_DES3_ECB */ 158 {DES2_MAXBYTES, DES2_MAXBYTES, 159 CKF_GENERATE}, /* CKM_DES2_KEY_GEN */ 160 {DES3_MAXBYTES, DES3_MAXBYTES, /* CKK_DES3 only */ 161 CKF_GENERATE}, /* CKM_DES3_KEY_GEN */ 162 {AES_MINBYTES, AES_MAXBYTES, 163 CKF_ENCRYPT|CKF_DECRYPT| 164 CKF_WRAP|CKF_UNWRAP}, /* CKM_AES_CBC */ 165 {AES_MINBYTES, AES_MAXBYTES, 166 CKF_ENCRYPT|CKF_DECRYPT| 167 CKF_WRAP|CKF_UNWRAP}, /* CKM_AES_CBC_PAD */ 168 {AES_MINBYTES, AES_MAXBYTES, 169 CKF_ENCRYPT|CKF_DECRYPT| 170 CKF_WRAP|CKF_UNWRAP}, /* CKM_AES_CTR */ 171 {AES_MINBYTES, AES_MAXBYTES, 172 CKF_SIGN|CKF_VERIFY}, /* CKM_AES_CMAC_GENERAL */ 173 {AES_MINBYTES, AES_MAXBYTES, 174 CKF_SIGN|CKF_VERIFY}, /* CKM_AES_CMAC */ 175 {AES_MINBYTES, AES_MAXBYTES, 176 CKF_ENCRYPT|CKF_DECRYPT| 177 CKF_WRAP|CKF_UNWRAP}, /* CKM_AES_ECB */ 178 {AES_MINBYTES, AES_MAXBYTES, 179 CKF_GENERATE}, /* CKM_AES_KEY_GEN */ 180 {AES_MINBYTES, AES_MAXBYTES, 181 CKF_ENCRYPT|CKF_DECRYPT| 182 CKF_WRAP|CKF_UNWRAP}, /* CKM_AES_GCM */ 183 {AES_MINBYTES, AES_MAXBYTES, 184 CKF_ENCRYPT|CKF_DECRYPT| 185 CKF_WRAP|CKF_UNWRAP}, /* CKM_AES_CCM */ 186 {BLOWFISH_MINBYTES, BLOWFISH_MAXBYTES, 187 CKF_ENCRYPT|CKF_DECRYPT| 188 CKF_WRAP|CKF_UNWRAP}, /* CKM_BLOWFISH_ECB */ 189 {BLOWFISH_MINBYTES, BLOWFISH_MAXBYTES, 190 CKF_GENERATE}, /* CKM_BLOWFISH_KEY_GEN */ 191 {0, 0, CKF_DIGEST}, /* CKM_SHA_1 */ 192 {1, 64, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA_1_HMAC */ 193 {1, 64, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA_1_HMAC_GENERAL */ 194 {0, 0, CKF_DIGEST}, /* CKM_SHA256 */ 195 {1, 64, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA256_HMAC */ 196 {1, 64, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA256_HMAC_GENERAL */ 197 {0, 0, CKF_DIGEST}, /* CKM_SHA384 */ 198 {1, 128, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA384_HMAC */ 199 {1, 128, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA384_HMAC_GENERAL */ 200 {0, 0, CKF_DIGEST}, /* CKM_SHA512 */ 201 {1, 128, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA512_HMAC */ 202 {1, 128, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA512_HMAC_GENERAL */ 203 {0, 0, CKF_DIGEST}, /* CKM_SHA512_224 */ 204 {0, 0, CKF_DIGEST}, /* CKM_SHA512_256 */ 205 {1, 512, CKF_SIGN|CKF_VERIFY}, /* CKM_SSL3_SHA1_MAC */ 206 {0, 0, CKF_DIGEST}, /* CKM_MD5 */ 207 {1, 64, CKF_SIGN|CKF_VERIFY}, /* CKM_MD5_HMAC */ 208 {1, 64, CKF_SIGN|CKF_VERIFY}, /* CKM_MD5_HMAC_GENERAL */ 209 {1, 512, CKF_SIGN|CKF_VERIFY}, /* CKM_SSL3_MD5_MAC */ 210 {8, ARCFOUR_MAX_KEY_BITS, CKF_ENCRYPT|CKF_DECRYPT}, /* CKM_RC4; */ 211 /* in bits */ 212 {8, ARCFOUR_MAX_KEY_BITS, CKF_GENERATE }, /* CKM_RC4_KEY_GEN; in bits */ 213 {512, 1024, CKF_SIGN|CKF_VERIFY}, /* CKM_DSA; in bits */ 214 {512, 1024, CKF_SIGN|CKF_VERIFY}, /* CKM_DSA_SHA1; in bits */ 215 {512, 1024, CKF_GENERATE_KEY_PAIR}, /* CKM_DSA_KEY_PAIR_GEN; */ 216 /* in bits */ 217 {256, 4096, CKF_ENCRYPT|CKF_DECRYPT| 218 CKF_SIGN|CKF_SIGN_RECOVER| 219 CKF_WRAP|CKF_UNWRAP| 220 CKF_VERIFY|CKF_VERIFY_RECOVER}, /* CKM_RSA_PKCS; in bits */ 221 {256, 4096, CKF_GENERATE_KEY_PAIR}, /* CKM_RSA_PKCS_KEY_PAIR_GEN; */ 222 /* in bits */ 223 {256, 4096, CKF_ENCRYPT|CKF_DECRYPT| 224 CKF_SIGN|CKF_SIGN_RECOVER| 225 CKF_WRAP|CKF_UNWRAP| 226 CKF_VERIFY|CKF_VERIFY_RECOVER}, /* CKM_RSA_X_509 in bits */ 227 {256, 4096, CKF_SIGN|CKF_VERIFY}, /* CKM_MD5_RSA_PKCS in bits */ 228 {256, 4096, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA1_RSA_PKCS in bits */ 229 {256, 4096, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA256_RSA_PKCS in bits */ 230 {256, 4096, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA384_RSA_PKCS in bits */ 231 {256, 4096, CKF_SIGN|CKF_VERIFY}, /* CKM_SHA512_RSA_PKCS in bits */ 232 {DH_MIN_KEY_LEN, DH_MAX_KEY_LEN, CKF_GENERATE_KEY_PAIR}, 233 /* CKM_DH_PKCS_KEY_PAIR_GEN */ 234 /* in bits */ 235 {DH_MIN_KEY_LEN, DH_MAX_KEY_LEN, CKF_DERIVE}, 236 /* CKM_DH_PKCS_DERIVE; */ 237 /* in bits */ 238 {1, 16, CKF_DERIVE}, /* CKM_MD5_KEY_DERIVATION */ 239 {1, 20, CKF_DERIVE}, /* CKM_SHA1_KEY_DERIVATION */ 240 {1, 32, CKF_DERIVE}, /* CKM_SHA256_KEY_DERIVATION */ 241 {1, 48, CKF_DERIVE}, /* CKM_SHA384_KEY_DERIVATION */ 242 {1, 64, CKF_DERIVE}, /* CKM_SHA512_KEY_DERIVATION */ 243 {1, 28, CKF_DERIVE}, /* CKM_SHA512_224_KEY_DERIVATION */ 244 {1, 32, CKF_DERIVE}, /* CKM_SHA512_256_KEY_DERIVATION */ 245 {0, 0, CKF_GENERATE}, /* CKM_PBE_SHA1_RC4_128 */ 246 {0, 0, CKF_GENERATE}, /* CKM_PKCS5_PBKD2 */ 247 {48, 48, CKF_GENERATE}, /* CKM_SSL3_PRE_MASTER_KEY_GEN */ 248 {48, 48, CKF_GENERATE}, /* CKM_TLS_PRE_MASTER_KEY_GEN */ 249 {48, 48, CKF_DERIVE}, /* CKM_SSL3_MASTER_KEY_DERIVE */ 250 {48, 48, CKF_DERIVE}, /* CKM_TLS_MASTER_KEY_DERIVE */ 251 {48, 48, CKF_DERIVE}, /* CKM_SSL3_MASTER_KEY_DERIVE_DH */ 252 {48, 48, CKF_DERIVE}, /* CKM_TLS_MASTER_KEY_DERIVE_DH */ 253 {0, 0, CKF_DERIVE}, /* CKM_SSL3_KEY_AND_MAC_DERIVE */ 254 {0, 0, CKF_DERIVE}, /* CKM_TLS_KEY_AND_MAC_DERIVE */ 255 {0, 0, CKF_DERIVE}, /* CKM_TLS_PRF */ 256 {EC_MIN_KEY_LEN, EC_MAX_KEY_LEN, CKF_GENERATE_KEY_PAIR}, 257 {EC_MIN_KEY_LEN, EC_MAX_KEY_LEN, CKF_SIGN|CKF_VERIFY}, 258 {EC_MIN_KEY_LEN, EC_MAX_KEY_LEN, CKF_SIGN|CKF_VERIFY}, 259 {EC_MIN_KEY_LEN, EC_MAX_KEY_LEN, CKF_DERIVE} 260 }; 261 262 /* 263 * Slot ID for softtoken is always 1. tokenPresent is ignored. 264 * Also, only one slot is used. 265 */ 266 /*ARGSUSED*/ 267 CK_RV 268 C_GetSlotList(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, 269 CK_ULONG_PTR pulCount) 270 { 271 272 CK_RV rv; 273 274 if (!softtoken_initialized) 275 return (CKR_CRYPTOKI_NOT_INITIALIZED); 276 277 if (pulCount == NULL) { 278 return (CKR_ARGUMENTS_BAD); 279 } 280 281 if (pSlotList == NULL) { 282 /* 283 * Application only wants to know the number of slots. 284 */ 285 *pulCount = 1; 286 return (CKR_OK); 287 } 288 289 if ((*pulCount < 1) && (pSlotList != NULL)) { 290 rv = CKR_BUFFER_TOO_SMALL; 291 } else { 292 pSlotList[0] = SOFTTOKEN_SLOTID; 293 rv = CKR_OK; 294 } 295 296 *pulCount = 1; 297 return (rv); 298 } 299 300 301 CK_RV 302 C_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) 303 { 304 305 if (!softtoken_initialized) 306 return (CKR_CRYPTOKI_NOT_INITIALIZED); 307 308 if (pInfo == NULL) 309 return (CKR_ARGUMENTS_BAD); 310 311 /* Make sure the slot ID is valid */ 312 if (slotID != SOFTTOKEN_SLOTID) 313 return (CKR_SLOT_ID_INVALID); 314 315 /* Provide information about the slot in the provided buffer */ 316 (void) strncpy((char *)pInfo->slotDescription, SOFT_SLOT_DESCRIPTION, 317 64); 318 (void) strncpy((char *)pInfo->manufacturerID, SOFT_MANUFACTURER_ID, 32); 319 pInfo->flags = CKF_TOKEN_PRESENT; 320 pInfo->hardwareVersion.major = HARDWARE_VERSION_MAJOR; 321 pInfo->hardwareVersion.minor = HARDWARE_VERSION_MINOR; 322 pInfo->firmwareVersion.major = FIRMWARE_VERSION_MAJOR; 323 pInfo->firmwareVersion.minor = FIRMWARE_VERSION_MINOR; 324 325 return (CKR_OK); 326 } 327 328 CK_RV 329 C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo) 330 { 331 boolean_t pin_initialized = B_FALSE; 332 char *ks_cryptpin = NULL; 333 334 if (!softtoken_initialized) 335 return (CKR_CRYPTOKI_NOT_INITIALIZED); 336 337 /* Make sure the slot ID is valid */ 338 if (slotID != SOFTTOKEN_SLOTID) 339 return (CKR_SLOT_ID_INVALID); 340 341 if (pInfo == NULL) 342 return (CKR_ARGUMENTS_BAD); 343 344 /* 345 * It is intentional that we don't forward the error code 346 * returned from soft_keystore_pin_initialized() to the caller 347 */ 348 pInfo->flags = SOFT_TOKEN_FLAGS; 349 if (soft_slot.keystore_load_status == KEYSTORE_UNAVAILABLE) { 350 pInfo->flags |= CKF_WRITE_PROTECTED; 351 } else { 352 if ((soft_keystore_pin_initialized(&pin_initialized, 353 &ks_cryptpin, B_FALSE) == CKR_OK) && !pin_initialized) 354 pInfo->flags |= CKF_USER_PIN_TO_BE_CHANGED; 355 } 356 357 if (ks_cryptpin != NULL) { 358 size_t cplen = strlen(ks_cryptpin) + 1; 359 360 freezero(ks_cryptpin, cplen); 361 } 362 363 /* Provide information about a token in the provided buffer */ 364 (void) strncpy((char *)pInfo->label, SOFT_TOKEN_LABEL, 32); 365 (void) strncpy((char *)pInfo->manufacturerID, SOFT_MANUFACTURER_ID, 32); 366 (void) strncpy((char *)pInfo->model, TOKEN_MODEL, 16); 367 (void) strncpy((char *)pInfo->serialNumber, SOFT_TOKEN_SERIAL, 16); 368 369 pInfo->ulMaxSessionCount = CK_EFFECTIVELY_INFINITE; 370 pInfo->ulSessionCount = soft_session_cnt; 371 pInfo->ulMaxRwSessionCount = CK_EFFECTIVELY_INFINITE; 372 pInfo->ulRwSessionCount = soft_session_rw_cnt; 373 pInfo->ulMaxPinLen = MAX_PIN_LEN; 374 pInfo->ulMinPinLen = MIN_PIN_LEN; 375 pInfo->ulTotalPublicMemory = CK_UNAVAILABLE_INFORMATION; 376 pInfo->ulFreePublicMemory = CK_UNAVAILABLE_INFORMATION; 377 pInfo->ulTotalPrivateMemory = CK_UNAVAILABLE_INFORMATION; 378 pInfo->ulFreePrivateMemory = CK_UNAVAILABLE_INFORMATION; 379 pInfo->hardwareVersion.major = HARDWARE_VERSION_MAJOR; 380 pInfo->hardwareVersion.minor = HARDWARE_VERSION_MINOR; 381 pInfo->firmwareVersion.major = FIRMWARE_VERSION_MAJOR; 382 pInfo->firmwareVersion.minor = FIRMWARE_VERSION_MINOR; 383 (void) memset(pInfo->utcTime, ' ', 16); 384 385 return (CKR_OK); 386 } 387 388 /*ARGSUSED*/ 389 CK_RV 390 C_WaitForSlotEvent(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot, CK_VOID_PTR pReserved) 391 { 392 if (!softtoken_initialized) 393 return (CKR_CRYPTOKI_NOT_INITIALIZED); 394 395 /* 396 * This is currently not implemented, however we could cause this 397 * to wait for the token files to appear if soft_token_present is 398 * false. 399 * However there is currently no polite and portable way to do that 400 * because we might not even be able to get to an fd to the 401 * parent directory, so instead we don't support any slot events. 402 */ 403 return (CKR_FUNCTION_NOT_SUPPORTED); 404 } 405 406 407 CK_RV 408 C_GetMechanismList(CK_SLOT_ID slotID, CK_MECHANISM_TYPE_PTR pMechanismList, 409 CK_ULONG_PTR pulCount) 410 { 411 412 ulong_t i; 413 ulong_t mechnum; 414 415 if (!softtoken_initialized) 416 return (CKR_CRYPTOKI_NOT_INITIALIZED); 417 418 if (slotID != SOFTTOKEN_SLOTID) 419 return (CKR_SLOT_ID_INVALID); 420 421 mechnum = sizeof (soft_mechanisms) / sizeof (CK_MECHANISM_TYPE); 422 423 if (pMechanismList == NULL) { 424 /* 425 * Application only wants to know the number of 426 * supported mechanism types. 427 */ 428 *pulCount = mechnum; 429 return (CKR_OK); 430 } 431 432 if (*pulCount < mechnum) { 433 *pulCount = mechnum; 434 return (CKR_BUFFER_TOO_SMALL); 435 } 436 437 for (i = 0; i < mechnum; i++) { 438 pMechanismList[i] = soft_mechanisms[i]; 439 } 440 441 *pulCount = mechnum; 442 443 return (CKR_OK); 444 } 445 446 447 CK_RV 448 C_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, 449 CK_MECHANISM_INFO_PTR pInfo) 450 { 451 452 ulong_t i; 453 ulong_t mechnum; 454 455 if (!softtoken_initialized) 456 return (CKR_CRYPTOKI_NOT_INITIALIZED); 457 458 if (slotID != SOFTTOKEN_SLOTID) 459 return (CKR_SLOT_ID_INVALID); 460 461 if (pInfo == NULL) { 462 return (CKR_ARGUMENTS_BAD); 463 } 464 465 mechnum = sizeof (soft_mechanisms) / sizeof (CK_MECHANISM_TYPE); 466 for (i = 0; i < mechnum; i++) { 467 if (soft_mechanisms[i] == type) 468 break; 469 } 470 471 if (i == mechnum) 472 /* unsupported mechanism */ 473 return (CKR_MECHANISM_INVALID); 474 475 pInfo->ulMinKeySize = soft_mechanism_info[i].ulMinKeySize; 476 pInfo->ulMaxKeySize = soft_mechanism_info[i].ulMaxKeySize; 477 pInfo->flags = soft_mechanism_info[i].flags; 478 479 return (CKR_OK); 480 } 481 482 483 /*ARGSUSED*/ 484 CK_RV 485 C_InitToken(CK_SLOT_ID slotID, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen, 486 CK_UTF8CHAR_PTR pLabel) 487 { 488 if (!softtoken_initialized) 489 return (CKR_CRYPTOKI_NOT_INITIALIZED); 490 491 if (create_keystore() != 0) 492 return (CKR_FUNCTION_FAILED); 493 494 return (CKR_OK); 495 } 496 497 /*ARGSUSED*/ 498 CK_RV 499 C_InitPIN(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen) 500 { 501 if (!softtoken_initialized) 502 return (CKR_CRYPTOKI_NOT_INITIALIZED); 503 504 return (CKR_FUNCTION_NOT_SUPPORTED); 505 } 506 507 508 CK_RV 509 C_SetPIN(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pOldPin, 510 CK_ULONG ulOldPinLen, CK_UTF8CHAR_PTR pNewPin, CK_ULONG ulNewPinLen) 511 { 512 513 soft_session_t *session_p; 514 CK_RV rv; 515 boolean_t lock_held = B_FALSE; 516 517 if (!softtoken_initialized) 518 return (CKR_CRYPTOKI_NOT_INITIALIZED); 519 520 /* 521 * Obtain the session pointer. Also, increment the session 522 * reference count. 523 */ 524 rv = handle2session(hSession, &session_p); 525 if (rv != CKR_OK) 526 return (rv); 527 528 if (!soft_keystore_status(KEYSTORE_LOAD)) { 529 SES_REFRELE(session_p, lock_held); 530 return (CKR_DEVICE_REMOVED); 531 } 532 533 if ((ulOldPinLen < MIN_PIN_LEN) || (ulOldPinLen > MAX_PIN_LEN) || 534 (ulNewPinLen < MIN_PIN_LEN) ||(ulNewPinLen > MAX_PIN_LEN)) { 535 SES_REFRELE(session_p, lock_held); 536 return (CKR_PIN_LEN_RANGE); 537 } 538 539 if ((pOldPin == NULL_PTR) || (pNewPin == NULL_PTR)) { 540 /* 541 * We don't support CKF_PROTECTED_AUTHENTICATION_PATH 542 */ 543 SES_REFRELE(session_p, lock_held); 544 return (CKR_ARGUMENTS_BAD); 545 } 546 547 /* check the state of the session */ 548 if ((session_p->state != CKS_RW_PUBLIC_SESSION) && 549 (session_p->state != CKS_RW_USER_FUNCTIONS)) { 550 SES_REFRELE(session_p, lock_held); 551 return (CKR_SESSION_READ_ONLY); 552 } 553 554 rv = soft_setpin(pOldPin, ulOldPinLen, pNewPin, ulNewPinLen); 555 556 SES_REFRELE(session_p, lock_held); 557 return (rv); 558 } 559