Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Blame
Revision Log

softp11.c@ 4

Last change on this file since 4 was 1, checked in by Paul Smedley, 10 years ago
Initial commit of Heimdal 1.5.3
File size: 43.2 KB

Line
1	/*
2	* Copyright (c) 2004 - 2008 Kungliga Tekniska HÃ¶gskolan
3	* (Royal Institute of Technology, Stockholm, Sweden).
4	* All rights reserved.
5	*
6	* Redistribution and use in source and binary forms, with or without
7	* modification, are permitted provided that the following conditions
8	* are met:
9	*
10	* 1. Redistributions of source code must retain the above copyright
11	* notice, this list of conditions and the following disclaimer.
12	*
13	* 2. Redistributions in binary form must reproduce the above copyright
14	* notice, this list of conditions and the following disclaimer in the
15	* documentation and/or other materials provided with the distribution.
16	*
17	* 3. Neither the name of the Institute nor the names of its contributors
18	* may be used to endorse or promote products derived from this software
19	* without specific prior written permission.
20	*
21	* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24	* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31	* SUCH DAMAGE.
32	*/
33
34	#define CRYPTOKI_EXPORTS 1
35
36	#include "hx_locl.h"
37	#include "pkcs11.h"
38
39	#define OBJECT_ID_MASK 0xfff
40	#define HANDLE_OBJECT_ID(h) ((h) & OBJECT_ID_MASK)
41	#define OBJECT_ID(obj) HANDLE_OBJECT_ID((obj)->object_handle)
42
43	#ifndef HAVE_RANDOM
44	#define random() rand()
45	#define srandom(s) srand(s)
46	#endif
47
48	#ifdef _WIN32
49	#include <shlobj.h>
50	#endif
51
52	struct st_attr {
53	CK_ATTRIBUTE attribute;
54	int secret;
55	};
56
57	struct st_object {
58	CK_OBJECT_HANDLE object_handle;
59	struct st_attr *attrs;
60	int num_attributes;
61	hx509_cert cert;
62	};
63
64	static struct soft_token {
65	CK_VOID_PTR application;
66	CK_NOTIFY notify;
67	char *config_file;
68	hx509_certs certs;
69	struct {
70	struct st_object **objs;
71	int num_objs;
72	} object;
73	struct {
74	int hardware_slot;
75	int app_error_fatal;
76	int login_done;
77	} flags;
78	int open_sessions;
79	struct session_state {
80	CK_SESSION_HANDLE session_handle;
81
82	struct {
83	CK_ATTRIBUTE *attributes;
84	CK_ULONG num_attributes;
85	int next_object;
86	} find;
87
88	int sign_object;
89	CK_MECHANISM_PTR sign_mechanism;
90	int verify_object;
91	CK_MECHANISM_PTR verify_mechanism;
92	} state[10];
93	#define MAX_NUM_SESSION (sizeof(soft_token.state)/sizeof(soft_token.state[0]))
94	FILE *logfile;
95	} soft_token;
96
97	static hx509_context context;
98
99	static void
100	application_error(const char *fmt, ...)
101	{
102	va_list ap;
103	va_start(ap, fmt);
104	vprintf(fmt, ap);
105	va_end(ap);
106	if (soft_token.flags.app_error_fatal)
107	abort();
108	}
109
110	static void
111	st_logf(const char *fmt, ...)
112	{
113	va_list ap;
114	if (soft_token.logfile == NULL)
115	return;
116	va_start(ap, fmt);
117	vfprintf(soft_token.logfile, fmt, ap);
118	va_end(ap);
119	fflush(soft_token.logfile);
120	}
121
122	static CK_RV
123	init_context(void)
124	{
125	if (context == NULL) {
126	int ret = hx509_context_init(&context);
127	if (ret)
128	return CKR_GENERAL_ERROR;
129	}
130	return CKR_OK;
131	}
132
133	#define INIT_CONTEXT() { CK_RV icret = init_context(); if (icret) return icret; }
134
135	static void
136	snprintf_fill(char str, size_t size, char fillchar, const char fmt, ...)
137	{
138	int len;
139	va_list ap;
140	va_start(ap, fmt);
141	len = vsnprintf(str, size, fmt, ap);
142	va_end(ap);
143	if (len < 0 \|\| (size_t)len > size)
144	return;
145	while ((size_t)len < size)
146	str[len++] = fillchar;
147	}
148
149	#ifndef TEST_APP
150	#define printf error_use_st_logf
151	#endif
152
153	#define VERIFY_SESSION_HANDLE(s, state) \
154	{ \
155	CK_RV xret; \
156	xret = verify_session_handle(s, state); \
157	if (xret != CKR_OK) { \
158	/* return CKR_OK */; \
159	} \
160	}
161
162	static CK_RV
163	verify_session_handle(CK_SESSION_HANDLE hSession,
164	struct session_state **state)
165	{
166	size_t i;
167
168	for (i = 0; i < MAX_NUM_SESSION; i++){
169	if (soft_token.state[i].session_handle == hSession)
170	break;
171	}
172	if (i == MAX_NUM_SESSION) {
173	application_error("use of invalid handle: 0x%08lx\n",
174	(unsigned long)hSession);
175	return CKR_SESSION_HANDLE_INVALID;
176	}
177	if (state)
178	*state = &soft_token.state[i];
179	return CKR_OK;
180	}
181
182	static CK_RV
183	object_handle_to_object(CK_OBJECT_HANDLE handle,
184	struct st_object **object)
185	{
186	int i = HANDLE_OBJECT_ID(handle);
187
188	*object = NULL;
189	if (i >= soft_token.object.num_objs)
190	return CKR_ARGUMENTS_BAD;
191	if (soft_token.object.objs[i] == NULL)
192	return CKR_ARGUMENTS_BAD;
193	if (soft_token.object.objs[i]->object_handle != handle)
194	return CKR_ARGUMENTS_BAD;
195	*object = soft_token.object.objs[i];
196	return CKR_OK;
197	}
198
199	static int
200	attributes_match(const struct st_object *obj,
201	const CK_ATTRIBUTE *attributes,
202	CK_ULONG num_attributes)
203	{
204	CK_ULONG i;
205	int j;
206
207	st_logf("attributes_match: %ld\n", (unsigned long)OBJECT_ID(obj));
208
209	for (i = 0; i < num_attributes; i++) {
210	int match = 0;
211	for (j = 0; j < obj->num_attributes; j++) {
212	if (attributes[i].type == obj->attrs[j].attribute.type &&
213	attributes[i].ulValueLen == obj->attrs[j].attribute.ulValueLen &&
214	memcmp(attributes[i].pValue, obj->attrs[j].attribute.pValue,
215	attributes[i].ulValueLen) == 0) {
216	match = 1;
217	break;
218	}
219	}
220	if (match == 0) {
221	st_logf("type %d attribute have no match\n", attributes[i].type);
222	return 0;
223	}
224	}
225	st_logf("attribute matches\n");
226	return 1;
227	}
228
229	static void
230	print_attributes(const CK_ATTRIBUTE *attributes,
231	CK_ULONG num_attributes)
232	{
233	CK_ULONG i;
234
235	st_logf("find objects: attrs: %lu\n", (unsigned long)num_attributes);
236
237	for (i = 0; i < num_attributes; i++) {
238	st_logf(" type: ");
239	switch (attributes[i].type) {
240	case CKA_TOKEN: {
241	CK_BBOOL *ck_true;
242	if (attributes[i].ulValueLen != sizeof(CK_BBOOL)) {
243	application_error("token attribute wrong length\n");
244	break;
245	}
246	ck_true = attributes[i].pValue;
247	st_logf("token: %s", *ck_true ? "TRUE" : "FALSE");
248	break;
249	}
250	case CKA_CLASS: {
251	CK_OBJECT_CLASS *class;
252	if (attributes[i].ulValueLen != sizeof(CK_ULONG)) {
253	application_error("class attribute wrong length\n");
254	break;
255	}
256	class = attributes[i].pValue;
257	st_logf("class ");
258	switch (*class) {
259	case CKO_CERTIFICATE:
260	st_logf("certificate");
261	break;
262	case CKO_PUBLIC_KEY:
263	st_logf("public key");
264	break;
265	case CKO_PRIVATE_KEY:
266	st_logf("private key");
267	break;
268	case CKO_SECRET_KEY:
269	st_logf("secret key");
270	break;
271	case CKO_DOMAIN_PARAMETERS:
272	st_logf("domain parameters");
273	break;
274	default:
275	st_logf("[class %lx]", (long unsigned)*class);
276	break;
277	}
278	break;
279	}
280	case CKA_PRIVATE:
281	st_logf("private");
282	break;
283	case CKA_LABEL:
284	st_logf("label");
285	break;
286	case CKA_APPLICATION:
287	st_logf("application");
288	break;
289	case CKA_VALUE:
290	st_logf("value");
291	break;
292	case CKA_ID:
293	st_logf("id");
294	break;
295	default:
296	st_logf("[unknown 0x%08lx]", (unsigned long)attributes[i].type);
297	break;
298	}
299	st_logf("\n");
300	}
301	}
302
303	static struct st_object *
304	add_st_object(void)
305	{
306	struct st_object o, *objs;
307	int i;
308
309	o = calloc(1, sizeof(*o));
310	if (o == NULL)
311	return NULL;
312
313	for (i = 0; i < soft_token.object.num_objs; i++) {
314	if (soft_token.object.objs == NULL) {
315	soft_token.object.objs[i] = o;
316	break;
317	}
318	}
319	if (i == soft_token.object.num_objs) {
320	objs = realloc(soft_token.object.objs,
321	(soft_token.object.num_objs + 1) * sizeof(soft_token.object.objs[0]));
322	if (objs == NULL) {
323	free(o);
324	return NULL;
325	}
326	soft_token.object.objs = objs;
327	soft_token.object.objs[soft_token.object.num_objs++] = o;
328	}
329	soft_token.object.objs[i]->object_handle =
330	(random() & (~OBJECT_ID_MASK)) \| i;
331
332	return o;
333	}
334
335	static CK_RV
336	add_object_attribute(struct st_object *o,
337	int secret,
338	CK_ATTRIBUTE_TYPE type,
339	CK_VOID_PTR pValue,
340	CK_ULONG ulValueLen)
341	{
342	struct st_attr *a;
343	int i;
344
345	i = o->num_attributes;
346	a = realloc(o->attrs, (i + 1) * sizeof(o->attrs[0]));
347	if (a == NULL)
348	return CKR_DEVICE_MEMORY;
349	o->attrs = a;
350	o->attrs[i].secret = secret;
351	o->attrs[i].attribute.type = type;
352	o->attrs[i].attribute.pValue = malloc(ulValueLen);
353	if (o->attrs[i].attribute.pValue == NULL && ulValueLen != 0)
354	return CKR_DEVICE_MEMORY;
355	memcpy(o->attrs[i].attribute.pValue, pValue, ulValueLen);
356	o->attrs[i].attribute.ulValueLen = ulValueLen;
357	o->num_attributes++;
358
359	return CKR_OK;
360	}
361
362	static CK_RV
363	add_pubkey_info(hx509_context hxctx, struct st_object *o,
364	CK_KEY_TYPE key_type, hx509_cert cert)
365	{
366	BIGNUM *num;
367	CK_BYTE *modulus = NULL;
368	size_t modulus_len = 0;
369	CK_ULONG modulus_bits = 0;
370	CK_BYTE *exponent = NULL;
371	size_t exponent_len = 0;
372
373	if (key_type != CKK_RSA)
374	return CKR_OK;
375	if (_hx509_cert_private_key(cert) == NULL)
376	return CKR_OK;
377
378	num = _hx509_private_key_get_internal(context,
379	_hx509_cert_private_key(cert),
380	"rsa-modulus");
381	if (num == NULL)
382	return CKR_GENERAL_ERROR;
383	modulus_bits = BN_num_bits(num);
384
385	modulus_len = BN_num_bytes(num);
386	modulus = malloc(modulus_len);
387	BN_bn2bin(num, modulus);
388	BN_free(num);
389
390	add_object_attribute(o, 0, CKA_MODULUS, modulus, modulus_len);
391	add_object_attribute(o, 0, CKA_MODULUS_BITS,
392	&modulus_bits, sizeof(modulus_bits));
393
394	free(modulus);
395
396	num = _hx509_private_key_get_internal(context,
397	_hx509_cert_private_key(cert),
398	"rsa-exponent");
399	if (num == NULL)
400	return CKR_GENERAL_ERROR;
401
402	exponent_len = BN_num_bytes(num);
403	exponent = malloc(exponent_len);
404	BN_bn2bin(num, exponent);
405	BN_free(num);
406
407	add_object_attribute(o, 0, CKA_PUBLIC_EXPONENT,
408	exponent, exponent_len);
409
410	free(exponent);
411
412	return CKR_OK;
413	}
414
415
416	struct foo {
417	char *label;
418	char *id;
419	};
420
421	static int
422	add_cert(hx509_context hxctx, void *ctx, hx509_cert cert)
423	{
424	static char empty[] = "";
425	struct foo foo = (struct foo )ctx;
426	struct st_object *o = NULL;
427	CK_OBJECT_CLASS type;
428	CK_BBOOL bool_true = CK_TRUE;
429	CK_BBOOL bool_false = CK_FALSE;
430	CK_CERTIFICATE_TYPE cert_type = CKC_X_509;
431	CK_KEY_TYPE key_type;
432	CK_MECHANISM_TYPE mech_type;
433	CK_RV ret = CKR_GENERAL_ERROR;
434	int hret;
435	heim_octet_string cert_data, subject_data, issuer_data, serial_data;
436
437	st_logf("adding certificate\n");
438
439	serial_data.data = NULL;
440	serial_data.length = 0;
441	cert_data = subject_data = issuer_data = serial_data;
442
443	hret = hx509_cert_binary(hxctx, cert, &cert_data);
444	if (hret)
445	goto out;
446
447	{
448	hx509_name name;
449
450	hret = hx509_cert_get_issuer(cert, &name);
451	if (hret)
452	goto out;
453	hret = hx509_name_binary(name, &issuer_data);
454	hx509_name_free(&name);
455	if (hret)
456	goto out;
457
458	hret = hx509_cert_get_subject(cert, &name);
459	if (hret)
460	goto out;
461	hret = hx509_name_binary(name, &subject_data);
462	hx509_name_free(&name);
463	if (hret)
464	goto out;
465	}
466
467	{
468	AlgorithmIdentifier alg;
469
470	hret = hx509_cert_get_SPKI_AlgorithmIdentifier(context, cert, &alg);
471	if (hret) {
472	ret = CKR_DEVICE_MEMORY;
473	goto out;
474	}
475
476	key_type = CKK_RSA; /* XXX */
477
478	free_AlgorithmIdentifier(&alg);
479	}
480
481
482	type = CKO_CERTIFICATE;
483	o = add_st_object();
484	if (o == NULL) {
485	ret = CKR_DEVICE_MEMORY;
486	goto out;
487	}
488
489	o->cert = hx509_cert_ref(cert);
490
491	add_object_attribute(o, 0, CKA_CLASS, &type, sizeof(type));
492	add_object_attribute(o, 0, CKA_TOKEN, &bool_true, sizeof(bool_true));
493	add_object_attribute(o, 0, CKA_PRIVATE, &bool_false, sizeof(bool_false));
494	add_object_attribute(o, 0, CKA_MODIFIABLE, &bool_false, sizeof(bool_false));
495	add_object_attribute(o, 0, CKA_LABEL, foo->label, strlen(foo->label));
496
497	add_object_attribute(o, 0, CKA_CERTIFICATE_TYPE, &cert_type, sizeof(cert_type));
498	add_object_attribute(o, 0, CKA_ID, foo->id, strlen(foo->id));
499
500	add_object_attribute(o, 0, CKA_SUBJECT, subject_data.data, subject_data.length);
501	add_object_attribute(o, 0, CKA_ISSUER, issuer_data.data, issuer_data.length);
502	add_object_attribute(o, 0, CKA_SERIAL_NUMBER, serial_data.data, serial_data.length);
503	add_object_attribute(o, 0, CKA_VALUE, cert_data.data, cert_data.length);
504	add_object_attribute(o, 0, CKA_TRUSTED, &bool_false, sizeof(bool_false));
505
506	st_logf("add cert ok: %lx\n", (unsigned long)OBJECT_ID(o));
507
508	type = CKO_PUBLIC_KEY;
509	o = add_st_object();
510	if (o == NULL) {
511	ret = CKR_DEVICE_MEMORY;
512	goto out;
513	}
514	o->cert = hx509_cert_ref(cert);
515
516	add_object_attribute(o, 0, CKA_CLASS, &type, sizeof(type));
517	add_object_attribute(o, 0, CKA_TOKEN, &bool_true, sizeof(bool_true));
518	add_object_attribute(o, 0, CKA_PRIVATE, &bool_false, sizeof(bool_false));
519	add_object_attribute(o, 0, CKA_MODIFIABLE, &bool_false, sizeof(bool_false));
520	add_object_attribute(o, 0, CKA_LABEL, foo->label, strlen(foo->label));
521
522	add_object_attribute(o, 0, CKA_KEY_TYPE, &key_type, sizeof(key_type));
523	add_object_attribute(o, 0, CKA_ID, foo->id, strlen(foo->id));
524	add_object_attribute(o, 0, CKA_START_DATE, empty, 1); /* XXX */
525	add_object_attribute(o, 0, CKA_END_DATE, empty, 1); /* XXX */
526	add_object_attribute(o, 0, CKA_DERIVE, &bool_false, sizeof(bool_false));
527	add_object_attribute(o, 0, CKA_LOCAL, &bool_false, sizeof(bool_false));
528	mech_type = CKM_RSA_X_509;
529	add_object_attribute(o, 0, CKA_KEY_GEN_MECHANISM, &mech_type, sizeof(mech_type));
530
531	add_object_attribute(o, 0, CKA_SUBJECT, subject_data.data, subject_data.length);
532	add_object_attribute(o, 0, CKA_ENCRYPT, &bool_true, sizeof(bool_true));
533	add_object_attribute(o, 0, CKA_VERIFY, &bool_true, sizeof(bool_true));
534	add_object_attribute(o, 0, CKA_VERIFY_RECOVER, &bool_false, sizeof(bool_false));
535	add_object_attribute(o, 0, CKA_WRAP, &bool_true, sizeof(bool_true));
536	add_object_attribute(o, 0, CKA_TRUSTED, &bool_true, sizeof(bool_true));
537
538	add_pubkey_info(hxctx, o, key_type, cert);
539
540	st_logf("add key ok: %lx\n", (unsigned long)OBJECT_ID(o));
541
542	if (hx509_cert_have_private_key(cert)) {
543	CK_FLAGS flags;
544
545	type = CKO_PRIVATE_KEY;
546	o = add_st_object();
547	if (o == NULL) {
548	ret = CKR_DEVICE_MEMORY;
549	goto out;
550	}
551	o->cert = hx509_cert_ref(cert);
552
553	add_object_attribute(o, 0, CKA_CLASS, &type, sizeof(type));
554	add_object_attribute(o, 0, CKA_TOKEN, &bool_true, sizeof(bool_true));
555	add_object_attribute(o, 0, CKA_PRIVATE, &bool_true, sizeof(bool_false));
556	add_object_attribute(o, 0, CKA_MODIFIABLE, &bool_false, sizeof(bool_false));
557	add_object_attribute(o, 0, CKA_LABEL, foo->label, strlen(foo->label));
558
559	add_object_attribute(o, 0, CKA_KEY_TYPE, &key_type, sizeof(key_type));
560	add_object_attribute(o, 0, CKA_ID, foo->id, strlen(foo->id));
561	add_object_attribute(o, 0, CKA_START_DATE, empty, 1); /* XXX */
562	add_object_attribute(o, 0, CKA_END_DATE, empty, 1); /* XXX */
563	add_object_attribute(o, 0, CKA_DERIVE, &bool_false, sizeof(bool_false));
564	add_object_attribute(o, 0, CKA_LOCAL, &bool_false, sizeof(bool_false));
565	mech_type = CKM_RSA_X_509;
566	add_object_attribute(o, 0, CKA_KEY_GEN_MECHANISM, &mech_type, sizeof(mech_type));
567
568	add_object_attribute(o, 0, CKA_SUBJECT, subject_data.data, subject_data.length);
569	add_object_attribute(o, 0, CKA_SENSITIVE, &bool_true, sizeof(bool_true));
570	add_object_attribute(o, 0, CKA_SECONDARY_AUTH, &bool_false, sizeof(bool_true));
571	flags = 0;
572	add_object_attribute(o, 0, CKA_AUTH_PIN_FLAGS, &flags, sizeof(flags));
573
574	add_object_attribute(o, 0, CKA_DECRYPT, &bool_true, sizeof(bool_true));
575	add_object_attribute(o, 0, CKA_SIGN, &bool_true, sizeof(bool_true));
576	add_object_attribute(o, 0, CKA_SIGN_RECOVER, &bool_false, sizeof(bool_false));
577	add_object_attribute(o, 0, CKA_UNWRAP, &bool_true, sizeof(bool_true));
578	add_object_attribute(o, 0, CKA_EXTRACTABLE, &bool_true, sizeof(bool_true));
579	add_object_attribute(o, 0, CKA_NEVER_EXTRACTABLE, &bool_false, sizeof(bool_false));
580
581	add_pubkey_info(hxctx, o, key_type, cert);
582	}
583
584	ret = CKR_OK;
585	out:
586	if (ret != CKR_OK) {
587	st_logf("something went wrong when adding cert!\n");
588
589	/* XXX wack o */;
590	}
591	hx509_xfree(cert_data.data);
592	hx509_xfree(serial_data.data);
593	hx509_xfree(issuer_data.data);
594	hx509_xfree(subject_data.data);
595
596	return 0;
597	}
598
599	static CK_RV
600	add_certificate(const char *cert_file,
601	const char *pin,
602	char *id,
603	char *label)
604	{
605	hx509_certs certs;
606	hx509_lock lock = NULL;
607	int ret, flags = 0;
608
609	struct foo foo;
610	foo.id = id;
611	foo.label = label;
612
613	if (pin == NULL)
614	flags \|= HX509_CERTS_UNPROTECT_ALL;
615
616	if (pin) {
617	char *str;
618	asprintf(&str, "PASS:%s", pin);
619
620	hx509_lock_init(context, &lock);
621	hx509_lock_command_string(lock, str);
622
623	memset(str, 0, strlen(str));
624	free(str);
625	}
626
627	ret = hx509_certs_init(context, cert_file, flags, lock, &certs);
628	if (ret) {
629	st_logf("failed to open file %s\n", cert_file);
630	return CKR_GENERAL_ERROR;
631	}
632
633	ret = hx509_certs_iter_f(context, certs, add_cert, &foo);
634	hx509_certs_free(&certs);
635	if (ret) {
636	st_logf("failed adding certs from file %s\n", cert_file);
637	return CKR_GENERAL_ERROR;
638	}
639
640	return CKR_OK;
641	}
642
643	static void
644	find_object_final(struct session_state *state)
645	{
646	if (state->find.attributes) {
647	CK_ULONG i;
648
649	for (i = 0; i < state->find.num_attributes; i++) {
650	if (state->find.attributes[i].pValue)
651	free(state->find.attributes[i].pValue);
652	}
653	free(state->find.attributes);
654	state->find.attributes = NULL;
655	state->find.num_attributes = 0;
656	state->find.next_object = -1;
657	}
658	}
659
660	static void
661	reset_crypto_state(struct session_state *state)
662	{
663	state->sign_object = -1;
664	if (state->sign_mechanism)
665	free(state->sign_mechanism);
666	state->sign_mechanism = NULL_PTR;
667	state->verify_object = -1;
668	if (state->verify_mechanism)
669	free(state->verify_mechanism);
670	state->verify_mechanism = NULL_PTR;
671	}
672
673	static void
674	close_session(struct session_state *state)
675	{
676	if (state->find.attributes) {
677	application_error("application didn't do C_FindObjectsFinal\n");
678	find_object_final(state);
679	}
680
681	state->session_handle = CK_INVALID_HANDLE;
682	soft_token.application = NULL_PTR;
683	soft_token.notify = NULL_PTR;
684	reset_crypto_state(state);
685	}
686
687	static const char *
688	has_session(void)
689	{
690	return soft_token.open_sessions > 0 ? "yes" : "no";
691	}
692
693	static CK_RV
694	read_conf_file(const char fn, CK_USER_TYPE userType, const char pin)
695	{
696	char buf[1024], type, s, *p;
697	FILE *f;
698	CK_RV ret = CKR_OK;
699	CK_RV failed = CKR_OK;
700
701	if (fn == NULL) {
702	st_logf("Can't open configuration file. No file specified\n");
703	return CKR_GENERAL_ERROR;
704	}
705
706	f = fopen(fn, "r");
707	if (f == NULL) {
708	st_logf("can't open configuration file %s\n", fn);
709	return CKR_GENERAL_ERROR;
710	}
711	rk_cloexec_file(f);
712
713	while(fgets(buf, sizeof(buf), f) != NULL) {
714	buf[strcspn(buf, "\n")] = '\0';
715
716	st_logf("line: %s\n", buf);
717
718	p = buf;
719	while (isspace((unsigned char)*p))
720	p++;
721	if (*p == '#')
722	continue;
723	while (isspace((unsigned char)*p))
724	p++;
725
726	s = NULL;
727	type = strtok_r(p, "\t", &s);
728	if (type == NULL)
729	continue;
730
731	if (strcasecmp("certificate", type) == 0) {
732	char cert, id, *label;
733
734	id = strtok_r(NULL, "\t", &s);
735	if (id == NULL) {
736	st_logf("no id\n");
737	continue;
738	}
739	st_logf("id: %s\n", id);
740	label = strtok_r(NULL, "\t", &s);
741	if (label == NULL) {
742	st_logf("no label\n");
743	continue;
744	}
745	cert = strtok_r(NULL, "\t", &s);
746	if (cert == NULL) {
747	st_logf("no certfiicate store\n");
748	continue;
749	}
750
751	st_logf("adding: %s: %s in file %s\n", id, label, cert);
752
753	ret = add_certificate(cert, pin, id, label);
754	if (ret)
755	failed = ret;
756	} else if (strcasecmp("debug", type) == 0) {
757	char *name;
758
759	name = strtok_r(NULL, "\t", &s);
760	if (name == NULL) {
761	st_logf("no filename\n");
762	continue;
763	}
764
765	if (soft_token.logfile)
766	fclose(soft_token.logfile);
767
768	if (strcasecmp(name, "stdout") == 0)
769	soft_token.logfile = stdout;
770	else {
771	soft_token.logfile = fopen(name, "a");
772	if (soft_token.logfile)
773	rk_cloexec_file(soft_token.logfile);
774	}
775	if (soft_token.logfile == NULL)
776	st_logf("failed to open file: %s\n", name);
777
778	} else if (strcasecmp("app-fatal", type) == 0) {
779	char *name;
780
781	name = strtok_r(NULL, "\t", &s);
782	if (name == NULL) {
783	st_logf("argument to app-fatal\n");
784	continue;
785	}
786
787	if (strcmp(name, "true") == 0 \|\| strcmp(name, "on") == 0)
788	soft_token.flags.app_error_fatal = 1;
789	else if (strcmp(name, "false") == 0 \|\| strcmp(name, "off") == 0)
790	soft_token.flags.app_error_fatal = 0;
791	else
792	st_logf("unknown app-fatal: %s\n", name);
793
794	} else {
795	st_logf("unknown type: %s\n", type);
796	}
797	}
798
799	fclose(f);
800
801	return failed;
802	}
803
804	static CK_RV
805	func_not_supported(void)
806	{
807	st_logf("function not supported\n");
808	return CKR_FUNCTION_NOT_SUPPORTED;
809	}
810
811	static char *
812	get_config_file_for_user(void)
813	{
814	char *fn = NULL;
815
816	#ifndef _WIN32
817	char *home = NULL;
818
819	if (!issuid()) {
820	fn = getenv("SOFTPKCS11RC");
821	if (fn)
822	fn = strdup(fn);
823	home = getenv("HOME");
824	}
825	if (fn == NULL && home == NULL) {
826	struct passwd *pw = getpwuid(getuid());
827	if(pw != NULL)
828	home = pw->pw_dir;
829	}
830	if (fn == NULL) {
831	if (home)
832	asprintf(&fn, "%s/.soft-token.rc", home);
833	else
834	fn = strdup("/etc/soft-token.rc");
835	}
836	#else /* Windows */
837
838	char appdatafolder[MAX_PATH];
839
840	fn = getenv("SOFTPKCS11RC");
841
842	/* Retrieve the roaming AppData folder for the current user. The
843	current user is the user account represented by the current
844	thread token. */
845
846	if (fn == NULL &&
847	SUCCEEDED(SHGetFolderPath(NULL, CSIDL_APPDATA, NULL, SHGFP_TYPE_CURRENT, appdatafolder))) {
848
849	asprintf(&fn, "%s\\.soft-token.rc", appdatafolder);
850	}
851
852	#endif /* _WIN32 */
853
854	return fn;
855	}
856
857
858	CK_RV CK_SPEC
859	C_Initialize(CK_VOID_PTR a)
860	{
861	CK_C_INITIALIZE_ARGS_PTR args = a;
862	CK_RV ret;
863	size_t i;
864
865	st_logf("Initialize\n");
866
867	INIT_CONTEXT();
868
869	OpenSSL_add_all_algorithms();
870
871	srandom(getpid() ^ (int) time(NULL));
872
873	for (i = 0; i < MAX_NUM_SESSION; i++) {
874	soft_token.state[i].session_handle = CK_INVALID_HANDLE;
875	soft_token.state[i].find.attributes = NULL;
876	soft_token.state[i].find.num_attributes = 0;
877	soft_token.state[i].find.next_object = -1;
878	reset_crypto_state(&soft_token.state[i]);
879	}
880
881	soft_token.flags.hardware_slot = 1;
882	soft_token.flags.app_error_fatal = 0;
883	soft_token.flags.login_done = 0;
884
885	soft_token.object.objs = NULL;
886	soft_token.object.num_objs = 0;
887
888	soft_token.logfile = NULL;
889	#if 0
890	soft_token.logfile = stdout;
891	#endif
892	#if 0
893	soft_token.logfile = fopen("/tmp/log-pkcs11.txt", "a");
894	#endif
895
896	if (a != NULL_PTR) {
897	st_logf("\tCreateMutex:\t%p\n", args->CreateMutex);
898	st_logf("\tDestroyMutext\t%p\n", args->DestroyMutex);
899	st_logf("\tLockMutext\t%p\n", args->LockMutex);
900	st_logf("\tUnlockMutext\t%p\n", args->UnlockMutex);
901	st_logf("\tFlags\t%04x\n", (unsigned int)args->flags);
902	}
903
904	soft_token.config_file = get_config_file_for_user();
905
906	/*
907	* This operations doesn't return CKR_OK if any of the
908	* certificates failes to be unparsed (ie password protected).
909	*/
910	ret = read_conf_file(soft_token.config_file, CKU_USER, NULL);
911	if (ret == CKR_OK)
912	soft_token.flags.login_done = 1;
913
914	return CKR_OK;
915	}
916
917	CK_RV
918	C_Finalize(CK_VOID_PTR args)
919	{
920	size_t i;
921
922	INIT_CONTEXT();
923
924	st_logf("Finalize\n");
925
926	for (i = 0; i < MAX_NUM_SESSION; i++) {
927	if (soft_token.state[i].session_handle != CK_INVALID_HANDLE) {
928	application_error("application finalized without "
929	"closing session\n");
930	close_session(&soft_token.state[i]);
931	}
932	}
933
934	return CKR_OK;
935	}
936
937	CK_RV
938	C_GetInfo(CK_INFO_PTR args)
939	{
940	INIT_CONTEXT();
941
942	st_logf("GetInfo\n");
943
944	memset(args, 17, sizeof(*args));
945	args->cryptokiVersion.major = 2;
946	args->cryptokiVersion.minor = 10;
947	snprintf_fill((char *)args->manufacturerID,
948	sizeof(args->manufacturerID),
949	' ',
950	"Heimdal hx509 SoftToken");
951	snprintf_fill((char *)args->libraryDescription,
952	sizeof(args->libraryDescription), ' ',
953	"Heimdal hx509 SoftToken");
954	args->libraryVersion.major = 2;
955	args->libraryVersion.minor = 0;
956
957	return CKR_OK;
958	}
959
960	extern CK_FUNCTION_LIST funcs;
961
962	CK_RV
963	C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList)
964	{
965	INIT_CONTEXT();
966
967	*ppFunctionList = &funcs;
968	return CKR_OK;
969	}
970
971	CK_RV
972	C_GetSlotList(CK_BBOOL tokenPresent,
973	CK_SLOT_ID_PTR pSlotList,
974	CK_ULONG_PTR pulCount)
975	{
976	INIT_CONTEXT();
977	st_logf("GetSlotList: %s\n",
978	tokenPresent ? "tokenPresent" : "token not Present");
979	if (pSlotList)
980	pSlotList[0] = 1;
981	*pulCount = 1;
982	return CKR_OK;
983	}
984
985	CK_RV
986	C_GetSlotInfo(CK_SLOT_ID slotID,
987	CK_SLOT_INFO_PTR pInfo)
988	{
989	INIT_CONTEXT();
990	st_logf("GetSlotInfo: slot: %d : %s\n", (int)slotID, has_session());
991
992	memset(pInfo, 18, sizeof(*pInfo));
993
994	if (slotID != 1)
995	return CKR_ARGUMENTS_BAD;
996
997	snprintf_fill((char *)pInfo->slotDescription,
998	sizeof(pInfo->slotDescription),
999	' ',
1000	"Heimdal hx509 SoftToken (slot)");
1001	snprintf_fill((char *)pInfo->manufacturerID,
1002	sizeof(pInfo->manufacturerID),
1003	' ',
1004	"Heimdal hx509 SoftToken (slot)");
1005	pInfo->flags = CKF_TOKEN_PRESENT;
1006	if (soft_token.flags.hardware_slot)
1007	pInfo->flags \|= CKF_HW_SLOT;
1008	pInfo->hardwareVersion.major = 1;
1009	pInfo->hardwareVersion.minor = 0;
1010	pInfo->firmwareVersion.major = 1;
1011	pInfo->firmwareVersion.minor = 0;
1012
1013	return CKR_OK;
1014	}
1015
1016	CK_RV
1017	C_GetTokenInfo(CK_SLOT_ID slotID,
1018	CK_TOKEN_INFO_PTR pInfo)
1019	{
1020	INIT_CONTEXT();
1021	st_logf("GetTokenInfo: %s\n", has_session());
1022
1023	memset(pInfo, 19, sizeof(*pInfo));
1024
1025	snprintf_fill((char *)pInfo->label,
1026	sizeof(pInfo->label),
1027	' ',
1028	"Heimdal hx509 SoftToken (token)");
1029	snprintf_fill((char *)pInfo->manufacturerID,
1030	sizeof(pInfo->manufacturerID),
1031	' ',
1032	"Heimdal hx509 SoftToken (token)");
1033	snprintf_fill((char *)pInfo->model,
1034	sizeof(pInfo->model),
1035	' ',
1036	"Heimdal hx509 SoftToken (token)");
1037	snprintf_fill((char *)pInfo->serialNumber,
1038	sizeof(pInfo->serialNumber),
1039	' ',
1040	"4711");
1041	pInfo->flags =
1042	CKF_TOKEN_INITIALIZED \|
1043	CKF_USER_PIN_INITIALIZED;
1044
1045	if (soft_token.flags.login_done == 0)
1046	pInfo->flags \|= CKF_LOGIN_REQUIRED;
1047
1048	/* CFK_RNG \|
1049	CKF_RESTORE_KEY_NOT_NEEDED \|
1050	*/
1051	pInfo->ulMaxSessionCount = MAX_NUM_SESSION;
1052	pInfo->ulSessionCount = soft_token.open_sessions;
1053	pInfo->ulMaxRwSessionCount = MAX_NUM_SESSION;
1054	pInfo->ulRwSessionCount = soft_token.open_sessions;
1055	pInfo->ulMaxPinLen = 1024;
1056	pInfo->ulMinPinLen = 0;
1057	pInfo->ulTotalPublicMemory = 4711;
1058	pInfo->ulFreePublicMemory = 4712;
1059	pInfo->ulTotalPrivateMemory = 4713;
1060	pInfo->ulFreePrivateMemory = 4714;
1061	pInfo->hardwareVersion.major = 2;
1062	pInfo->hardwareVersion.minor = 0;
1063	pInfo->firmwareVersion.major = 2;
1064	pInfo->firmwareVersion.minor = 0;
1065
1066	return CKR_OK;
1067	}
1068
1069	CK_RV
1070	C_GetMechanismList(CK_SLOT_ID slotID,
1071	CK_MECHANISM_TYPE_PTR pMechanismList,
1072	CK_ULONG_PTR pulCount)
1073	{
1074	INIT_CONTEXT();
1075	st_logf("GetMechanismList\n");
1076
1077	*pulCount = 1;
1078	if (pMechanismList == NULL_PTR)
1079	return CKR_OK;
1080	pMechanismList[1] = CKM_RSA_PKCS;
1081
1082	return CKR_OK;
1083	}
1084
1085	CK_RV
1086	C_GetMechanismInfo(CK_SLOT_ID slotID,
1087	CK_MECHANISM_TYPE type,
1088	CK_MECHANISM_INFO_PTR pInfo)
1089	{
1090	INIT_CONTEXT();
1091	st_logf("GetMechanismInfo: slot %d type: %d\n",
1092	(int)slotID, (int)type);
1093	memset(pInfo, 0, sizeof(*pInfo));
1094
1095	return CKR_OK;
1096	}
1097
1098	CK_RV
1099	C_InitToken(CK_SLOT_ID slotID,
1100	CK_UTF8CHAR_PTR pPin,
1101	CK_ULONG ulPinLen,
1102	CK_UTF8CHAR_PTR pLabel)
1103	{
1104	INIT_CONTEXT();
1105	st_logf("InitToken: slot %d\n", (int)slotID);
1106	return CKR_FUNCTION_NOT_SUPPORTED;
1107	}
1108
1109	CK_RV
1110	C_OpenSession(CK_SLOT_ID slotID,
1111	CK_FLAGS flags,
1112	CK_VOID_PTR pApplication,
1113	CK_NOTIFY Notify,
1114	CK_SESSION_HANDLE_PTR phSession)
1115	{
1116	size_t i;
1117	INIT_CONTEXT();
1118	st_logf("OpenSession: slot: %d\n", (int)slotID);
1119
1120	if (soft_token.open_sessions == MAX_NUM_SESSION)
1121	return CKR_SESSION_COUNT;
1122
1123	soft_token.application = pApplication;
1124	soft_token.notify = Notify;
1125
1126	for (i = 0; i < MAX_NUM_SESSION; i++)
1127	if (soft_token.state[i].session_handle == CK_INVALID_HANDLE)
1128	break;
1129	if (i == MAX_NUM_SESSION)
1130	abort();
1131
1132	soft_token.open_sessions++;
1133
1134	soft_token.state[i].session_handle =
1135	(CK_SESSION_HANDLE)(random() & 0xfffff);
1136	*phSession = soft_token.state[i].session_handle;
1137
1138	return CKR_OK;
1139	}
1140
1141	CK_RV
1142	C_CloseSession(CK_SESSION_HANDLE hSession)
1143	{
1144	struct session_state *state;
1145	INIT_CONTEXT();
1146	st_logf("CloseSession\n");
1147
1148	if (verify_session_handle(hSession, &state) != CKR_OK)
1149	application_error("closed session not open");
1150	else
1151	close_session(state);
1152
1153	return CKR_OK;
1154	}
1155
1156	CK_RV
1157	C_CloseAllSessions(CK_SLOT_ID slotID)
1158	{
1159	size_t i;
1160	INIT_CONTEXT();
1161
1162	st_logf("CloseAllSessions\n");
1163
1164	for (i = 0; i < MAX_NUM_SESSION; i++)
1165	if (soft_token.state[i].session_handle != CK_INVALID_HANDLE)
1166	close_session(&soft_token.state[i]);
1167
1168	return CKR_OK;
1169	}
1170
1171	CK_RV
1172	C_GetSessionInfo(CK_SESSION_HANDLE hSession,
1173	CK_SESSION_INFO_PTR pInfo)
1174	{
1175	st_logf("GetSessionInfo\n");
1176	INIT_CONTEXT();
1177
1178	VERIFY_SESSION_HANDLE(hSession, NULL);
1179
1180	memset(pInfo, 20, sizeof(*pInfo));
1181
1182	pInfo->slotID = 1;
1183	if (soft_token.flags.login_done)
1184	pInfo->state = CKS_RO_USER_FUNCTIONS;
1185	else
1186	pInfo->state = CKS_RO_PUBLIC_SESSION;
1187	pInfo->flags = CKF_SERIAL_SESSION;
1188	pInfo->ulDeviceError = 0;
1189
1190	return CKR_OK;
1191	}
1192
1193	CK_RV
1194	C_Login(CK_SESSION_HANDLE hSession,
1195	CK_USER_TYPE userType,
1196	CK_UTF8CHAR_PTR pPin,
1197	CK_ULONG ulPinLen)
1198	{
1199	char *pin = NULL;
1200	CK_RV ret;
1201	INIT_CONTEXT();
1202
1203	st_logf("Login\n");
1204
1205	VERIFY_SESSION_HANDLE(hSession, NULL);
1206
1207	if (pPin != NULL_PTR) {
1208	asprintf(&pin, "%.*s", (int)ulPinLen, pPin);
1209	st_logf("type: %d password: %s\n", (int)userType, pin);
1210	}
1211
1212	/*
1213	* Login
1214	*/
1215
1216	ret = read_conf_file(soft_token.config_file, userType, pin);
1217	if (ret == CKR_OK)
1218	soft_token.flags.login_done = 1;
1219
1220	free(pin);
1221
1222	return soft_token.flags.login_done ? CKR_OK : CKR_PIN_INCORRECT;
1223	}
1224
1225	CK_RV
1226	C_Logout(CK_SESSION_HANDLE hSession)
1227	{
1228	st_logf("Logout\n");
1229	INIT_CONTEXT();
1230
1231	VERIFY_SESSION_HANDLE(hSession, NULL);
1232	return CKR_FUNCTION_NOT_SUPPORTED;
1233	}
1234
1235	CK_RV
1236	C_GetObjectSize(CK_SESSION_HANDLE hSession,
1237	CK_OBJECT_HANDLE hObject,
1238	CK_ULONG_PTR pulSize)
1239	{
1240	st_logf("GetObjectSize\n");
1241	INIT_CONTEXT();
1242
1243	VERIFY_SESSION_HANDLE(hSession, NULL);
1244	return CKR_FUNCTION_NOT_SUPPORTED;
1245	}
1246
1247	CK_RV
1248	C_GetAttributeValue(CK_SESSION_HANDLE hSession,
1249	CK_OBJECT_HANDLE hObject,
1250	CK_ATTRIBUTE_PTR pTemplate,
1251	CK_ULONG ulCount)
1252	{
1253	struct session_state *state;
1254	struct st_object *obj;
1255	CK_ULONG i;
1256	CK_RV ret;
1257	int j;
1258
1259	INIT_CONTEXT();
1260
1261	st_logf("GetAttributeValue: %lx\n",
1262	(unsigned long)HANDLE_OBJECT_ID(hObject));
1263	VERIFY_SESSION_HANDLE(hSession, &state);
1264
1265	if ((ret = object_handle_to_object(hObject, &obj)) != CKR_OK) {
1266	st_logf("object not found: %lx\n",
1267	(unsigned long)HANDLE_OBJECT_ID(hObject));
1268	return ret;
1269	}
1270
1271	for (i = 0; i < ulCount; i++) {
1272	st_logf(" getting 0x%08lx\n", (unsigned long)pTemplate[i].type);
1273	for (j = 0; j < obj->num_attributes; j++) {
1274	if (obj->attrs[j].secret) {
1275	pTemplate[i].ulValueLen = (CK_ULONG)-1;
1276	break;
1277	}
1278	if (pTemplate[i].type == obj->attrs[j].attribute.type) {
1279	if (pTemplate[i].pValue != NULL_PTR && obj->attrs[j].secret == 0) {
1280	if (pTemplate[i].ulValueLen >= obj->attrs[j].attribute.ulValueLen)
1281	memcpy(pTemplate[i].pValue, obj->attrs[j].attribute.pValue,
1282	obj->attrs[j].attribute.ulValueLen);
1283	}
1284	pTemplate[i].ulValueLen = obj->attrs[j].attribute.ulValueLen;
1285	break;
1286	}
1287	}
1288	if (j == obj->num_attributes) {
1289	st_logf("key type: 0x%08lx not found\n", (unsigned long)pTemplate[i].type);
1290	pTemplate[i].ulValueLen = (CK_ULONG)-1;
1291	}
1292
1293	}
1294	return CKR_OK;
1295	}
1296
1297	CK_RV
1298	C_FindObjectsInit(CK_SESSION_HANDLE hSession,
1299	CK_ATTRIBUTE_PTR pTemplate,
1300	CK_ULONG ulCount)
1301	{
1302	struct session_state *state;
1303
1304	st_logf("FindObjectsInit\n");
1305
1306	INIT_CONTEXT();
1307
1308	VERIFY_SESSION_HANDLE(hSession, &state);
1309
1310	if (state->find.next_object != -1) {
1311	application_error("application didn't do C_FindObjectsFinal\n");
1312	find_object_final(state);
1313	}
1314	if (ulCount) {
1315	CK_ULONG i;
1316
1317	print_attributes(pTemplate, ulCount);
1318
1319	state->find.attributes =
1320	calloc(1, ulCount * sizeof(state->find.attributes[0]));
1321	if (state->find.attributes == NULL)
1322	return CKR_DEVICE_MEMORY;
1323	for (i = 0; i < ulCount; i++) {
1324	state->find.attributes[i].pValue =
1325	malloc(pTemplate[i].ulValueLen);
1326	if (state->find.attributes[i].pValue == NULL) {
1327	find_object_final(state);
1328	return CKR_DEVICE_MEMORY;
1329	}
1330	memcpy(state->find.attributes[i].pValue,
1331	pTemplate[i].pValue, pTemplate[i].ulValueLen);
1332	state->find.attributes[i].type = pTemplate[i].type;
1333	state->find.attributes[i].ulValueLen = pTemplate[i].ulValueLen;
1334	}
1335	state->find.num_attributes = ulCount;
1336	state->find.next_object = 0;
1337	} else {
1338	st_logf("find all objects\n");
1339	state->find.attributes = NULL;
1340	state->find.num_attributes = 0;
1341	state->find.next_object = 0;
1342	}
1343
1344	return CKR_OK;
1345	}
1346
1347	CK_RV
1348	C_FindObjects(CK_SESSION_HANDLE hSession,
1349	CK_OBJECT_HANDLE_PTR phObject,
1350	CK_ULONG ulMaxObjectCount,
1351	CK_ULONG_PTR pulObjectCount)
1352	{
1353	struct session_state *state;
1354	int i;
1355
1356	INIT_CONTEXT();
1357
1358	st_logf("FindObjects\n");
1359
1360	VERIFY_SESSION_HANDLE(hSession, &state);
1361
1362	if (state->find.next_object == -1) {
1363	application_error("application didn't do C_FindObjectsInit\n");
1364	return CKR_ARGUMENTS_BAD;
1365	}
1366	if (ulMaxObjectCount == 0) {
1367	application_error("application asked for 0 objects\n");
1368	return CKR_ARGUMENTS_BAD;
1369	}
1370	*pulObjectCount = 0;
1371	for (i = state->find.next_object; i < soft_token.object.num_objs; i++) {
1372	st_logf("FindObjects: %d\n", i);
1373	state->find.next_object = i + 1;
1374	if (attributes_match(soft_token.object.objs[i],
1375	state->find.attributes,
1376	state->find.num_attributes)) {
1377	*phObject++ = soft_token.object.objs[i]->object_handle;
1378	ulMaxObjectCount--;
1379	(*pulObjectCount)++;
1380	if (ulMaxObjectCount == 0)
1381	break;
1382	}
1383	}
1384	return CKR_OK;
1385	}
1386
1387	CK_RV
1388	C_FindObjectsFinal(CK_SESSION_HANDLE hSession)
1389	{
1390	struct session_state *state;
1391
1392	INIT_CONTEXT();
1393
1394	st_logf("FindObjectsFinal\n");
1395	VERIFY_SESSION_HANDLE(hSession, &state);
1396	find_object_final(state);
1397	return CKR_OK;
1398	}
1399
1400	static CK_RV
1401	commonInit(CK_ATTRIBUTE *attr_match, int attr_match_len,
1402	const CK_MECHANISM_TYPE *mechs, int mechs_len,
1403	const CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey,
1404	struct st_object **o)
1405	{
1406	CK_RV ret;
1407	int i;
1408
1409	*o = NULL;
1410	if ((ret = object_handle_to_object(hKey, o)) != CKR_OK)
1411	return ret;
1412
1413	ret = attributes_match(*o, attr_match, attr_match_len);
1414	if (!ret) {
1415	application_error("called commonInit on key that doesn't "
1416	"support required attr");
1417	return CKR_ARGUMENTS_BAD;
1418	}
1419
1420	for (i = 0; i < mechs_len; i++)
1421	if (mechs[i] == pMechanism->mechanism)
1422	break;
1423	if (i == mechs_len) {
1424	application_error("called mech (%08lx) not supported\n",
1425	pMechanism->mechanism);
1426	return CKR_ARGUMENTS_BAD;
1427	}
1428	return CKR_OK;
1429	}
1430
1431
1432	static CK_RV
1433	dup_mechanism(CK_MECHANISM_PTR *dp, const CK_MECHANISM_PTR pMechanism)
1434	{
1435	CK_MECHANISM_PTR p;
1436
1437	p = malloc(sizeof(*p));
1438	if (p == NULL)
1439	return CKR_DEVICE_MEMORY;
1440
1441	if (*dp)
1442	free(*dp);
1443	*dp = p;
1444	memcpy(p, pMechanism, sizeof(*p));
1445
1446	return CKR_OK;
1447	}
1448
1449	CK_RV
1450	C_DigestInit(CK_SESSION_HANDLE hSession,
1451	CK_MECHANISM_PTR pMechanism)
1452	{
1453	st_logf("DigestInit\n");
1454	INIT_CONTEXT();
1455	VERIFY_SESSION_HANDLE(hSession, NULL);
1456	return CKR_FUNCTION_NOT_SUPPORTED;
1457	}
1458
1459	CK_RV
1460	C_SignInit(CK_SESSION_HANDLE hSession,
1461	CK_MECHANISM_PTR pMechanism,
1462	CK_OBJECT_HANDLE hKey)
1463	{
1464	struct session_state *state;
1465	CK_MECHANISM_TYPE mechs[] = { CKM_RSA_PKCS };
1466	CK_BBOOL bool_true = CK_TRUE;
1467	CK_ATTRIBUTE attr[] = {
1468	{ CKA_SIGN, &bool_true, sizeof(bool_true) }
1469	};
1470	struct st_object *o;
1471	CK_RV ret;
1472
1473	INIT_CONTEXT();
1474	st_logf("SignInit\n");
1475	VERIFY_SESSION_HANDLE(hSession, &state);
1476
1477	ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]),
1478	mechs, sizeof(mechs)/sizeof(mechs[0]),
1479	pMechanism, hKey, &o);
1480	if (ret)
1481	return ret;
1482
1483	ret = dup_mechanism(&state->sign_mechanism, pMechanism);
1484	if (ret == CKR_OK)
1485	state->sign_object = OBJECT_ID(o);
1486
1487	return CKR_OK;
1488	}
1489
1490	CK_RV
1491	C_Sign(CK_SESSION_HANDLE hSession,
1492	CK_BYTE_PTR pData,
1493	CK_ULONG ulDataLen,
1494	CK_BYTE_PTR pSignature,
1495	CK_ULONG_PTR pulSignatureLen)
1496	{
1497	struct session_state *state;
1498	struct st_object *o;
1499	CK_RV ret;
1500	int hret;
1501	const AlgorithmIdentifier *alg;
1502	heim_octet_string sig, data;
1503
1504	INIT_CONTEXT();
1505	st_logf("Sign\n");
1506	VERIFY_SESSION_HANDLE(hSession, &state);
1507
1508	sig.data = NULL;
1509	sig.length = 0;
1510
1511	if (state->sign_object == -1)
1512	return CKR_ARGUMENTS_BAD;
1513
1514	if (pulSignatureLen == NULL) {
1515	st_logf("signature len NULL\n");
1516	ret = CKR_ARGUMENTS_BAD;
1517	goto out;
1518	}
1519
1520	if (pData == NULL_PTR) {
1521	st_logf("data NULL\n");
1522	ret = CKR_ARGUMENTS_BAD;
1523	goto out;
1524	}
1525
1526	o = soft_token.object.objs[state->sign_object];
1527
1528	if (hx509_cert_have_private_key(o->cert) == 0) {
1529	st_logf("private key NULL\n");
1530	return CKR_ARGUMENTS_BAD;
1531	}
1532
1533	switch(state->sign_mechanism->mechanism) {
1534	case CKM_RSA_PKCS:
1535	alg = hx509_signature_rsa_pkcs1_x509();
1536	break;
1537	default:
1538	ret = CKR_FUNCTION_NOT_SUPPORTED;
1539	goto out;
1540	}
1541
1542	data.data = pData;
1543	data.length = ulDataLen;
1544
1545	hret = _hx509_create_signature(context,
1546	_hx509_cert_private_key(o->cert),
1547	alg,
1548	&data,
1549	NULL,
1550	&sig);
1551	if (hret) {
1552	ret = CKR_DEVICE_ERROR;
1553	goto out;
1554	}
1555	*pulSignatureLen = sig.length;
1556
1557	if (pSignature != NULL_PTR)
1558	memcpy(pSignature, sig.data, sig.length);
1559
1560	ret = CKR_OK;
1561	out:
1562	if (sig.data) {
1563	memset(sig.data, 0, sig.length);
1564	der_free_octet_string(&sig);
1565	}
1566	return ret;
1567	}
1568
1569	CK_RV
1570	C_SignUpdate(CK_SESSION_HANDLE hSession,
1571	CK_BYTE_PTR pPart,
1572	CK_ULONG ulPartLen)
1573	{
1574	INIT_CONTEXT();
1575	st_logf("SignUpdate\n");
1576	VERIFY_SESSION_HANDLE(hSession, NULL);
1577	return CKR_FUNCTION_NOT_SUPPORTED;
1578	}
1579
1580
1581	CK_RV
1582	C_SignFinal(CK_SESSION_HANDLE hSession,
1583	CK_BYTE_PTR pSignature,
1584	CK_ULONG_PTR pulSignatureLen)
1585	{
1586	INIT_CONTEXT();
1587	st_logf("SignUpdate\n");
1588	VERIFY_SESSION_HANDLE(hSession, NULL);
1589	return CKR_FUNCTION_NOT_SUPPORTED;
1590	}
1591
1592	CK_RV
1593	C_VerifyInit(CK_SESSION_HANDLE hSession,
1594	CK_MECHANISM_PTR pMechanism,
1595	CK_OBJECT_HANDLE hKey)
1596	{
1597	struct session_state *state;
1598	CK_MECHANISM_TYPE mechs[] = { CKM_RSA_PKCS };
1599	CK_BBOOL bool_true = CK_TRUE;
1600	CK_ATTRIBUTE attr[] = {
1601	{ CKA_VERIFY, &bool_true, sizeof(bool_true) }
1602	};
1603	struct st_object *o;
1604	CK_RV ret;
1605
1606	INIT_CONTEXT();
1607	st_logf("VerifyInit\n");
1608	VERIFY_SESSION_HANDLE(hSession, &state);
1609
1610	ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]),
1611	mechs, sizeof(mechs)/sizeof(mechs[0]),
1612	pMechanism, hKey, &o);
1613	if (ret)
1614	return ret;
1615
1616	ret = dup_mechanism(&state->verify_mechanism, pMechanism);
1617	if (ret == CKR_OK)
1618	state->verify_object = OBJECT_ID(o);
1619
1620	return ret;
1621	}
1622
1623	CK_RV
1624	C_Verify(CK_SESSION_HANDLE hSession,
1625	CK_BYTE_PTR pData,
1626	CK_ULONG ulDataLen,
1627	CK_BYTE_PTR pSignature,
1628	CK_ULONG ulSignatureLen)
1629	{
1630	struct session_state *state;
1631	struct st_object *o;
1632	const AlgorithmIdentifier *alg;
1633	CK_RV ret;
1634	int hret;
1635	heim_octet_string data, sig;
1636
1637	INIT_CONTEXT();
1638	st_logf("Verify\n");
1639	VERIFY_SESSION_HANDLE(hSession, &state);
1640
1641	if (state->verify_object == -1)
1642	return CKR_ARGUMENTS_BAD;
1643
1644	o = soft_token.object.objs[state->verify_object];
1645
1646	switch(state->verify_mechanism->mechanism) {
1647	case CKM_RSA_PKCS:
1648	alg = hx509_signature_rsa_pkcs1_x509();
1649	break;
1650	default:
1651	ret = CKR_FUNCTION_NOT_SUPPORTED;
1652	goto out;
1653	}
1654
1655	sig.data = pData;
1656	sig.length = ulDataLen;
1657	data.data = pSignature;
1658	data.length = ulSignatureLen;
1659
1660	hret = _hx509_verify_signature(context,
1661	o->cert,
1662	alg,
1663	&data,
1664	&sig);
1665	if (hret) {
1666	ret = CKR_GENERAL_ERROR;
1667	goto out;
1668	}
1669	ret = CKR_OK;
1670
1671	out:
1672	return ret;
1673	}
1674
1675
1676	CK_RV
1677	C_VerifyUpdate(CK_SESSION_HANDLE hSession,
1678	CK_BYTE_PTR pPart,
1679	CK_ULONG ulPartLen)
1680	{
1681	INIT_CONTEXT();
1682	st_logf("VerifyUpdate\n");
1683	VERIFY_SESSION_HANDLE(hSession, NULL);
1684	return CKR_FUNCTION_NOT_SUPPORTED;
1685	}
1686
1687	CK_RV
1688	C_VerifyFinal(CK_SESSION_HANDLE hSession,
1689	CK_BYTE_PTR pSignature,
1690	CK_ULONG ulSignatureLen)
1691	{
1692	INIT_CONTEXT();
1693	st_logf("VerifyFinal\n");
1694	VERIFY_SESSION_HANDLE(hSession, NULL);
1695	return CKR_FUNCTION_NOT_SUPPORTED;
1696	}
1697
1698	CK_RV
1699	C_GenerateRandom(CK_SESSION_HANDLE hSession,
1700	CK_BYTE_PTR RandomData,
1701	CK_ULONG ulRandomLen)
1702	{
1703	INIT_CONTEXT();
1704	st_logf("GenerateRandom\n");
1705	VERIFY_SESSION_HANDLE(hSession, NULL);
1706	return CKR_FUNCTION_NOT_SUPPORTED;
1707	}
1708
1709
1710	CK_FUNCTION_LIST funcs = {
1711	{ 2, 11 },
1712	C_Initialize,
1713	C_Finalize,
1714	C_GetInfo,
1715	C_GetFunctionList,
1716	C_GetSlotList,
1717	C_GetSlotInfo,
1718	C_GetTokenInfo,
1719	C_GetMechanismList,
1720	C_GetMechanismInfo,
1721	C_InitToken,
1722	(void )func_not_supported, / C_InitPIN */
1723	(void )func_not_supported, / C_SetPIN */
1724	C_OpenSession,
1725	C_CloseSession,
1726	C_CloseAllSessions,
1727	C_GetSessionInfo,
1728	(void )func_not_supported, / C_GetOperationState */
1729	(void )func_not_supported, / C_SetOperationState */
1730	C_Login,
1731	C_Logout,
1732	(void )func_not_supported, / C_CreateObject */
1733	(void )func_not_supported, / C_CopyObject */
1734	(void )func_not_supported, / C_DestroyObject */
1735	(void )func_not_supported, / C_GetObjectSize */
1736	C_GetAttributeValue,
1737	(void )func_not_supported, / C_SetAttributeValue */
1738	C_FindObjectsInit,
1739	C_FindObjects,
1740	C_FindObjectsFinal,
1741	(void )func_not_supported, / C_EncryptInit, */
1742	(void )func_not_supported, / C_Encrypt, */
1743	(void )func_not_supported, / C_EncryptUpdate, */
1744	(void )func_not_supported, / C_EncryptFinal, */
1745	(void )func_not_supported, / C_DecryptInit, */
1746	(void )func_not_supported, / C_Decrypt, */
1747	(void )func_not_supported, / C_DecryptUpdate, */
1748	(void )func_not_supported, / C_DecryptFinal, */
1749	C_DigestInit,
1750	(void )func_not_supported, / C_Digest */
1751	(void )func_not_supported, / C_DigestUpdate */
1752	(void )func_not_supported, / C_DigestKey */
1753	(void )func_not_supported, / C_DigestFinal */
1754	C_SignInit,
1755	C_Sign,
1756	C_SignUpdate,
1757	C_SignFinal,
1758	(void )func_not_supported, / C_SignRecoverInit */
1759	(void )func_not_supported, / C_SignRecover */
1760	C_VerifyInit,
1761	C_Verify,
1762	C_VerifyUpdate,
1763	C_VerifyFinal,
1764	(void )func_not_supported, / C_VerifyRecoverInit */
1765	(void )func_not_supported, / C_VerifyRecover */
1766	(void )func_not_supported, / C_DigestEncryptUpdate */
1767	(void )func_not_supported, / C_DecryptDigestUpdate */
1768	(void )func_not_supported, / C_SignEncryptUpdate */
1769	(void )func_not_supported, / C_DecryptVerifyUpdate */
1770	(void )func_not_supported, / C_GenerateKey */
1771	(void )func_not_supported, / C_GenerateKeyPair */
1772	(void )func_not_supported, / C_WrapKey */
1773	(void )func_not_supported, / C_UnwrapKey */
1774	(void )func_not_supported, / C_DeriveKey */
1775	(void )func_not_supported, / C_SeedRandom */
1776	C_GenerateRandom,
1777	(void )func_not_supported, / C_GetFunctionStatus */
1778	(void )func_not_supported, / C_CancelFunction */
1779	(void )func_not_supported / C_WaitForSlotEvent */
1780	};

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: heimdal/trunk/lib/hx509/softp11.c@ 4

Download in other formats: