gnome-keyring r1406 - in trunk: . pkcs11/dot-ssh pkcs11/gck pkcs11/gck/tests
- From: nnielsen svn gnome org
- To: svn-commits-list gnome org
- Subject: gnome-keyring r1406 - in trunk: . pkcs11/dot-ssh pkcs11/gck pkcs11/gck/tests
- Date: Tue, 23 Dec 2008 16:20:14 +0000 (UTC)
Author: nnielsen
Date: Tue Dec 23 16:20:14 2008
New Revision: 1406
URL: http://svn.gnome.org/viewvc/gnome-keyring?rev=1406&view=rev
Log:
* pkcs11/dot-ssh/gck-ssh-module.c:
* pkcs11/dot-ssh/gck-ssh-module.h:
* pkcs11/dot-ssh/gck-ssh-openssh.c:
* pkcs11/dot-ssh/gck-ssh-standalone.c: (added)
* pkcs11/dot-ssh/Makefile.am:
* pkcs11/gck/gck-module.c:
* pkcs11/gck/gck-module.h:
* pkcs11/gck/gck-module-ep.h:
* pkcs11/gck/gck-object.c:
* pkcs11/gck/gck-session.c:
* pkcs11/gck/gck-session.h:
* pkcs11/gck/Makefile.am:
* pkcs11/gck/tests/unit-test-data-openssl.c: Assemble SSH PKCS#11 component
into a standalone module.
* pkcs11/dot-ssh/gck-crypto.c:
* pkcs11/dot-ssh/gck-data-asn1.c:
* pkcs11/dot-ssh/gck-data-der.c:
* pkcs11/dot-ssh/gck-data-openssl.c:
* pkcs11/dot-ssh/gck-data-pem.c: Use libgcrypt secure functions
as the interface for allocating secure memory.
Added:
trunk/pkcs11/dot-ssh/gck-ssh-standalone.c
Modified:
trunk/ChangeLog
trunk/pkcs11/dot-ssh/Makefile.am
trunk/pkcs11/dot-ssh/gck-ssh-module.c
trunk/pkcs11/dot-ssh/gck-ssh-module.h
trunk/pkcs11/dot-ssh/gck-ssh-openssh.c
trunk/pkcs11/gck/Makefile.am
trunk/pkcs11/gck/gck-crypto.c
trunk/pkcs11/gck/gck-data-asn1.c
trunk/pkcs11/gck/gck-data-der.c
trunk/pkcs11/gck/gck-data-openssl.c
trunk/pkcs11/gck/gck-data-pem.c
trunk/pkcs11/gck/gck-module-ep.h
trunk/pkcs11/gck/gck-module.c
trunk/pkcs11/gck/gck-module.h
trunk/pkcs11/gck/gck-object.c
trunk/pkcs11/gck/gck-session.c
trunk/pkcs11/gck/gck-session.h
trunk/pkcs11/gck/tests/unit-test-data-openssl.c
Modified: trunk/pkcs11/dot-ssh/Makefile.am
==============================================================================
--- trunk/pkcs11/dot-ssh/Makefile.am (original)
+++ trunk/pkcs11/dot-ssh/Makefile.am Tue Dec 23 16:20:14 2008
@@ -7,11 +7,12 @@
$(LIBGCRYPT_CFLAGS) \
$(GLIB_CFLAGS)
+
# ------------------------------------------------------------------------------
-# The openssh component code
+# The dot-ssh component code
noinst_LTLIBRARIES = \
- libgck-dot-ssh.la
+ libgck-dot-ssh.la
libgck_dot_ssh_la_SOURCES = \
gck-ssh-module.c gck-ssh-module.h \
@@ -19,11 +20,32 @@
gck-ssh-private-key.c gck-ssh-private-key.h \
gck-ssh-public-key.c gck-ssh-public-key.h
-libgck_dot_ssh_la_LIBADD = \
+# ------------------------------------------------------------------------------
+# The standalone module
+
+moduledir = $(libdir)/gnome-keyring/standalone/
+
+module_LTLIBRARIES = \
+ gck-dot-ssh-module.la
+
+gck_dot_ssh_module_la_LDFLAGS = \
+ -module -avoid-version \
+ -no-undefined -export-symbols-regex 'C_GetFunctionList'
+
+gck_dot_ssh_module_la_SOURCES = \
+ gck-ssh-standalone.c
+
+gck_dot_ssh_module_la_LIBADD = \
+ libgck-dot-ssh.la \
+ $(top_builddir)/pkcs11/gck/libgck.la \
+ $(top_builddir)/common/libgkr-module-common.la \
+ $(GOBJECT_LIBS) \
+ $(GTHREAD_LIBS) \
$(GLIB_LIBS) \
- $(LIBGCRYPT_LIBS) \
- $(top_builddir)/pkcs11/gck/libgck.la
-
+ $(LIBTASN1_LIBS) \
+ $(LIBGCRYPT_LIBS)
+
+
# -------------------------------------------------------------------------------
if WITH_TESTS
Modified: trunk/pkcs11/dot-ssh/gck-ssh-module.c
==============================================================================
--- trunk/pkcs11/dot-ssh/gck-ssh-module.c (original)
+++ trunk/pkcs11/dot-ssh/gck-ssh-module.c Tue Dec 23 16:20:14 2008
@@ -30,14 +30,52 @@
#include <string.h>
struct _GckSshModule {
- GObject parent;
+ GckModule parent;
GckFileTracker *tracker;
GHashTable *keys_by_path;
};
+static const CK_SLOT_INFO gck_ssh_module_slot_info = {
+ "SSH Keys",
+ "Gnome Keyring",
+ CKF_TOKEN_PRESENT,
+ { 0, 0 },
+ { 0, 0 }
+};
+
+static const CK_TOKEN_INFO gck_ssh_module_token_info = {
+ "SSH Keys",
+ "Gnome Keyring",
+ "1.0",
+ "1",
+ CKF_TOKEN_INITIALIZED | CKF_WRITE_PROTECTED,
+ CK_EFFECTIVELY_INFINITE,
+ CK_EFFECTIVELY_INFINITE,
+ CK_EFFECTIVELY_INFINITE,
+ CK_EFFECTIVELY_INFINITE,
+ 1024,
+ 1,
+ CK_UNAVAILABLE_INFORMATION,
+ CK_UNAVAILABLE_INFORMATION,
+ CK_UNAVAILABLE_INFORMATION,
+ CK_UNAVAILABLE_INFORMATION,
+ { 0, 0 },
+ { 0, 0 },
+ ""
+};
+
+
G_DEFINE_TYPE (GckSshModule, gck_ssh_module, GCK_TYPE_MODULE);
/* -----------------------------------------------------------------------------
+ * ACTUAL PKCS#11 Module Implementation
+ */
+
+/* Include all the module entry points */
+#include "gck/gck-module-ep.h"
+GCK_DEFINE_MODULE (gck_ssh_module, GCK_TYPE_SSH_MODULE);
+
+/* -----------------------------------------------------------------------------
* INTERNAL
*/
@@ -175,9 +213,7 @@
gobject_class->finalize = gck_ssh_module_finalize;
module_class->refresh_token = gck_ssh_module_real_refresh_token;
+
+ module_class->slot_info = &gck_ssh_module_slot_info;
+ module_class->token_info = &gck_ssh_module_token_info;
}
-
-/* -----------------------------------------------------------------------------
- * PUBLIC
- */
-
Modified: trunk/pkcs11/dot-ssh/gck-ssh-module.h
==============================================================================
--- trunk/pkcs11/dot-ssh/gck-ssh-module.h (original)
+++ trunk/pkcs11/dot-ssh/gck-ssh-module.h Tue Dec 23 16:20:14 2008
@@ -40,6 +40,8 @@
GckModuleClass parent_class;
};
+GCK_DECLARE_MODULE (gck_ssh_module);
+
GType gck_ssh_module_get_type (void);
#endif /* __GCK_SSH_MODULE_H__ */
Modified: trunk/pkcs11/dot-ssh/gck-ssh-openssh.c
==============================================================================
--- trunk/pkcs11/dot-ssh/gck-ssh-openssh.c (original)
+++ trunk/pkcs11/dot-ssh/gck-ssh-openssh.c Tue Dec 23 16:20:14 2008
@@ -8,7 +8,6 @@
#include "gck/gck-data-types.h"
#include "common/gkr-buffer.h"
-#include "common/gkr-secure-memory.h"
typedef struct _ParsePrivate {
gcry_sexp_t sexp;
@@ -178,7 +177,7 @@
/* Try to parse */
ret = gck_data_der_read_private_key (decrypted, n_decrypted, skey);
- gkr_secure_free (decrypted);
+ gcry_free (decrypted);
if (ret != GCK_DATA_UNRECOGNIZED)
return ret;
Added: trunk/pkcs11/dot-ssh/gck-ssh-standalone.c
==============================================================================
--- (empty file)
+++ trunk/pkcs11/dot-ssh/gck-ssh-standalone.c Tue Dec 23 16:20:14 2008
@@ -0,0 +1,57 @@
+/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */
+/* gck-ssh-standalone.h - The SSH PKCS#11 code as a standalone module
+
+ Copyright (C) 2008, Stef Walter
+
+ The Gnome Keyring Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Library General Public License as
+ published by the Free Software Foundation; either version 2 of the
+ License, or (at your option) any later version.
+
+ The Gnome Keyring Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Library General Public License for more details.
+
+ You should have received a copy of the GNU Library General Public
+ License along with the Gnome Library; see the file COPYING.LIB. If not,
+ write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ Boston, MA 02111-1307, USA.
+
+ Author: Stef Walter <stef memberwebs com>
+*/
+
+#include "config.h"
+
+#include "gck-ssh-module.h"
+
+#include "gck/gck-crypto.h"
+
+#include "common/gkr-secure-memory.h"
+
+#include "pkcs11/pkcs11.h"
+
+/* Module callbacks for secure memory */
+static GStaticMutex memory_mutex = G_STATIC_MUTEX_INIT;
+void gkr_memory_lock (void)
+ { g_static_mutex_lock (&memory_mutex); }
+void gkr_memory_unlock (void)
+ { g_static_mutex_unlock (&memory_mutex); }
+void* gkr_memory_fallback (void *p, unsigned long sz)
+ { return g_realloc (p, sz); }
+
+CK_RV
+C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list)
+{
+ g_return_val_if_fail (list, CKR_ARGUMENTS_BAD);
+
+ g_type_init ();
+
+ if (!g_thread_supported ())
+ g_thread_init (NULL);
+
+ gck_crypto_initialize ();
+
+ *list = gck_ssh_module_function_list;
+ return CKR_OK;
+}
Modified: trunk/pkcs11/gck/Makefile.am
==============================================================================
--- trunk/pkcs11/gck/Makefile.am (original)
+++ trunk/pkcs11/gck/Makefile.am Tue Dec 23 16:20:14 2008
@@ -32,6 +32,17 @@
gck-session.c gck-session.h \
gck-sexp.c gck-sexp.h \
gck-util.c gck-util.h
+
+libgck_la_CFLAGS = \
+ $(GOBJECT_CFLAGS) \
+ $(LIBGCRYPT_CFLAGS) \
+ $(LIBTASN1_CFLAGS) \
+ $(GLIB_CFLAGS)
+
+libgck_la_LIBADD = \
+ $(GOBJECT_LIBS) \
+ $(LIBGCRYPT_LIBS) \
+ $(GLIB_LIBS)
asn1-def-pk.h: pk.asn
asn1Parser -o asn1-def-pk.h pk.asn
Modified: trunk/pkcs11/gck/gck-crypto.c
==============================================================================
--- trunk/pkcs11/gck/gck-crypto.c (original)
+++ trunk/pkcs11/gck/gck-crypto.c Tue Dec 23 16:20:14 2008
@@ -937,10 +937,10 @@
n_digest = gcry_md_get_algo_dlen (hash_algo);
g_return_val_if_fail (n_digest > 0, FALSE);
- digest = gkr_secure_alloc (n_digest);
+ digest = gcry_calloc_secure (n_digest, 1);
g_return_val_if_fail (digest, FALSE);
if (key) {
- *key = gkr_secure_alloc (needed_key);
+ *key = gcry_calloc_secure (needed_key, 1);
g_return_val_if_fail (*key, FALSE);
}
if (iv)
@@ -993,7 +993,7 @@
break;
}
- gkr_secure_free (digest);
+ gcry_free (digest);
gcry_md_close (mdh);
return TRUE;
@@ -1051,10 +1051,10 @@
return FALSE;
}
- digest = gkr_secure_alloc (n_digest);
+ digest = gcry_calloc_secure (n_digest, 1);
g_return_val_if_fail (digest, FALSE);
if (key) {
- *key = gkr_secure_alloc (needed_key);
+ *key = gcry_calloc_secure (needed_key, 1);
g_return_val_if_fail (*key, FALSE);
}
if (iv)
@@ -1084,7 +1084,7 @@
memcpy (*iv, digest + (16 - needed_iv), needed_iv);
}
- gkr_secure_free (digest);
+ gcry_free (digest);
gcry_md_close (mdh);
return TRUE;
@@ -1125,9 +1125,9 @@
}
/* Reqisition me a buffer */
- hash = gkr_secure_alloc (n_hash);
- buf_i = gkr_secure_alloc (128);
- buf_b = gkr_secure_alloc (64);
+ hash = gcry_calloc_secure (n_hash, 1);
+ buf_i = gcry_calloc_secure (1, 128);
+ buf_b = gcry_calloc_secure (1, 64);
g_return_val_if_fail (hash && buf_i && buf_b, FALSE);
/* Bring in the salt */
@@ -1210,9 +1210,9 @@
}
}
- gkr_secure_free (buf_i);
- gkr_secure_free (buf_b);
- gkr_secure_free (hash);
+ gcry_free (buf_i);
+ gcry_free (buf_b);
+ gcry_free (hash);
gcry_mpi_release (num_b1);
gcry_md_close (mdh);
@@ -1246,7 +1246,7 @@
/* Generate us an key */
if (key) {
- *key = gkr_secure_alloc (n_key);
+ *key = gcry_calloc_secure (n_key, 1);
g_return_val_if_fail (*key != NULL, FALSE);
ret = generate_pkcs12 (hash_algo, 1, password, n_password, salt, n_salt,
iterations, *key, n_key);
@@ -1299,10 +1299,10 @@
}
/* Get us a temporary buffers */
- T = gkr_secure_alloc (n_hash);
- U = gkr_secure_alloc (n_hash);
+ T = gcry_calloc_secure (n_hash, 1);
+ U = gcry_calloc_secure (n_hash, 1);
n_buf = n_salt + 4;
- buf = gkr_secure_alloc (n_buf);
+ buf = gcry_calloc_secure (n_buf, 1);
g_return_val_if_fail (buf && T && U, FALSE);
/* n_hash blocks in output, rounding up */
@@ -1343,9 +1343,9 @@
memcpy (output + (i - 1) * n_hash, T, i == l ? r : n_hash);
}
- gkr_secure_free (T);
- gkr_secure_free (U);
- gkr_secure_free (buf);
+ gcry_free (T);
+ gcry_free (U);
+ gcry_free (buf);
gcry_md_close (mdh);
return TRUE;
}
@@ -1378,7 +1378,7 @@
/* Generate us an key */
if (key) {
- *key = gkr_secure_alloc (n_key);
+ *key = gcry_calloc_secure (n_key, 1);
g_return_val_if_fail (*key != NULL, FALSE);
ret = generate_pbkdf2 (hash_algo, password, n_password, salt, n_salt,
iterations, *key, n_key);
@@ -1472,16 +1472,22 @@
unsigned seed;
if (g_once_init_enter (&gcrypt_initialized)) {
- gcry_control (GCRYCTL_SET_THREAD_CBS, &glib_thread_cbs);
- gcry_check_version (LIBGCRYPT_VERSION);
- gcry_set_log_handler (log_handler, NULL);
- gcry_set_outofcore_handler (no_mem_handler, NULL);
- gcry_set_fatalerror_handler (fatal_handler, NULL);
- gcry_set_allocation_handler ((gcry_handler_alloc_t)g_malloc,
- (gcry_handler_alloc_t)gkr_secure_alloc,
- gkr_secure_check,
- (gcry_handler_realloc_t)gkr_secure_realloc,
- gkr_secure_free);
+
+ /* Only initialize libgcrypt if it hasn't already been initialized */
+ if (!gcry_control (GCRYCTL_INITIALIZATION_FINISHED_P)) {
+ gcry_control (GCRYCTL_SET_THREAD_CBS, &glib_thread_cbs);
+ gcry_check_version (LIBGCRYPT_VERSION);
+ gcry_set_log_handler (log_handler, NULL);
+ gcry_set_outofcore_handler (no_mem_handler, NULL);
+ gcry_set_fatalerror_handler (fatal_handler, NULL);
+ gcry_set_allocation_handler ((gcry_handler_alloc_t)g_malloc,
+ (gcry_handler_alloc_t)gkr_secure_alloc,
+ gkr_secure_check,
+ (gcry_handler_realloc_t)gkr_secure_realloc,
+ gkr_secure_free);
+ gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
+ }
+
gcry_create_nonce (&seed, sizeof (seed));
srand (seed);
Modified: trunk/pkcs11/gck/gck-data-asn1.c
==============================================================================
--- trunk/pkcs11/gck/gck-data-asn1.c (original)
+++ trunk/pkcs11/gck/gck-data-asn1.c Tue Dec 23 16:20:14 2008
@@ -26,7 +26,6 @@
#include "gck-data-asn1.h"
#include "common/gkr-buffer.h"
-#include "common/gkr-secure-memory.h"
#include <libtasn1.h>
@@ -401,12 +400,12 @@
gsize sz;
guchar *buf;
- buf = gck_data_asn1_read_value (asn, part, &sz, gkr_secure_realloc);
+ buf = gck_data_asn1_read_value (asn, part, &sz, (GkrBufferAllocator)gcry_realloc);
if (!buf)
return FALSE;
gcry = gcry_mpi_scan (mpi, GCRYMPI_FMT_STD, buf, sz, &sz);
- gkr_secure_free (buf);
+ gcry_free (buf);
if (gcry != 0)
return FALSE;
@@ -431,13 +430,13 @@
g_return_val_if_fail (gcry == 0, FALSE);
g_return_val_if_fail (len > 0, FALSE);
- buf = gkr_secure_alloc (len);
+ buf = gcry_calloc_secure (len, 1);
gcry = gcry_mpi_print (GCRYMPI_FMT_STD, buf, len, &len, mpi);
g_return_val_if_fail (gcry == 0, FALSE);
res = asn1_write_value (asn, part, buf, len);
- gkr_secure_free (buf);
+ gcry_free (buf);
if (res != ASN1_SUCCESS)
return FALSE;
Modified: trunk/pkcs11/gck/gck-data-der.c
==============================================================================
--- trunk/pkcs11/gck/gck-data-der.c (original)
+++ trunk/pkcs11/gck/gck-data-der.c Tue Dec 23 16:20:14 2008
@@ -28,8 +28,6 @@
#include "gck-data-der.h"
#include "gck-data-types.h"
-#include "common/gkr-secure-memory.h"
-
#include <glib.h>
#include <gcrypt.h>
#include <libtasn1.h>
@@ -1092,8 +1090,8 @@
ret = GCK_DATA_SUCCESS;
done:
- gkr_secure_free (iv);
- gkr_secure_free (key);
+ gcry_free (iv);
+ gcry_free (key);
if (asn)
asn1_delete_structure (&asn);
@@ -1212,7 +1210,7 @@
ret = GCK_DATA_SUCCESS;
done:
- gkr_secure_free (key);
+ gcry_free (key);
if (asn)
asn1_delete_structure (&asn);
return ret;
@@ -1387,8 +1385,8 @@
*cih = NULL;
}
- gkr_secure_free (iv);
- gkr_secure_free (key);
+ gcry_free (iv);
+ gcry_free (key);
if (asn)
asn1_delete_structure (&asn);
Modified: trunk/pkcs11/gck/gck-data-openssl.c
==============================================================================
--- trunk/pkcs11/gck/gck-data-openssl.c (original)
+++ trunk/pkcs11/gck/gck-data-openssl.c Tue Dec 23 16:20:14 2008
@@ -26,8 +26,6 @@
#include "gck-crypto.h"
#include "gck-data-openssl.h"
-#include "common/gkr-secure-memory.h"
-
#include <gcrypt.h>
#include <libtasn1.h>
@@ -310,7 +308,7 @@
gcry = gcry_cipher_setkey (ch, key, gcry_cipher_get_algo_keylen (algo));
g_return_val_if_fail (!gcry, GCK_DATA_UNRECOGNIZED);
- gkr_secure_free (key);
+ gcry_free (key);
/* 16 = 128 bits */
gcry = gcry_cipher_setiv (ch, iv, ivlen);
@@ -319,11 +317,11 @@
/* Allocate output area */
*n_decrypted = n_data;
- *decrypted = gkr_secure_alloc (n_data);
+ *decrypted = gcry_calloc_secure (n_data, 1);
gcry = gcry_cipher_decrypt (ch, *decrypted, *n_decrypted, (void*)data, n_data);
if (gcry) {
- gkr_secure_free (*decrypted);
+ gcry_free (*decrypted);
g_return_val_if_reached (GCK_DATA_FAILURE);
}
@@ -364,7 +362,7 @@
gcry = gcry_cipher_setkey (ch, key, gcry_cipher_get_algo_keylen (algo));
g_return_val_if_fail (!gcry, FALSE);
- gkr_secure_free (key);
+ gcry_free (key);
/* 16 = 128 bits */
gcry = gcry_cipher_setiv (ch, iv, ivlen);
@@ -391,11 +389,11 @@
/* Encrypt the padded block */
if (n_overflow) {
- padded = gkr_secure_alloc (ivlen);
+ padded = gcry_calloc_secure (ivlen, 1);
memset (padded, 0, ivlen);
memcpy (padded, data + n_batch, n_overflow);
gcry = gcry_cipher_encrypt (ch, *encrypted + n_batch, ivlen, padded, ivlen);
- gkr_secure_free (padded);
+ gcry_free (padded);
if (gcry) {
g_free (*encrypted);
g_return_val_if_reached (FALSE);
Modified: trunk/pkcs11/gck/gck-data-pem.c
==============================================================================
--- trunk/pkcs11/gck/gck-data-pem.c (original)
+++ trunk/pkcs11/gck/gck-data-pem.c Tue Dec 23 16:20:14 2008
@@ -25,8 +25,6 @@
#include "gck-data-pem.h"
-#include "common/gkr-secure-memory.h"
-
#include <glib.h>
#include <ctype.h>
@@ -206,15 +204,15 @@
}
*n_decoded = (n_data * 3) / 4 + 1;
- if (gkr_secure_check (data))
- *decoded = gkr_secure_alloc (*n_decoded);
+ if (gcry_is_secure (data))
+ *decoded = gcry_calloc_secure (*n_decoded, 1);
else
- *decoded = g_malloc (*n_decoded);
+ *decoded = gcry_calloc (*n_decoded, 1);
g_return_val_if_fail (*decoded, FALSE);
*n_decoded = g_base64_decode_step (data, n_data, *decoded, &state, &save);
if (!*n_decoded) {
- gkr_secure_free (*decoded);
+ gcry_free (*decoded);
return FALSE;
}
@@ -263,7 +261,7 @@
if (pem_parse_block (beg, end - beg, &decoded, &n_decoded, &headers)) {
(callback) (type, decoded, n_decoded, headers, user_data);
++nfound;
- gkr_secure_free (decoded);
+ gcry_free (decoded);
if (headers)
g_hash_table_remove_all (headers);
}
Modified: trunk/pkcs11/gck/gck-module-ep.h
==============================================================================
--- trunk/pkcs11/gck/gck-module-ep.h (original)
+++ trunk/pkcs11/gck/gck-module-ep.h Tue Dec 23 16:20:14 2008
@@ -19,46 +19,80 @@
* 02111-1307, USA.
*/
+#include "gck-crypto.h"
#include "gck-module.h"
+#include "gck-session.h"
#include "pkcs11/pkcs11.h"
+#include <unistd.h>
+
+/* Forward declaration, this must be defined manually or using GCK_DEFINE_MODULE */
+static GckModule* gck_module_instantiate (CK_C_INITIALIZE_ARGS_PTR args);
+
static GckModule *pkcs11_module = NULL;
static pid_t pkcs11_module_pid = 0;
static GStaticMutex pkcs11_module_mutex = G_STATIC_MUTEX_INIT;
-/* Forward declaration */
-CK_RV C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list);
+static CK_FUNCTION_LIST gck_module_function_list;
static CK_RV
gck_C_Initialize (CK_VOID_PTR init_args)
{
+ CK_C_INITIALIZE_ARGS_PTR args = (CK_C_INITIALIZE_ARGS_PTR)init_args;
CK_RV rv = CKR_OK;
pid_t pid = getpid ();
+ gboolean supplied_ok;
- gck_crypto_initialize (void);
+ if (args) {
+
+ /* ALL supplied function pointers need to have the value either NULL or non-NULL. */
+ supplied_ok = (args->CreateMutex == NULL && args->DestroyMutex == NULL &&
+ args->LockMutex == NULL && args->UnlockMutex == NULL) ||
+ (args->CreateMutex != NULL && args->DestroyMutex != NULL &&
+ args->LockMutex != NULL && args->UnlockMutex != NULL);
+
+ if (!supplied_ok) {
+ g_warning ("invalid set of mutex calls supplied");
+ return CKR_ARGUMENTS_BAD;
+ }
+
+ if (!(args->flags & CKF_OS_LOCKING_OK)) {
+ g_warning ("must be able to use our own locking and multi-thread primitives");
+ return CKR_CANT_LOCK;
+ }
+ }
+
+ gck_crypto_initialize ();
g_static_mutex_lock (&pkcs11_module_mutex);
if (pkcs11_module != NULL) {
- if (pkcs11_module_pid != pid)
+ if (pkcs11_module_pid == pid)
rv = CKR_CRYPTOKI_ALREADY_INITIALIZED;
else
pkcs11_module_pid = pid;
} else {
- pkcs11_module = g_object_new (GCK_MODULE_TYPE, NULL);
- pkcs11_module_pid = pid;
+ pkcs11_module = gck_module_instantiate (args);
+ if (!pkcs11_module) {
+ g_warning ("module could not be instantiated");
+ rv = CKR_GENERAL_ERROR;
+ } else {
+ pkcs11_module_pid = pid;
+ }
}
g_static_mutex_unlock (&pkcs11_module_mutex);
- return CKR_OK;
+ return rv;
}
static CK_RV
gck_C_Finalize (CK_VOID_PTR reserved)
{
- CK_RV rv;
+ CK_RV rv = CKR_OK;
+
+ g_return_val_if_fail (!reserved, CKR_ARGUMENTS_BAD);
g_static_mutex_lock (&pkcs11_module_mutex);
@@ -71,6 +105,8 @@
}
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
@@ -84,12 +120,16 @@
rv = gck_module_C_GetInfo (pkcs11_module, info);
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
gck_C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list)
{
- xxxxx;
+ g_return_val_if_fail (list, CKR_ARGUMENTS_BAD);
+ *list = &gck_module_function_list;
+ return CKR_OK;
}
static CK_RV
@@ -103,6 +143,8 @@
rv = gck_module_C_GetSlotList (pkcs11_module, token_present, slot_list, count);
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
@@ -116,6 +158,8 @@
rv = gck_module_C_GetSlotInfo (pkcs11_module, id, info);
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
@@ -129,6 +173,8 @@
rv = gck_module_C_GetTokenInfo (pkcs11_module, id, info);
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
@@ -139,9 +185,11 @@
g_static_mutex_lock (&pkcs11_module_mutex);
if (pkcs11_module != NULL)
- rv = gck_module_C_GetMechanismList (pkcs11_module, id, info);
+ rv = gck_module_C_GetMechanismList (pkcs11_module, id, mechanism_list, count);
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
@@ -155,6 +203,8 @@
rv = gck_module_C_GetMechanismInfo (pkcs11_module, id, type, info);
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
@@ -168,38 +218,54 @@
rv = gck_module_C_InitToken (pkcs11_module, id, pin, pin_len, label);
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
gck_C_WaitForSlotEvent (CK_FLAGS flags, CK_SLOT_ID_PTR slot, CK_VOID_PTR reserved)
{
- xxxxxxx;
+ /*
+ * PKCS#11 GRAY AREA: What happens when we know we'll *never*
+ * have any slot events, and someone calls us without CKR_DONT_BLOCK?
+ * In case there's a thread dedicated to calling this function in a
+ * loop, we wait 5 seconds when called without CKR_DONT_BLOCK.
+ */
+
+ if (!(flags & CKF_DONT_BLOCK))
+ sleep (5);
+
+ return CKR_NO_EVENT;
}
static CK_RV
-gck_C_OpenSession (CK_SLOT_ID id, CK_FLAGS flags, CK_VOID_PTR user_data, CK_NOTIFY callback, CK_SESSION_HANDLE_PTR session)
+gck_C_OpenSession (CK_SLOT_ID id, CK_FLAGS flags, CK_VOID_PTR user_data, CK_NOTIFY callback, CK_SESSION_HANDLE_PTR handle)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
g_static_mutex_lock (&pkcs11_module_mutex);
if (pkcs11_module != NULL)
- rv = gck_module_C_OpenSession (pkcs11_module, id, flags, user_data, callback, session);
+ rv = gck_module_C_OpenSession (pkcs11_module, id, flags, user_data, callback, handle);
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_CloseSession (CK_SESSION_HANDLE session)
+gck_C_CloseSession (CK_SESSION_HANDLE handle)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
g_static_mutex_lock (&pkcs11_module_mutex);
if (pkcs11_module != NULL)
- rv = gck_module_C_CloseSession (pkcs11_module, session);
+ rv = gck_module_C_CloseSession (pkcs11_module, handle);
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
@@ -213,109 +279,166 @@
rv = gck_module_C_CloseAllSessions (pkcs11_module, id);
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_GetFunctionStatus (CK_SESSION_HANDLE session)
+gck_C_GetFunctionStatus (CK_SESSION_HANDLE handle)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ GckSession *session;
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_GetFunctionStatus (gck_module_lookup_session (session));
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_GetFunctionStatus (session);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+ return rv;
}
static CK_RV
-gck_C_CancelFunction (CK_SESSION_HANDLE session)
+gck_C_CancelFunction (CK_SESSION_HANDLE handle)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ GckSession *session;
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_CancelFunction (gck_module_lookup_session (session));
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_CancelFunction (session);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_GetSessionInfo (CK_SESSION_HANDLE session, CK_SESSION_INFO_PTR info)
+gck_C_GetSessionInfo (CK_SESSION_HANDLE handle, CK_SESSION_INFO_PTR info)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ GckSession *session;
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_GetSessionInfo (gck_module_lookup_session (session),
- info);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_GetSessionInfo (session,
+ info);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_InitPIN (CK_SESSION_HANDLE session, CK_UTF8CHAR_PTR pin, CK_ULONG pin_len)
+gck_C_InitPIN (CK_SESSION_HANDLE handle, CK_UTF8CHAR_PTR pin, CK_ULONG pin_len)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ GckSession *session;
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_InitPIN (gck_module_lookup_session (session),
- pin, pin_len);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_InitPIN (session,
+ pin, pin_len);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_SetPIN (CK_SESSION_HANDLE session, CK_UTF8CHAR_PTR old_pin, CK_ULONG old_pin_len, CK_UTF8CHAR_PTR new_pin, CK_ULONG new_pin_len)
+gck_C_SetPIN (CK_SESSION_HANDLE handle, CK_UTF8CHAR_PTR old_pin, CK_ULONG old_pin_len, CK_UTF8CHAR_PTR new_pin, CK_ULONG new_pin_len)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ GckSession *session;
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_SetPIN (gck_module_lookup_session (session),
- old_pin, old_pin_len, new_pin, new_pin_len);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_SetPIN (session,
+ old_pin, old_pin_len, new_pin, new_pin_len);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_GetOperationState (CK_SESSION_HANDLE session, CK_BYTE_PTR operation_state, CK_ULONG_PTR operation_state_len)
+gck_C_GetOperationState (CK_SESSION_HANDLE handle, CK_BYTE_PTR operation_state, CK_ULONG_PTR operation_state_len)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ GckSession *session;
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_GetOperationState (gck_module_lookup_session (session),
- operation_state, operation_state_len);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_GetOperationState (session,
+ operation_state, operation_state_len);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_SetOperationState (CK_SESSION_HANDLE session, CK_BYTE_PTR operation_state,
+gck_C_SetOperationState (CK_SESSION_HANDLE handle, CK_BYTE_PTR operation_state,
CK_ULONG operation_state_len, CK_OBJECT_HANDLE encryption_key,
CK_OBJECT_HANDLE authentication_key)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ GckSession *session;
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_SetOperationState (gck_module_lookup_session (session),
- operation_state, operation_state_len, encryption_key, authentication_key);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_SetOperationState (session,
+ operation_state, operation_state_len, encryption_key, authentication_key);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_Login (CK_SESSION_HANDLE session, CK_USER_TYPE user_type,
+gck_C_Login (CK_SESSION_HANDLE handle, CK_USER_TYPE user_type,
CK_UTF8CHAR_PTR pin, CK_ULONG pin_len)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
@@ -323,702 +446,1024 @@
g_static_mutex_lock (&pkcs11_module_mutex);
if (pkcs11_module != NULL)
- rv = gck_module_C_Login (session, user_type, pin, pin_len);
+ rv = gck_module_C_Login (pkcs11_module, handle, user_type, pin, pin_len);
g_static_mutex_unlock (&pkcs11_module_mutex);
+ return rv;
}
static CK_RV
-gck_C_Logout (CK_SESSION_HANDLE session)
+gck_C_Logout (CK_SESSION_HANDLE handle)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
g_static_mutex_lock (&pkcs11_module_mutex);
if (pkcs11_module != NULL)
- rv = gck_module_C_Logout (session);
+ rv = gck_module_C_Logout (pkcs11_module, handle);
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_CreateObject (CK_SESSION_HANDLE session, CK_ATTRIBUTE_PTR template,
+gck_C_CreateObject (CK_SESSION_HANDLE handle, CK_ATTRIBUTE_PTR template,
CK_ULONG count, CK_OBJECT_HANDLE_PTR new_object)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ GckSession *session;
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_CreateObject (gck_module_lookup_session (session),
- template, count, new_object);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_CreateObject (session,
+ template, count, new_object);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_CopyObject (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object,
+gck_C_CopyObject (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object,
CK_ATTRIBUTE_PTR template, CK_ULONG count,
CK_OBJECT_HANDLE_PTR new_object)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ GckSession *session;
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_CopyObject (gck_module_lookup_session (session),
- object, template, count, new_object);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_CopyObject (session,
+ object, template, count, new_object);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_DestroyObject (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object)
+gck_C_DestroyObject (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ GckSession *session;
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_DestroyObject (gck_module_lookup_session (session), object);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_DestroyObject (session, object);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_GetObjectSize (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object,
+gck_C_GetObjectSize (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object,
CK_ULONG_PTR size)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ GckSession *session;
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_object_C_GetObjectSize (gck_module_lookup_object (session, object),
- size);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_GetObjectSize (session, object, size);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_GetAttributeValue (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object,
+gck_C_GetAttributeValue (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object,
CK_ATTRIBUTE_PTR template, CK_ULONG count)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ GckSession *session;
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_object_C_GetAttributeValue (gck_module_lookup_object (session, object),
- template, count);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_GetAttributeValue (session, object, template, count);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_SetAttributeValue (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object,
+gck_C_SetAttributeValue (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object,
CK_ATTRIBUTE_PTR template, CK_ULONG count)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ GckSession *session;
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_object_C_SetAttributeValue (gck_module_lookup_object (session, object),
- template, count);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_SetAttributeValue (session, handle, template, count);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_FindObjectsInit (CK_SESSION_HANDLE session, CK_ATTRIBUTE_PTR template,
+gck_C_FindObjectsInit (CK_SESSION_HANDLE handle, CK_ATTRIBUTE_PTR template,
CK_ULONG count)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ GckSession *session;
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_FindObjectsInit (gck_module_lookup_session (session),
- template, count);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_FindObjectsInit (session, template, count);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_FindObjects (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE_PTR objects,
+gck_C_FindObjects (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE_PTR objects,
CK_ULONG max_count, CK_ULONG_PTR count)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ GckSession *session;
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_FindObjects (gck_module_lookup_session (session),
- objects, max_count, count);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_FindObjects (session, objects, max_count, count);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_FindObjectsFinal (CK_SESSION_HANDLE session)
+gck_C_FindObjectsFinal (CK_SESSION_HANDLE handle)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ GckSession *session;
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_FindObjectsFinal (gck_module_lookup_session (session));
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_FindObjectsFinal (session);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_EncryptInit (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism,
+gck_C_EncryptInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
CK_OBJECT_HANDLE key)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ GckSession *session;
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_EncryptInit (gck_module_lookup_session (session),
- mechanism, key);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_EncryptInit (session, mechanism, key);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_Encrypt (CK_SESSION_HANDLE session, CK_BYTE_PTR data, CK_ULONG data_len,
+gck_C_Encrypt (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len,
CK_BYTE_PTR encrypted_data, CK_ULONG_PTR encrypted_data_len)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ GckSession *session;
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_Encrypt (gck_module_lookup_session (session),
- data, data_len, encrypted_data, encrypted_data_len);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_Encrypt (session, data, data_len, encrypted_data, encrypted_data_len);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_EncryptUpdate (CK_SESSION_HANDLE session, CK_BYTE_PTR part,
+gck_C_EncryptUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part,
CK_ULONG part_len, CK_BYTE_PTR encrypted_part,
CK_ULONG_PTR encrypted_part_len)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ GckSession *session;
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_EncryptUpdate (gck_module_lookup_session (session),
- part, part_len, encrypted_part, encrypted_part_len);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_EncryptUpdate (session, part, part_len, encrypted_part, encrypted_part_len);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_EncryptFinal (CK_SESSION_HANDLE session, CK_BYTE_PTR last_part,
+gck_C_EncryptFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR last_part,
CK_ULONG_PTR last_part_len)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ GckSession *session;
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_EncryptFinal (gck_module_lookup_session (session),
- last_part, last_part_len);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_EncryptFinal (session, last_part, last_part_len);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_DecryptInit (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism,
+gck_C_DecryptInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
CK_OBJECT_HANDLE key)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ GckSession *session;
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_DecryptInit (gck_module_lookup_session (session),
- mechanism, key);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_DecryptInit (session, mechanism, key);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_Decrypt (CK_SESSION_HANDLE session, CK_BYTE_PTR enc_data,
+gck_C_Decrypt (CK_SESSION_HANDLE handle, CK_BYTE_PTR enc_data,
CK_ULONG enc_data_len, CK_BYTE_PTR data, CK_ULONG_PTR data_len)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ GckSession *session;
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_Decrypt (gck_module_lookup_session (session),
- enc_data, enc_data_len, data, data_len);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_Decrypt (session, enc_data, enc_data_len, data, data_len);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_DecryptUpdate (CK_SESSION_HANDLE session, CK_BYTE_PTR enc_part,
+gck_C_DecryptUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR enc_part,
CK_ULONG enc_part_len, CK_BYTE_PTR part, CK_ULONG_PTR part_len)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ GckSession *session;
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_DecryptUpdate (gck_module_lookup_session (session),
- enc_part, enc_part_len, part, part_len);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_DecryptUpdate (session, enc_part, enc_part_len, part, part_len);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_DecryptFinal (CK_SESSION_HANDLE session, CK_BYTE_PTR last_part,
+gck_C_DecryptFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR last_part,
CK_ULONG_PTR last_part_len)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ GckSession *session;
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_DecryptFinal (gck_module_lookup_session (session),
- last_part, last_part_len);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_DecryptFinal (session, last_part, last_part_len);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_DigestInit (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism)
+gck_C_DigestInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
-
+ GckSession *session;
+
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_DigestInit (gck_module_lookup_session (session),
- mechanism);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_DigestInit (session, mechanism);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_Digest (CK_SESSION_HANDLE session, CK_BYTE_PTR data, CK_ULONG data_len,
+gck_C_Digest (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len,
CK_BYTE_PTR digest, CK_ULONG_PTR digest_len)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ GckSession *session;
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_Digest (gck_module_lookup_session (session),
- data, data_len, digest, digest_len);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_Digest (session, data, data_len, digest, digest_len);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_DigestUpdate (CK_SESSION_HANDLE session, CK_BYTE_PTR part, CK_ULONG part_len)
+gck_C_DigestUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part, CK_ULONG part_len)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ GckSession *session;
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_DigestUpdate (gck_module_lookup_session (session),
- part, part_len);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_DigestUpdate (session, part, part_len);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_DigestKey (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key)
+gck_C_DigestKey (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE key)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ GckSession *session;
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_DigestKey (gck_module_lookup_session (session),
- key);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_DigestKey (session, key);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_DigestFinal (CK_SESSION_HANDLE session, CK_BYTE_PTR digest,
+gck_C_DigestFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR digest,
CK_ULONG_PTR digest_len)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ GckSession *session;
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_DigestFinal (gck_module_lookup_session (session),
- digest, digest_len);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_DigestFinal (session, digest, digest_len);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_SignInit (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism,
+gck_C_SignInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
CK_OBJECT_HANDLE key)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ GckSession *session;
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_SignInit (gck_module_lookup_session (session),
- mechanism, key);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_SignInit (session, mechanism, key);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_Sign (CK_SESSION_HANDLE session, CK_BYTE_PTR data, CK_ULONG data_len,
+gck_C_Sign (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len,
CK_BYTE_PTR signature, CK_ULONG_PTR signature_len)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ GckSession *session;
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_Sign (gck_module_lookup_session (session),
- data, data_len, signature, signature_len);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_Sign (session, data, data_len, signature, signature_len);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_SignUpdate (CK_SESSION_HANDLE session, CK_BYTE_PTR part, CK_ULONG part_len)
+gck_C_SignUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part, CK_ULONG part_len)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ GckSession *session;
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_SignUpdate (gck_module_lookup_session (session),
- part, part_len);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_SignUpdate (session, part, part_len);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_SignFinal (CK_SESSION_HANDLE session, CK_BYTE_PTR signature,
+gck_C_SignFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR signature,
CK_ULONG_PTR signature_len)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
-
+ GckSession *session;
+
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_SignFinal (gck_module_lookup_session (session),
- signature, signature_len);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_SignFinal (session, signature, signature_len);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_SignRecoverInit (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism,
+gck_C_SignRecoverInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
CK_OBJECT_HANDLE key)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
-
+ GckSession *session;
+
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_SignRecoverInit (gck_module_lookup_session (session),
- mechanism, key);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_SignRecoverInit (session, mechanism, key);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_SignRecover (CK_SESSION_HANDLE session, CK_BYTE_PTR data, CK_ULONG data_len,
+gck_C_SignRecover (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len,
CK_BYTE_PTR signature, CK_ULONG_PTR signature_len)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
-
+ GckSession *session;
+
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_SignRecover (gck_module_lookup_session (session),
- data, data_len, signature, signature_len);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_SignRecover (session, data, data_len, signature, signature_len);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_VerifyInit (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism,
+gck_C_VerifyInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
CK_OBJECT_HANDLE key)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
-
+ GckSession *session;
+
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_VerifyInit (gck_module_lookup_session (session),
- mechanism, key);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_VerifyInit (session, mechanism, key);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_Verify (CK_SESSION_HANDLE session, CK_BYTE_PTR data, CK_ULONG data_len,
+gck_C_Verify (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len,
CK_BYTE_PTR signature, CK_ULONG signature_len)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
-
+ GckSession *session;
+
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_Verify (gck_module_lookup_session (session),
- data, data_len, signature, signature_len);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_Verify (session, data, data_len, signature, signature_len);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_VerifyUpdate (CK_SESSION_HANDLE session, CK_BYTE_PTR part, CK_ULONG part_len)
+gck_C_VerifyUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part, CK_ULONG part_len)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
-
+ GckSession *session;
+
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_VerifyUpdate (gck_module_lookup_session (session),
- part, part_len);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_VerifyUpdate (session, part, part_len);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_VerifyFinal (CK_SESSION_HANDLE session, CK_BYTE_PTR signature,
+gck_C_VerifyFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR signature,
CK_ULONG signature_len)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
-
+ GckSession *session;
+
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_VerifyFinal (gck_module_lookup_session (session),
- signature, signature_len);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_VerifyFinal (session, signature, signature_len);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_VerifyRecoverInit (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism,
+gck_C_VerifyRecoverInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
CK_OBJECT_HANDLE key)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
-
+ GckSession *session;
+
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_VerifyRecoverInit (gck_module_lookup_session (session),
- mechanism, key);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_VerifyRecoverInit (session, mechanism, key);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_VerifyRecover (CK_SESSION_HANDLE session, CK_BYTE_PTR signature,
+gck_C_VerifyRecover (CK_SESSION_HANDLE handle, CK_BYTE_PTR signature,
CK_ULONG signature_len, CK_BYTE_PTR data, CK_ULONG_PTR data_len)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
-
+ GckSession *session;
+
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_VerifyRecover (gck_module_lookup_session (session),
- signature, signature_len, data, data_len);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_VerifyRecover (session, signature, signature_len, data, data_len);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_DigestEncryptUpdate (CK_SESSION_HANDLE session, CK_BYTE_PTR part,
+gck_C_DigestEncryptUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part,
CK_ULONG part_len, CK_BYTE_PTR enc_part,
CK_ULONG_PTR enc_part_len)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
-
+ GckSession *session;
+
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_DigestEncryptUpdate (gck_module_lookup_session (session),
- part, part_len, enc_part, enc_part_len);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_DigestEncryptUpdate (session, part, part_len, enc_part, enc_part_len);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_DecryptDigestUpdate (CK_SESSION_HANDLE session, CK_BYTE_PTR enc_part,
+gck_C_DecryptDigestUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR enc_part,
CK_ULONG enc_part_len, CK_BYTE_PTR part,
CK_ULONG_PTR part_len)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
-
+ GckSession *session;
+
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_DecryptDigestUpdate (gck_module_lookup_session (session),
- enc_part, enc_part_len, part, part_len);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_DecryptDigestUpdate (session, enc_part, enc_part_len, part, part_len);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_SignEncryptUpdate (CK_SESSION_HANDLE session, CK_BYTE_PTR part,
+gck_C_SignEncryptUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part,
CK_ULONG part_len, CK_BYTE_PTR enc_part,
CK_ULONG_PTR enc_part_len)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
-
+ GckSession *session;
+
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_SignEncryptUpdate (gck_module_lookup_session (session),
- part, part_len, enc_part, enc_part_len);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_SignEncryptUpdate (session, part, part_len, enc_part, enc_part_len);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_DecryptVerifyUpdate (CK_SESSION_HANDLE session, CK_BYTE_PTR enc_part,
+gck_C_DecryptVerifyUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR enc_part,
CK_ULONG enc_part_len, CK_BYTE_PTR part,
CK_ULONG_PTR part_len)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
-
+ GckSession *session;
+
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_DecryptVerifyUpdate (gck_module_lookup_session (session),
- enc_part, enc_part_len, part, part_len);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_DecryptVerifyUpdate (session, enc_part, enc_part_len, part, part_len);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_GenerateKey (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism,
+gck_C_GenerateKey (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
CK_ATTRIBUTE_PTR template, CK_ULONG count,
CK_OBJECT_HANDLE_PTR key)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
-
+ GckSession *session;
+
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_GenerateKey (gck_module_lookup_session (session),
- mechanism, template, count, key);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_GenerateKey (session, mechanism, template, count, key);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_GenerateKeyPair (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism,
+gck_C_GenerateKeyPair (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
CK_ATTRIBUTE_PTR pub_template, CK_ULONG pub_count,
CK_ATTRIBUTE_PTR priv_template, CK_ULONG priv_count,
CK_OBJECT_HANDLE_PTR pub_key, CK_OBJECT_HANDLE_PTR priv_key)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
-
+ GckSession *session;
+
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_GenerateKeyPair (gck_module_lookup_session (session),
- mechanism, pub_template, pub_count, priv_template, priv_count, pub_key, priv_key);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_GenerateKeyPair (session, mechanism, pub_template, pub_count, priv_template, priv_count, pub_key, priv_key);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_WrapKey (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism,
+gck_C_WrapKey (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
CK_OBJECT_HANDLE wrapping_key, CK_OBJECT_HANDLE key,
CK_BYTE_PTR wrapped_key, CK_ULONG_PTR wrapped_key_len)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
-
+ GckSession *session;
+
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_WrapKey (gck_module_lookup_session (session),
- mechanism, wrapping_key, key, wrapped_key, wrapped_key_len);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_WrapKey (session, mechanism, wrapping_key, key, wrapped_key, wrapped_key_len);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_UnwrapKey (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism,
+gck_C_UnwrapKey (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
CK_OBJECT_HANDLE unwrapping_key, CK_BYTE_PTR wrapped_key,
CK_ULONG wrapped_key_len, CK_ATTRIBUTE_PTR template,
CK_ULONG count, CK_OBJECT_HANDLE_PTR key)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
-
+ GckSession *session;
+
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_UnwrapKey (gck_module_lookup_session (session),
- mechanism, unwrapping_key, wrapped_key, wrapped_key_len, template, count, key);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_UnwrapKey (session, mechanism, unwrapping_key, wrapped_key, wrapped_key_len, template, count, key);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_DeriveKey (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism,
+gck_C_DeriveKey (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
CK_OBJECT_HANDLE base_key, CK_ATTRIBUTE_PTR template,
CK_ULONG count, CK_OBJECT_HANDLE_PTR key)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
-
+ GckSession *session;
+
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_UnwrapKey (gck_module_lookup_session (session),
- mechanism, base_key, template, count, key);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_DeriveKey (session, mechanism, base_key, template, count, key);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_SeedRandom (CK_SESSION_HANDLE session, CK_BYTE_PTR seed, CK_ULONG seed_len)
+gck_C_SeedRandom (CK_SESSION_HANDLE handle, CK_BYTE_PTR seed, CK_ULONG seed_len)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
-
+ GckSession *session;
+
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_SeedRandom (gck_module_lookup_session (session),
- seed, seed_len);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_SeedRandom (session, seed, seed_len);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
static CK_RV
-gck_C_GenerateRandom (CK_SESSION_HANDLE session, CK_BYTE_PTR random_data,
+gck_C_GenerateRandom (CK_SESSION_HANDLE handle, CK_BYTE_PTR random_data,
CK_ULONG random_len)
{
CK_RV rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ GckSession *session;
g_static_mutex_lock (&pkcs11_module_mutex);
- if (pkcs11_module != NULL)
- rv = gck_session_C_GenerateRandom (gck_module_lookup_session (session),
- random_data, random_len);
+ if (pkcs11_module != NULL) {
+ session = gck_module_lookup_session (pkcs11_module, handle);
+ if (session != NULL)
+ rv = gck_session_C_GenerateRandom (session, random_data, random_len);
+ else
+ rv = CKR_SESSION_HANDLE_INVALID;
+ }
g_static_mutex_unlock (&pkcs11_module_mutex);
+
+ return rv;
}
/* --------------------------------------------------------------------
@@ -1034,12 +1479,12 @@
* is compiled.
*/
-static CK_FUNCTION_LIST gck_function_list = {
+static CK_FUNCTION_LIST gck_module_function_list = {
{ CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, /* version */
gck_C_Initialize,
gck_C_Finalize,
gck_C_GetInfo,
- C_GetFunctionList,
+ gck_C_GetFunctionList,
gck_C_GetSlotList,
gck_C_GetSlotInfo,
gck_C_GetTokenInfo,
@@ -1105,12 +1550,3 @@
gck_C_CancelFunction,
gck_C_WaitForSlotEvent
};
-
-CK_RV
-C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list)
-{
- return_val_if_fail (list, CKR_ARGUMENTS_BAD);
-
- *list = &gck_function_list;
- return CKR_OK;
-}
Modified: trunk/pkcs11/gck/gck-module.c
==============================================================================
--- trunk/pkcs11/gck/gck-module.c (original)
+++ trunk/pkcs11/gck/gck-module.c Tue Dec 23 16:20:14 2008
@@ -65,7 +65,7 @@
static const CK_INFO default_module_info = {
{ CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR },
"Gnome Keyring",
- 0,
+ 0x40000000, /* TODO: Define as CKF_VIRTUAL_SLOTS elsewhere */
"Gnome Keyring Module",
{ 1, 1 },
};
@@ -134,7 +134,7 @@
CK_UTF8CHAR_PTR at;
/* Find a null pointer in the string */
- at = memchr (string, '0', length);
+ at = memchr (string, 0, length);
g_assert (at != NULL && at < string + length);
for (; at < string + length; ++at)
*at = ' ';
@@ -175,7 +175,7 @@
VirtualSlot *slot;
slot = g_slice_new0 (VirtualSlot);
- slot->session_manager = g_object_new (GCK_TYPE_MANAGER, "is-token", FALSE, NULL);
+ slot->session_manager = g_object_new (GCK_TYPE_MANAGER, "for-token", FALSE, NULL);
slot->logged_in = FALSE;
slot->sessions = NULL;
slot->slot_id = slot_id;
@@ -273,7 +273,7 @@
gck_module_init (GckModule *self)
{
self->pv = G_TYPE_INSTANCE_GET_PRIVATE (self, GCK_TYPE_MODULE, GckModulePrivate);
- self->pv->token_manager = g_object_new (GCK_TYPE_MANAGER, "is-token", TRUE, NULL);
+ self->pv->token_manager = g_object_new (GCK_TYPE_MANAGER, "for-token", TRUE, NULL);
self->pv->sessions_by_handle = g_hash_table_new_full (gck_util_ulong_hash, gck_util_ulong_equal,
gck_util_ulong_free, g_object_unref);
self->pv->virtual_slots_by_id = g_hash_table_new_full (gck_util_ulong_hash, gck_util_ulong_equal,
@@ -391,12 +391,6 @@
* PUBLIC
*/
-GckModule*
-gck_module_new (void)
-{
- return g_object_new (GCK_TYPE_MODULE, NULL);
-}
-
GckManager*
gck_module_get_manager (GckModule *self)
{
@@ -604,6 +598,13 @@
}
CK_RV
+gck_module_C_InitToken (GckModule *self, CK_SLOT_ID id, CK_UTF8CHAR_PTR pin,
+ CK_ULONG pin_len, CK_UTF8CHAR_PTR label)
+{
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV
gck_module_C_OpenSession (GckModule *self, CK_SLOT_ID slot_id, CK_FLAGS flags, CK_VOID_PTR user_data,
CK_NOTIFY callback, CK_SESSION_HANDLE_PTR result)
{
Modified: trunk/pkcs11/gck/gck-module.h
==============================================================================
--- trunk/pkcs11/gck/gck-module.h (original)
+++ trunk/pkcs11/gck/gck-module.h Tue Dec 23 16:20:14 2008
@@ -69,9 +69,28 @@
CK_RV (*logout_user) (GckModule *self, CK_SLOT_ID slot_id);
};
-GType gck_module_get_type (void);
-
-GckModule* gck_module_new (void);
+/*
+ * The PKCS#11 module is created by the following code in a header file:
+ *
+ * #include "gck-module.h"
+ * GCK_DECLARE_MODULE(my_module);
+ *
+ * And the following code in a source file:
+ *
+ * #include "gck-module-ep.h"
+ * GCK_DEFINE_MODULE(my_module, MY_TYPE_MODULE)
+ *
+ */
+
+#define GCK_DECLARE_MODULE(prefix) \
+ extern const CK_FUNCTION_LIST_PTR prefix ## _function_list
+
+#define GCK_DEFINE_MODULE(prefix, type) \
+ static GckModule* gck_module_instantiate (CK_C_INITIALIZE_ARGS_PTR args) \
+ { return g_object_new ((type), NULL); } \
+ const CK_FUNCTION_LIST_PTR prefix ## _function_list = &gck_module_function_list;
+
+GType gck_module_get_type (void);
GckManager* gck_module_get_manager (GckModule *self);
@@ -119,6 +138,12 @@
CK_MECHANISM_TYPE type,
CK_MECHANISM_INFO_PTR info);
+CK_RV gck_module_C_InitToken (GckModule *self,
+ CK_SLOT_ID id,
+ CK_UTF8CHAR_PTR pin,
+ CK_ULONG pin_len,
+ CK_UTF8CHAR_PTR label);
+
CK_RV gck_module_C_OpenSession (GckModule *self,
CK_SLOT_ID id,
CK_FLAGS flags,
Modified: trunk/pkcs11/gck/gck-object.c
==============================================================================
--- trunk/pkcs11/gck/gck-object.c (original)
+++ trunk/pkcs11/gck/gck-object.c Tue Dec 23 16:20:14 2008
@@ -222,6 +222,15 @@
* PUBLIC
*/
+CK_RV
+gck_object_get_attribute (GckObject *self, CK_ATTRIBUTE_PTR attr)
+{
+ g_return_val_if_fail (GCK_IS_OBJECT (self), CKR_GENERAL_ERROR);
+ g_return_val_if_fail (attr, CKR_GENERAL_ERROR);
+ g_assert (GCK_OBJECT_GET_CLASS (self)->get_attribute);
+ return GCK_OBJECT_GET_CLASS (self)->get_attribute (self, attr);
+}
+
gboolean
gck_object_match (GckObject *self, CK_ATTRIBUTE_PTR match)
{
Modified: trunk/pkcs11/gck/gck-session.c
==============================================================================
--- trunk/pkcs11/gck/gck-session.c (original)
+++ trunk/pkcs11/gck/gck-session.c Tue Dec 23 16:20:14 2008
@@ -431,7 +431,7 @@
g_object_class_install_property (gobject_class, PROP_MANAGER,
g_param_spec_object ("manager", "Manager", "Object manager for this session",
- GCK_TYPE_MODULE, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
+ GCK_TYPE_MANAGER, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
g_object_class_install_property (gobject_class, PROP_HANDLE,
g_param_spec_ulong ("handle", "Handle", "PKCS#11 session handle",
@@ -649,7 +649,7 @@
}
CK_RV
-gck_session_C_GetObjectSize (GckSession* self, CK_ULONG_PTR size)
+gck_session_C_GetObjectSize (GckSession* self, CK_OBJECT_HANDLE object, CK_ULONG_PTR size)
{
/* TODO: Do we need to implement this? */
return CKR_FUNCTION_NOT_SUPPORTED;
Modified: trunk/pkcs11/gck/gck-session.h
==============================================================================
--- trunk/pkcs11/gck/gck-session.h (original)
+++ trunk/pkcs11/gck/gck-session.h Tue Dec 23 16:20:14 2008
@@ -132,6 +132,7 @@
CK_OBJECT_HANDLE object);
CK_RV gck_session_C_GetObjectSize (GckSession* self,
+ CK_OBJECT_HANDLE object,
CK_ULONG_PTR size);
CK_RV gck_session_C_GetAttributeValue (GckSession* self,
Modified: trunk/pkcs11/gck/tests/unit-test-data-openssl.c
==============================================================================
--- trunk/pkcs11/gck/tests/unit-test-data-openssl.c (original)
+++ trunk/pkcs11/gck/tests/unit-test-data-openssl.c Tue Dec 23 16:20:14 2008
@@ -25,8 +25,6 @@
#include "run-auto-test.h"
-#include "common/gkr-secure-memory.h"
-
#include "gck/gck-crypto.h"
#include "gck/gck-data-pem.h"
#include "gck/gck-data-openssl.h"
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
