krb5 commit: Remove softpkcs11
ghudson at mit.edu
ghudson at mit.edu
Mon Mar 18 21:20:06 EDT 2024
https://github.com/krb5/krb5/commit/9240a5b07876e0306057faab9291ace554fb0c3e
commit 9240a5b07876e0306057faab9291ace554fb0c3e
Author: Greg Hudson <ghudson at mit.edu>
Date: Fri Mar 1 19:10:49 2024 -0500
Remove softpkcs11
softpkcs11 is no longer required for the test suite after the previous
commit, so remove it.
src/configure.ac | 1 -
src/tests/Makefile.in | 3 +-
src/tests/softpkcs11/Makefile.in | 21 -
src/tests/softpkcs11/deps | 6 -
src/tests/softpkcs11/main.c | 2107 -------------------------------
src/tests/softpkcs11/softpkcs11.exports | 39 -
6 files changed, 1 insertion(+), 2176 deletions(-)
diff --git a/src/configure.ac b/src/configure.ac
index ca57e8a6e..8c82fa487 100644
--- a/src/configure.ac
+++ b/src/configure.ac
@@ -1143,7 +1143,6 @@ int i = 1;
fi
if test "$k5_cv_openssl_version_okay" = yes && (test "$enable_pkinit" = yes || test "$enable_pkinit" = try); then
K5_GEN_MAKEFILE(plugins/preauth/pkinit)
- K5_GEN_MAKEFILE(tests/softpkcs11)
PKINIT=yes
elif test "$k5_cv_openssl_version_okay" = no && test "$enable_pkinit" = yes; then
AC_MSG_ERROR([Version of OpenSSL is too old; cannot enable PKINIT.])
diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in
index 1ecc9b762..d4539627d 100644
--- a/src/tests/Makefile.in
+++ b/src/tests/Makefile.in
@@ -1,7 +1,6 @@
mydir=tests
BUILDTOP=$(REL)..
-SUBDIRS = asn.1 create hammer verify gssapi shlib gss-threads misc threads \
- softpkcs11
+SUBDIRS = asn.1 create hammer verify gssapi shlib gss-threads misc threads
RUN_DB_TEST = $(RUN_SETUP) KRB5_KDC_PROFILE=kdc.conf KRB5_CONFIG=krb5.conf \
GSS_MECH_CONFIG=mech.conf LC_ALL=C $(VALGRIND)
diff --git a/src/tests/softpkcs11/Makefile.in b/src/tests/softpkcs11/Makefile.in
deleted file mode 100644
index e89678154..000000000
--- a/src/tests/softpkcs11/Makefile.in
+++ /dev/null
@@ -1,21 +0,0 @@
-mydir=tests$(S)softpkcs11
-BUILDTOP=$(REL)..$(S)..
-
-LOCALINCLUDES = -I$(top_srcdir)/plugins/preauth/pkinit
-
-LIBBASE=softpkcs11
-LIBMAJOR=0
-LIBMINOR=0
-
-SHLIB_EXPLIBS=$(SUPPORT_LIB) -lcrypto
-SHLIB_EXPDEPS=$(SUPPORT_DEPLIB)
-
-STLIBOBJS=main.o
-
-SRCS=$(srcdir)/main.c
-
-all-unix: all-libs
-clean-unix:: clean-libs clean-libobjs
-
- at libnover_frag@
- at libobj_frag@
diff --git a/src/tests/softpkcs11/deps b/src/tests/softpkcs11/deps
deleted file mode 100644
index 1e82d9572..000000000
--- a/src/tests/softpkcs11/deps
+++ /dev/null
@@ -1,6 +0,0 @@
-#
-# Generated makefile dependencies follow.
-#
-main.so main.po $(OUTPRE)main.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
- $(top_srcdir)/plugins/preauth/pkinit/pkcs11.h main.c
diff --git a/src/tests/softpkcs11/main.c b/src/tests/softpkcs11/main.c
deleted file mode 100644
index 908f92640..000000000
--- a/src/tests/softpkcs11/main.c
+++ /dev/null
@@ -1,2107 +0,0 @@
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/*
- * Copyright (c) 2004-2006, Stockholms universitet
- * (Stockholm University, Stockholm Sweden)
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the university nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "k5-platform.h"
-
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/pem.h>
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-
-#include <ctype.h>
-#include <pwd.h>
-
-#include <pkcs11.h>
-
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-#define EVP_PKEY_get0_RSA(key) ((key)->pkey.rsa)
-#define RSA_PKCS1_OpenSSL RSA_PKCS1_SSLeay
-#define RSA_get0_key compat_rsa_get0_key
-static void
-compat_rsa_get0_key(const RSA *rsa, const BIGNUM **n, const BIGNUM **e,
- const BIGNUM **d)
-{
- if (n != NULL)
- *n = rsa->n;
- if (e != NULL)
- *e = rsa->e;
- if (d != NULL)
- *d = rsa->d;
-}
-#endif
-
-#define OPENSSL_ASN1_MALLOC_ENCODE(T, B, BL, S, R) \
- { \
- unsigned char *p; \
- (BL) = i2d_##T((S), NULL); \
- if ((BL) <= 0) { \
- (R) = EINVAL; \
- } else { \
- (B) = malloc((BL)); \
- if ((B) == NULL) { \
- (R) = ENOMEM; \
- } else { \
- p = (B); \
- (R) = 0; \
- (BL) = i2d_##T((S), &p); \
- if ((BL) <= 0) { \
- free((B)); \
- (B) = NULL; \
- (R) = EINVAL; \
- } \
- } \
- } \
- }
-
-/* RCSID("$Id: main.c,v 1.24 2006/01/11 12:42:53 lha Exp $"); */
-
-#define OBJECT_ID_MASK 0xfff
-#define HANDLE_OBJECT_ID(h) ((h) & OBJECT_ID_MASK)
-#define OBJECT_ID(obj) HANDLE_OBJECT_ID((obj)->object_handle)
-
-struct st_attr {
- CK_ATTRIBUTE attribute;
- int secret;
-};
-
-struct st_object {
- CK_OBJECT_HANDLE object_handle;
- struct st_attr *attrs;
- int num_attributes;
- enum {
- STO_T_CERTIFICATE,
- STO_T_PRIVATE_KEY,
- STO_T_PUBLIC_KEY
- } type;
- union {
- X509 *cert;
- EVP_PKEY *public_key;
- struct {
- char *file;
- EVP_PKEY *key;
- X509 *cert;
- } private_key;
- } u;
-};
-
-static struct soft_token {
- CK_VOID_PTR application;
- CK_NOTIFY notify;
- struct {
- struct st_object **objs;
- int num_objs;
- } object;
- struct {
- int hardware_slot;
- int app_error_fatal;
- int login_done;
- } flags;
- int open_sessions;
- struct session_state {
- CK_SESSION_HANDLE session_handle;
-
- struct {
- CK_ATTRIBUTE *attributes;
- CK_ULONG num_attributes;
- int next_object;
- } find;
-
- int encrypt_object;
- CK_MECHANISM_PTR encrypt_mechanism;
- int decrypt_object;
- CK_MECHANISM_PTR decrypt_mechanism;
- int sign_object;
- CK_MECHANISM_PTR sign_mechanism;
- int verify_object;
- CK_MECHANISM_PTR verify_mechanism;
- int digest_object;
- } state[10];
-#define MAX_NUM_SESSION (sizeof(soft_token.state)/sizeof(soft_token.state[0]))
- FILE *logfile;
- CK_SESSION_HANDLE next_session_handle;
-} soft_token;
-
-static void
-application_error(const char *fmt, ...)
-{
- va_list ap;
- va_start(ap, fmt);
- vprintf(fmt, ap);
- va_end(ap);
- if (soft_token.flags.app_error_fatal)
- abort();
-}
-
-static void
-st_logf(const char *fmt, ...)
-{
- va_list ap;
- if (soft_token.logfile == NULL)
- return;
- va_start(ap, fmt);
- vfprintf(soft_token.logfile, fmt, ap);
- va_end(ap);
- fflush(soft_token.logfile);
-}
-
-static void
-snprintf_fill(char *str, int size, char fillchar, const char *fmt, ...)
-{
- int len;
- va_list ap;
- va_start(ap, fmt);
- len = vsnprintf(str, size, fmt, ap);
- va_end(ap);
- if (len < 0 || len > size)
- return;
- while(len < size)
- str[len++] = fillchar;
-}
-
-#ifndef TEST_APP
-#define printf error_use_st_logf
-#endif
-
-#define VERIFY_SESSION_HANDLE(s, state) \
- { \
- CK_RV vshret; \
- vshret = verify_session_handle(s, state); \
- if (vshret != CKR_OK) { \
- /* return CKR_OK */; \
- } \
- }
-
-static CK_RV
-verify_session_handle(CK_SESSION_HANDLE hSession,
- struct session_state **state)
-{
- size_t i;
-
- for (i = 0; i < MAX_NUM_SESSION; i++){
- if (soft_token.state[i].session_handle == hSession)
- break;
- }
- if (i == MAX_NUM_SESSION) {
- application_error("use of invalid handle: 0x%08lx\n",
- (unsigned long)hSession);
- return CKR_SESSION_HANDLE_INVALID;
- }
- if (state)
- *state = &soft_token.state[i];
- return CKR_OK;
-}
-
-static CK_RV
-object_handle_to_object(CK_OBJECT_HANDLE handle,
- struct st_object **object)
-{
- int i = HANDLE_OBJECT_ID(handle);
-
- *object = NULL;
- if (i >= soft_token.object.num_objs)
- return CKR_ARGUMENTS_BAD;
- if (soft_token.object.objs[i] == NULL)
- return CKR_ARGUMENTS_BAD;
- if (soft_token.object.objs[i]->object_handle != handle)
- return CKR_ARGUMENTS_BAD;
- *object = soft_token.object.objs[i];
- return CKR_OK;
-}
-
-static int
-attributes_match(const struct st_object *obj,
- const CK_ATTRIBUTE *attributes,
- CK_ULONG num_attributes)
-{
- CK_ULONG i;
- int j;
- st_logf("attributes_match: %ld\n", (unsigned long)OBJECT_ID(obj));
-
- for (i = 0; i < num_attributes; i++) {
- int match = 0;
- for (j = 0; j < obj->num_attributes; j++) {
- if (attributes[i].type == obj->attrs[j].attribute.type &&
- attributes[i].ulValueLen == obj->attrs[j].attribute.ulValueLen &&
- memcmp(attributes[i].pValue, obj->attrs[j].attribute.pValue,
- attributes[i].ulValueLen) == 0) {
- match = 1;
- break;
- }
- }
- if (match == 0) {
- st_logf("type %lu attribute have no match\n", attributes[i].type);
- return 0;
- }
- }
- st_logf("attribute matches\n");
- return 1;
-}
-
-static void
-print_attributes(const CK_ATTRIBUTE *attributes,
- CK_ULONG num_attributes)
-{
- CK_ULONG i;
-
- st_logf("find objects: attrs: %lu\n", (unsigned long)num_attributes);
-
- for (i = 0; i < num_attributes; i++) {
- st_logf(" type: ");
- switch (attributes[i].type) {
- case CKA_TOKEN: {
- CK_BBOOL *ck_true;
- if (attributes[i].ulValueLen != sizeof(CK_BBOOL)) {
- application_error("token attribute wrong length\n");
- break;
- }
- ck_true = attributes[i].pValue;
- st_logf("token: %s", *ck_true ? "TRUE" : "FALSE");
- break;
- }
- case CKA_CLASS: {
- CK_OBJECT_CLASS *class;
- if (attributes[i].ulValueLen != sizeof(CK_ULONG)) {
- application_error("class attribute wrong length\n");
- break;
- }
- class = attributes[i].pValue;
- st_logf("class ");
- switch (*class) {
- case CKO_CERTIFICATE:
- st_logf("certificate");
- break;
- case CKO_PUBLIC_KEY:
- st_logf("public key");
- break;
- case CKO_PRIVATE_KEY:
- st_logf("private key");
- break;
- case CKO_SECRET_KEY:
- st_logf("secret key");
- break;
- case CKO_DOMAIN_PARAMETERS:
- st_logf("domain parameters");
- break;
- default:
- st_logf("[class %lx]", (long unsigned)*class);
- break;
- }
- break;
- }
- case CKA_PRIVATE:
- st_logf("private");
- break;
- case CKA_LABEL:
- st_logf("label");
- break;
- case CKA_APPLICATION:
- st_logf("application");
- break;
- case CKA_VALUE:
- st_logf("value");
- break;
- case CKA_ID:
- st_logf("id");
- break;
- default:
- st_logf("[unknown 0x%08lx]", (unsigned long)attributes[i].type);
- break;
- }
- st_logf("\n");
- }
-}
-
-static void
-free_st_object(struct st_object *o)
-{
- int i;
-
- for (i = 0; i < o->num_attributes; i++)
- free(o->attrs[i].attribute.pValue);
- free(o->attrs);
- if (o->type == STO_T_CERTIFICATE) {
- X509_free(o->u.cert);
- } else if (o->type == STO_T_PRIVATE_KEY) {
- free(o->u.private_key.file);
- EVP_PKEY_free(o->u.private_key.key);
- X509_free(o->u.private_key.cert);
- } else if (o->type == STO_T_PUBLIC_KEY) {
- EVP_PKEY_free(o->u.public_key);
- }
- free(o);
-}
-
-static struct st_object *
-add_st_object(void)
-{
- struct st_object *o, **objs;
-
- objs = realloc(soft_token.object.objs,
- (soft_token.object.num_objs + 1) *
- sizeof(soft_token.object.objs[0]));
- if (objs == NULL)
- return NULL;
- soft_token.object.objs = objs;
-
- o = calloc(1, sizeof(*o));
- if (o == NULL)
- return NULL;
- o->attrs = NULL;
- o->num_attributes = 0;
- o->object_handle = soft_token.object.num_objs;
-
- soft_token.object.objs[soft_token.object.num_objs++] = o;
- return o;
-}
-
-static CK_RV
-add_object_attribute(struct st_object *o,
- int secret,
- CK_ATTRIBUTE_TYPE type,
- CK_VOID_PTR pValue,
- CK_ULONG ulValueLen)
-{
- struct st_attr *a;
- int i;
-
- i = o->num_attributes;
- a = realloc(o->attrs, (i + 1) * sizeof(o->attrs[0]));
- if (a == NULL)
- return CKR_DEVICE_MEMORY;
- o->attrs = a;
- o->attrs[i].secret = secret;
- o->attrs[i].attribute.type = type;
- o->attrs[i].attribute.pValue = malloc(ulValueLen);
- if (o->attrs[i].attribute.pValue == NULL && ulValueLen != 0)
- return CKR_DEVICE_MEMORY;
- memcpy(o->attrs[i].attribute.pValue, pValue, ulValueLen);
- o->attrs[i].attribute.ulValueLen = ulValueLen;
- o->num_attributes++;
-
- return CKR_OK;
-}
-
-#ifdef HAVE_EVP_PKEY_GET_BN_PARAM
-
-/* Declare owner pointers since EVP_PKEY_get_bn_param() gives us copies. */
-#define DECLARE_BIGNUM(name) BIGNUM *name = NULL
-#define RELEASE_BIGNUM(bn) BN_clear_free(bn)
-static CK_RV
-get_bignums(EVP_PKEY *key, BIGNUM **n, BIGNUM **e)
-{
- if (EVP_PKEY_get_bn_param(key, "n", n) == 0 ||
- EVP_PKEY_get_bn_param(key, "e", e) == 0)
- return CKR_DEVICE_ERROR;
-
- return CKR_OK;
-}
-
-#else
-
-/* Declare const pointers since the old API gives us aliases. */
-#define DECLARE_BIGNUM(name) const BIGNUM *name
-#define RELEASE_BIGNUM(bn)
-static CK_RV
-get_bignums(EVP_PKEY *key, const BIGNUM **n, const BIGNUM **e)
-{
- const RSA *rsa;
-
- rsa = EVP_PKEY_get0_RSA(key);
- RSA_get0_key(rsa, n, e, NULL);
-
- return CKR_OK;
-}
-
-#endif
-
-static CK_RV
-add_pubkey_info(struct st_object *o, CK_KEY_TYPE key_type, EVP_PKEY *key)
-{
- CK_BYTE *modulus = NULL, *exponent = 0;
- size_t modulus_len = 0, exponent_len = 0;
- CK_ULONG modulus_bits = 0;
- CK_RV ret;
- DECLARE_BIGNUM(n);
- DECLARE_BIGNUM(e);
-
- if (key_type != CKK_RSA)
- abort();
-
- ret = get_bignums(key, &n, &e);
- if (ret != CKR_OK)
- goto done;
-
- modulus_bits = BN_num_bits(n);
- modulus_len = BN_num_bytes(n);
- exponent_len = BN_num_bytes(e);
-
- modulus = malloc(modulus_len);
- exponent = malloc(exponent_len);
- if (modulus == NULL || exponent == NULL) {
- ret = CKR_DEVICE_MEMORY;
- goto done;
- }
-
- BN_bn2bin(n, modulus);
- BN_bn2bin(e, exponent);
-
- add_object_attribute(o, 0, CKA_MODULUS, modulus, modulus_len);
- add_object_attribute(o, 0, CKA_MODULUS_BITS, &modulus_bits,
- sizeof(modulus_bits));
- add_object_attribute(o, 0, CKA_PUBLIC_EXPONENT, exponent, exponent_len);
-
- ret = CKR_OK;
-done:
- free(modulus);
- free(exponent);
- RELEASE_BIGNUM(n);
- RELEASE_BIGNUM(e);
- return ret;
-}
-
-static int
-pem_callback(char *buf, int num, int w, void *key)
-{
- return -1;
-}
-
-
-static CK_RV
-add_certificate(char *label,
- const char *cert_file,
- const char *private_key_file,
- char *id,
- int anchor)
-{
- struct st_object *o = NULL;
- CK_BBOOL bool_true = CK_TRUE;
- CK_BBOOL bool_false = CK_FALSE;
- CK_OBJECT_CLASS c;
- CK_CERTIFICATE_TYPE cert_type = CKC_X_509;
- CK_KEY_TYPE key_type;
- CK_MECHANISM_TYPE mech_type;
- void *cert_data = NULL;
- size_t cert_length;
- void *subject_data = NULL;
- size_t subject_length;
- void *issuer_data = NULL;
- size_t issuer_length;
- void *serial_data = NULL;
- size_t serial_length;
- CK_RV ret = CKR_GENERAL_ERROR;
- X509 *cert;
- EVP_PKEY *public_key;
-
- size_t id_len = strlen(id);
-
- {
- FILE *f;
-
- f = fopen(cert_file, "r");
- if (f == NULL) {
- st_logf("failed to open file %s\n", cert_file);
- return CKR_GENERAL_ERROR;
- }
-
- cert = PEM_read_X509(f, NULL, NULL, NULL);
- fclose(f);
- if (cert == NULL) {
- st_logf("failed reading PEM cert\n");
- return CKR_GENERAL_ERROR;
- }
-
- OPENSSL_ASN1_MALLOC_ENCODE(X509, cert_data, cert_length, cert, ret);
- if (ret)
- goto out;
-
- OPENSSL_ASN1_MALLOC_ENCODE(X509_NAME, issuer_data, issuer_length,
- X509_get_issuer_name(cert), ret);
- if (ret)
- goto out;
-
- OPENSSL_ASN1_MALLOC_ENCODE(X509_NAME, subject_data, subject_length,
- X509_get_subject_name(cert), ret);
- if (ret)
- goto out;
-
- OPENSSL_ASN1_MALLOC_ENCODE(ASN1_INTEGER, serial_data, serial_length,
- X509_get_serialNumber(cert), ret);
- if (ret)
- goto out;
-
- }
-
- st_logf("done parsing, adding to internal structure\n");
-
- o = add_st_object();
- if (o == NULL) {
- ret = CKR_DEVICE_MEMORY;
- goto out;
- }
- o->type = STO_T_CERTIFICATE;
- o->u.cert = X509_dup(cert);
- if (o->u.cert == NULL) {
- ret = CKR_DEVICE_MEMORY;
- goto out;
- }
- public_key = X509_get_pubkey(o->u.cert);
-
- switch (EVP_PKEY_base_id(public_key)) {
- case EVP_PKEY_RSA:
- key_type = CKK_RSA;
- break;
- case EVP_PKEY_DSA:
- key_type = CKK_DSA;
- break;
- default:
- st_logf("invalid key_type\n");
- ret = CKR_GENERAL_ERROR;
- goto out;
- }
-
- c = CKO_CERTIFICATE;
- add_object_attribute(o, 0, CKA_CLASS, &c, sizeof(c));
- add_object_attribute(o, 0, CKA_TOKEN, &bool_true, sizeof(bool_true));
- add_object_attribute(o, 0, CKA_PRIVATE, &bool_false, sizeof(bool_false));
- add_object_attribute(o, 0, CKA_MODIFIABLE, &bool_false, sizeof(bool_false));
- add_object_attribute(o, 0, CKA_LABEL, label, strlen(label));
-
- add_object_attribute(o, 0, CKA_CERTIFICATE_TYPE, &cert_type, sizeof(cert_type));
- add_object_attribute(o, 0, CKA_ID, id, id_len);
-
- add_object_attribute(o, 0, CKA_SUBJECT, subject_data, subject_length);
- add_object_attribute(o, 0, CKA_ISSUER, issuer_data, issuer_length);
- add_object_attribute(o, 0, CKA_SERIAL_NUMBER, serial_data, serial_length);
- add_object_attribute(o, 0, CKA_VALUE, cert_data, cert_length);
- if (anchor)
- add_object_attribute(o, 0, CKA_TRUSTED, &bool_true, sizeof(bool_true));
- else
- add_object_attribute(o, 0, CKA_TRUSTED, &bool_false, sizeof(bool_false));
-
- st_logf("add cert ok: %lx\n", (unsigned long)OBJECT_ID(o));
-
- o = add_st_object();
- if (o == NULL) {
- ret = CKR_DEVICE_MEMORY;
- goto out;
- }
- o->type = STO_T_PUBLIC_KEY;
- o->u.public_key = public_key;
-
- c = CKO_PUBLIC_KEY;
- add_object_attribute(o, 0, CKA_CLASS, &c, sizeof(c));
- add_object_attribute(o, 0, CKA_TOKEN, &bool_true, sizeof(bool_true));
- add_object_attribute(o, 0, CKA_PRIVATE, &bool_false, sizeof(bool_false));
- add_object_attribute(o, 0, CKA_MODIFIABLE, &bool_false, sizeof(bool_false));
- add_object_attribute(o, 0, CKA_LABEL, label, strlen(label));
-
- add_object_attribute(o, 0, CKA_KEY_TYPE, &key_type, sizeof(key_type));
- add_object_attribute(o, 0, CKA_ID, id, id_len);
- add_object_attribute(o, 0, CKA_START_DATE, "", 1); /* XXX */
- add_object_attribute(o, 0, CKA_END_DATE, "", 1); /* XXX */
- add_object_attribute(o, 0, CKA_DERIVE, &bool_false, sizeof(bool_false));
- add_object_attribute(o, 0, CKA_LOCAL, &bool_false, sizeof(bool_false));
- mech_type = CKM_RSA_X_509;
- add_object_attribute(o, 0, CKA_KEY_GEN_MECHANISM, &mech_type, sizeof(mech_type));
-
- add_object_attribute(o, 0, CKA_SUBJECT, subject_data, subject_length);
- add_object_attribute(o, 0, CKA_ENCRYPT, &bool_true, sizeof(bool_true));
- add_object_attribute(o, 0, CKA_VERIFY, &bool_true, sizeof(bool_true));
- add_object_attribute(o, 0, CKA_VERIFY_RECOVER, &bool_false, sizeof(bool_false));
- add_object_attribute(o, 0, CKA_WRAP, &bool_true, sizeof(bool_true));
- add_object_attribute(o, 0, CKA_TRUSTED, &bool_true, sizeof(bool_true));
-
- add_pubkey_info(o, key_type, public_key);
-
- st_logf("add key ok: %lx\n", (unsigned long)OBJECT_ID(o));
-
- if (private_key_file) {
- CK_FLAGS flags;
- FILE *f;
-
- o = add_st_object();
- if (o == NULL) {
- ret = CKR_DEVICE_MEMORY;
- goto out;
- }
- o->type = STO_T_PRIVATE_KEY;
- o->u.private_key.file = strdup(private_key_file);
- o->u.private_key.key = NULL;
-
- o->u.private_key.cert = X509_dup(cert);
- if (o->u.private_key.cert == NULL) {
- ret = CKR_DEVICE_MEMORY;
- goto out;
- }
-
- c = CKO_PRIVATE_KEY;
- add_object_attribute(o, 0, CKA_CLASS, &c, sizeof(c));
- add_object_attribute(o, 0, CKA_TOKEN, &bool_true, sizeof(bool_true));
- add_object_attribute(o, 0, CKA_PRIVATE, &bool_true, sizeof(bool_false));
- add_object_attribute(o, 0, CKA_MODIFIABLE, &bool_false, sizeof(bool_false));
- add_object_attribute(o, 0, CKA_LABEL, label, strlen(label));
-
- add_object_attribute(o, 0, CKA_KEY_TYPE, &key_type, sizeof(key_type));
- add_object_attribute(o, 0, CKA_ID, id, id_len);
- add_object_attribute(o, 0, CKA_START_DATE, "", 1); /* XXX */
- add_object_attribute(o, 0, CKA_END_DATE, "", 1); /* XXX */
- add_object_attribute(o, 0, CKA_DERIVE, &bool_false, sizeof(bool_false));
- add_object_attribute(o, 0, CKA_LOCAL, &bool_false, sizeof(bool_false));
- mech_type = CKM_RSA_X_509;
- add_object_attribute(o, 0, CKA_KEY_GEN_MECHANISM, &mech_type, sizeof(mech_type));
-
- add_object_attribute(o, 0, CKA_SUBJECT, subject_data, subject_length);
- add_object_attribute(o, 0, CKA_SENSITIVE, &bool_true, sizeof(bool_true));
- add_object_attribute(o, 0, CKA_SECONDARY_AUTH, &bool_false, sizeof(bool_true));
- flags = 0;
- add_object_attribute(o, 0, CKA_AUTH_PIN_FLAGS, &flags, sizeof(flags));
-
- add_object_attribute(o, 0, CKA_DECRYPT, &bool_true, sizeof(bool_true));
- add_object_attribute(o, 0, CKA_SIGN, &bool_true, sizeof(bool_true));
- add_object_attribute(o, 0, CKA_SIGN_RECOVER, &bool_false, sizeof(bool_false));
- add_object_attribute(o, 0, CKA_UNWRAP, &bool_true, sizeof(bool_true));
- add_object_attribute(o, 0, CKA_EXTRACTABLE, &bool_true, sizeof(bool_true));
- add_object_attribute(o, 0, CKA_NEVER_EXTRACTABLE, &bool_false, sizeof(bool_false));
-
- add_pubkey_info(o, key_type, public_key);
-
- f = fopen(private_key_file, "r");
- if (f == NULL) {
- st_logf("failed to open private key\n");
- return CKR_GENERAL_ERROR;
- }
-
- o->u.private_key.key = PEM_read_PrivateKey(f, NULL, pem_callback, NULL);
- fclose(f);
- if (o->u.private_key.key == NULL) {
- st_logf("failed to read private key a startup\n");
- /* don't bother with this failure for now,
- fix it at C_Login time */;
- } else {
- /* XXX verify keytype */
-
- if (X509_check_private_key(cert, o->u.private_key.key) != 1) {
- EVP_PKEY_free(o->u.private_key.key);
- o->u.private_key.key = NULL;
- st_logf("private key doesn't verify\n");
- } else {
- st_logf("private key usable\n");
- soft_token.flags.login_done = 1;
- }
- }
- }
-
- ret = CKR_OK;
-out:
- if (ret != CKR_OK) {
- st_logf("something went wrong when adding cert!\n");
-
- /* XXX wack o */;
- }
- free(cert_data);
- free(serial_data);
- free(issuer_data);
- free(subject_data);
- X509_free(cert);
-
- return ret;
-}
-
-static void
-find_object_final(struct session_state *state)
-{
- if (state->find.attributes) {
- CK_ULONG i;
-
- for (i = 0; i < state->find.num_attributes; i++) {
- if (state->find.attributes[i].pValue)
- free(state->find.attributes[i].pValue);
- }
- free(state->find.attributes);
- state->find.attributes = NULL;
- state->find.num_attributes = 0;
- state->find.next_object = -1;
- }
-}
-
-static void
-reset_crypto_state(struct session_state *state)
-{
- state->encrypt_object = -1;
- if (state->encrypt_mechanism)
- free(state->encrypt_mechanism);
- state->encrypt_mechanism = NULL_PTR;
- state->decrypt_object = -1;
- if (state->decrypt_mechanism)
- free(state->decrypt_mechanism);
- state->decrypt_mechanism = NULL_PTR;
- state->sign_object = -1;
- if (state->sign_mechanism)
- free(state->sign_mechanism);
- state->sign_mechanism = NULL_PTR;
- state->verify_object = -1;
- if (state->verify_mechanism)
- free(state->verify_mechanism);
- state->verify_mechanism = NULL_PTR;
- state->digest_object = -1;
-}
-
-static void
-close_session(struct session_state *state)
-{
- if (state->find.attributes) {
- application_error("application didn't do C_FindObjectsFinal\n");
- find_object_final(state);
- }
-
- state->session_handle = CK_INVALID_HANDLE;
- soft_token.application = NULL_PTR;
- soft_token.notify = NULL_PTR;
- reset_crypto_state(state);
-}
-
-static const char *
-has_session(void)
-{
- return soft_token.open_sessions > 0 ? "yes" : "no";
-}
-
-static void
-read_conf_file(const char *fn)
-{
- char buf[1024], *cert, *key, *id, *label, *s, *p;
- int anchor;
- FILE *f;
-
- f = fopen(fn, "r");
- if (f == NULL) {
- st_logf("can't open configuration file %s\n", fn);
- return;
- }
-
- while(fgets(buf, sizeof(buf), f) != NULL) {
- buf[strcspn(buf, "\n")] = '\0';
-
- anchor = 0;
-
- st_logf("line: %s\n", buf);
-
- p = buf;
- while (isspace(*p))
- p++;
- if (*p == '#')
- continue;
- while (isspace(*p))
- p++;
-
- s = NULL;
- id = strtok_r(p, "\t", &s);
- if (id == NULL)
- continue;
- label = strtok_r(NULL, "\t", &s);
- if (label == NULL)
- continue;
- cert = strtok_r(NULL, "\t", &s);
- if (cert == NULL)
- continue;
- key = strtok_r(NULL, "\t", &s);
-
- /* XXX */
- if (strcmp(id, "anchor") == 0) {
- id = "\x00\x00";
- anchor = 1;
- }
-
- st_logf("adding: %s\n", label);
-
- add_certificate(label, cert, key, id, anchor);
- }
-
- fclose(f);
-}
-
-static CK_RV
-func_not_supported(void)
-{
- st_logf("function not supported\n");
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-static char *
-get_rcfilename(void)
-{
- struct passwd *pw;
- const char *home = NULL;
- char *fn;
-
- if (getuid() == geteuid()) {
- fn = getenv("SOFTPKCS11RC");
- if (fn != NULL)
- return strdup(fn);
-
- home = getenv("HOME");
- }
-
- if (home == NULL) {
- pw = getpwuid(getuid());
- if (pw != NULL)
- home = pw->pw_dir;
- }
-
- if (home == NULL)
- return strdup("/etc/soft-token.rc");
-
- if (asprintf(&fn, "%s/.soft-token.rc", home) < 0)
- return NULL;
- return fn;
-}
-
-CK_RV
-C_Initialize(CK_VOID_PTR a)
-{
- CK_C_INITIALIZE_ARGS_PTR args = a;
- size_t i;
- char *fn;
-
- st_logf("Initialize\n");
-
- OpenSSL_add_all_algorithms();
- ERR_load_crypto_strings();
-
- for (i = 0; i < MAX_NUM_SESSION; i++) {
- soft_token.state[i].session_handle = CK_INVALID_HANDLE;
- soft_token.state[i].find.attributes = NULL;
- soft_token.state[i].find.num_attributes = 0;
- soft_token.state[i].find.next_object = -1;
- reset_crypto_state(&soft_token.state[i]);
- }
-
- soft_token.flags.hardware_slot = 1;
- soft_token.flags.app_error_fatal = 0;
- soft_token.flags.login_done = 0;
-
- soft_token.object.objs = NULL;
- soft_token.object.num_objs = 0;
-
- soft_token.logfile = NULL;
-#if 0
- soft_token.logfile = stdout;
-#endif
-#if 0
- soft_token.logfile = fopen("/tmp/log-pkcs11.txt", "a");
-#endif
-
- if (a != NULL_PTR) {
- st_logf("\tCreateMutex:\t%p\n", args->CreateMutex);
- st_logf("\tDestroyMutext\t%p\n", args->DestroyMutex);
- st_logf("\tLockMutext\t%p\n", args->LockMutex);
- st_logf("\tUnlockMutext\t%p\n", args->UnlockMutex);
- st_logf("\tFlags\t%04x\n", (unsigned int)args->flags);
- }
-
- soft_token.next_session_handle = 1;
-
- fn = get_rcfilename();
- if (fn == NULL)
- return CKR_DEVICE_MEMORY;
- read_conf_file(fn);
- free(fn);
- return CKR_OK;
-}
-
-CK_RV
-C_Finalize(CK_VOID_PTR args)
-{
- size_t i;
- int j;
-
- st_logf("Finalize\n");
-
- for (i = 0; i < MAX_NUM_SESSION; i++) {
- if (soft_token.state[i].session_handle != CK_INVALID_HANDLE) {
- application_error("application finalized without "
- "closing session\n");
- close_session(&soft_token.state[i]);
- }
- }
-
- for (j = 0; j < soft_token.object.num_objs; j++)
- free_st_object(soft_token.object.objs[j]);
- free(soft_token.object.objs);
- soft_token.object.objs = NULL;
- soft_token.object.num_objs = 0;
-
- return CKR_OK;
-}
-
-CK_RV
-C_GetInfo(CK_INFO_PTR args)
-{
- st_logf("GetInfo\n");
-
- memset(args, 17, sizeof(*args));
- args->cryptokiVersion.major = 2;
- args->cryptokiVersion.minor = 10;
- snprintf_fill((char *)args->manufacturerID,
- sizeof(args->manufacturerID),
- ' ',
- "SoftToken");
- snprintf_fill((char *)args->libraryDescription,
- sizeof(args->libraryDescription), ' ',
- "SoftToken");
- args->libraryVersion.major = 1;
- args->libraryVersion.minor = 8;
-
- return CKR_OK;
-}
-
-extern CK_FUNCTION_LIST funcs;
-
-CK_RV
-C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList)
-{
- *ppFunctionList = &funcs;
- return CKR_OK;
-}
-
-CK_RV
-C_GetSlotList(CK_BBOOL tokenPresent,
- CK_SLOT_ID_PTR pSlotList,
- CK_ULONG_PTR pulCount)
-{
- st_logf("GetSlotList: %s\n",
- tokenPresent ? "tokenPresent" : "token not Present");
- if (pSlotList)
- pSlotList[0] = 1;
- *pulCount = 1;
- return CKR_OK;
-}
-
-CK_RV
-C_GetSlotInfo(CK_SLOT_ID slotID,
- CK_SLOT_INFO_PTR pInfo)
-{
- st_logf("GetSlotInfo: slot: %d : %s\n", (int)slotID, has_session());
-
- memset(pInfo, 18, sizeof(*pInfo));
-
- if (slotID != 1)
- return CKR_ARGUMENTS_BAD;
-
- snprintf_fill((char *)pInfo->slotDescription,
- sizeof(pInfo->slotDescription),
- ' ',
- "SoftToken (slot)");
- snprintf_fill((char *)pInfo->manufacturerID,
- sizeof(pInfo->manufacturerID),
- ' ',
- "SoftToken (slot)");
- pInfo->flags = CKF_TOKEN_PRESENT;
- if (soft_token.flags.hardware_slot)
- pInfo->flags |= CKF_HW_SLOT;
- pInfo->hardwareVersion.major = 1;
- pInfo->hardwareVersion.minor = 0;
- pInfo->firmwareVersion.major = 1;
- pInfo->firmwareVersion.minor = 0;
-
- return CKR_OK;
-}
-
-CK_RV
-C_GetTokenInfo(CK_SLOT_ID slotID,
- CK_TOKEN_INFO_PTR pInfo)
-{
- st_logf("GetTokenInfo: %s\n", has_session());
-
- memset(pInfo, 19, sizeof(*pInfo));
-
- snprintf_fill((char *)pInfo->label,
- sizeof(pInfo->label),
- ' ',
- "SoftToken (token)");
- snprintf_fill((char *)pInfo->manufacturerID,
- sizeof(pInfo->manufacturerID),
- ' ',
- "SoftToken (token)");
- snprintf_fill((char *)pInfo->model,
- sizeof(pInfo->model),
- ' ',
- "SoftToken (token)");
- snprintf_fill((char *)pInfo->serialNumber,
- sizeof(pInfo->serialNumber),
- ' ',
- "4711");
- pInfo->flags =
- CKF_TOKEN_INITIALIZED |
- CKF_USER_PIN_INITIALIZED;
-
- if (soft_token.flags.login_done == 0)
- pInfo->flags |= CKF_LOGIN_REQUIRED;
-
- /* CFK_RNG |
- CKF_RESTORE_KEY_NOT_NEEDED |
- */
- pInfo->ulMaxSessionCount = MAX_NUM_SESSION;
- pInfo->ulSessionCount = soft_token.open_sessions;
- pInfo->ulMaxRwSessionCount = MAX_NUM_SESSION;
- pInfo->ulRwSessionCount = soft_token.open_sessions;
- pInfo->ulMaxPinLen = 1024;
- pInfo->ulMinPinLen = 0;
- pInfo->ulTotalPublicMemory = 4711;
- pInfo->ulFreePublicMemory = 4712;
- pInfo->ulTotalPrivateMemory = 4713;
- pInfo->ulFreePrivateMemory = 4714;
- pInfo->hardwareVersion.major = 2;
- pInfo->hardwareVersion.minor = 0;
- pInfo->firmwareVersion.major = 2;
- pInfo->firmwareVersion.minor = 0;
-
- return CKR_OK;
-}
-
-CK_RV
-C_GetMechanismList(CK_SLOT_ID slotID,
- CK_MECHANISM_TYPE_PTR pMechanismList,
- CK_ULONG_PTR pulCount)
-{
- st_logf("GetMechanismList\n");
-
- *pulCount = 2;
- if (pMechanismList == NULL_PTR)
- return CKR_OK;
- pMechanismList[0] = CKM_RSA_X_509;
- pMechanismList[1] = CKM_RSA_PKCS;
-
- return CKR_OK;
-}
-
-CK_RV
-C_GetMechanismInfo(CK_SLOT_ID slotID,
- CK_MECHANISM_TYPE type,
- CK_MECHANISM_INFO_PTR pInfo)
-{
- st_logf("GetMechanismInfo: slot %d type: %d\n",
- (int)slotID, (int)type);
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-C_InitToken(CK_SLOT_ID slotID,
- CK_UTF8CHAR_PTR pPin,
- CK_ULONG ulPinLen,
- CK_UTF8CHAR_PTR pLabel)
-{
- st_logf("InitToken: slot %d\n", (int)slotID);
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-C_OpenSession(CK_SLOT_ID slotID,
- CK_FLAGS flags,
- CK_VOID_PTR pApplication,
- CK_NOTIFY Notify,
- CK_SESSION_HANDLE_PTR phSession)
-{
- size_t i;
-
- st_logf("OpenSession: slot: %d\n", (int)slotID);
-
- if (soft_token.open_sessions == MAX_NUM_SESSION)
- return CKR_SESSION_COUNT;
-
- soft_token.application = pApplication;
- soft_token.notify = Notify;
-
- for (i = 0; i < MAX_NUM_SESSION; i++)
- if (soft_token.state[i].session_handle == CK_INVALID_HANDLE)
- break;
- if (i == MAX_NUM_SESSION)
- abort();
-
- soft_token.open_sessions++;
-
- soft_token.state[i].session_handle = soft_token.next_session_handle++;
- *phSession = soft_token.state[i].session_handle;
-
- return CKR_OK;
-}
-
-CK_RV
-C_CloseSession(CK_SESSION_HANDLE hSession)
-{
- struct session_state *state;
- st_logf("CloseSession\n");
-
- if (verify_session_handle(hSession, &state) != CKR_OK)
- application_error("closed session not open");
- else
- close_session(state);
-
- return CKR_OK;
-}
-
-CK_RV
-C_CloseAllSessions(CK_SLOT_ID slotID)
-{
- size_t i;
-
- st_logf("CloseAllSessions\n");
-
- for (i = 0; i < MAX_NUM_SESSION; i++)
- if (soft_token.state[i].session_handle != CK_INVALID_HANDLE)
- close_session(&soft_token.state[i]);
-
- return CKR_OK;
-}
-
-CK_RV
-C_GetSessionInfo(CK_SESSION_HANDLE hSession,
- CK_SESSION_INFO_PTR pInfo)
-{
- st_logf("GetSessionInfo\n");
-
- VERIFY_SESSION_HANDLE(hSession, NULL);
-
- memset(pInfo, 20, sizeof(*pInfo));
-
- pInfo->slotID = 1;
- if (soft_token.flags.login_done)
- pInfo->state = CKS_RO_USER_FUNCTIONS;
- else
- pInfo->state = CKS_RO_PUBLIC_SESSION;
- pInfo->flags = CKF_SERIAL_SESSION;
- pInfo->ulDeviceError = 0;
-
- return CKR_OK;
-}
-
-CK_RV
-C_Login(CK_SESSION_HANDLE hSession,
- CK_USER_TYPE userType,
- CK_UTF8CHAR_PTR pPin,
- CK_ULONG ulPinLen)
-{
- char *pin = NULL;
- int i;
-
- st_logf("Login\n");
-
- VERIFY_SESSION_HANDLE(hSession, NULL);
-
- if (pPin != NULL_PTR) {
- if (asprintf(&pin, "%.*s", (int)ulPinLen, pPin) < 0)
- return CKR_DEVICE_MEMORY;
- st_logf("type: %d password: %s\n", (int)userType, pin);
- }
-
- for (i = 0; i < soft_token.object.num_objs; i++) {
- struct st_object *o = soft_token.object.objs[i];
- FILE *f;
-
- if (o->type != STO_T_PRIVATE_KEY)
- continue;
-
- if (o->u.private_key.key)
- continue;
-
- f = fopen(o->u.private_key.file, "r");
- if (f == NULL) {
- st_logf("can't open private file: %s\n", o->u.private_key.file);
- continue;
- }
-
- o->u.private_key.key = PEM_read_PrivateKey(f, NULL, NULL, pin);
- fclose(f);
- if (o->u.private_key.key == NULL) {
- st_logf("failed to read key: %s error: %s\n",
- o->u.private_key.file,
- ERR_error_string(ERR_get_error(), NULL));
- /* just ignore failure */;
- continue;
- }
-
- /* XXX check keytype */
-
- if (X509_check_private_key(o->u.private_key.cert, o->u.private_key.key) != 1) {
- EVP_PKEY_free(o->u.private_key.key);
- o->u.private_key.key = NULL;
- st_logf("private key %s doesn't verify\n", o->u.private_key.file);
- continue;
- }
-
- soft_token.flags.login_done = 1;
- }
- free(pin);
-
- return soft_token.flags.login_done ? CKR_OK : CKR_PIN_INCORRECT;
-}
-
-CK_RV
-C_Logout(CK_SESSION_HANDLE hSession)
-{
- st_logf("Logout\n");
- VERIFY_SESSION_HANDLE(hSession, NULL);
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-C_GetObjectSize(CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,
- CK_ULONG_PTR pulSize)
-{
- st_logf("GetObjectSize\n");
- VERIFY_SESSION_HANDLE(hSession, NULL);
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-C_GetAttributeValue(CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount)
-{
- struct session_state *state;
- struct st_object *obj;
- CK_ULONG i;
- CK_RV ret;
- int j;
-
- st_logf("GetAttributeValue: %lx\n",
- (unsigned long)HANDLE_OBJECT_ID(hObject));
- VERIFY_SESSION_HANDLE(hSession, &state);
-
- if ((ret = object_handle_to_object(hObject, &obj)) != CKR_OK) {
- st_logf("object not found: %lx\n",
- (unsigned long)HANDLE_OBJECT_ID(hObject));
- return ret;
- }
-
- for (i = 0; i < ulCount; i++) {
- st_logf(" getting 0x%08lx\n", (unsigned long)pTemplate[i].type);
- for (j = 0; j < obj->num_attributes; j++) {
- if (obj->attrs[j].secret) {
- pTemplate[i].ulValueLen = (CK_ULONG)-1;
- break;
- }
- if (pTemplate[i].type == obj->attrs[j].attribute.type) {
- if (pTemplate[i].pValue != NULL_PTR && obj->attrs[j].secret == 0) {
- if (pTemplate[i].ulValueLen >= obj->attrs[j].attribute.ulValueLen)
- memcpy(pTemplate[i].pValue, obj->attrs[j].attribute.pValue,
- obj->attrs[j].attribute.ulValueLen);
- }
- pTemplate[i].ulValueLen = obj->attrs[j].attribute.ulValueLen;
- break;
- }
- }
- if (j == obj->num_attributes) {
- st_logf("key type: 0x%08lx not found\n", (unsigned long)pTemplate[i].type);
- pTemplate[i].ulValueLen = (CK_ULONG)-1;
- }
-
- }
- return CKR_OK;
-}
-
-CK_RV
-C_FindObjectsInit(CK_SESSION_HANDLE hSession,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount)
-{
- struct session_state *state;
-
- st_logf("FindObjectsInit\n");
-
- VERIFY_SESSION_HANDLE(hSession, &state);
-
- if (state->find.next_object != -1) {
- application_error("application didn't do C_FindObjectsFinal\n");
- find_object_final(state);
- }
- if (ulCount) {
- CK_ULONG i;
-
- print_attributes(pTemplate, ulCount);
-
- state->find.attributes =
- calloc(1, ulCount * sizeof(state->find.attributes[0]));
- if (state->find.attributes == NULL)
- return CKR_DEVICE_MEMORY;
- for (i = 0; i < ulCount; i++) {
- state->find.attributes[i].pValue =
- malloc(pTemplate[i].ulValueLen);
- if (state->find.attributes[i].pValue == NULL) {
- find_object_final(state);
- return CKR_DEVICE_MEMORY;
- }
- memcpy(state->find.attributes[i].pValue,
- pTemplate[i].pValue, pTemplate[i].ulValueLen);
- state->find.attributes[i].type = pTemplate[i].type;
- state->find.attributes[i].ulValueLen = pTemplate[i].ulValueLen;
- }
- state->find.num_attributes = ulCount;
- state->find.next_object = 0;
- } else {
- st_logf("find all objects\n");
- state->find.attributes = NULL;
- state->find.num_attributes = 0;
- state->find.next_object = 0;
- }
-
- return CKR_OK;
-}
-
-CK_RV
-C_FindObjects(CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE_PTR phObject,
- CK_ULONG ulMaxObjectCount,
- CK_ULONG_PTR pulObjectCount)
-{
- struct session_state *state;
- int i;
-
- st_logf("FindObjects\n");
-
- VERIFY_SESSION_HANDLE(hSession, &state);
-
- if (state->find.next_object == -1) {
- application_error("application didn't do C_FindObjectsInit\n");
- return CKR_ARGUMENTS_BAD;
- }
- if (ulMaxObjectCount == 0) {
- application_error("application asked for 0 objects\n");
- return CKR_ARGUMENTS_BAD;
- }
- *pulObjectCount = 0;
- for (i = state->find.next_object; i < soft_token.object.num_objs; i++) {
- st_logf("FindObjects: %d\n", i);
- state->find.next_object = i + 1;
- if (attributes_match(soft_token.object.objs[i],
- state->find.attributes,
- state->find.num_attributes)) {
- *phObject++ = soft_token.object.objs[i]->object_handle;
- ulMaxObjectCount--;
- (*pulObjectCount)++;
- if (ulMaxObjectCount == 0)
- break;
- }
- }
- return CKR_OK;
-}
-
-CK_RV
-C_FindObjectsFinal(CK_SESSION_HANDLE hSession)
-{
- struct session_state *state;
-
- st_logf("FindObjectsFinal\n");
- VERIFY_SESSION_HANDLE(hSession, &state);
- find_object_final(state);
- return CKR_OK;
-}
-
-static CK_RV
-commonInit(CK_ATTRIBUTE *attr_match, int attr_match_len,
- const CK_MECHANISM_TYPE *mechs, int mechs_len,
- const CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey,
- struct st_object **o)
-{
- CK_RV ret;
- int i;
-
- *o = NULL;
- if ((ret = object_handle_to_object(hKey, o)) != CKR_OK)
- return ret;
-
- ret = attributes_match(*o, attr_match, attr_match_len);
- if (!ret) {
- application_error("called commonInit on key that doesn't "
- "support required attr");
- return CKR_ARGUMENTS_BAD;
- }
-
- for (i = 0; i < mechs_len; i++)
- if (mechs[i] == pMechanism->mechanism)
- break;
- if (i == mechs_len) {
- application_error("called mech (%08lx) not supported\n",
- pMechanism->mechanism);
- return CKR_ARGUMENTS_BAD;
- }
- return CKR_OK;
-}
-
-
-static CK_RV
-dup_mechanism(CK_MECHANISM_PTR *dup, const CK_MECHANISM_PTR pMechanism)
-{
- CK_MECHANISM_PTR p;
-
- p = malloc(sizeof(*p));
- if (p == NULL)
- return CKR_DEVICE_MEMORY;
-
- if (*dup)
- free(*dup);
- *dup = p;
- memcpy(p, pMechanism, sizeof(*p));
-
- return CKR_OK;
-}
-
-
-CK_RV
-C_EncryptInit(CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey)
-{
- struct session_state *state;
- CK_MECHANISM_TYPE mechs[] = { CKM_RSA_PKCS, CKM_RSA_X_509 };
- CK_BBOOL bool_true = CK_TRUE;
- CK_ATTRIBUTE attr[] = {
- { CKA_ENCRYPT, &bool_true, sizeof(bool_true) }
- };
- struct st_object *o;
- CK_RV ret;
-
- st_logf("EncryptInit\n");
- VERIFY_SESSION_HANDLE(hSession, &state);
-
- ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]),
- mechs, sizeof(mechs)/sizeof(mechs[0]),
- pMechanism, hKey, &o);
- if (ret)
- return ret;
-
- ret = dup_mechanism(&state->encrypt_mechanism, pMechanism);
- if (ret == CKR_OK)
- state->encrypt_object = OBJECT_ID(o);
-
- return ret;
-}
-
-CK_RV
-C_Encrypt(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,
- CK_ULONG ulDataLen,
- CK_BYTE_PTR pEncryptedData,
- CK_ULONG_PTR pulEncryptedDataLen)
-{
- struct session_state *state;
- struct st_object *o;
- void *buffer = NULL;
- CK_RV ret;
- size_t buffer_len = 0;
- int padding;
- EVP_PKEY_CTX *ctx = NULL;
-
- st_logf("Encrypt\n");
-
- VERIFY_SESSION_HANDLE(hSession, &state);
-
- if (state->encrypt_object == -1)
- return CKR_ARGUMENTS_BAD;
-
- o = soft_token.object.objs[state->encrypt_object];
-
- if (o->u.public_key == NULL) {
- st_logf("public key NULL\n");
- return CKR_ARGUMENTS_BAD;
- }
-
- if (pulEncryptedDataLen == NULL) {
- st_logf("pulEncryptedDataLen NULL\n");
- ret = CKR_ARGUMENTS_BAD;
- goto out;
- }
-
- if (pData == NULL) {
- st_logf("data NULL\n");
- ret = CKR_ARGUMENTS_BAD;
- goto out;
- }
-
- switch(state->encrypt_mechanism->mechanism) {
- case CKM_RSA_PKCS:
- padding = RSA_PKCS1_PADDING;
- break;
- case CKM_RSA_X_509:
- padding = RSA_NO_PADDING;
- break;
- default:
- ret = CKR_FUNCTION_NOT_SUPPORTED;
- goto out;
- }
-
- ctx = EVP_PKEY_CTX_new(o->u.public_key, NULL);
- if (ctx == NULL || EVP_PKEY_encrypt_init(ctx) <= 0 ||
- EVP_PKEY_CTX_set_rsa_padding(ctx, padding) <= 0 ||
- EVP_PKEY_encrypt(ctx, NULL, &buffer_len, pData, ulDataLen) <= 0) {
- ret = CKR_DEVICE_ERROR;
- goto out;
- }
-
- buffer = OPENSSL_malloc(buffer_len);
- if (buffer == NULL) {
- ret = CKR_DEVICE_MEMORY;
- goto out;
- }
-
- if (EVP_PKEY_encrypt(ctx, buffer, &buffer_len, pData, ulDataLen) <= 0) {
- ret = CKR_DEVICE_ERROR;
- goto out;
- }
- st_logf("Encrypt done\n");
-
- if (pEncryptedData != NULL)
- memcpy(pEncryptedData, buffer, buffer_len);
- *pulEncryptedDataLen = buffer_len;
-
- ret = CKR_OK;
-out:
- OPENSSL_cleanse(buffer, buffer_len);
- OPENSSL_free(buffer);
- EVP_PKEY_CTX_free(ctx);
- return ret;
-}
-
-CK_RV
-C_EncryptUpdate(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen,
- CK_BYTE_PTR pEncryptedPart,
- CK_ULONG_PTR pulEncryptedPartLen)
-{
- st_logf("EncryptUpdate\n");
- VERIFY_SESSION_HANDLE(hSession, NULL);
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-
-CK_RV
-C_EncryptFinal(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pLastEncryptedPart,
- CK_ULONG_PTR pulLastEncryptedPartLen)
-{
- st_logf("EncryptFinal\n");
- VERIFY_SESSION_HANDLE(hSession, NULL);
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-
-/* C_DecryptInit initializes a decryption operation. */
-CK_RV
-C_DecryptInit(CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey)
-{
- struct session_state *state;
- CK_MECHANISM_TYPE mechs[] = { CKM_RSA_PKCS, CKM_RSA_X_509 };
- CK_BBOOL bool_true = CK_TRUE;
- CK_ATTRIBUTE attr[] = {
- { CKA_DECRYPT, &bool_true, sizeof(bool_true) }
- };
- struct st_object *o;
- CK_RV ret;
-
- st_logf("DecryptInit\n");
- VERIFY_SESSION_HANDLE(hSession, &state);
-
- ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]),
- mechs, sizeof(mechs)/sizeof(mechs[0]),
- pMechanism, hKey, &o);
- if (ret)
- return ret;
-
- ret = dup_mechanism(&state->decrypt_mechanism, pMechanism);
- if (ret == CKR_OK)
- state->decrypt_object = OBJECT_ID(o);
-
- return CKR_OK;
-}
-
-
-CK_RV
-C_Decrypt(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pEncryptedData,
- CK_ULONG ulEncryptedDataLen,
- CK_BYTE_PTR pData,
- CK_ULONG_PTR pulDataLen)
-{
- struct session_state *state;
- struct st_object *o;
- void *buffer = NULL;
- CK_RV ret;
- size_t buffer_len = 0;
- int padding;
- EVP_PKEY_CTX *ctx = NULL;
-
- st_logf("Decrypt\n");
-
- VERIFY_SESSION_HANDLE(hSession, &state);
-
- if (state->decrypt_object == -1)
- return CKR_ARGUMENTS_BAD;
-
- o = soft_token.object.objs[state->decrypt_object];
-
- if (o->u.private_key.key == NULL) {
- st_logf("private key NULL\n");
- return CKR_ARGUMENTS_BAD;
- }
-
- if (pulDataLen == NULL) {
- st_logf("pulDataLen NULL\n");
- ret = CKR_ARGUMENTS_BAD;
- goto out;
- }
-
- if (pEncryptedData == NULL_PTR) {
- st_logf("data NULL\n");
- ret = CKR_ARGUMENTS_BAD;
- goto out;
- }
-
- switch(state->decrypt_mechanism->mechanism) {
- case CKM_RSA_PKCS:
- padding = RSA_PKCS1_PADDING;
- break;
- case CKM_RSA_X_509:
- padding = RSA_NO_PADDING;
- break;
- default:
- ret = CKR_FUNCTION_NOT_SUPPORTED;
- goto out;
- }
-
- ctx = EVP_PKEY_CTX_new(o->u.private_key.key, NULL);
- if (ctx == NULL || EVP_PKEY_decrypt_init(ctx) <= 0 ||
- EVP_PKEY_CTX_set_rsa_padding(ctx, padding) <= 0 ||
- EVP_PKEY_decrypt(ctx, NULL, &buffer_len, pEncryptedData,
- ulEncryptedDataLen) <= 0) {
- ret = CKR_DEVICE_ERROR;
- goto out;
- }
-
- buffer = OPENSSL_malloc(buffer_len);
- if (buffer == NULL) {
- ret = CKR_DEVICE_MEMORY;
- goto out;
- }
-
- if (EVP_PKEY_decrypt(ctx, buffer, &buffer_len, pEncryptedData,
- ulEncryptedDataLen) <= 0) {
- ret = CKR_DEVICE_ERROR;
- goto out;
- }
- st_logf("Decrypt done\n");
-
- if (pData != NULL_PTR)
- memcpy(pData, buffer, buffer_len);
- *pulDataLen = buffer_len;
-
- ret = CKR_OK;
-out:
- OPENSSL_cleanse(buffer, buffer_len);
- OPENSSL_free(buffer);
- EVP_PKEY_CTX_free(ctx);
- return ret;
-}
-
-
-CK_RV
-C_DecryptUpdate(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pEncryptedPart,
- CK_ULONG ulEncryptedPartLen,
- CK_BYTE_PTR pPart,
- CK_ULONG_PTR pulPartLen)
-
-{
- st_logf("DecryptUpdate\n");
- VERIFY_SESSION_HANDLE(hSession, NULL);
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-
-CK_RV
-C_DecryptFinal(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pLastPart,
- CK_ULONG_PTR pulLastPartLen)
-{
- st_logf("DecryptFinal\n");
- VERIFY_SESSION_HANDLE(hSession, NULL);
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-C_DigestInit(CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism)
-{
- st_logf("DigestInit\n");
- VERIFY_SESSION_HANDLE(hSession, NULL);
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-C_SignInit(CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey)
-{
- struct session_state *state;
- CK_MECHANISM_TYPE mechs[] = { CKM_RSA_PKCS, CKM_RSA_X_509 };
- CK_BBOOL bool_true = CK_TRUE;
- CK_ATTRIBUTE attr[] = {
- { CKA_SIGN, &bool_true, sizeof(bool_true) }
- };
- struct st_object *o;
- CK_RV ret;
-
- st_logf("SignInit\n");
- VERIFY_SESSION_HANDLE(hSession, &state);
-
- ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]),
- mechs, sizeof(mechs)/sizeof(mechs[0]),
- pMechanism, hKey, &o);
- if (ret)
- return ret;
-
- ret = dup_mechanism(&state->sign_mechanism, pMechanism);
- if (ret == CKR_OK)
- state->sign_object = OBJECT_ID(o);
-
- return CKR_OK;
-}
-
-CK_RV
-C_Sign(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,
- CK_ULONG ulDataLen,
- CK_BYTE_PTR pSignature,
- CK_ULONG_PTR pulSignatureLen)
-{
- struct session_state *state;
- struct st_object *o;
- void *buffer = NULL;
- CK_RV ret;
- int padding;
- size_t buffer_len = 0;
- EVP_PKEY_CTX *ctx = NULL;
-
- st_logf("Sign\n");
- VERIFY_SESSION_HANDLE(hSession, &state);
-
- if (state->sign_object == -1)
- return CKR_ARGUMENTS_BAD;
-
- o = soft_token.object.objs[state->sign_object];
-
- if (o->u.private_key.key == NULL) {
- st_logf("private key NULL\n");
- return CKR_ARGUMENTS_BAD;
- }
-
- if (pulSignatureLen == NULL) {
- st_logf("signature len NULL\n");
- ret = CKR_ARGUMENTS_BAD;
- goto out;
- }
-
- if (pData == NULL_PTR) {
- st_logf("data NULL\n");
- ret = CKR_ARGUMENTS_BAD;
- goto out;
- }
-
- switch(state->sign_mechanism->mechanism) {
- case CKM_RSA_PKCS:
- padding = RSA_PKCS1_PADDING;
- break;
- case CKM_RSA_X_509:
- padding = RSA_NO_PADDING;
- break;
- default:
- ret = CKR_FUNCTION_NOT_SUPPORTED;
- goto out;
- }
-
- ctx = EVP_PKEY_CTX_new(o->u.private_key.key, NULL);
- if (ctx == NULL || EVP_PKEY_sign_init(ctx) <= 0 ||
- EVP_PKEY_CTX_set_rsa_padding(ctx, padding) <= 0 ||
- EVP_PKEY_sign(ctx, NULL, &buffer_len, pData, ulDataLen) <= 0) {
- ret = CKR_DEVICE_ERROR;
- goto out;
- }
-
- buffer = OPENSSL_malloc(buffer_len);
- if (buffer == NULL) {
- ret = CKR_DEVICE_MEMORY;
- goto out;
- }
-
- if (EVP_PKEY_sign(ctx, buffer, &buffer_len, pData, ulDataLen) <= 0) {
- ret = CKR_DEVICE_ERROR;
- goto out;
- }
- st_logf("Sign done\n");
-
- if (pSignature != NULL)
- memcpy(pSignature, buffer, buffer_len);
- *pulSignatureLen = buffer_len;
-
- ret = CKR_OK;
-out:
- OPENSSL_cleanse(buffer, buffer_len);
- OPENSSL_free(buffer);
- EVP_PKEY_CTX_free(ctx);
- return ret;
-}
-
-CK_RV
-C_SignUpdate(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen)
-{
- st_logf("SignUpdate\n");
- VERIFY_SESSION_HANDLE(hSession, NULL);
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-
-CK_RV
-C_SignFinal(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pSignature,
- CK_ULONG_PTR pulSignatureLen)
-{
- st_logf("SignUpdate\n");
- VERIFY_SESSION_HANDLE(hSession, NULL);
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-C_VerifyInit(CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey)
-{
- struct session_state *state;
- CK_MECHANISM_TYPE mechs[] = { CKM_RSA_PKCS, CKM_RSA_X_509 };
- CK_BBOOL bool_true = CK_TRUE;
- CK_ATTRIBUTE attr[] = {
- { CKA_VERIFY, &bool_true, sizeof(bool_true) }
- };
- struct st_object *o;
- CK_RV ret;
-
- st_logf("VerifyInit\n");
- VERIFY_SESSION_HANDLE(hSession, &state);
-
- ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]),
- mechs, sizeof(mechs)/sizeof(mechs[0]),
- pMechanism, hKey, &o);
- if (ret)
- return ret;
-
- ret = dup_mechanism(&state->verify_mechanism, pMechanism);
- if (ret == CKR_OK)
- state->verify_object = OBJECT_ID(o);
-
- return ret;
-}
-
-CK_RV
-C_Verify(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,
- CK_ULONG ulDataLen,
- CK_BYTE_PTR pSignature,
- CK_ULONG ulSignatureLen)
-{
- struct session_state *state;
- struct st_object *o;
- CK_RV ret;
- int padding;
- EVP_PKEY_CTX *ctx = NULL;
-
- st_logf("Verify\n");
- VERIFY_SESSION_HANDLE(hSession, &state);
-
- if (state->verify_object == -1)
- return CKR_ARGUMENTS_BAD;
-
- o = soft_token.object.objs[state->verify_object];
-
- if (o->u.public_key == NULL) {
- st_logf("public key NULL\n");
- return CKR_ARGUMENTS_BAD;
- }
-
- if (pSignature == NULL) {
- st_logf("signature NULL\n");
- ret = CKR_ARGUMENTS_BAD;
- goto out;
- }
-
- if (pData == NULL_PTR) {
- st_logf("data NULL\n");
- ret = CKR_ARGUMENTS_BAD;
- goto out;
- }
-
- switch(state->verify_mechanism->mechanism) {
- case CKM_RSA_PKCS:
- padding = RSA_PKCS1_PADDING;
- break;
- case CKM_RSA_X_509:
- padding = RSA_NO_PADDING;
- break;
- default:
- ret = CKR_FUNCTION_NOT_SUPPORTED;
- goto out;
- }
-
- ctx = EVP_PKEY_CTX_new(o->u.public_key, NULL);
- if (ctx == NULL || EVP_PKEY_verify_init(ctx) <= 0 ||
- EVP_PKEY_CTX_set_rsa_padding(ctx, padding) <= 0 ||
- EVP_PKEY_verify(ctx, pSignature, ulSignatureLen, pData,
- ulDataLen) <= 0) {
- ret = CKR_DEVICE_ERROR;
- goto out;
- }
- st_logf("Verify done\n");
-
- ret = CKR_OK;
-out:
- EVP_PKEY_CTX_free(ctx);
- return ret;
-}
-
-CK_RV
-C_VerifyUpdate(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen)
-{
- st_logf("VerifyUpdate\n");
- VERIFY_SESSION_HANDLE(hSession, NULL);
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-C_VerifyFinal(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pSignature,
- CK_ULONG ulSignatureLen)
-{
- st_logf("VerifyFinal\n");
- VERIFY_SESSION_HANDLE(hSession, NULL);
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-C_GenerateRandom(CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR RandomData,
- CK_ULONG ulRandomLen)
-{
- st_logf("GenerateRandom\n");
- VERIFY_SESSION_HANDLE(hSession, NULL);
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_FUNCTION_LIST funcs = {
- { 2, 11 },
- C_Initialize,
- C_Finalize,
- C_GetInfo,
- C_GetFunctionList,
- C_GetSlotList,
- C_GetSlotInfo,
- C_GetTokenInfo,
- C_GetMechanismList,
- C_GetMechanismInfo,
- C_InitToken,
- (void *)func_not_supported, /* C_InitPIN */
- (void *)func_not_supported, /* C_SetPIN */
- C_OpenSession,
- C_CloseSession,
- C_CloseAllSessions,
- C_GetSessionInfo,
- (void *)func_not_supported, /* C_GetOperationState */
- (void *)func_not_supported, /* C_SetOperationState */
- C_Login,
- C_Logout,
- (void *)func_not_supported, /* C_CreateObject */
- (void *)func_not_supported, /* C_CopyObject */
- (void *)func_not_supported, /* C_DestroyObject */
- (void *)func_not_supported, /* C_GetObjectSize */
- C_GetAttributeValue,
- (void *)func_not_supported, /* C_SetAttributeValue */
- C_FindObjectsInit,
- C_FindObjects,
- C_FindObjectsFinal,
- C_EncryptInit,
- C_Encrypt,
- C_EncryptUpdate,
- C_EncryptFinal,
- C_DecryptInit,
- C_Decrypt,
- C_DecryptUpdate,
- C_DecryptFinal,
- C_DigestInit,
- (void *)func_not_supported, /* C_Digest */
- (void *)func_not_supported, /* C_DigestUpdate */
- (void *)func_not_supported, /* C_DigestKey */
- (void *)func_not_supported, /* C_DigestFinal */
- C_SignInit,
- C_Sign,
- C_SignUpdate,
- C_SignFinal,
- (void *)func_not_supported, /* C_SignRecoverInit */
- (void *)func_not_supported, /* C_SignRecover */
- C_VerifyInit,
- C_Verify,
- C_VerifyUpdate,
- C_VerifyFinal,
- (void *)func_not_supported, /* C_VerifyRecoverInit */
- (void *)func_not_supported, /* C_VerifyRecover */
- (void *)func_not_supported, /* C_DigestEncryptUpdate */
- (void *)func_not_supported, /* C_DecryptDigestUpdate */
- (void *)func_not_supported, /* C_SignEncryptUpdate */
- (void *)func_not_supported, /* C_DecryptVerifyUpdate */
- (void *)func_not_supported, /* C_GenerateKey */
- (void *)func_not_supported, /* C_GenerateKeyPair */
- (void *)func_not_supported, /* C_WrapKey */
- (void *)func_not_supported, /* C_UnwrapKey */
- (void *)func_not_supported, /* C_DeriveKey */
- (void *)func_not_supported, /* C_SeedRandom */
- C_GenerateRandom,
- (void *)func_not_supported, /* C_GetFunctionStatus */
- (void *)func_not_supported, /* C_CancelFunction */
- (void *)func_not_supported /* C_WaitForSlotEvent */
-};
diff --git a/src/tests/softpkcs11/softpkcs11.exports b/src/tests/softpkcs11/softpkcs11.exports
deleted file mode 100644
index aa7284511..000000000
--- a/src/tests/softpkcs11/softpkcs11.exports
+++ /dev/null
@@ -1,39 +0,0 @@
-C_CloseAllSessions
-C_CloseSession
-C_Decrypt
-C_DecryptFinal
-C_DecryptInit
-C_DecryptUpdate
-C_DigestInit
-C_Encrypt
-C_EncryptFinal
-C_EncryptInit
-C_EncryptUpdate
-C_Finalize
-C_FindObjects
-C_FindObjectsFinal
-C_FindObjectsInit
-C_GenerateRandom
-C_GetAttributeValue
-C_GetFunctionList
-C_GetInfo
-C_GetMechanismInfo
-C_GetMechanismList
-C_GetObjectSize
-C_GetSessionInfo
-C_GetSlotInfo
-C_GetSlotList
-C_GetTokenInfo
-C_Initialize
-C_InitToken
-C_Login
-C_Logout
-C_OpenSession
-C_Sign
-C_SignFinal
-C_SignInit
-C_SignUpdate
-C_Verify
-C_VerifyFinal
-C_VerifyInit
-C_VerifyUpdate
More information about the cvs-krb5
mailing list