diff options
| author | Dimitri John Ledkov <xnox@ubuntu.com> | 2016-07-19 10:06:59 +0100 |
|---|---|---|
| committer | Dimitri John Ledkov <xnox@ubuntu.com> | 2016-07-19 10:06:59 +0100 |
| commit | ffba8d1153e208ef4b84b2745ebf08b9ea88eef1 (patch) | |
| tree | adf4905628039adcf98d7aeb37748786c303c039 | |
| parent | e50c0877b9345688a2200def9e4c952d4ccb34b4 (diff) | |
| parent | 4e49c3971ddd0d456bd2909e3de6be8d46054862 (diff) | |
Record opencryptoki (3.5+dfsg-1) in archive suite sid
48 files changed, 4398 insertions, 679 deletions
@@ -1,3 +1,16 @@ +* opencryptoki 3.5 +- Full Coverity scan fixes. +- Fixes for compiler warnings. +- Added support for C_GetObjectSize in icsf token. +- Various bug fixes and memory leak fixes. +- Removed global read permissions from token files. +- Added missing PKCS#11v2.2 constants. +- Fix for symbol resolution issue seen in Fedora 22 and 23 for + ep11 and cca tokens. +- Improvements in socket read operation when a token comes up. +- Replaced 32 bit CCA API declarations with latest header from + version 5.0 libsculcca rpm. + * opencryptoki 3.4.1 - fix 32-bit compiler error for ep11 - fix buffer overflow for cca token @@ -14,7 +27,7 @@ - The soft, cca, ep11, and icsf tokens support HMAC single and multipart for SHA1, SHA256, SHA384, and SHA512. - CCA token, a secure key token, can now import AES, DES3 and - Genric Secret keys. + Generic Secret keys. - Add -Wall and fix various compiler warnings. - Coverity scan cleanup. - Additional test vectors and various testcase improvements made. @@ -1,5 +1,5 @@ opencryptoki README -Package version 3.4.1 +Package version 3.5 Please see NEWS for additional version 3 information. @@ -136,7 +136,7 @@ main directory and do the following: CONFIGURATION See: - http://www-128.ibm.com/developerworks/security/library/s-pkcs/index.html + https://www.ibm.com/support/knowledgecenter/linuxonibm/com.ibm.linux.z.lxce/lxce_stackoverview.html openCryptoki defaults to be usable by anyone who is in the group ``pkcs11''. diff --git a/configure.in b/configure.in index c0d745a..ce37f7f 100644 --- a/configure.in +++ b/configure.in @@ -1,5 +1,5 @@ dnl Process this file with autoconf to produce a configure script. -AC_INIT([openCryptoki],[3.4.1],[opencryptoki-tech@lists.sourceforge.net]) +AC_INIT([openCryptoki],[3.5],[opencryptoki-tech@lists.sourceforge.net]) dnl Needed for $target! AC_CANONICAL_SYSTEM @@ -554,7 +554,7 @@ fi AM_CONDITIONAL([ENABLE_PKCSEP11_MIGRATE], [test "x$enable_pkcsep11_migrate" = "xyes"]) -CFLAGS="$CFLAGS -DPKCS64 -D_XOPEN_SOURCE=500 -Wall -Wno-pointer-sign" +CFLAGS="$CFLAGS -DPKCS64 -D_XOPEN_SOURCE=600 -Wall -Wno-pointer-sign" CFLAGS+=' -DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" -DSBIN_PATH=\"$(sbindir)\" -DLIB_PATH=\"$(libdir)\" -DLOCKDIR_PATH=\"$(lockdir)\" -DOCK_CONFDIR=\"$(sysconfdir)/opencryptoki\" -DOCK_LOGDIR=\"$(logdir)\"' diff --git a/debian/changelog b/debian/changelog index f4e9bd0..91bf3c1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,14 @@ +opencryptoki (3.5+dfsg-1) unstable; urgency=low + + * QA upload. + * New upstream release. + * Add extra symlink to the unversioned libopencrypto.so in the -dev + package. + * Add missing links for cca, ep11, icsf, and ica tokens. + * New upstream release + + -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 19 Jul 2016 10:06:59 +0100 + opencryptoki (3.4.1+dfsg-1) unstable; urgency=low * QA upload. diff --git a/debian/libopencryptoki-dev.links b/debian/libopencryptoki-dev.links new file mode 100644 index 0000000..2b6f60c --- /dev/null +++ b/debian/libopencryptoki-dev.links @@ -0,0 +1 @@ +usr/lib/opencryptoki/libopencryptoki.so usr/lib/libopencryptoki.so diff --git a/debian/libopencryptoki0.links b/debian/libopencryptoki0.links new file mode 100644 index 0000000..3ebff9a --- /dev/null +++ b/debian/libopencryptoki0.links @@ -0,0 +1,3 @@ +usr/lib/libpkcs11_sw.so.0 usr/lib/libpkcs11_sw.so +usr/lib/libpkcs11_tpm.so.0 usr/lib/libpkcs11_tpm.so +usr/lib/libpkcs11_cca.so.0 usr/lib/libpkcs11_cca.so diff --git a/debian/libopencryptoki0.links.s390x b/debian/libopencryptoki0.links.s390x new file mode 100644 index 0000000..00edda7 --- /dev/null +++ b/debian/libopencryptoki0.links.s390x @@ -0,0 +1,6 @@ +usr/lib/libpkcs11_sw.so.0 usr/lib/libpkcs11_sw.so +usr/lib/libpkcs11_tpm.so.0 usr/lib/libpkcs11_tpm.so +usr/lib/libpkcs11_cca.so.0 usr/lib/libpkcs11_cca.so +usr/lib/libpkcs11_ep11.so.0 usr/lib/libpkcs11_ep11.so +usr/lib/libpkcs11_ica.so.0 usr/lib/libpkcs11_ica.so +usr/lib/libpkcs11_icsf.so.0 usr/lib/libpkcs11_icsf.so diff --git a/debian/patches/spelling.patch b/debian/patches/spelling.patch index cc11136..f451b62 100644 --- a/debian/patches/spelling.patch +++ b/debian/patches/spelling.patch @@ -1,8 +1,6 @@ -Index: opencryptoki/man/man1/pkcsicsf.1.in -=================================================================== ---- opencryptoki.orig/man/man1/pkcsicsf.1.in -+++ opencryptoki/man/man1/pkcsicsf.1.in -@@ -29,7 +29,7 @@ One of these mechanisms must be entered +--- a/man/man1/pkcsicsf.1.in ++++ b/man/man1/pkcsicsf.1.in +@@ -29,7 +29,7 @@ ICSF tokens or when adding an ICSF token. Opencryptoki currently supports adding only one ICSF token. @@ -11,16 +9,3 @@ Index: opencryptoki/man/man1/pkcsicsf.1.in ldap configs, such as ldap.conf or .ldaprc for bind and authentication information or set the bind and authentication information within opencryptoki by using this utility and its options. -Index: opencryptoki/usr/lib/pkcs11/api/socket_client.c -=================================================================== ---- opencryptoki.orig/usr/lib/pkcs11/api/socket_client.c -+++ opencryptoki/usr/lib/pkcs11/api/socket_client.c -@@ -348,7 +348,7 @@ init_socket_data() { - bytes_received = read(socketfd, &daemon_socket_data, - sizeof(daemon_socket_data)); - if (bytes_received != sizeof(daemon_socket_data)) { -- OCK_SYSLOG(LOG_ERR, "init_socket_data: did not recieve expected number of bytes from slot manager daemon. Expected %zd bytes, got %d bytes.", -+ OCK_SYSLOG(LOG_ERR, "init_socket_data: did not receive expected number of bytes from slot manager daemon. Expected %zd bytes, got %d bytes.", - sizeof(daemon_socket_data), bytes_received); - } - diff --git a/debian/watch b/debian/watch index d78bb60..c0b15dc 100644 --- a/debian/watch +++ b/debian/watch @@ -1,4 +1,4 @@ version=3 opts=dversionmangle=s/\+dfsg$// \ -http://sf.net/opencryptoki/opencryptoki-v(.*)\.tgz \ +http://sf.net/opencryptoki/opencryptoki-v?(.*)\.tgz \ debian /bin/sh debian/uscan-dfsg-clean.sh diff --git a/usr/include/pkcs11/local_types.h b/usr/include/pkcs11/local_types.h index 1607d11..c931dd7 100755 --- a/usr/include/pkcs11/local_types.h +++ b/usr/include/pkcs11/local_types.h @@ -332,7 +332,7 @@ struct btree struct btnode *bt_get_node(struct btree *t, unsigned long node_num); void *bt_get_node_value(struct btree *t, unsigned long node_num); -inline int bt_is_empty(struct btree *t); +int bt_is_empty(struct btree *t); void bt_for_each_node(struct btree *t, void (*)(void *, unsigned long, void *), void *); unsigned long bt_nodes_in_use(struct btree *t); unsigned long bt_node_add(struct btree *t, void *value); diff --git a/usr/include/pkcs11/pkcs11types.h b/usr/include/pkcs11/pkcs11types.h index 03fc464..885f29a 100755 --- a/usr/include/pkcs11/pkcs11types.h +++ b/usr/include/pkcs11/pkcs11types.h @@ -721,6 +721,10 @@ typedef CK_ULONG CK_CERTIFICATE_TYPE; * v2.0 */ typedef CK_ULONG CK_ATTRIBUTE_TYPE; +/* The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which + * consists of an array of values. */ +#define CKF_ARRAY_ATTRIBUTE 0x40000000 + /* The following attribute types are defined: */ #define CKA_CLASS 0x00000000 #define CKA_TOKEN 0x00000001 @@ -795,6 +799,9 @@ typedef CK_ULONG CK_ATTRIBUTE_TYPE; #define CKA_RESET_ON_INIT 0x00000301 #define CKA_HAS_RESET 0x00000302 +#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000211UL) +#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000212UL) + #define CKA_VENDOR_DEFINED 0x80000000 /* For use in storing objects that have an encrypted or otherwise diff --git a/usr/lib/pkcs11/api/api_interface.c b/usr/lib/pkcs11/api/api_interface.c index ae52d04..2f1a97f 100755 --- a/usr/lib/pkcs11/api/api_interface.c +++ b/usr/lib/pkcs11/api/api_interface.c @@ -1616,6 +1616,9 @@ CK_RV C_Finalize(CK_VOID_PTR pReserved) trace_finalize(); + //close the lock file descriptor here to avoid memory leak + XProcClose(); + return CKR_OK; } // end of C_Finalize @@ -2214,8 +2217,7 @@ C_GetMechanismList(CK_SLOT_ID slotID, API_Slot_t *sltp; STDLL_FcnList_t *fcn; - TRACE_INFO("C_GetMechanismList (%lu %p %lu)\n", slotID, - pMechanismList, *pulCount); + TRACE_INFO("C_GetMechanismList\n"); if (API_Initialized() == FALSE) { TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED)); return CKR_CRYPTOKI_NOT_INITIALIZED; @@ -2225,6 +2227,10 @@ C_GetMechanismList(CK_SLOT_ID slotID, TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD)); return CKR_ARGUMENTS_BAD; } + + TRACE_DEVEL("Slot %lu MechList %p Count %lu\n", + slotID, pMechanismList, *pulCount); + // Null PMechanism is valid to get a count of mechanisms if (slotID >= NUMBER_SLOTS_MANAGED) { @@ -2502,7 +2508,7 @@ CK_RV C_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) Slot_Info_t *sinfp; Slot_Mgr_Socket_t *shData = &(Anchor->SocketDataP); - TRACE_INFO("C_GetSlotInfo Slot=%d ptr=%x\n", slotID, pInfo); + TRACE_INFO("C_GetSlotInfo Slot=%d ptr=%p\n", slotID, pInfo); if (API_Initialized() == FALSE) { TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED)); return CKR_CRYPTOKI_NOT_INITIALIZED; @@ -2562,7 +2568,6 @@ C_GetSlotList(CK_BBOOL tokenPresent, #endif TRACE_INFO("C_GetSlotList\n"); - TRACE_DEVEL(" Pres %d Count %lu\n", tokenPresent, *pulCount); if (API_Initialized() == FALSE) { TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED)); return CKR_CRYPTOKI_NOT_INITIALIZED; @@ -2573,6 +2578,7 @@ C_GetSlotList(CK_BBOOL tokenPresent, TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_FAILED)); return CKR_FUNCTION_FAILED; } + TRACE_DEVEL(" Pres %d Count %lu\n", tokenPresent, *pulCount); sinfp = shData->slot_info; count = 0; diff --git a/usr/lib/pkcs11/api/apiproto.h b/usr/lib/pkcs11/api/apiproto.h index d787a76..36c5ce9 100755 --- a/usr/lib/pkcs11/api/apiproto.h +++ b/usr/lib/pkcs11/api/apiproto.h @@ -320,6 +320,7 @@ int DL_Load_and_Init(API_Slot_t *, CK_SLOT_ID); CK_RV CreateXProcLock(void); CK_RV XProcLock(void); CK_RV XProcUnLock(void); +CK_RV XProcClose(void); void _init(void); void get_sess_count(CK_SLOT_ID, CK_ULONG *); diff --git a/usr/lib/pkcs11/api/apiutil.c b/usr/lib/pkcs11/api/apiutil.c index b125a63..ce0dc18 100755 --- a/usr/lib/pkcs11/api/apiutil.c +++ b/usr/lib/pkcs11/api/apiutil.c @@ -369,6 +369,16 @@ CK_RV XProcUnLock(void) return CKR_OK; } +CK_RV XProcClose(void) +{ + if (xplfd != -1) + close(xplfd); + else + TRACE_DEVEL("XProcClose: No file descriptor open to close.\n"); + + return CKR_OK; +} + unsigned long AddToSessionList(ST_SESSION_T * pSess) { unsigned long handle; diff --git a/usr/lib/pkcs11/api/socket_client.c b/usr/lib/pkcs11/api/socket_client.c index 5b6f467..81ef502 100644 --- a/usr/lib/pkcs11/api/socket_client.c +++ b/usr/lib/pkcs11/api/socket_client.c @@ -295,6 +295,7 @@ #include <unistd.h> #include <grp.h> #include <errno.h> +#include <stdlib.h> #include "apiproto.h" #include "slotmgr.h" @@ -310,8 +311,9 @@ init_socket_data() { struct sockaddr_un daemon_address; struct stat file_info; struct group *grp; - int bytes_received; - Slot_Mgr_Socket_t daemon_socket_data; + int n, bytes_received = 0; + Slot_Mgr_Socket_t *daemon_socket_data = NULL; + int ret = FALSE; if (stat(SOCKET_FILE_PATH, &file_info)) { OCK_SYSLOG(LOG_ERR, "init_socket_data: failed to find socket file, errno=%d", errno); @@ -339,23 +341,58 @@ init_socket_data() { strcpy(daemon_address.sun_path, SOCKET_FILE_PATH); if (connect(socketfd, (struct sockaddr *) &daemon_address, - sizeof(struct sockaddr_un)) != 0) { - OCK_SYSLOG(LOG_ERR, "init_socket_data: failed to connect to slot manager daemon, errno=%d", errno); - close(socketfd); - return FALSE; + sizeof(struct sockaddr_un)) != 0) { + OCK_SYSLOG(LOG_ERR, "init_socket_data: failed to connect to slotmanager daemon, errno=%d", + errno); + goto exit; } - bytes_received = read(socketfd, &daemon_socket_data, - sizeof(daemon_socket_data)); - if (bytes_received != sizeof(daemon_socket_data)) { - OCK_SYSLOG(LOG_ERR, "init_socket_data: did not receive expected number of bytes from slot manager daemon. Expected %zd bytes, got %d bytes.", - sizeof(daemon_socket_data), bytes_received); + // allocate data buffer + daemon_socket_data = (Slot_Mgr_Socket_t*) malloc(sizeof(*daemon_socket_data)); + if (!daemon_socket_data) { + OCK_SYSLOG(LOG_ERR, "init_socket_data: failed to \ + allocate %lu bytes \ + for daemon data, errno=%d", + sizeof(*daemon_socket_data), errno); + goto exit; } - close(socketfd); + while (bytes_received < sizeof(*daemon_socket_data)) { + n = read(socketfd, ((char*)daemon_socket_data)+bytes_received, + sizeof(*daemon_socket_data)-bytes_received); + if (n < 0) { + // read error + if (errno == EINTR) + continue; + OCK_SYSLOG(LOG_ERR, "init_socket_data: read error \ + on daemon socket, errno=%d", errno ); + goto exit; + } else if (n == 0) { + // eof but we still expect some bytes + OCK_SYSLOG(LOG_ERR, "init_socket_data: read returned \ + with eof but we still \ + expect %lu bytes from daemon", + sizeof(*daemon_socket_data)-bytes_received); + goto exit; + } else { + // n > 0, we got some bytes + bytes_received += n; + } + } + + ret = TRUE; - memcpy(&(Anchor->SocketDataP), &daemon_socket_data, - sizeof(Slot_Mgr_Socket_t)); + // copy the Slot_Mgr_Socket_t struct into global + // Anchor SocketDataPdata buffer + memcpy(&(Anchor->SocketDataP), daemon_socket_data, + sizeof(*daemon_socket_data)); + +exit: + //free the data buffer after copy + if (daemon_socket_data) + free(daemon_socket_data); + + close(socketfd); - return TRUE; + return ret; } diff --git a/usr/lib/pkcs11/cca_stdll/cca_func.h b/usr/lib/pkcs11/cca_stdll/cca_func.h new file mode 100644 index 0000000..b97ffc7 --- /dev/null +++ b/usr/lib/pkcs11/cca_stdll/cca_func.h @@ -0,0 +1,1294 @@ +/******************************************************************************/ +/* Licensed Materials Property of IBM */ +/* (C) Copyright IBM Corporation, 1997, 2016 */ +/* All Rights Reserved */ +/* US Government Users Restricted Rights - */ +/* Use, duplication or disclosure restricted by */ +/* GSA ADP Schedule Contract with IBM Corp. */ +/******************************************************************************/ +/* */ +/* This header file contains the Security API C language */ +/* prototypes. See the user publications for more information. */ +/* */ +/******************************************************************************/ + +/* Clear Key Import */ +typedef void (**CSNBCKI_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + unsigned char * clear_key, + unsigned char * target_key_identifier); + +/* Clear Key Import Multiple */ +typedef void (*CSNBCKM_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * clear_key_length, + unsigned char * clear_key, + unsigned char * target_key_identifier); + +/* Data Key Export */ +typedef void (*CSNBDKX_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + unsigned char * source_key_identifier, + unsigned char * exporter_key_identifier, + unsigned char * target_key_token); + +/* Data Key Import */ +typedef void (*CSNBDKM_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + unsigned char * source_key_token, + unsigned char * importer_key_identifier, + unsigned char * target_key_identifier); + +/* DES Master Key Process */ +typedef void (*CSNBMKP_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * key_part); + +/* Key Export */ +typedef void (*CSNBKEX_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + unsigned char * key_type, + unsigned char * source_key_identifier, + unsigned char * exporter_key_identifier, + unsigned char * target_key_token); + +/* Key Generate */ +typedef void (*CSNBKGN_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + unsigned char * key_form, + unsigned char * key_length, + unsigned char * key_type_1, + unsigned char * key_type_2, + unsigned char * KEK_key_identifier_1, + unsigned char * KEK_key_identifier_2, + unsigned char * generated_key_identifier_1, + unsigned char * generated_key_identifier_2); + +/* Key Generate2 */ +typedef void (*CSNBKGN2_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * clear_key_bit_length, + unsigned char * key_type_1, + unsigned char * key_type_2, + long * key_name_1_length, + unsigned char * key_name_1, + long * key_name_2_length, + unsigned char * key_name_2, + long * user_associated_data_1_length, + unsigned char * user_associated_data_1, + long * user_associated_data_2_length, + unsigned char * user_associated_data_2, + long * key_encrypting_key_identifier_1_length, + unsigned char * key_encrypting_key_identifier_1, + long * key_encrypting_key_identifier_2_length, + unsigned char * key_encrypting_key_identifier_2, + long * generated_key_identifier_1_length, + unsigned char * generated_key_identifier_1, + long * generated_key_identifier_2_length, + unsigned char * generated_key_identifier_2); + +/* Key Import */ +typedef void (*CSNBKIM_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + unsigned char * key_type, + unsigned char * source_key_token, + unsigned char * importer_key_identifier, + unsigned char * target_key_identifier); + +/* Key Part Import */ +typedef void (*CSNBKPI_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * key_part, + unsigned char * key_identifier); + +/* Key Part Import2 */ +typedef void (*CSNBKPI2_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * clear_key_part_length, + unsigned char * clear_key_part, + long * key_identifier_length, + unsigned char * key_identifier); + +/* Key Storage Initialization */ +typedef void (*CSNBKSI_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * file_name_length, + unsigned char * file_name, + long * description_length, + unsigned char * description, + unsigned char * clear_master_key); + +/* Key Record Create */ +typedef void (*CSNBKRC_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + unsigned char * key_label); +/* AES Key Record Create */ +typedef void (*CSNBAKRC_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + unsigned char * key_label, + long * key_token_length, + unsigned char * key_token); + +/* Key Record Delete */ +typedef void (*CSNBKRD_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * key_identifier); + +/* Key Record List */ +typedef void (*CSNBKRL_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + unsigned char * key_label, + long * data_set_name_length, + unsigned char * data_set_name, + unsigned char * security_server_name); + +/* Key Record Read */ +typedef void (*CSNBKRR_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + unsigned char * key_label, + unsigned char * key_token); + +/* Key Record Write */ +typedef void (*CSNBKRW_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + unsigned char * key_token, + unsigned char * key_label); + +/* PKA Key Record Create */ +typedef void (*CSNDKRC_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * key_label, + long * key_token_length, + unsigned char * key_token); + +/* PKA Key Record Delete */ +typedef void (*CSNDKRD_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * key_identifier); + +/* PKA Key Record List */ +typedef void (*CSNDKRL_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * key_label, + long * data_set_name_length, + unsigned char * data_set_name, + unsigned char * security_server_name); + +/* PKA Key Record Read */ +typedef void (*CSNDKRR_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * key_label, + long * key_token_length, + unsigned char * key_token); + +/* PKA Key Record Write */ +typedef void (*CSNDKRW_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * key_label, + long * key_token_length, + unsigned char * key_token ); + +/* Key Test */ +typedef void (*CSNBKYT_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * key_identifier, + unsigned char * random_number, + unsigned char * verification_pattern); + +/* Key Test Extended @b3a*/ +typedef void (*CSNBKYTX_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * key_identifier, + unsigned char * random_number, + unsigned char * verification_pattern, + unsigned char * kek_key_identifier); + +/* Des Key Token Change */ +typedef void (*CSNBKTC_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * key_identifier); + +/* Key Translate */ +typedef void (*CSNBKTR_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + unsigned char * input_key_token, + unsigned char * input_KEK_key_identifier, + unsigned char * output_KEK_key_identifier, + unsigned char * output_key_token); + +/* Random Number Generate */ +typedef void (*CSNBRNG_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + unsigned char * form, + unsigned char * random_number); + +typedef void (*CSNBSAE_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * key_identifier_length, + unsigned char * key_identifier, + long * key_params_length, + unsigned char * key_params, + long * block_size, + long * initialization_vector_length, + unsigned char * initialization_vector, + long * chaining_vector_length, + unsigned char * chaining_vector, + long * text_length, + unsigned char * text, + long * ciphertext_length, + unsigned char * ciphertext, + long * optional_data_length, + unsigned char * optional_data); + +typedef void (*CSNBSAD_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * key_identifier_length, + unsigned char * key_identifier, + long * key_params_length, + unsigned char * key_params, + long * block_size, + long * initialization_vector_length, + unsigned char * initialization_vector, + long * chaining_vector_length, + unsigned char * chaining_vector, + long * ciphertext_length, + unsigned char * ciphertext, + long * text_length, + unsigned char * text, + long * optional_data_length, + unsigned char * optional_data); + +/* Decipher */ +typedef void (*CSNBDEC_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + unsigned char * key_identifier, + long * text_length, + unsigned char * ciphertext, + unsigned char * initialization_vector, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * chaining_vector, + unsigned char * plaintext); + +/* Encipher */ +typedef void (*CSNBENC_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + unsigned char * key_identifier, + long * text_length, + unsigned char * plaintext, + unsigned char * initialization_vector, + long * rule_array_count, + unsigned char * rule_array, + long * pad_character, + unsigned char * chaining_vector, + unsigned char * ciphertext); + +/* MAC Generate */ +typedef void (*CSNBMGN_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + unsigned char * key_identifier, + long * text_length, + unsigned char * text, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * chaining_vector, + unsigned char * MAC); + +/* MAC Verify */ +typedef void (*CSNBMVR_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + unsigned char * key_identifier, + long * text_length, + unsigned char * text, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * chaining_vector, + unsigned char * MAC); + +/* Key Token Build */ +typedef void (*CSNBKTB_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + unsigned char * key_token, + unsigned char * key_type, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * key_value, + void * reserved_field_1, + long * reserved_field_2, + unsigned char * reserved_field_3, + unsigned char * control_vector, + unsigned char * reserved_field_4, + long * reserved_field_5, + unsigned char * reserved_field_6, + unsigned char * master_key_verification_number ); + + +/* Key Token Build2 */ +typedef void (*CSNBKTB2_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * clear_key_bit_length, + unsigned char * clear_key_value, + long * key_name_length, + unsigned char * key_name, + long * user_associated_data_length, + unsigned char * user_associated_data, + long * token_data_length, + unsigned char * token_data, + long * reserved_length, + unsigned char * reserved, + long * target_key_token_length, + unsigned char * target_key_token); + +/* PKA Key Generate */ +typedef void (*CSNDPKG_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * regeneration_data_length, + unsigned char * regeneration_data, + long * skeleton_key_token_length, + unsigned char * skeleton_key_token, + unsigned char * transport_key_identifier, + long * generated_key_identifier_length, + unsigned char * generated_key_identifier); + +/* PKA Key Token Build */ +typedef void (*CSNDPKB_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * key_values_structure_length, + unsigned char * key_values_structure, + long * key_name_ln, + unsigned char * key_name, + long * reserved_1_length, + unsigned char * reserved_1, + long * reserved_2_length, + unsigned char * reserved_2, + long * reserved_3_length, + unsigned char * reserved_3, + long * reserved_4_length, + unsigned char * reserved_4, + long * reserved_5_length, + unsigned char * reserved_5, + long * token_length, + unsigned char * token); + +/* One Way Hash */ +typedef void (*CSNBOWH_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * text_length, + unsigned char * text, + long * chaining_vector_length, + unsigned char * chaining_vector, + long * hash_length, + unsigned char * hash); + +/* PKA Key Import */ +typedef void (*CSNDPKI_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * source_key_token_length, + unsigned char * source_key_token, + unsigned char * importer_key_identifier, + long * target_key_identifier_length, + unsigned char * target_key_identifier); + +/* Digital Signature Generate */ +typedef void (*CSNDDSG_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * PKA_private_key_id_length, + unsigned char * PKA_private_key_id, + long * hash_length, + unsigned char * hash, + long * signature_field_length, + long * signature_bit_length, + unsigned char * signature_field); + +/* Digital Signature Verify */ +typedef void (*CSNDDSV_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * PKA_public_key_id_length, + unsigned char * PKA_public_key_id, + long * hash_length, + unsigned char * hash, + long * signature_field_length, + unsigned char * signature_field); + +/* PKA Key Token Change */ +typedef void (*CSNDKTC_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * key_id_length, + unsigned char * key_id); + +/* PKA Public Key Extract */ +typedef void (*CSNDPKX_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * source_key_identifier_length, + unsigned char * source_key_identifier, + long * target_key_token_length, + unsigned char * target_key_token); + +/* PKA Symmetric Key Import */ +typedef void (*CSNDSYI_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * RSA_enciphered_key_length, + unsigned char * RSA_enciphered_key, + long * RSA_private_key_identifier_len, + unsigned char * RSA_private_key_identifier, + long * target_key_identifier_length, + unsigned char * target_key_identifier); + +/* PKA Symmetric Key Export */ +typedef void (*CSNDSYX_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * source_key_identifier_length, + unsigned char * source_key_identifier, + long * RSA_public_key_identifier_len, + unsigned char * RSA_public_key_identifier, + long * RSA_enciphered_key_length, + unsigned char * RSA_enciphered_key); + +/* Crypto Facility Query */ +typedef void (*CSUACFQ_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * verb_data_length, + unsigned char * verb_data); + +/* Crypto Facility Control */ +typedef void (*CSUACFC_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * verb_data_length, + unsigned char * verb_data); + +/* Compose SET Block */ +typedef void (*CSNDSBC_t)(long * ReturnCode, + long * ReasonCode, + long * ExitDataLength, + unsigned char * ExitData, + long * RuleArrayCount, + unsigned char * RuleArray, + unsigned char * BlockContentsIdentifier, + long * XDataStringLength, + unsigned char * XDataString, + long * DataToEncryptLength, + unsigned char * DataToEncrypt, + long * DataToHashLength, + unsigned char * DataToHash, + unsigned char * InitializationVector, + long * RSAPublicKeyIdentifierLength, + unsigned char * RSAPublicKeyIdentifier, + long * DESKeyBLockLength, + unsigned char * DESKeyBlock, + long * RSAOAEPBlockLength, + unsigned char * RSAOAEPBlock, + unsigned char * ChainingVector, + unsigned char * DESEncryptedDataBlock ); + +/* Decompose SET Block */ +typedef void (*CSNDSBD_t)(long * ReturnCode, + long * ReasonCode, + long * ExitDataLength, + unsigned char * ExitData, + long * RuleArrayCount, + unsigned char * RuleArray, + long * RSAOAEPBlockLength, + unsigned char * RSAOAEPBlock, + long * DESEncryptedDataBlockLength, + unsigned char * DESEncryptedDataBlock, + unsigned char * InitializationVector, + long * RSAPrivateKeyIdentifierLength, + unsigned char * RSAPrivateKeyIdentifier, + long * DESKeyBLockLength, + unsigned char * DESKeyBlock, + unsigned char * BlockContentsIdentifier, + long * XDataStringLength, + unsigned char * XDataString, + unsigned char * ChainingVector, + unsigned char * DataBlock, + long * HashBlockLength, + unsigned char * HashBlock ); + +/* Access Control Logon */ +typedef void (*CSUALCT_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * user_id, + long * auth_parm_length, + unsigned char * auth_parm, + long * auth_data_length, + unsigned char * auth_data); + +/* Access Control Maintenance */ +typedef void (*CSUAACM_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * name, + long * output_data_length, + unsigned char * output_data); + +/* Access Control Initialization */ +typedef void (*CSUAACI_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * verb_data_1_length, + unsigned char * verb_data_1, + long * verb_data_2_length, + unsigned char * verb_data_2); + + +/* PKA Public Key Hash Register */ +typedef void (*CSNDPKH_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * public_key_name, + long * hash_data_length, + unsigned char * hash_data); + + +/* PKA Public Key Register */ +typedef void (*CSNDPKR_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * public_key_name, + long * public_key_certificate_length, + unsigned char * public_key_certificate); + + +/* Master Key Distribution */ +typedef void (*CSUAMKD_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * share_index, + unsigned char * private_key_name, + unsigned char * certifying_key_name, + long * certificate_length, + unsigned char * certificate, + long * clone_info_encrypting_key_length, + unsigned char * clone_info_encrypting_key, + long * clone_info_length, + unsigned char * clone_info); + + +/* Retained Key Delete */ +typedef void (*CSNDRKD_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * key_label); + + +/* Retained Key List */ +typedef void (*CSNDRKL_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * key_label_mask, + long * retained_keys_count, + long * key_labels_count, + unsigned char * key_labels); + +/* Symmetric Key Generate */ +typedef void (*CSNDSYG_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * key_encrypting_key, + long * rsapub_key_length, + unsigned char * rsapub_key, + long * locenc_key_length, + unsigned char * locenc_key, + long * rsaenc_key_length, + unsigned char * rsaenc_key); + + +/* Encrypted PIN Translate */ +typedef void (*CSNBPTR_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + unsigned char * in_PIN_enc_key_id, + unsigned char * out_PIN_enc_key_id, + unsigned char * in_PIN_profile, + unsigned char * in_PAN_data, + unsigned char * in_PIN_blk, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * out_PIN_profile, + unsigned char * out_PAN_data, + long * sequence_number, + unsigned char * put_PIN_blk); + + +/* Clear PIN Encrypt */ +typedef void (*CSNBCPE_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + unsigned char * PIN_enc_key_id, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * clear_PIN, + unsigned char * PIN_profile, + unsigned char * PAN_data, + long * sequence_number, + unsigned char * encrypted_PIN_blk); + + +/* Clear PIN Generate Alternate */ +typedef void (*CSNBCPA_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + unsigned char * PIN_enc_key_id, + unsigned char * PIN_gen_key_id, + unsigned char * PIN_profile, + unsigned char * PAN_data, + unsigned char * encrypted_PIN_blk, + long * rule_array_count, + unsigned char * rule_array, + long * PIN_check_length, + unsigned char * data_array, + unsigned char * returned_result); + + +/* Clear PIN Generate */ +typedef void (*CSNBPGN_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + unsigned char * PIN_gen_key_id, + long * rule_array_count, + unsigned char * rule_array, + long * PIN_length, + long * PIN_check_length, + unsigned char * data_array, + unsigned char * returned_result); + + +/* Encrypted PIN Verify */ +typedef void (*CSNBPVR_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + unsigned char * PIN_enc_key_id, + unsigned char * PIN_ver_key_id, + unsigned char * PIN_profile, + unsigned char * PAN_data, + unsigned char * encrypted_PIN_blk, + long * rule_array_count, + unsigned char * rule_array, + long * PIN_check_length, + unsigned char * data_array); + +/* Diversified Key Generate */ +typedef void (*CSNBDKG_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * generating_key_id, + long * data_length, + unsigned char * data, + unsigned char * decrypting_key_id, + unsigned char * generated_key_id); + +/* Encrypted PIN Generate */ +typedef void (*CSNBEPG_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + unsigned char * PIN_gen_key_id, + unsigned char * outPIN_enc_key_id, + long * rule_array_count, + unsigned char * rule_array, + long * PIN_length, + unsigned char * data_array, + unsigned char * outPIN_profile, + unsigned char * PAN_data, + long * sequence_number, + unsigned char * encrypted_PIN_blk); + +/* Cryptographic Variable Encipher */ +typedef void (*CSNBCVE_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + unsigned char * cvarenc_key_id, + long * text_length, + unsigned char * plain_text, + unsigned char * init_vector, + unsigned char * cipher_text); + +/* CVV Generate */ +typedef void (*CSNBCSG_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * PAN_data, + unsigned char * expiration_date, + unsigned char * service_code, + unsigned char * key_a_id, + unsigned char * key_b_id, + unsigned char * generated_cvv); + +/* CVV Verify */ +typedef void (*CSNBCSV_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * PAN_data, + unsigned char * expiration_date, + unsigned char * service_code, + unsigned char * key_a_id, + unsigned char * key_b_id, + unsigned char * generated_cvv); + +/* Control Vector Generate */ +typedef void (*CSNBCVG_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + unsigned char * key_type, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * reserved_field_1, + unsigned char * control_vector); + +/* Key Token Parse */ +typedef void (*CSNBKTP_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + unsigned char * key_token, + unsigned char * key_type, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * key_value, + void * master_key_verification_pattern_v03, + long * reserved_field_1, + unsigned char * reserved_field_2, + unsigned char * control_vector, + unsigned char * reserved_field_3, + long * reserved_field_4, + unsigned char * reserved_field_5, + unsigned char * master_key_verification_pattern_v00); + +/* PKA Encrypt */ +typedef void (*CSNDPKE_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * key_value_length, + unsigned char * key_value, + long * data_struct_length, + unsigned char * data_struct, + long * RSA_public_key_length, + unsigned char * RSA_public_key, + long * RSA_encipher_length, + unsigned char * RSA_encipher); + +/* PKA Decrypt */ +typedef void (*CSNDPKD_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * enciphered_key_length, + unsigned char * enciphered_key, + long * data_struct_length, + unsigned char * data_struct, + long * RSA_private_key_length, + unsigned char * RSA_private_key, + long * key_value_length, + unsigned char * key_value); + +/* Prohibit Export */ +typedef void (*CSNBPEX_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + unsigned char * key_identifier); + +/* Prohibit Export Extended */ +typedef void (*CSNBPEXX_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + unsigned char * Source_key_token, + unsigned char * Kek_key_identifier); + +/* Random Number/Known Answer Test */ +typedef void (*CSUARNT_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array); + +/* Control Vector Translate */ +typedef void (*CSNBCVT_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + unsigned char * kek_key_identifier, + unsigned char * source_key_token, + unsigned char * array_key_left, + unsigned char * mask_array_left, + unsigned char * array_key_right, + unsigned char * mask_array_right, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * target_key_token); + +/* MDC Generate */ +typedef void (*CSNBMDG_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * text_length, + unsigned char * text_data, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * chaining_vector, + unsigned char * MDC); + +/* Cryptographic Resource Allocate */ +typedef void (*CSUACRA_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * resource_name_length, + unsigned char * resource_name); + +/* Cryptographic Resource Deallocate */ +typedef void (*CSUACRD_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * resource_name_length, + unsigned char * resource_name); + +/* Transaction Validation */ +typedef void (*CSNBTRV_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * transaction_key_length, + unsigned char * transaction_key, + long * transaction_info_length, + unsigned char * transaction_info, + long * validation_values_length, + unsigned char * validation_values); + +/* Secure Messaging for Keys */ +typedef void (*CSNBSKY_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * input_key_indentifier, + unsigned char * key_encrypting_key, + unsigned char * session_key, + long * text_length, + unsigned char * clear_text, + unsigned char * initialization_vector, + long * key_offset, + long * key_offset_field_length, + unsigned char * cipher_text, + unsigned char * output_chaining_value); + +/* Secure Messaging for PINs */ +typedef void (*CSNBSPN_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * in_PIN_blk, + unsigned char * in_PIN_enc_key_id, + unsigned char * in_PIN_profile, + unsigned char * in_PAN_data, + unsigned char * secmsg_key, + unsigned char * out_PIN_profile, + unsigned char * out_PAN_data, + long * text_length, + unsigned char * clear_text, + unsigned char * initialization_vector, + long * PIN_offset, + long * PIN_offset_field_length, + unsigned char * cipher_text, + unsigned char * output_chaining_value); + +/* PIN Change/Unblock */ +typedef void (*CSNBPCU_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * authenticationMasterKeyLength, + unsigned char * authenticationMasterKey, + long * issuerMasterKeyLength, + unsigned char * issuerMasterKey, + long * keyGenerationDataLength, + unsigned char * keyGenerationData, + long * newRefPinKeyLength, + unsigned char * newRefPinKey, + unsigned char * newRefPinBlock, + unsigned char * newRefPinProfile, + unsigned char * newRefPanData, + long * currentRefPinKeyLength, + unsigned char * currentRefPinKey, + unsigned char * currentRefPinBlock, + unsigned char * currentRefPinProfile, + unsigned char * currentRefPanData, + long * outputPinDataLength, + unsigned char * outputPinData, + unsigned char * outputPinProfile, + long * outputPinMessageLength, + unsigned char * outputPinMessage); + +/* PCF/CUSP Key Conversion */ +typedef void (*CSUAPCV_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * KEK_key_identifier_length, + unsigned char * KEK_key_identifier, + long * PCF_key_list_length, + unsigned char * PCF_key_list, + long * output_key_list_length, + unsigned char * output_key_list); + +/*Process Request Block*/ +typedef void (*CSUAPRB_t)(long * pReturnCode, + long * pReasonCode, + long * pExitDataLength, + unsigned char * pExitData, + long * pRuleArrayCount, + unsigned char * pRuleArray, + long * pSourceLength, + unsigned char * pSource, + long * pOutFileNameLength, + unsigned char * pOutFileName, + long * pReplyLength, + unsigned char * pReply); + +/* Diffie-Hellman Key Load */ +typedef void (*CSUADHK_t)(long * ReturnCode, + long * ReasonCode, + long * ExitDataLength, + unsigned char * ExitData, + long * RuleArrayCount, + unsigned char * RuleArray, + unsigned char * DHModulus, + unsigned char * DHGenerator, + unsigned char * DHKeyPart, + long * TransportKeyHashLength, + unsigned char * TransportKeyHash, + unsigned char * Reserved1, + unsigned char * Reserved2, + unsigned char * Reserved3, + unsigned char * Reserved4); + +/* Diffie-Hellman Key Query */ +typedef void (*CSUADHQ_t)(long * ReturnCode, + long * ReasonCode, + long * ExitDataLength, + unsigned char * ExitData, + long * RuleArrayCount, + unsigned char * RuleArray, + unsigned char * DHModulus, + unsigned char * DHGenerator, + unsigned char * DHKeyPart, + long * TransportKeyHashLength, + unsigned char * TransportKeyHash, + unsigned char * Reserved1, + unsigned char * Reserved2, + unsigned char * Reserved3, + unsigned char * Reserved4); + +/* Trusted Block Create */ +typedef void (*CSNDTBC_t)( long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * input_block_length, + unsigned char * input_block_identifier, + unsigned char * transport_key_identifier, + long * trusted_blokc_length, + unsigned char * trusted_blokc_identifier ); + +/* Remote Key Export */ +typedef void (*CSNDRKX_t)( long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * trusted_block_length, + unsigned char * trusted_block_identifier, + long * certificate_length, + unsigned char * certificate, + long * certificate_parms_length, + unsigned char * certificate_parms, + long * transport_key_length, + unsigned char * transport_key_identifier, + long * rule_id_length, + unsigned char * rule_id, + long * export_key_kek_length, + unsigned char * export_key_kek_identifier, + long * export_key_length, + unsigned char * export_key_identifier, + long * asym_encrypted_key_length, + unsigned char * asym_encrypted_key, + long * sym_encrypted_key_length, + unsigned char * sym_encrypted_key, + long * extra_data_length, + unsigned char * extra_data, + long * key_check_parameters_length, + unsigned char * key_check_parameters, + long * key_check_length, + unsigned char * key_check_value ); + +/* Key Encryption Translate */ +typedef void (*CSNBKET_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * kek_identifier_length, + unsigned char * kek_identifier, + long * key_in_length, + unsigned char * key_in, + long * key_out_length, + unsigned char * key_out); + + +/* HMAC Generate */ +typedef void (*CSNBHMG_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * key_identifier_length, + unsigned char * key_identifier, + long * message_text_length, + unsigned char * message_text, + long * chaining_vector_length, + unsigned char * chaining_vector, + long * MAC_length, + unsigned char * MAC_text); + +/* HMAC Verify */ +typedef void (*CSNBHMV_t)(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * key_identifier_length, + unsigned char * key_identifier, + long * message_text_length, + unsigned char * message_text, + long * chaining_vector_length, + unsigned char * chaining_vector, + long * MAC_length, + unsigned char * MAC_text); diff --git a/usr/lib/pkcs11/cca_stdll/cca_specific.c b/usr/lib/pkcs11/cca_stdll/cca_specific.c index 750eed5..671ab16 100644 --- a/usr/lib/pkcs11/cca_stdll/cca_specific.c +++ b/usr/lib/pkcs11/cca_stdll/cca_specific.c @@ -32,6 +32,7 @@ #include "csulincl.h" #include "ec_defs.h" #include "trace.h" +#include "cca_func.h" CK_CHAR manuf[] = "IBM Corp."; CK_CHAR model[] = "IBM CCA Token"; @@ -40,6 +41,100 @@ CK_CHAR label[] = "IBM PKCS#11 for CCA"; #define CCASHAREDLIB "libcsulcca.so" +static CSNBCKI_t dll_CSNBCKI; +static CSNBCKM_t dll_CSNBCKM; +static CSNBDKX_t dll_CSNBDKX; +static CSNBDKM_t dll_CSNBDKM; +static CSNBMKP_t dll_CSNBMKP; +static CSNBKEX_t dll_CSNBKEX; +static CSNBKGN_t dll_CSNBKGN; +static CSNBKGN2_t dll_CSNBKGN2; +static CSNBKIM_t dll_CSNBKIM; +static CSNBKPI_t dll_CSNBKPI; +static CSNBKPI2_t dll_CSNBKPI2; +static CSNBKSI_t dll_CSNBKSI; +static CSNBKRC_t dll_CSNBKRC; +static CSNBAKRC_t dll_CSNBAKRC; +static CSNBKRD_t dll_CSNBKRD; +static CSNBKRL_t dll_CSNBKRL; +static CSNBKRR_t dll_CSNBKRR; +static CSNBKRW_t dll_CSNBKRW; +static CSNDKRC_t dll_CSNDKRC; +static CSNDKRD_t dll_CSNDKRD; +static CSNDKRL_t dll_CSNDKRL; +static CSNDKRR_t dll_CSNDKRR; +static CSNDKRW_t dll_CSNDKRW; +static CSNBKYT_t dll_CSNBKYT; +static CSNBKYTX_t dll_CSNBKYTX; +static CSNBKTC_t dll_CSNBKTC; +static CSNBKTR_t dll_CSNBKTR; +static CSNBRNG_t dll_CSNBRNG; +static CSNBSAE_t dll_CSNBSAE; +static CSNBSAD_t dll_CSNBSAD; +static CSNBDEC_t dll_CSNBDEC; +static CSNBENC_t dll_CSNBENC; +static CSNBMGN_t dll_CSNBMGN; +static CSNBMVR_t dll_CSNBMVR; +static CSNBKTB_t dll_CSNBKTB; +static CSNBKTB2_t dll_CSNBKTB2; +static CSNDPKG_t dll_CSNDPKG; +static CSNDPKB_t dll_CSNDPKB; +static CSNBOWH_t dll_CSNBOWH; +static CSNDPKI_t dll_CSNDPKI; +static CSNDDSG_t dll_CSNDDSG; +static CSNDDSV_t dll_CSNDDSV; +static CSNDKTC_t dll_CSNDKTC; +static CSNDPKX_t dll_CSNDPKX; +static CSNDSYI_t dll_CSNDSYI; +static CSNDSYX_t dll_CSNDSYX; +static CSUACFQ_t dll_CSUACFQ; +static CSUACFC_t dll_CSUACFC; +static CSNDSBC_t dll_CSNDSBC; +static CSNDSBD_t dll_CSNDSBD; +static CSUALCT_t dll_CSUALCT; +static CSUAACM_t dll_CSUAACM; +static CSUAACI_t dll_CSUAACI; +static CSNDPKH_t dll_CSNDPKH; +static CSNDPKR_t dll_CSNDPKR; +static CSUAMKD_t dll_CSUAMKD; +static CSNDRKD_t dll_CSNDRKD; +static CSNDRKL_t dll_CSNDRKL; +static CSNDSYG_t dll_CSNDSYG; +static CSNBPTR_t dll_CSNBPTR; +static CSNBCPE_t dll_CSNBCPE; +static CSNBCPA_t dll_CSNBCPA; +static CSNBPGN_t dll_CSNBPGN; +static CSNBPVR_t dll_CSNBPVR; +static CSNBDKG_t dll_CSNBDKG; +static CSNBEPG_t dll_CSNBEPG; +static CSNBCVE_t dll_CSNBCVE; +static CSNBCSG_t dll_CSNBCSG; +static CSNBCSV_t dll_CSNBCSV; +static CSNBCVG_t dll_CSNBCVG; +static CSNBKTP_t dll_CSNBKTP; +static CSNDPKE_t dll_CSNDPKE; +static CSNDPKD_t dll_CSNDPKD; +static CSNBPEX_t dll_CSNBPEX; +static CSNBPEXX_t dll_CSNBPEXX; +static CSUARNT_t dll_CSUARNT; +static CSNBCVT_t dll_CSNBCVT; +static CSNBMDG_t dll_CSNBMDG; +static CSUACRA_t dll_CSUACRA; +static CSUACRD_t dll_CSUACRD; +static CSNBTRV_t dll_CSNBTRV; +static CSNBSKY_t dll_CSNBSKY; +static CSNBSPN_t dll_CSNBSPN; +static CSNBPCU_t dll_CSNBPCU; +static CSUAPCV_t dll_CSUAPCV; +static CSUAPRB_t dll_CSUAPRB; +static CSUADHK_t dll_CSUADHK; +static CSUADHQ_t dll_CSUADHQ; +static CSNDTBC_t dll_CSNDTBC; +static CSNDRKX_t dll_CSNDRKX; +static CSNBKET_t dll_CSNBKET; +static CSNBHMG_t dll_CSNBHMG; +static CSNBHMV_t dll_CSNBHMV; + /* mechanisms provided by this token */ MECH_LIST_ELEMENT mech_list[] = { {CKM_DES_KEY_GEN, {8, 8, CKF_HW|CKF_GENERATE}}, @@ -101,7 +196,7 @@ token_specific_rng(CK_BYTE *output, CK_ULONG bytes) memcpy(form, "RANDOM ", (size_t)CCA_KEYWORD_SIZE); while (bytes_so_far < bytes) { - CSNBRNG(&return_code, + dll_CSNBRNG(&return_code, &reason_code, NULL, NULL, @@ -128,12 +223,122 @@ token_specific_rng(CK_BYTE *output, CK_ULONG bytes) return CKR_OK; } +CK_RV cca_resolve_lib_sym(void *hdl) { + char *error = NULL; + + dlerror(); /* Clear existing error */ + + dll_CSNBCKI = (CSNBCKI_t)dlsym(hdl, "CSNBCKI"); + dll_CSNBCKM = (CSNBCKM_t)dlsym(hdl, "CSNBCKM"); + dll_CSNBDKX = (CSNBDKX_t)dlsym(hdl, "CSNBDKX"); + dll_CSNBDKM = (CSNBDKM_t)dlsym(hdl, "CSNBDKM"); + dll_CSNBMKP = (CSNBMKP_t)dlsym(hdl, "CSNBMKP"); + dll_CSNBKEX = (CSNBKEX_t)dlsym(hdl, "CSNBKEX"); + dll_CSNBKGN = (CSNBKGN_t)dlsym(hdl, "CSNBKGN"); + dll_CSNBKGN2 = (CSNBKGN2_t)dlsym(hdl, "CSNBKGN2"); + dll_CSNBKIM = (CSNBKIM_t)dlsym(hdl, "CSNBKIM"); + dll_CSNBKPI = (CSNBKPI_t)dlsym(hdl, "CSNBKPI"); + dll_CSNBKPI2 = (CSNBKPI2_t)dlsym(hdl, "CSNBKPI2"); + dll_CSNBKSI = (CSNBKSI_t)dlsym(hdl, "CSNBKSI"); + dll_CSNBKRC = (CSNBKRC_t)dlsym(hdl, "CSNBKRC"); + dll_CSNBAKRC = (CSNBAKRC_t)dlsym(hdl, "CSNBAKRC"); + dll_CSNBKRD = (CSNBKRD_t)dlsym(hdl, "CSNBKRD"); + dll_CSNBKRL = (CSNBKRL_t)dlsym(hdl, "CSNBKRL"); + dll_CSNBKRR = (CSNBKRR_t)dlsym(hdl, "CSNBKRR"); + dll_CSNBKRW = (CSNBKRW_t)dlsym(hdl, "CSNBKRW"); + dll_CSNDKRC = (CSNDKRC_t)dlsym(hdl, "CSNDKRC"); + dll_CSNDKRD = (CSNDKRD_t)dlsym(hdl, "CSNDKRD"); + dll_CSNDKRL = (CSNDKRL_t)dlsym(hdl, "CSNDKRL"); + dll_CSNDKRR = (CSNDKRR_t)dlsym(hdl, "CSNDKRR"); + dll_CSNDKRW = (CSNDKRW_t)dlsym(hdl, "CSNDKRW"); + dll_CSNBKYT = (CSNBKYT_t)dlsym(hdl, "CSNBKYT"); + dll_CSNBKYTX = (CSNBKYTX_t)dlsym(hdl, "CSNBKYTX"); + dll_CSNBKTC = (CSNBKTC_t)dlsym(hdl, "CSNBKTC"); + dll_CSNBKTR = (CSNBKTR_t)dlsym(hdl, "CSNBKTR"); + dll_CSNBRNG = (CSNBRNG_t)dlsym(hdl, "CSNBRNG"); + dll_CSNBSAE = (CSNBSAE_t)dlsym(hdl, "CSNBSAE"); + dll_CSNBSAD = (CSNBSAD_t)dlsym(hdl, "CSNBSAD"); + dll_CSNBDEC = (CSNBDEC_t)dlsym(hdl, "CSNBDEC"); + dll_CSNBENC = (CSNBENC_t)dlsym(hdl, "CSNBENC"); + dll_CSNBMGN = (CSNBMGN_t)dlsym(hdl, "CSNBMGN"); + dll_CSNBMVR = (CSNBMVR_t)dlsym(hdl, "CSNBMVR"); + dll_CSNBKTB = (CSNBKTB_t)dlsym(hdl, "CSNBKTB"); + dll_CSNBKTB2 = (CSNBKTB2_t)dlsym(hdl, "CSNBKTB2"); + dll_CSNDPKG = (CSNDPKG_t)dlsym(hdl, "CSNDPKG"); + dll_CSNDPKB = (CSNDPKB_t)dlsym(hdl, "CSNDPKB"); + dll_CSNBOWH = (CSNBOWH_t)dlsym(hdl, "CSNBOWH"); + dll_CSNDPKI = (CSNDPKI_t)dlsym(hdl, "CSNDPKI"); + dll_CSNDDSG = (CSNDDSG_t)dlsym(hdl, "CSNDDSG"); + dll_CSNDDSV = (CSNDDSV_t)dlsym(hdl, "CSNDDSV"); + dll_CSNDKTC = (CSNDKTC_t)dlsym(hdl, "CSNDKTC"); + dll_CSNDPKX = (CSNDPKX_t)dlsym(hdl, "CSNDPKX"); + dll_CSNDSYI = (CSNDSYI_t)dlsym(hdl, "CSNDSYI"); + dll_CSNDSYX = (CSNDSYX_t)dlsym(hdl, "CSNDSYX"); + dll_CSUACFQ = (CSUACFQ_t)dlsym(hdl, "CSUACFQ"); + dll_CSUACFC = (CSUACFC_t)dlsym(hdl, "CSUACFC"); + dll_CSNDSBC = (CSNDSBC_t)dlsym(hdl, "CSNDSBC"); + dll_CSNDSBD = (CSNDSBD_t)dlsym(hdl, "CSNDSBD"); + dll_CSUALCT = (CSUALCT_t)dlsym(hdl, "CSUALCT"); + dll_CSUAACM = (CSUAACM_t)dlsym(hdl, "CSUAACM"); + dll_CSUAACI = (CSUAACI_t)dlsym(hdl, "CSUAACI"); + dll_CSNDPKH = (CSNDPKH_t)dlsym(hdl, "CSNDPKH"); + dll_CSNDPKR = (CSNDPKR_t)dlsym(hdl, "CSNDPKR"); + dll_CSUAMKD = (CSUAMKD_t)dlsym(hdl, "CSUAMKD"); + dll_CSNDRKD = (CSNDRKD_t)dlsym(hdl, "CSNDRKD"); + dll_CSNDRKL = (CSNDRKL_t)dlsym(hdl, "CSNDRKL"); + dll_CSNDSYG = (CSNDSYG_t)dlsym(hdl, "CSNDSYG"); + dll_CSNBPTR = (CSNBPTR_t)dlsym(hdl, "CSNBPTR"); + dll_CSNBCPE = (CSNBCPE_t)dlsym(hdl, "CSNBCPE"); + dll_CSNBCPA = (CSNBCPA_t)dlsym(hdl, "CSNBCPA"); + dll_CSNBPGN = (CSNBPGN_t)dlsym(hdl, "CSNBPGN"); + dll_CSNBPVR = (CSNBPVR_t)dlsym(hdl, "CSNBPVR"); + dll_CSNBDKG = (CSNBDKG_t)dlsym(hdl, "CSNBDKG"); + dll_CSNBEPG = (CSNBEPG_t)dlsym(hdl, "CSNBEPG"); + dll_CSNBCVE = (CSNBCVE_t)dlsym(hdl, "CSNBCVE"); + dll_CSNBCSG = (CSNBCSG_t)dlsym(hdl, "CSNBCSG"); + dll_CSNBCSV = (CSNBCSV_t)dlsym(hdl, "CSNBCSV"); + dll_CSNBCVG = (CSNBCVG_t)dlsym(hdl, "CSNBCVG"); + dll_CSNBKTP = (CSNBKTP_t)dlsym(hdl, "CSNBKTP"); + dll_CSNDPKE = (CSNDPKE_t)dlsym(hdl, "CSNDPKE"); + dll_CSNDPKD = (CSNDPKD_t)dlsym(hdl, "CSNDPKD"); + dll_CSNBPEX = (CSNBPEX_t)dlsym(hdl, "CSNBPEX"); + dll_CSNBPEXX = (CSNBPEXX_t)dlsym(hdl, "CSNBPEXX"); + dll_CSUARNT = (CSUARNT_t)dlsym(hdl, "CSUARNT"); + dll_CSNBCVT = (CSNBCVT_t)dlsym(hdl, "CSNBCVT"); + dll_CSNBMDG = (CSNBMDG_t)dlsym(hdl, "CSNBMDG"); + dll_CSUACRA = (CSUACRA_t)dlsym(hdl, "CSUACRA"); + dll_CSUACRD = (CSUACRD_t)dlsym(hdl, "CSUACRD"); + dll_CSNBTRV = (CSNBTRV_t)dlsym(hdl, "CSNBTRV"); + dll_CSNBSKY = (CSNBSKY_t)dlsym(hdl, "CSNBSKY"); + dll_CSNBSPN = (CSNBSPN_t)dlsym(hdl, "CSNBSPN"); + dll_CSNBPCU = (CSNBPCU_t)dlsym(hdl, "CSNBPCU"); + dll_CSUAPCV = (CSUAPCV_t)dlsym(hdl, "CSUAPCV"); + dll_CSUAPRB = (CSUAPRB_t)dlsym(hdl, "CSUAPRB"); + dll_CSUADHK = (CSUADHK_t)dlsym(hdl, "CSUADHK"); + dll_CSUADHQ = (CSUADHQ_t)dlsym(hdl, "CSUADHQ"); + dll_CSNDTBC = (CSNDTBC_t)dlsym(hdl, "CSNDTBC"); + dll_CSNDRKX = (CSNDRKX_t)dlsym(hdl, "CSNDRKX"); + dll_CSNBKET = (CSNBKET_t)dlsym(hdl, "CSNBKET"); + dll_CSNBHMG = (CSNBHMG_t)dlsym(hdl, "CSNBHMG"); + dll_CSNBHMV = (CSNBHMV_t)dlsym(hdl, "CSNBHMV"); + + if ((error = dlerror()) != NULL) { + OCK_SYSLOG(LOG_ERR, "%s\n", error); + exit(EXIT_FAILURE); + } + else + return CKR_OK; +} + CK_RV token_specific_init(CK_SLOT_ID SlotNumber, char *conf_name) { unsigned char rule_array[256] = { 0, }; long return_code, reason_code, rule_array_count, verb_data_length; void *lib_csulcca; + CK_RV rc; + + TRACE_INFO("cca %s slot=%lu running\n", __func__, SlotNumber); lib_csulcca = dlopen(CCASHAREDLIB, RTLD_GLOBAL | RTLD_NOW); if (lib_csulcca == NULL) { @@ -144,11 +349,15 @@ token_specific_init(CK_SLOT_ID SlotNumber, char *conf_name) return CKR_FUNCTION_FAILED; } + rc = cca_resolve_lib_sym(lib_csulcca); + if (rc) + exit(rc); + memcpy(rule_array, "STATCCAE", 8); rule_array_count = 1; verb_data_length = 0; - CSUACFQ(&return_code, + dll_CSUACFQ(&return_code, &reason_code, NULL, NULL, @@ -177,6 +386,7 @@ token_specific_init(CK_SLOT_ID SlotNumber, char *conf_name) CK_RV token_specific_final() { + TRACE_INFO("cca %s running\n", __func__); return CKR_OK; } @@ -223,7 +433,7 @@ CK_RV cca_key_gen(enum cca_key_type type, CK_BYTE *key, unsigned char *key_form, return CKR_FUNCTION_FAILED; } - CSNBKGN(&return_code, + dll_CSNBKGN(&return_code, &reason_code, NULL, NULL, @@ -242,9 +452,6 @@ CK_RV cca_key_gen(enum cca_key_type type, CK_BYTE *key, unsigned char *key_form, return CKR_FUNCTION_FAILED; } -// memcpy(key, generated_key_identifier_1, (size_t)CCA_KEY_ID_SIZE); - - return CKR_OK; } @@ -322,7 +529,7 @@ token_specific_des_cbc(CK_BYTE *in_data, memcpy(rule_array, "CBC ", (size_t)CCA_KEYWORD_SIZE); if (encrypt) { - CSNBENC(&return_code, + dll_CSNBENC(&return_code, &reason_code, NULL, NULL, @@ -336,7 +543,7 @@ token_specific_des_cbc(CK_BYTE *in_data, chaining_vector, local_out);//out_data); //out); } else { - CSNBDEC(&return_code, + dll_CSNBDEC(&return_code, &reason_code, NULL, NULL, @@ -650,7 +857,7 @@ token_specific_rsa_generate_keypair(TEMPLATE *publ_tmpl, key_token_length = CCA_KEY_TOKEN_SIZE; - CSNDPKB(&return_code, + dll_CSNDPKB(&return_code, &reason_code, NULL, NULL, @@ -687,7 +894,7 @@ token_specific_rsa_generate_keypair(TEMPLATE *publ_tmpl, regeneration_data_length = 0; - CSNDPKG(&return_code, + dll_CSNDPKG(&return_code, &reason_code, NULL, NULL, @@ -752,7 +959,7 @@ token_specific_rsa_encrypt(CK_BYTE *in_data, data_structure_length = 0; - CSNDPKE(&return_code, + dll_CSNDPKE(&return_code, &reason_code, NULL, NULL, @@ -806,7 +1013,7 @@ token_specific_rsa_decrypt(CK_BYTE *in_data, data_structure_length = 0; - CSNDPKD(&return_code, + dll_CSNDPKD(&return_code, &reason_code, NULL, NULL, @@ -854,7 +1061,7 @@ token_specific_rsa_sign(CK_BYTE * in_data, rule_array_count = 1; memcpy(rule_array, "PKCS-1.1", CCA_KEYWORD_SIZE); - CSNDDSG(&return_code, + dll_CSNDDSG(&return_code, &reason_code, NULL, NULL, @@ -900,7 +1107,7 @@ token_specific_rsa_verify(CK_BYTE * in_data, rule_array_count = 1; memcpy(rule_array, "PKCS-1.1", CCA_KEYWORD_SIZE); - CSNDDSV(&return_code, + dll_CSNDDSV(&return_code, &reason_code, NULL, NULL, @@ -976,7 +1183,7 @@ token_specific_aes_key_gen(CK_BYTE *aes_key, CK_ULONG len, CK_ULONG key_size) } #endif rule_array_count = 4; - CSNBKTB(&return_code, + dll_CSNBKTB(&return_code, &reason_code, &exit_data_len, exit_data, @@ -1035,7 +1242,7 @@ token_specific_aes_ecb(CK_BYTE *in_data, rule_array_count*(size_t)CCA_KEYWORD_SIZE); if (encrypt) { - CSNBSAE(&return_code, + dll_CSNBSAE(&return_code, &reason_code, &exit_data_len, exit_data, @@ -1057,7 +1264,7 @@ token_specific_aes_ecb(CK_BYTE *in_data, &opt_data_len, NULL); } else { - CSNBSAD(&return_code, + dll_CSNBSAD(&return_code, &reason_code, &exit_data_len, exit_data, @@ -1148,7 +1355,7 @@ token_specific_aes_cbc(CK_BYTE *in_data, length = in_data_len; key_len = 64; if (encrypt) { - CSNBSAE(&return_code, + dll_CSNBSAE(&return_code, &reason_code, &exit_data_len, exit_data, @@ -1170,7 +1377,7 @@ token_specific_aes_cbc(CK_BYTE *in_data, &opt_data_len, NULL); } else { - CSNBSAD(&return_code, + dll_CSNBSAD(&return_code, &reason_code, &exit_data_len, exit_data, @@ -1484,7 +1691,7 @@ token_specific_ec_generate_keypair(TEMPLATE *publ_tmpl, key_token_length = CCA_KEY_TOKEN_SIZE; - CSNDPKB(&return_code, + dll_CSNDPKB(&return_code, &reason_code, &exit_data_len, exit_data, @@ -1521,7 +1728,7 @@ token_specific_ec_generate_keypair(TEMPLATE *publ_tmpl, regeneration_data_length = 0; - CSNDPKG(&return_code, + dll_CSNDPKG(&return_code, &reason_code, NULL, NULL, @@ -1577,7 +1784,7 @@ token_specific_ec_sign(CK_BYTE * in_data, rule_array_count = 1; memcpy(rule_array, "ECDSA ", CCA_KEYWORD_SIZE); - CSNDDSG(&return_code, + dll_CSNDDSG(&return_code, &reason_code, NULL, NULL, @@ -1624,7 +1831,7 @@ token_specific_ec_verify(CK_BYTE * in_data, rule_array_count = 1; memcpy(rule_array, "ECDSA ", CCA_KEYWORD_SIZE); - CSNDDSV(&return_code, + dll_CSNDDSV(&return_code, &reason_code, NULL, NULL, @@ -1729,7 +1936,7 @@ CK_RV token_specific_sha(DIGEST_CONTEXT *ctx, CK_BYTE *in_data, } - CSNBOWH(&return_code, &reason_code, NULL, NULL, &rule_array_count, + dll_CSNBOWH(&return_code, &reason_code, NULL, NULL, &rule_array_count, rule_array, &in_data_len, in_data, &cca_ctx->chain_vector_len, cca_ctx->chain_vector, &cca_ctx->hash_len, cca_ctx->hash); @@ -1876,7 +2083,7 @@ send: break; } - CSNBOWH(&return_code, &reason_code, NULL, NULL, &rule_array_count, + dll_CSNBOWH(&return_code, &reason_code, NULL, NULL, &rule_array_count, rule_array, use_buffer ? &buffer_len : (long *)&in_data_len, use_buffer ? buffer : in_data, &cca_ctx->chain_vector_len, cca_ctx->chain_vector, &cca_ctx->hash_len, cca_ctx->hash); @@ -1968,7 +2175,7 @@ CK_RV token_specific_sha_final(DIGEST_CONTEXT *ctx, CK_BYTE *out_data, cca_ctx->tail ? cca_ctx->tail : dummy_buf, cca_ctx->chain_vector_len, cca_ctx->hash_len); - CSNBOWH(&return_code, &reason_code, NULL, NULL, &rule_array_count, + dll_CSNBOWH(&return_code, &reason_code, NULL, NULL, &rule_array_count, rule_array, &cca_ctx->tail_len, cca_ctx->tail ? cca_ctx->tail : dummy_buf, &cca_ctx->chain_vector_len, cca_ctx->chain_vector, @@ -2113,7 +2320,7 @@ CK_RV ccatok_hmac(SIGN_VERIFY_CONTEXT *ctx, CK_BYTE *in_data, TRACE_INFO("The mac length is %ld\n", cca_ctx->hash_len); if (sign) { - CSNBHMG(&return_code, &reason_code, NULL, NULL, + dll_CSNBHMG(&return_code, &reason_code, NULL, NULL, &rule_array_count, rule_array, &attr->ulValueLen, attr->pValue, &in_data_len, in_data, &cca_ctx->chain_vector_len, cca_ctx->chain_vector, @@ -2134,7 +2341,7 @@ CK_RV ccatok_hmac(SIGN_VERIFY_CONTEXT *ctx, CK_BYTE *in_data, memcpy(signature, cca_ctx->hash, cca_ctx->hash_len); *sig_len = cca_ctx->hash_len; } else { // verify - CSNBHMV(&return_code, &reason_code, NULL, NULL, + dll_CSNBHMV(&return_code, &reason_code, NULL, NULL, &rule_array_count, rule_array, &attr->ulValueLen, attr->pValue, &in_data_len, in_data, &cca_ctx->chain_vector_len, cca_ctx->chain_vector, @@ -2317,7 +2524,7 @@ send: TRACE_INFO("CSNBHMG: key length is %lu\n", attr->ulValueLen); if (sign) { - CSNBHMG(&return_code, &reason_code, NULL, NULL, + dll_CSNBHMG(&return_code, &reason_code, NULL, NULL, &rule_array_count, rule_array, &attr->ulValueLen, attr->pValue, use_buffer ? &buffer_len : (long *)&in_data_len, @@ -2332,7 +2539,7 @@ send: rc = CKR_FUNCTION_FAILED; } } else { // verify - CSNBHMV(&return_code, &reason_code, NULL, NULL, + dll_CSNBHMV(&return_code, &reason_code, NULL, NULL, &rule_array_count, rule_array, &attr->ulValueLen, attr->pValue, use_buffer ? &buffer_len : (long *)&in_data_len, @@ -2425,7 +2632,7 @@ CK_RV ccatok_hmac_final(SIGN_VERIFY_CONTEXT *ctx, CK_BYTE *signature, TRACE_INFO("The mac length is %ld\n", cca_ctx->hash_len); if (sign) { - CSNBHMG(&return_code, &reason_code, NULL, NULL, + dll_CSNBHMG(&return_code, &reason_code, NULL, NULL, &rule_array_count, rule_array, &attr->ulValueLen, attr->pValue, &cca_ctx->tail_len, cca_ctx->tail, &cca_ctx->chain_vector_len, cca_ctx->chain_vector, @@ -2446,7 +2653,7 @@ CK_RV ccatok_hmac_final(SIGN_VERIFY_CONTEXT *ctx, CK_BYTE *signature, *sig_len = cca_ctx->hash_len; } else { // verify - CSNBHMV(&return_code, &reason_code, NULL, NULL, + dll_CSNBHMV(&return_code, &reason_code, NULL, NULL, &rule_array_count,rule_array, &attr->ulValueLen, attr->pValue, &cca_ctx->tail_len, cca_ctx->tail, &cca_ctx->chain_vector_len, cca_ctx->chain_vector, @@ -2641,7 +2848,7 @@ static CK_RV rsa_import_privkey_crt(TEMPLATE *priv_tmpl) key_token_length = CCA_KEY_TOKEN_SIZE; - CSNDPKB(&return_code, &reason_code, NULL, NULL, &rule_array_count, + dll_CSNDPKB(&return_code, &reason_code, NULL, NULL, &rule_array_count, rule_array, &key_value_structure_length, key_value_structure, &private_key_name_length, private_key_name, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, &key_token_length, key_token); @@ -2661,7 +2868,7 @@ static CK_RV rsa_import_privkey_crt(TEMPLATE *priv_tmpl) key_token_length = CCA_KEY_TOKEN_SIZE; - CSNDPKI(&return_code, &reason_code, NULL, NULL, &rule_array_count, + dll_CSNDPKI(&return_code, &reason_code, NULL, NULL, &rule_array_count, rule_array, &key_token_length, key_token, transport_key_identifier, &target_key_token_length, target_key_token); @@ -2772,7 +2979,7 @@ static CK_RV rsa_import_pubkey(TEMPLATE *publ_tmpl) // Create a key token for the public key. // Public keys do not need to be wrapped, so just call PKB. - CSNDPKB(&return_code, &reason_code, NULL, NULL, &rule_array_count, + dll_CSNDPKB(&return_code, &reason_code, NULL, NULL, &rule_array_count, rule_array, &key_value_structure_length, key_value_structure, &private_key_name_length, private_key_name, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, &key_token_length, key_token); @@ -2829,7 +3036,7 @@ static CK_RV import_symmetric_key(OBJECT *object, CK_ULONG keytype) rule_array_count = 1; - CSNBCKM(&return_code, &reason_code, NULL, NULL, &rule_array_count, + dll_CSNBCKM(&return_code, &reason_code, NULL, NULL, &rule_array_count, rule_array, &attr->ulValueLen, attr->pValue, target_key_id); if (return_code != CCA_SUCCESS) { @@ -2888,7 +3095,7 @@ static CK_RV import_generic_secret_key(OBJECT *object) 5 * CCA_KEYWORD_SIZE); rule_array_count = 5; - CSNBKTB2(&return_code, &reason_code, NULL, NULL, &rule_array_count, + dll_CSNBKTB2(&return_code, &reason_code, NULL, NULL, &rule_array_count, rule_array, &clr_key_len, NULL, &key_name_len, NULL, &user_data_len, NULL, &token_data_len, NULL, &verb_data_len, NULL, &key_token_len, key_token); @@ -2904,7 +3111,7 @@ static CK_RV import_generic_secret_key(OBJECT *object) key_part_len = keylen * 8; key_token_len = sizeof(key_token); - CSNBKPI2(&return_code, &reason_code, NULL, NULL, &rule_array_count, + dll_CSNBKPI2(&return_code, &reason_code, NULL, NULL, &rule_array_count, rule_array, &key_part_len, attr->pValue, &key_token_len, key_token); if (return_code != CCA_SUCCESS) { @@ -2919,7 +3126,7 @@ static CK_RV import_generic_secret_key(OBJECT *object) key_part_len = 0; key_token_len = sizeof(key_token); - CSNBKPI2(&return_code, &reason_code, NULL, NULL, &rule_array_count, + dll_CSNBKPI2(&return_code, &reason_code, NULL, NULL, &rule_array_count, rule_array, &key_part_len, NULL, &key_token_len, key_token); if (return_code != CCA_SUCCESS) { TRACE_ERROR("CSNBKPI2 (HMAC KEY IMPORT COMPLETE) failed." @@ -3067,7 +3274,7 @@ CK_RV token_specific_generic_secret_key_gen (TEMPLATE *template) memcpy(rule_array, "INTERNALHMAC MAC GENERATE", 4 * CCA_KEYWORD_SIZE); - CSNBKTB2(&return_code, &reason_code, NULL, NULL, &rule_array_count, + dll_CSNBKTB2(&return_code, &reason_code, NULL, NULL, &rule_array_count, rule_array, &clear_key_length, NULL, &key_name_length, NULL, &user_data_length, NULL, &zero_length, NULL, &zero_length, NULL, &key_token_length, key_token); @@ -3100,7 +3307,7 @@ CK_RV token_specific_generic_secret_key_gen (TEMPLATE *template) */ memcpy(key_type2, " ", CCA_KEYWORD_SIZE); - CSNBKGN2(&return_code, &reason_code, &zero_length, NULL, + dll_CSNBKGN2(&return_code, &reason_code, &zero_length, NULL, &rule_array_count, rule_array, &clear_key_length, key_type1, key_type2, &key_name_length, NULL, &key_name_length, NULL, &user_data_length, NULL, &user_data_length, NULL, &zero_length, diff --git a/usr/lib/pkcs11/cca_stdll/csulincl.h b/usr/lib/pkcs11/cca_stdll/csulincl.h index ed38838..d4989c4 100644 --- a/usr/lib/pkcs11/cca_stdll/csulincl.h +++ b/usr/lib/pkcs11/cca_stdll/csulincl.h @@ -1,131 +1,227 @@ /******************************************************************************/ -/* Licensed Materials Property of IBM */ -/* (C) Copyright IBM Corporation, 1997, 2005 */ -/* All Rights Reserved */ -/* US Government Users Restricted Rights - */ -/* Use, duplication or disclosure restricted by */ -/* GSA ADP Schedule Contract with IBM Corp. */ -/******************************************************************************/ +/* Module Name: csulincl.h */ +/* */ +/* Copyright notice: */ +/* Licensed Materials Property of IBM */ +/* © Copyright IBM Corporation, 1997, 2014 */ +/* All Rights Reserved */ +/* US Government Users Restricted Rights - Use, duplication or disclosure */ +/* restricted by GSA ADP Schedule Contract with IBM Corp. */ +/* */ +/* Function: */ +/* This header file contains the Security API C language prototypes for the */ +/* Linux platform. */ /* */ -/* This header file contains the Security API C language */ -/* prototypes. See the user publications for more information. */ +/* User publications are available at: */ /* */ +/* http://www.ibm.com/security/cryptocards */ /******************************************************************************/ -#ifndef __CSULINCL -#define __CSULINCL +/* + * Following check assures that this include file is included only once. + */ +#ifndef __CSULINCL__ +#define __CSULINCL__ /* - * define system linkage macros for the target platform + * Define system linkage macros for the target platform. */ - #define SECURITYAPI +#define SECURITYAPI /* - * define system linkage to the security API + * The following defintion statements are provided for backward compatibility in case + * some old version of applications are referring to these statements. This definitions + * will be removed in future. */ - #define CSNBCKI CSNBCKI_32 - #define CSNBCKM CSNBCKM_32 - #define CSNBDKX CSNBDKX_32 - #define CSNBDKM CSNBDKM_32 - #define CSNBMKP CSNBMKP_32 - #define CSNBKEX CSNBKEX_32 - #define CSNBKGN CSNBKGN_32 - #define CSNBKGN2 CSNBKGN2_32 - #define CSNBKIM CSNBKIM_32 - #define CSNBKPI CSNBKPI_32 - #define CSNBKPI2 CSNBKPI2_32 - #define CSNBKRC CSNBKRC_32 - #define CSNBAKRC CSNBAKRC_32 - #define CSNBKRD CSNBKRD_32 - #define CSNBKRL CSNBKRL_32 - #define CSNBKRR CSNBKRR_32 - #define CSNBKRW CSNBKRW_32 - #define CSNDKRC CSNDKRC_32 - #define CSNDKRD CSNDKRD_32 - #define CSNDKRL CSNDKRL_32 - #define CSNDKRR CSNDKRR_32 - #define CSNDKRW CSNDKRW_32 - #define CSNBKYT CSNBKYT_32 - #define CSNBKSI CSNBKSI_32 - #define CSNBKTC CSNBKTC_32 - #define CSNBKTR CSNBKTR_32 - #define CSNBRNG CSNBRNG_32 - #define CSNBDEC CSNBDEC_32 - #define CSNBENC CSNBENC_32 - #define CSNBMGN CSNBMGN_32 - #define CSNBMVR CSNBMVR_32 - #define CSNBKTB CSNBKTB_32 - #define CSNBKTB2 CSNBKTB2_32 - #define CSNDPKG CSNDPKG_32 - #define CSNDPKB CSNDPKB_32 - #define CSNBOWH CSNBOWH_32 - #define CSNDPKI CSNDPKI_32 - #define CSNDDSG CSNDDSG_32 - #define CSNDDSV CSNDDSV_32 - #define CSNDKTC CSNDKTC_32 - #define CSNDPKX CSNDPKX_32 - #define CSNDSYI CSNDSYI_32 - #define CSNDSYX CSNDSYX_32 - #define CSUACFQ CSUACFQ_32 - #define CSUACFC CSUACFC_32 - #define CSNDSBC CSNDSBC_32 - #define CSNDSBD CSNDSBD_32 - #define CSUALCT CSUALCT_32 - #define CSUAACM CSUAACM_32 - #define CSUAACI CSUAACI_32 - #define CSNDPKH CSNDPKH_32 - #define CSNDPKR CSNDPKR_32 - #define CSUAMKD CSUAMKD_32 - #define CSNDRKD CSNDRKD_32 - #define CSNDRKL CSNDRKL_32 - #define CSNBPTR CSNBPTR_32 - #define CSNBCPE CSNBCPE_32 - #define CSNBCPA CSNBCPA_32 - #define CSNBPGN CSNBPGN_32 - #define CSNBPVR CSNBPVR_32 - #define CSNDSYG CSNDSYG_32 - #define CSNBDKG CSNBDKG_32 - #define CSNBEPG CSNBEPG_32 - #define CSNBCVE CSNBCVE_32 - #define CSNBCSG CSNBCSG_32 - #define CSNBCSV CSNBCSV_32 - #define CSNBCVG CSNBCVG_32 - #define CSNBKTP CSNBKTP_32 - #define CSNDPKE CSNDPKE_32 - #define CSNDPKD CSNDPKD_32 - #define CSNBPEX CSNBPEX_32 - #define CSNBPEXX CSNBPEXX_32 - #define CSUARNT CSUARNT_32 - #define CSNBCVT CSNBCVT_32 - #define CSNBMDG CSNBMDG_32 - #define CSUACRA CSUACRA_32 - #define CSUACRD CSUACRD_32 - #define CSNBTRV CSNBTRV_32 - #define CSUAPCV CSUAPCV_32 - #define CSNBKYTX CSNBKYTX_32 - #define CSNBSPN CSNBSPN_32 - #define CSNBSKY CSNBSKY_32 - #define CSNBPCU CSNBPCU_32 - #define CSUAPRB CSUAPRB_32 - #define CSUADHK CSUADHK_32 - #define CSUADHQ CSUADHQ_32 - #define CSNDTBC CSNDTBC_32 - #define CSNDRKX CSNDRKX_32 - #define CSNBKET CSNBKET_32 - #define CSNBSAE CSNBSAE_32 - #define CSNBSAD CSNBSAD_32 - #define CSNBHMG CSNBHMG_32 - #define CSNBHMV CSNBHMV_32 + #define CSNBAKRC CSNBAKRC + #define CSNBAKRD CSNBAKRD + #define CSNBAKRL CSNBAKRL + #define CSNBAKRR CSNBAKRR + #define CSNBAKRW CSNBAKRW + #define CSNBAPG CSNBAPG + #define CSNBCKC CSNBCKC + #define CSNBCKI CSNBCKI + #define CSNBCKM CSNBCKM + #define CSNBCPA CSNBCPA + #define CSNBCPE CSNBCPE + #define CSNBCSG CSNBCSG + #define CSNBCSV CSNBCSV + #define CSNBCVE CSNBCVE + #define CSNBCVG CSNBCVG + #define CSNBCVT CSNBCVT + #define CSNBDEC CSNBDEC + #define CSNBDKG CSNBDKG + #define CSNBDKG2 CSNBDKG2 + #define CSNBDKM CSNBDKM + #define CSNBDKX CSNBDKX + #define CSNBDMP CSNBDMP + #define CSNBDPC CSNBDPC + #define CSNBDPCG CSNBDPCG + #define CSNBDPMT CSNBDPMT + #define CSNBDPNU CSNBDPNU + #define CSNBDPT CSNBDPT + #define CSNBDPV CSNBDPV + #define CSNBDRP CSNBDRP + #define CSNBDRPG CSNBDRPG + #define CSNBDDPG CSNBDDPG + #define CSNBENC CSNBENC + #define CSNBEPG CSNBEPG + #define CSNBFPED CSNBFPED + #define CSNBFPEE CSNBFPEE + #define CSNBFPET CSNBFPET + #define CSNBHMG CSNBHMG + #define CSNBHMV CSNBHMV + #define CSNBKET CSNBKET + #define CSNBKEX CSNBKEX + #define CSNBKGN CSNBKGN + #define CSNBKGN2 CSNBKGN2 + #define CSNBKIM CSNBKIM + #define CSNBKPI CSNBKPI + #define CSNBKPI2 CSNBKPI2 + #define CSNBKRC CSNBKRC + #define CSNBKRD CSNBKRD + #define CSNBKRL CSNBKRL + #define CSNBKRR CSNBKRR + #define CSNBKRW CSNBKRW + #define CSNBKSI CSNBKSI + #define CSNBKTB CSNBKTB + #define CSNBKTB2 CSNBKTB2 + #define CSNBKTC CSNBKTC + #define CSNBKTC2 CSNBKTC2 + #define CSNBKTP CSNBKTP + #define CSNBKTP2 CSNBKTP2 + #define CSNBKTR CSNBKTR + #define CSNBKTR2 CSNBKTR2 + #define CSNBKYT CSNBKYT + #define CSNBKYTX CSNBKYTX + #define CSNBKYT2 CSNBKYT2 + #define CSNBMDG CSNBMDG + #define CSNBMGN CSNBMGN + #define CSNBMGN2 CSNBMGN2 + #define CSNBMKP CSNBMKP + #define CSNBMVR CSNBMVR + #define CSNBMVR2 CSNBMVR2 + #define CSNBOWH CSNBOWH + #define CSNBPCU CSNBPCU + #define CSNBPEX CSNBPEX + #define CSNBPEXX CSNBPEXX + #define CSNBPEX2 CSNBPEX2 + #define CSNBPFO CSNBPFO + #define CSNBPGN CSNBPGN + #define CSNBPTR CSNBPTR + #define CSNBPTRE CSNBPTRE + #define CSNBPVR CSNBPVR + #define CSNBRKA CSNBRKA + #define CSNBRNG CSNBRNG + #define CSNBRNGL CSNBRNGL + #define CSNBSAD CSNBSAD + #define CSNBSAE CSNBSAE + #define CSNBSKY CSNBSKY + #define CSNBSPN CSNBSPN + #define CSNBTRV CSNBTRV + #define CSNBUKD CSNBUKD + #define CSNBXEA CSNBXEA + #define CSNDDSG CSNDDSG + #define CSNDDSV CSNDDSV + #define CSNDEDH CSNDEDH + #define CSNDKRC CSNDKRC + #define CSNDKRD CSNDKRD + #define CSNDKRL CSNDKRL + #define CSNDKRR CSNDKRR + #define CSNDKRW CSNDKRW + #define CSNDKTC CSNDKTC + #define CSNDPKB CSNDPKB + #define CSNDPKD CSNDPKD + #define CSNDPKE CSNDPKE + #define CSNDPKG CSNDPKG + #define CSNDPKH CSNDPKH + #define CSNDPKI CSNDPKI + #define CSNDPKR CSNDPKR + #define CSNDPKT CSNDPKT + #define CSNDPKX CSNDPKX + #define CSNDRKD CSNDRKD + #define CSNDRKL CSNDRKL + #define CSNDRKX CSNDRKX + #define CSNDSBC CSNDSBC + #define CSNDSBD CSNDSBD + #define CSNDSXD CSNDSXD + #define CSNDSYG CSNDSYG + #define CSNDSYI CSNDSYI + #define CSNDSYI2 CSNDSYI2 + #define CSNDSYX CSNDSYX + #define CSNDTBC CSNDTBC + #define CSUAACI CSUAACI + #define CSUAACM CSUAACM + #define CSUACFC CSUACFC + #define CSUACFQ CSUACFQ + #define CSUACFV CSUACFV + #define CSUACRA CSUACRA + #define CSUACRD CSUACRD + #define CSUALCT CSUALCT + #define CSUALGQ CSUALGQ + #define CSUAMKD CSUAMKD + #define CSUAPRB CSUAPRB + #define CSUARNT CSUARNT + #define CSNBT31O CSNBT31O + #define CSNBT31P CSNBT31P + #define CSNBT31R CSNBT31R + #define CSNBT31I CSNBT31I + #define CSNBT31X CSNBT31X + #define CSNBCTT2 CSNBCTT2 +#ifdef TKE_WKSTN + #define CSUADHK CSUADHK + #define CSUADHQ CSUADHQ + #define CSUACIE CSUACIE + #define CSUAKIX CSUAKIX + #define CSUAKTX CSUAKTX + #define CSUAMKX CSUAMKX + #define CSUARNX CSUARNX + #define CSUASKE CSUASKE +#endif + /* * security API prototypes */ +/* Authentication Parameter Generate */ +extern void SECURITYAPI + CSNBAPG(long * pReturnCode, + long * pReasonCode, + long * pExitdatalength, + unsigned char* pExitdata, + long * pRule_array_count, + unsigned char* pRule_array, + long * pInboundPINEncryptingKeyLength, + unsigned char* pInboundPINEncryptingKey, + unsigned char* pEncryptedPINBlock, + unsigned char* pIssuerDomesticCode, + unsigned char* pCardSecureCode, + unsigned char* pPANData, + long * pAPEncryptingKeyIdLength, + unsigned char* pAPEncryptingKeyId, + unsigned char* pAPValue ); + +/* TR-31 CVV Combine */ +extern void SECURITYAPI + CSNBCKC(long * pReturnCode, + long * pReasonCode, + long * pExitDataLength, + unsigned char * pExitData, + long * pRuleArrayCount, + unsigned char * pRuleArray, + long * pKeyAIdentifierLength, + unsigned char * pKeyAIdentifier, + long * pKeyBIdentifierLength, + unsigned char * pKeyBIdentifier, + long * pOutputKeyIdentifierLength, + unsigned char * pOutputKeyIdentifier); + /* Clear Key Import */ extern void SECURITYAPI - CSNBCKI_32(long * return_code, + CSNBCKI(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -134,7 +230,7 @@ extern void SECURITYAPI /* Clear Key Import Multiple */ extern void SECURITYAPI - CSNBCKM_32(long * return_code, + CSNBCKM(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -144,10 +240,9 @@ extern void SECURITYAPI unsigned char * clear_key, unsigned char * target_key_identifier); - /* Data Key Export */ extern void SECURITYAPI - CSNBDKX_32(long * return_code, + CSNBDKX(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -157,7 +252,7 @@ extern void SECURITYAPI /* Data Key Import */ extern void SECURITYAPI - CSNBDKM_32(long * return_code, + CSNBDKM(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -165,9 +260,369 @@ extern void SECURITYAPI unsigned char * importer_key_identifier, unsigned char * target_key_identifier); +/* DK Migrate PIN */ +extern void SECURITYAPI + CSNBDMP(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * PAN_data_length, + unsigned char * PAN_data, + long * card_p_data_length, + unsigned char * card_p_data, + long * card_t_data_length, + unsigned char * card_t_data, + long * ISO1_PIN_block_length, + unsigned char * ISO1_PIN_block, + long * IPIN_encryption_key_identifier_length, + unsigned char * IPIN_encryption_key_identifier, + long * PRW_key_identifier_length, + unsigned char * PRW_key_identifier, + long * OPIN_encryption_key_identifier_length, + unsigned char * OPIN_encryption_key_identifier, + long * OEPB_MAC_key_identifier_length, + unsigned char * OEPB_MAC_key_identifier, + long * PIN_reference_value_length, + unsigned char * PIN_reference_value, + long * PRW_random_number_length, + unsigned char * PRW_random_number, + long * output_encrypted_PIN_block_length, + unsigned char * output_encrypted_PIN_block, + long * PIN_block_MAC_length, + unsigned char * PIN_block_MAC); + +/* DK PIN Change */ +extern void SECURITYAPI + CSNBDPC(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * PAN_data_length, + unsigned char * PAN_data, + long * card_p_data_length, + unsigned char * card_p_data, + long * card_t_data_length, + unsigned char * card_t_data, + long * cur_ISO1_PIN_block_length, + unsigned char * cur_ISO1_PIN_block, + long * new_ISO1_PIN_block_length, + unsigned char * new_ISO1_PIN_block, + long * card_script_data_length, + unsigned char * card_script_data, + long * script_offset, + long * script_offset_field_length, + long * script_initialization_vector_length, + unsigned char * script_initialization_vector, + unsigned char * output_PIN_profile, + long * PIN_reference_value_length, + unsigned char * PIN_reference_value, + long * PRW_random_number_length, + unsigned char * PRW_random_number, + long * PRW_key_identifier_length, + unsigned char * PRW_key_identifier, + long * current_IPIN_encryption_key_identifier_length, + unsigned char * current_IPIN_encryption_key_identifier, + long * new_IPIN_encryption_key_identifier_length, + unsigned char * new_IPIN_encryption_key_identifier, + long * script_key_identifier_length, + unsigned char * script_key_identifier, + long * script_MAC_key_identifier_length, + unsigned char * script_MAC_key_identifier, + long * new_PRW_key_identifier_length, + unsigned char * new_PRW_key_identifier, + long * OPIN_encryption_key_identifier_length, + unsigned char * OPIN_encryption_key_identifier, + long * OEPB_MAC_key_identifier_length, + unsigned char * OEPB_MAC_key_identifier, + long * script_length, + unsigned char * script, + long * script_MAC_length, + unsigned char * script_MAC, + long * new_PIN_reference_value_length, + unsigned char * new_PIN_reference_value, + long * new_PRW_random_number_length, + unsigned char * new_PRW_random_number, + long * output_encrypted_PIN_block_length, + unsigned char * output_encrypted_PIN_block, + long * PIN_block_MAC_length, + unsigned char * PIN_block_MAC); + +/* DK PRW CMAC Generate */ +extern void SECURITYAPI + CSNBDPCG(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * current_PAN_data_length, + unsigned char * current_PAN_data, + long * new_PAN_data_length, + unsigned char * new_PAN_data, + long * current_card_data_length, + unsigned char * current_card_data, + long * new_card_data_length, + unsigned char * new_card_data, + long * PIN_reference_value_length, + unsigned char * PIN_reference_value, + long * CMAC_FUS_key_identifier_length, + unsigned char * CMAC_FUS_key_identifier, + long * CMAC_FUS_length, + unsigned char * CMAC_FUS); + +/* DK PAN Modify in Transaction */ +extern void SECURITYAPI + CSNBDPMT(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * current_PAN_data_length, + unsigned char * current_PAN_data, + long * new_PAN_data_length, + unsigned char * new_PAN_data, + long * current_card_p_data_length, + unsigned char * current_card_p_data, + long * current_card_t_data_length, + unsigned char * current_card_t_data, + long * new_card_p_data_length, + unsigned char * new_card_p_data, + long * new_card_t_data_length, + unsigned char * new_card_t_data, + long * CMAC_FUS_length, + unsigned char * CMAC_FUS, + long * ISO_encrypted_PIN_block_length, + unsigned char * ISO_encrypted_PIN_block, + long * current_PIN_reference_value_length, + unsigned char * current_PIN_reference_value, + long * current_PRW_random_number_length, + unsigned char * current_PRW_random_number, + long * CMAC_FUS_key_identifier_length, + unsigned char * CMAC_FUS_key_identifier, + long * IPIN_encryption_key_identifier_length, + unsigned char * IPIN_encryption_key_identifier, + long * PRW_key_identifier_length, + unsigned char * PRW_key_identifier, + long * new_PRW_key_identifier_length, + unsigned char * new_PRW_key_identifier, + long * new_PIN_reference_value_length, + unsigned char * new_PIN_reference_value, + long * new_PRW_random_number_length, + unsigned char * new_PRW_random_number); + +/* DK PRW Card Number Update */ +extern void SECURITYAPI + CSNBDPNU(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * card_p_data_length, + unsigned char * card_p_data, + long * card_t_data_length, + unsigned char * card_t_data, + long * encrypted_PIN_block_length, + unsigned char * encrypted_PIN_block, + long * PIN_block_MAC_length, + unsigned char * PIN_block_MAC, + long * PRW_key_identifier_length, + unsigned char * PRW_key_identifier, + long * IPIN_encryption_key_identifier_length, + unsigned char * IPIN_encryption_key_identifier, + long * IEPB_MAC_key_identifier_length, + unsigned char * IEPB_MAC_key_identifier, + long * OPIN_encryption_key_identifier_length, + unsigned char * OPIN_encryption_key_identifier, + long * OEPB_MAC_key_identifier_length, + unsigned char * OEPB_MAC_key_identifier, + long * PIN_reference_value_length, + unsigned char * PIN_reference_value, + long * PRW_random_number_length, + unsigned char * PRW_random_number, + long * new_encrypted_PIN_block_length, + unsigned char * new_encrypted_PIN_block, + long * new_PIN_block_MAC_length, + unsigned char * new_PIN_block_MAC); + +/* DK PAN Translate */ +extern void SECURITYAPI + CSNBDPT(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * card_p_data_length, + unsigned char * card_p_data, + long * card_t_data_length, + unsigned char * card_t_data, + long * new_PAN_data_length, + unsigned char * new_PAN_data, + long * new_card_p_data_length, + unsigned char * new_card_p_data, + long * PIN_reference_value_length, + unsigned char * PIN_reference_value, + long * PRW_random_number_length, + unsigned char * PRW_random_number, + long * current_encrypted_PIN_block_length, + unsigned char * current_encrypted_PIN_block, + long * current_PIN_block_MAC_length, + unsigned char * current_PIN_block_MAC, + long * PRW_MAC_key_identifier_length, + unsigned char * PRW_MAC_key_identifier, + long * IPIN_encryption_key_identifier_length, + unsigned char * IPIN_encryption_key_identifier, + long * IEPB_MAC_key_identifier_length, + unsigned char * IEPB_MAC_key_identifier, + long * OPIN_encryption_key_identifier_length, + unsigned char * OPIN_encryption_key_identifier, + long * OEPB_MAC_key_identifier_length, + unsigned char * OEPB_MAC_key_identifier, + long * new_encrypted_PIN_block_length, + unsigned char * new_encrypted_PIN_block, + long * new_PIN_block_MAC_length, + unsigned char * new_PIN_block_MAC); + +/* DK PIN Verify */ +extern void SECURITYAPI + CSNBDPV (long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * PAN_data_length, + unsigned char * PAN_data, + long * card_data_length, + unsigned char * card_data, + long * PIN_reference_value_length, + unsigned char * PIN_reference_value, + long * PRW_random_number_length, + unsigned char * PRW_random_number, + long * ISO_encrypted_PIN_block_length, + unsigned char * ISO_encrypted_PIN_block, + long * PRW_key_identifier_length, + unsigned char * PRW_key_identifier, + long * IPIN_encryption_key_identifier_length, + unsigned char * IPIN_encryption_key_identifier); + +/* DK Regenerate PRW*/ +extern void SECURITYAPI + CSNBDRP (long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * card_p_data_length, + unsigned char * card_p_data, + long * card_t_data_length, + unsigned char * card_t_data, + long * encrypted_PIN_block_length, + unsigned char * encrypted_PIN_block, + long * PIN_block_MAC_length, + unsigned char * PIN_block_MAC, + long * PRW_key_identifier_length, + unsigned char * PRW_key_identifier, + long * IPIN_encryption_key_identifier_length, + unsigned char * IPIN_encryption_key_identifier, + long * IEPB_MAC_key_identifier_length, + unsigned char * IEPB_MAC_key_identifier, + long * OPIN_encryption_key_identifier_length, + unsigned char * OPIN_encryption_key_identifier, + long * OEPB_MAC_key_identifier_length, + unsigned char * OEPB_MAC_key_identifier, + long * PIN_reference_value_length, + unsigned char * PIN_reference_value, + long * PRW_random_number_length, + unsigned char * PRW_random_number, + long * new_encrypted_PIN_block_length, + unsigned char * new_encrypted_PIN_block, + long * new_PIN_block_MAC_length, + unsigned char * new_PIN_block_MAC); + +/* DK Random PIN Generate*/ +extern void SECURITYAPI + CSNBDRPG(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * PAN_data_length, + unsigned char * PAN_data, + long * card_p_data_length, + unsigned char * card_p_data, + long * card_t_data_length, + unsigned char * card_t_data, + long * PIN_length, + long * PRW_key_identifier_length, + unsigned char * PRW_key_identifier, + long * PIN_print_key_identifier_length, + unsigned char * PIN_print_key_identifier, + long * OPIN_encryption_key_identifier_length, + unsigned char * OPIN_encryption_key_identifier, + long * OEPB_MAC_key_identifier_length, + unsigned char * OEPB_MAC_key_identifier, + long * PIN_reference_value_length, + unsigned char * PIN_reference_value, + long * PRW_random_number_length, + unsigned char * PRW_random_number, + long * PIN_print_block_length, + unsigned char * PIN_print_block, + long * encrypted_PIN_block_length, + unsigned char * encrypted_PIN_block, + long * PIN_block_MAC_length, + unsigned char * PIN_block_MAC); + +/* DK Deterministic PIN Generate*/ +extern void SECURITYAPI + CSNBDDPG(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * account_info_ER_length, + unsigned char * account_info_ER, + long * PAN_data_length, + unsigned char * PAN_data, + long * card_p_data_length, + unsigned char * card_p_data, + long * card_t_data_length, + unsigned char * card_t_data, + long * PIN_length, + long * PIN_generation_key_identifier_length, + unsigned char * PIN_generation_key_identifier, + long * PRW_key_identifier_length, + unsigned char * PRW_key_identifier, + long * PIN_print_key_identifier_length, + unsigned char * PIN_print_key_identifier, + long * OPIN_encryption_key_identifier_length, + unsigned char * OPIN_encryption_key_identifier, + long * OEPB_MAC_key_identifier_length, + unsigned char * OEPB_MAC_key_identifier, + long * PIN_reference_value_length, + unsigned char * PIN_reference_value, + long * PRW_random_number_length, + unsigned char * PRW_random_number, + long * PIN_print_block_length, + unsigned char * PIN_print_block, + long * encrypted_PIN_block_length, + unsigned char * encrypted_PIN_block, + long * PIN_block_MAC_length, + unsigned char * PIN_block_MAC); + + /* DES Master Key Process */ extern void SECURITYAPI - CSNBMKP_32(long * return_code, + CSNBMKP(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -177,7 +632,7 @@ extern void SECURITYAPI /* Key Export */ extern void SECURITYAPI - CSNBKEX_32(long * return_code, + CSNBKEX(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -188,7 +643,7 @@ extern void SECURITYAPI /* Key Generate */ extern void SECURITYAPI - CSNBKGN_32(long * return_code, + CSNBKGN(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -203,35 +658,35 @@ extern void SECURITYAPI /* Key Generate2 */ extern void SECURITYAPI - CSNBKGN2_32(long * return_code, - long * reason_code, - long * exit_data_length, - unsigned char * exit_data, - long * rule_array_count, - unsigned char * rule_array, - long * clear_key_bit_length, - unsigned char * key_type_1, - unsigned char * key_type_2, - long * key_name_1_length, - unsigned char * key_name_1, - long * key_name_2_length, - unsigned char * key_name_2, - long * user_associated_data_1_length, - unsigned char * user_associated_data_1, - long * user_associated_data_2_length, - unsigned char * user_associated_data_2, - long * key_encrypting_key_identifier_1_length, - unsigned char * key_encrypting_key_identifier_1, - long * key_encrypting_key_identifier_2_length, - unsigned char * key_encrypting_key_identifier_2, - long * generated_key_identifier_1_length, - unsigned char * generated_key_identifier_1, - long * generated_key_identifier_2_length, - unsigned char * generated_key_identifier_2); + CSNBKGN2(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * clear_key_bit_length, + unsigned char * key_type_1, + unsigned char * key_type_2, + long * key_name_1_length, + unsigned char * key_name_1, + long * key_name_2_length, + unsigned char * key_name_2, + long * user_associated_data_1_length, + unsigned char * user_associated_data_1, + long * user_associated_data_2_length, + unsigned char * user_associated_data_2, + long * KEK_key_identifier_1_length, + unsigned char * KEK_key_identifier_1, + long * KEK_key_identifier_2_length, + unsigned char * KEK_key_identifier_2, + long * generated_key_identifier_1_length, + unsigned char * generated_key_identifier_1, + long * generated_key_identifier_2_length, + unsigned char * generated_key_identifier_2); /* Key Import */ extern void SECURITYAPI - CSNBKIM_32(long * return_code, + CSNBKIM(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -242,7 +697,7 @@ extern void SECURITYAPI /* Key Part Import */ extern void SECURITYAPI - CSNBKPI_32(long * return_code, + CSNBKPI(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -253,7 +708,7 @@ extern void SECURITYAPI /* Key Part Import2 */ extern void SECURITYAPI - CSNBKPI2_32(long * return_code, + CSNBKPI2(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -264,9 +719,10 @@ extern void SECURITYAPI long * key_identifier_length, unsigned char * key_identifier); + /* Key Storage Initialization */ extern void SECURITYAPI - CSNBKSI_32(long * return_code, + CSNBKSI(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -280,24 +736,15 @@ extern void SECURITYAPI /* Key Record Create */ extern void SECURITYAPI - CSNBKRC_32(long * return_code, + CSNBKRC(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, unsigned char * key_label); -/* AES Key Record Create */ -extern void SECURITYAPI - CSNBAKRC_32(long * return_code, - long * reason_code, - long * exit_data_length, - unsigned char * exit_data, - unsigned char * key_label, - long * key_token_length, - unsigned char * key_token); /* Key Record Delete */ extern void SECURITYAPI - CSNBKRD_32(long * return_code, + CSNBKRD(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -307,7 +754,7 @@ extern void SECURITYAPI /* Key Record List */ extern void SECURITYAPI - CSNBKRL_32(long * return_code, + CSNBKRL(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -318,7 +765,7 @@ extern void SECURITYAPI /* Key Record Read */ extern void SECURITYAPI - CSNBKRR_32(long * return_code, + CSNBKRR(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -327,7 +774,7 @@ extern void SECURITYAPI /* Key Record Write */ extern void SECURITYAPI - CSNBKRW_32(long * return_code, + CSNBKRW(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -336,7 +783,7 @@ extern void SECURITYAPI /* PKA Key Record Create */ extern void SECURITYAPI - CSNDKRC_32(long * return_code, + CSNDKRC(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -348,7 +795,7 @@ extern void SECURITYAPI /* PKA Key Record Delete */ extern void SECURITYAPI - CSNDKRD_32(long * return_code, + CSNDKRD(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -358,7 +805,7 @@ extern void SECURITYAPI /* PKA Key Record List */ extern void SECURITYAPI - CSNDKRL_32(long * return_code, + CSNDKRL(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -371,7 +818,7 @@ extern void SECURITYAPI /* PKA Key Record Read */ extern void SECURITYAPI - CSNDKRR_32(long * return_code, + CSNDKRR(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -383,7 +830,19 @@ extern void SECURITYAPI /* PKA Key Record Write */ extern void SECURITYAPI - CSNDKRW_32(long * return_code, + CSNDKRW(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * key_label, + long * key_token_length, + unsigned char * key_token); + +/* AES Key Record Create */ +extern void SECURITYAPI + CSNBAKRC(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -391,23 +850,70 @@ extern void SECURITYAPI unsigned char * rule_array, unsigned char * key_label, long * key_token_length, - unsigned char * key_token ); + unsigned char * key_token); + +/* AES Key Record Delete */ +extern void SECURITYAPI + CSNBAKRD(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * key_identifier); + +/* AES Key Record List */ +extern void SECURITYAPI + CSNBAKRL(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * key_label, + long * data_set_name_length, + unsigned char * data_set_name, + unsigned char * security_server_name); + +/* AES Key Record Read */ +extern void SECURITYAPI + CSNBAKRR(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * key_label, + long * key_token_length, + unsigned char * key_token); + +/* AES Key Record Write */ +extern void SECURITYAPI + CSNBAKRW(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * key_label, + long * key_token_length, + unsigned char * key_token); /* Key Test */ extern void SECURITYAPI - CSNBKYT_32(long * return_code, + CSNBKYT(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, long * rule_array_count, unsigned char * rule_array, unsigned char * key_identifier, - unsigned char * random_number, - unsigned char * verification_pattern); + unsigned char * value_1, + unsigned char * value_2); -/* Key Test Extended @b3a*/ +/* Key Test Extended */ extern void SECURITYAPI - CSNBKYTX_32(long * return_code, + CSNBKYTX(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -418,9 +924,26 @@ extern void SECURITYAPI unsigned char * verification_pattern, unsigned char * kek_key_identifier); -/* Des Key Token Change */ +/* Key Test2 */ +extern void SECURITYAPI + CSNBKYT2(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * key_identifier_length, + unsigned char * key_identifier, + long * KEK_key_identifier_length, + unsigned char * KEK_key_identifier, + long * reserved_length, + unsigned char * reserved, + long * verification_pattern_length, + unsigned char * verification_pattern); + +/* DES Key Token Change */ extern void SECURITYAPI - CSNBKTC_32(long * return_code, + CSNBKTC(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -428,9 +951,20 @@ extern void SECURITYAPI unsigned char * rule_array, unsigned char * key_identifier); +/* Key Token Change 2 */ +extern void SECURITYAPI + CSNBKTC2(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * key_identifier_length, + unsigned char * key_identifier); + /* Key Translate */ extern void SECURITYAPI - CSNBKTR_32(long * return_code, + CSNBKTR(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -439,64 +973,48 @@ extern void SECURITYAPI unsigned char * output_KEK_key_identifier, unsigned char * output_key_token); -/* Random Number Generate */ +/* Key Translate2 */ extern void SECURITYAPI - CSNBRNG_32(long * return_code, + CSNBKTR2(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, - unsigned char * form, - unsigned char * random_number); + long * rule_array_count, + unsigned char * rule_array, + long * input_key_token_length, + unsigned char * input_key_token, + long * input_KEK_key_identifier_length, + unsigned char * input_KEK_key_identifier, + long * output_KEK_key_identifier_length, + unsigned char * output_KEK_key_identifier, + long * output_key_token_length, + unsigned char * output_key_token); +/* Random Number Generate */ extern void SECURITYAPI - CSNBSAE_32(long * return_code, + CSNBRNG(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, - long * rule_array_count, - unsigned char * rule_array, - long * key_identifier_length, - unsigned char * key_identifier, - long * key_params_length, - unsigned char * key_params, - long * block_size, - long * initialization_vector_length, - unsigned char * initialization_vector, - long * chaining_vector_length, - unsigned char * chaining_vector, - long * text_length, - unsigned char * text, - long * ciphertext_length, - unsigned char * ciphertext, - long * optional_data_length, - unsigned char * optional_data); + unsigned char * form, + unsigned char * random_number); +/* Random Number Generate Long */ extern void SECURITYAPI - CSNBSAD_32(long * return_code, + CSNBRNGL(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, - long * rule_array_count, - unsigned char * rule_array, - long * key_identifier_length, - unsigned char * key_identifier, - long * key_params_length, - unsigned char * key_params, - long * block_size, - long * initialization_vector_length, - unsigned char * initialization_vector, - long * chaining_vector_length, - unsigned char * chaining_vector, - long * ciphertext_length, - unsigned char * ciphertext, - long * text_length, - unsigned char * text, - long * optional_data_length, - unsigned char * optional_data); + long * rule_array_count, + unsigned char * rule_array, + long * reserved_length, + unsigned char * reserved, + long * random_number_length, + unsigned char * random_number); /* Decipher */ extern void SECURITYAPI - CSNBDEC_32(long * return_code, + CSNBDEC(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -511,7 +1029,7 @@ extern void SECURITYAPI /* Encipher */ extern void SECURITYAPI - CSNBENC_32(long * return_code, + CSNBENC(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -527,7 +1045,7 @@ extern void SECURITYAPI /* MAC Generate */ extern void SECURITYAPI - CSNBMGN_32(long * return_code, + CSNBMGN(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -539,9 +1057,26 @@ extern void SECURITYAPI unsigned char * chaining_vector, unsigned char * MAC); +/* MAC Generate 2 */ +extern void SECURITYAPI + CSNBMGN2(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * key_identifier_length, + unsigned char * key_identifier, + long * message_text_length, + unsigned char * message_text, + long * chaining_vector_length, + unsigned char * chaining_vector, + long * MAC_length, + unsigned char * MAC_text); + /* MAC Verify */ extern void SECURITYAPI - CSNBMVR_32(long * return_code, + CSNBMVR(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -553,9 +1088,60 @@ extern void SECURITYAPI unsigned char * chaining_vector, unsigned char * MAC); +/* MAC Verify 2 */ +extern void SECURITYAPI + CSNBMVR2(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * key_identifier_length, + unsigned char * key_identifier, + long * message_text_length, + unsigned char * message_text, + long * chaining_vector_length, + unsigned char * chaining_vector, + long * MAC_length, + unsigned char * MAC_text); + +/* HMAC Generate */ +extern void SECURITYAPI + CSNBHMG(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * key_identifier_length, + unsigned char * key_identifier, + long * message_text_length, + unsigned char * message_text, + long * chaining_vector_length, + unsigned char * chaining_vector, + long * MAC_length, + unsigned char * MAC_text); + +/* HMAC Verify */ +extern void SECURITYAPI + CSNBHMV(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * key_identifier_length, + unsigned char * key_identifier, + long * message_text_length, + unsigned char * message_text, + long * chaining_vector_length, + unsigned char * chaining_vector, + long * MAC_length, + unsigned char * MAC_text); + /* Key Token Build */ extern void SECURITYAPI - CSNBKTB_32(long * return_code, + CSNBKTB(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -571,33 +1157,32 @@ extern void SECURITYAPI unsigned char * reserved_field_4, long * reserved_field_5, unsigned char * reserved_field_6, - unsigned char * master_key_verification_number ); - + unsigned char * master_key_verification_number); /* Key Token Build2 */ extern void SECURITYAPI - CSNBKTB2_32(long * return_code, - long * reason_code, - long * exit_data_length, - unsigned char * exit_data, - long * rule_array_count, - unsigned char * rule_array, - long * clear_key_bit_length, - unsigned char * clear_key_value, - long * key_name_length, - unsigned char * key_name, - long * user_associated_data_length, - unsigned char * user_associated_data, - long * token_data_length, - unsigned char * token_data, - long * reserved_length, - unsigned char * reserved, - long * target_key_token_length, - unsigned char * target_key_token); + CSNBKTB2(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * clear_key_bit_length, + unsigned char * clear_key_value, + long * key_name_length, + unsigned char * key_name, + long * user_associated_data_length, + unsigned char * user_associated_data, + long * token_data_length, + unsigned char * token_data, + long * reserved_length, + unsigned char * reserved, + long * target_key_token_length, + unsigned char * target_key_token); /* PKA Key Generate */ extern void SECURITYAPI - CSNDPKG_32(long * return_code, + CSNDPKG(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -613,7 +1198,7 @@ extern void SECURITYAPI /* PKA Key Token Build */ extern void SECURITYAPI - CSNDPKB_32(long * return_code, + CSNDPKB(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -623,8 +1208,8 @@ extern void SECURITYAPI unsigned char * key_values_structure, long * key_name_ln, unsigned char * key_name, - long * reserved_1_length, - unsigned char * reserved_1, + long * customer_data_length, + unsigned char * customer_data, long * reserved_2_length, unsigned char * reserved_2, long * reserved_3_length, @@ -638,7 +1223,7 @@ extern void SECURITYAPI /* One Way Hash */ extern void SECURITYAPI - CSNBOWH_32(long * return_code, + CSNBOWH(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -653,7 +1238,7 @@ extern void SECURITYAPI /* PKA Key Import */ extern void SECURITYAPI - CSNDPKI_32(long * return_code, + CSNDPKI(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -667,7 +1252,7 @@ extern void SECURITYAPI /* Digital Signature Generate */ extern void SECURITYAPI - CSNDDSG_32(long * return_code, + CSNDDSG(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -683,7 +1268,7 @@ extern void SECURITYAPI /* Digital Signature Verify */ extern void SECURITYAPI - CSNDDSV_32(long * return_code, + CSNDDSV(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -698,7 +1283,7 @@ extern void SECURITYAPI /* PKA Key Token Change */ extern void SECURITYAPI - CSNDKTC_32(long * return_code, + CSNDKTC(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -709,7 +1294,7 @@ extern void SECURITYAPI /* PKA Public Key Extract */ extern void SECURITYAPI - CSNDPKX_32(long * return_code, + CSNDPKX(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -722,7 +1307,7 @@ extern void SECURITYAPI /* PKA Symmetric Key Import */ extern void SECURITYAPI - CSNDSYI_32(long * return_code, + CSNDSYI(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -735,9 +1320,26 @@ extern void SECURITYAPI long * target_key_identifier_length, unsigned char * target_key_identifier); +/* PKA Symmetric Key Import 2 */ +extern void SECURITYAPI + CSNDSYI2(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * RSA_enciphered_key_length, + unsigned char * RSA_enciphered_key, + long * RSA_private_key_identifier_length, + unsigned char * RSA_private_key_identifier, + long * user_mod_data_length, + unsigned char * user_mod_data, + long * target_key_identifier_length, + unsigned char * target_key_identifier); + /* PKA Symmetric Key Export */ extern void SECURITYAPI - CSNDSYX_32(long * return_code, + CSNDSYX(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -751,8 +1353,8 @@ extern void SECURITYAPI unsigned char * RSA_enciphered_key); /* Crypto Facility Query */ -extern void - CSUACFQ_32(long * return_code, +extern void SECURITYAPI + CSUACFQ(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -763,7 +1365,7 @@ extern void /* Crypto Facility Control */ extern void SECURITYAPI - CSUACFC_32(long * return_code, + CSUACFC(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -772,59 +1374,77 @@ extern void SECURITYAPI long * verb_data_length, unsigned char * verb_data); -/* Compose SET Block */ +/* SET Block Compose */ extern void SECURITYAPI - CSNDSBC_32(long * ReturnCode, - long * ReasonCode, - long * ExitDataLength, - unsigned char * ExitData, - long * RuleArrayCount, - unsigned char * RuleArray, - unsigned char * BlockContentsIdentifier, - long * XDataStringLength, - unsigned char * XDataString, - long * DataToEncryptLength, - unsigned char * DataToEncrypt, - long * DataToHashLength, - unsigned char * DataToHash, - unsigned char * InitializationVector, - long * RSAPublicKeyIdentifierLength, - unsigned char * RSAPublicKeyIdentifier, - long * DESKeyBLockLength, - unsigned char * DESKeyBlock, - long * RSAOAEPBlockLength, - unsigned char * RSAOAEPBlock, - unsigned char * ChainingVector, - unsigned char * DESEncryptedDataBlock ); - -/* Decompose SET Block */ -extern void SECURITYAPI - CSNDSBD_32(long * ReturnCode, + CSNDSBC(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + unsigned char * block_contents_identifier, + long * x_data_string_length, + unsigned char * x_data_string, + long * data_to_encrypt_length, + unsigned char * data_to_encrypt, + long * data_to_hash_length, + unsigned char * data_to_hash, + unsigned char * initialization_vector, + long * rsa_public_key_identifier_length, + unsigned char * rsa_public_key_identifier, + long * des_key_block_length, + unsigned char * des_key_block, + long * rsa_oaep_block_length, + unsigned char * rsa_oaep_block, + unsigned char * chaining_vector, + unsigned char * des_encrypted_data_block); + +/* SET Block Decompose */ +extern void SECURITYAPI + CSNDSBD(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * rsa_oaep_block_length, + unsigned char * rsa_oaep_block, + long * des_encrypted_data_block_length, + unsigned char * des_encrypted_data_block, + unsigned char * initialization_vector, + long * rsa_private_key_identifier_length, + unsigned char * rsa_private_key_identifier, + long * des_key_block_length, + unsigned char * des_key_block, + unsigned char * block_contents_identifier, + long * x_data_string_length, + unsigned char * x_data_string, + unsigned char * chaining_vector, + unsigned char * data_block, + long * hash_block_length, + unsigned char * hash_block); + +// Symmetric Key Export with Data +extern void SECURITYAPI + CSNDSXD(long * ReturnCode, long * ReasonCode, long * ExitDataLength, unsigned char * ExitData, long * RuleArrayCount, unsigned char * RuleArray, - long * RSAOAEPBlockLength, - unsigned char * RSAOAEPBlock, - long * DESEncryptedDataBlockLength, - unsigned char * DESEncryptedDataBlock, - unsigned char * InitializationVector, - long * RSAPrivateKeyIdentifierLength, - unsigned char * RSAPrivateKeyIdentifier, - long * DESKeyBLockLength, - unsigned char * DESKeyBlock, - unsigned char * BlockContentsIdentifier, - long * XDataStringLength, - unsigned char * XDataString, - unsigned char * ChainingVector, - unsigned char * DataBlock, - long * HashBlockLength, - unsigned char * HashBlock ); + long * SourceKeyLength, + unsigned char * SourceKey, + long * Data_length, + long * Data_offset, + unsigned char * Data, + long * RSA_PublicKeyLength, + unsigned char * RSA_PublicKey, + long * EncipheredKeyLength, + unsigned char * EncipheredKey); /* Access Control Logon */ extern void SECURITYAPI - CSUALCT_32(long * return_code, + CSUALCT(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -836,9 +1456,26 @@ extern void SECURITYAPI long * auth_data_length, unsigned char * auth_data); +/* Log Query */ +extern void SECURITYAPI + CSUALGQ(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * log_number, + long * reserved0, + long * log_data_length, + unsigned char * log_data, + long * reserved1_length, + unsigned char * reserved1, + long * reserved2_length, + unsigned char * reserved2); + /* Access Control Maintenance */ extern void SECURITYAPI - CSUAACM_32(long * return_code, + CSUAACM(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -850,7 +1487,7 @@ extern void SECURITYAPI /* Access Control Initialization */ extern void SECURITYAPI - CSUAACI_32(long * return_code, + CSUAACI(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -861,10 +1498,9 @@ extern void SECURITYAPI long * verb_data_2_length, unsigned char * verb_data_2); - /* PKA Public Key Hash Register */ extern void SECURITYAPI - CSNDPKH_32(long * return_code, + CSNDPKH(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -874,10 +1510,9 @@ extern void SECURITYAPI long * hash_data_length, unsigned char * hash_data); - /* PKA Public Key Register */ extern void SECURITYAPI - CSNDPKR_32(long * return_code, + CSNDPKR(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -887,10 +1522,26 @@ extern void SECURITYAPI long * public_key_certificate_length, unsigned char * public_key_certificate); +/* PKA Key Translate */ +extern void SECURITYAPI + CSNDPKT(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * source_key_identifier_length, + unsigned char * source_key_identifier, + long * source_transport_key_identifier_length, + unsigned char * source_transport_key_identifier, + long * target_transport_key_identifier_length, + unsigned char * target_transport_key_identifier, + long * target_key_token_length, + unsigned char * target_key_token); /* Master Key Distribution */ extern void SECURITYAPI - CSUAMKD_32(long * return_code, + CSUAMKD(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -906,10 +1557,9 @@ extern void SECURITYAPI long * clone_info_length, unsigned char * clone_info); - /* Retained Key Delete */ extern void SECURITYAPI - CSNDRKD_32(long * return_code, + CSNDRKD(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -917,10 +1567,9 @@ extern void SECURITYAPI unsigned char * rule_array, unsigned char * key_label); - /* Retained Key List */ extern void SECURITYAPI - CSNDRKL_32(long * return_code, + CSNDRKL(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -933,7 +1582,7 @@ extern void SECURITYAPI /* Symmetric Key Generate */ extern void SECURITYAPI - CSNDSYG_32(long * return_code, + CSNDSYG(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -947,10 +1596,9 @@ extern void SECURITYAPI long * rsaenc_key_length, unsigned char * rsaenc_key); - /* Encrypted PIN Translate */ extern void SECURITYAPI - CSNBPTR_32(long * return_code, + CSNBPTR(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -966,10 +1614,39 @@ extern void SECURITYAPI long * sequence_number, unsigned char * put_PIN_blk); +/* Encrypted PIN Translate Extended */ +extern void SECURITYAPI + CSNBPTRE(long * pReturnCode, + long * pReasonCode, + long * pExitDataLength, + unsigned char * pExitData, + long * pRuleArrayCount, + unsigned char * pRuleArray, + long * pInPINEncKeyIDLength, + unsigned char * pInPINEncKeyID, + long * pOutPINEncKeyIDLength, + unsigned char * pOutPINEncKeyID, + long * pPANEncKeyIDLength, + unsigned char * pPANEncKeyID, + long * pInPINProfileLength, + unsigned char * pInPINProfile, + long * pPANDataLength, + unsigned char * pPANData, + long * pInPINBlkLength, + unsigned char * pInPINBlk, + long * pOutPINProfileLength, + unsigned char * pOutPINProfile, + long * pSequenceNumber, + long * pOutPINBlkLength, + unsigned char * pOutPINBlk, + long * pReserved1Length, + unsigned char * pReserved1, + long * pReserved2Length, + unsigned char * pReserved2); /* Clear PIN Encrypt */ extern void SECURITYAPI - CSNBCPE_32(long * return_code, + CSNBCPE(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -982,10 +1659,9 @@ extern void SECURITYAPI long * sequence_number, unsigned char * encrypted_PIN_blk); - /* Clear PIN Generate Alternate */ extern void SECURITYAPI - CSNBCPA_32(long * return_code, + CSNBCPA(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -1000,10 +1676,9 @@ extern void SECURITYAPI unsigned char * data_array, unsigned char * returned_result); - /* Clear PIN Generate */ extern void SECURITYAPI - CSNBPGN_32(long * return_code, + CSNBPGN(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -1015,10 +1690,9 @@ extern void SECURITYAPI unsigned char * data_array, unsigned char * returned_result); - /* Encrypted PIN Verify */ extern void SECURITYAPI - CSNBPVR_32(long * return_code, + CSNBPVR(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -1034,7 +1708,7 @@ extern void SECURITYAPI /* Diversified Key Generate */ extern void SECURITYAPI - CSNBDKG_32(long * return_code, + CSNBDKG(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -1046,9 +1720,30 @@ extern void SECURITYAPI unsigned char * decrypting_key_id, unsigned char * generated_key_id); +/* Diversified Key Generate2 */ +extern void SECURITYAPI + CSNBDKG2(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * generating_key_id_length, + unsigned char * generating_key_id, + long * derivation_data_length, + unsigned char * derivation_data, + long * reserved1_length, + unsigned char * reserved1, + long * reserved2_length, + unsigned char * reserved2, + long * generated_key_id1_length, + unsigned char * generated_key_id1, + long * generated_key_id2_length, + unsigned char * generated_key_id2); + /* Encrypted PIN Generate */ extern void SECURITYAPI - CSNBEPG_32(long * return_code, + CSNBEPG(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -1063,9 +1758,116 @@ extern void SECURITYAPI long * sequence_number, unsigned char * encrypted_PIN_blk); +/* FPE Decipher */ +extern void SECURITYAPI + CSNBFPED(long * pReturnCode, + long * pReasonCode, + long * pExitDataLength, + unsigned char * pExitData, + long * pRuleArrayCount, + unsigned char * pRuleArray, + long * pEncPanLength, + unsigned char * pEncPan, + long * pEncChNameLength, + unsigned char * pEncChName, + long * pEncTrack1DdataLength, + unsigned char * pEncTrack1Ddata, + long * pEncTrack2DdataLength, + unsigned char * pEncTrack2Ddata, + long * pKeyIdentifierLength, + unsigned char * pKeyIdentifier, + long * pDerivationDataLength, + unsigned char * pDerivationData, + long * pClearPanLength, + unsigned char * pClearPan, + long * pClearChNameLength, + unsigned char * pClearChName, + long * pClearTrack1DdataLength, + unsigned char * pClearTrack1Ddata, + long * pClearTrack2DdataLength, + unsigned char * pClearTrack2Ddata, + long * pDukptPinKeyIdentifierLength, + unsigned char * pDukptPinKeyIdentifier, + long * pReserved1Length, + unsigned char * pReserved1, + long * pReserved2Length, + unsigned char * pReserved2); + +/* FPE Encipher */ +extern void SECURITYAPI + CSNBFPEE(long * pReturnCode, + long * pReasonCode, + long * pExitDataLength, + unsigned char* pExitData, + long * pRuleArrayCount, + unsigned char* pRuleArray, + long * pClearPanLength, + unsigned char* pClearPan, + long * pClearChNameLength, + unsigned char* pClearChName, + long * pClearTrack1DdataLength, + unsigned char* pClearTrack1Ddata, + long * pClearTrack2DdataLength, + unsigned char* pClearTrack2Ddata, + long * pKeyIdentifierLength, + unsigned char* pKeyIdentifier, + long * pDerivationDataLength, + unsigned char* pDerivationData, + long * pEncPanLength, + unsigned char* pEncPan, + long * pEncChNameLength, + unsigned char* pEncChName, + long * pEncTrack1DdataLength, + unsigned char* pEncTrack1Ddata, + long * pEncTrack2DdataLength, + unsigned char* pEncTrack2Ddata, + long * pDukptPinKeyIdentifierLength, + unsigned char* pDukptPinKeyIdentifier, + long * pReserved1Length, + unsigned char* pReserved1, + long * pReserved2Length, + unsigned char* pReserved2); + +/* FPE_Translate */ +extern void SECURITYAPI + CSNBFPET(long * pReturnCode, + long * pReasonCode, + long * pExitDataLength, + unsigned char* pExitData, + long * pRuleArrayCount, + unsigned char* pRuleArray, + long * pInputPanLength, + unsigned char* pInputPan, + long * pInputChNameLength, + unsigned char* pInputChName, + long * pInputTrack1DdataLength, + unsigned char* pInputTrack1Ddata, + long * pInputTrack2DdataLength, + unsigned char* pInputTrack2Ddata, + long * pInputKeyIdentifierLength, + unsigned char* pInputKeyIdentifier, + long * pOutputKeyIdentifierLength, + unsigned char* pOutputKeyIdentifier, + long * pDerivationDataLength, + unsigned char* pDerivationData, + long * pOutputPanLength, + unsigned char* pOutputPan, + long * pOutputChNameLength, + unsigned char* pOutputChName, + long * pOutputTrack1DdataLength, + unsigned char* pOutputTrack1Ddata, + long * pOutputTrack2DdataLength, + unsigned char* pOutputTrack2Ddata, + long * pDukptPinKeyIdentifierLength, + unsigned char* pDukptPinKeyIdentifier, + long * pReserved1Length, + unsigned char* pReserved1, + long * pReserved2Length, + unsigned char* pReserved2); + /* Cryptographic Variable Encipher */ extern void SECURITYAPI - CSNBCVE_32(long * return_code, + CSNBCVE(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -1077,7 +1879,7 @@ extern void SECURITYAPI /* CVV Generate */ extern void SECURITYAPI - CSNBCSG_32(long * return_code, + CSNBCSG(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -1092,7 +1894,7 @@ extern void SECURITYAPI /* CVV Verify */ extern void SECURITYAPI - CSNBCSV_32(long * return_code, + CSNBCSV(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -1107,7 +1909,7 @@ extern void SECURITYAPI /* Control Vector Generate */ extern void SECURITYAPI - CSNBCVG_32(long * return_code, + CSNBCVG(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -1119,7 +1921,7 @@ extern void SECURITYAPI /* Key Token Parse */ extern void SECURITYAPI - CSNBKTP_32(long * return_code, + CSNBKTP(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -1129,17 +1931,45 @@ extern void SECURITYAPI unsigned char * rule_array, unsigned char * key_value, void * master_key_verification_pattern_v03, - long * reserved_field_1, - unsigned char * reserved_field_2, - unsigned char * control_vector, + long * reserved_field_2, unsigned char * reserved_field_3, - long * reserved_field_4, - unsigned char * reserved_field_5, + unsigned char * control_vector, + unsigned char * reserved_field_4, + long * reserved_field_5, + unsigned char * reserved_field_6, unsigned char * master_key_verification_pattern_v00); +/* Key Token Parse2 */ +extern void SECURITYAPI + CSNBKTP2(long *pReturnCode, + long *pReasonCode, + long *pExitDataLength, + unsigned char *pExitData, + long *pKeyTokenLength, + unsigned char *pKeyToken, + unsigned char *pKeyType, + long *pRuleArrayCount, + unsigned char *pRuleArray, + long *pKeyMaterialState, + long *pPayloadBitLength, + unsigned char *pPayload, + long *pKeyVerificationType, + long *pKeyVerificationPatternLength, + unsigned char *pKeyVerificationPattern, + long *pKeyWrappingMethod, + long *pKeyHashMethod, + long *pKeyNameLength, + unsigned char *pKeyName, + long *pTLVDataLength, + unsigned char *pTLVData, + long *pUserAssocDataLength, + unsigned char *pUserAssocData, + long *pReservedLength, + unsigned char *pReserved ); + /* PKA Encrypt */ -extern void SECURITYAPI - CSNDPKE_32(long * return_code, +extern void SECURITYAPI + CSNDPKE(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -1155,8 +1985,8 @@ extern void SECURITYAPI unsigned char * RSA_encipher); /* PKA Decrypt */ -extern void SECURITYAPI - CSNDPKD_32(long * return_code, +extern void SECURITYAPI + CSNDPKD(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -1172,25 +2002,76 @@ extern void SECURITYAPI unsigned char * key_value); /* Prohibit Export */ -extern void SECURITYAPI - CSNBPEX_32(long * return_code, +extern void SECURITYAPI + CSNBPEX(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, unsigned char * key_identifier); /* Prohibit Export Extended */ -extern void SECURITYAPI - CSNBPEXX_32(long * return_code, +extern void SECURITYAPI + CSNBPEXX(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, unsigned char * Source_key_token, unsigned char * Kek_key_identifier); +/* Prohibit Export 2 */ +extern void SECURITYAPI + CSNBPEX2(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * key_identifier_length, + unsigned char * key_identifier, + long * KEK_key_identifier_length, + unsigned char * KEK_key_identifier); + +/* Pin From Offset */ +extern void SECURITYAPI + CSNBPFO(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * PIN_enc_key_id_length, + unsigned char * PIN_enc_key_id, + long * PIN_gen_key_id_length, + unsigned char * PIN_gen_key_id, + unsigned char * PIN_profile, + unsigned char * PAN_data, + unsigned char * offset, + long * reserved_1, + unsigned char * data_array, + long * encrypted_PIN_blk_length, + unsigned char * encrypted_PIN_blk); + +/* Restrict Key Attribute */ +extern void SECURITYAPI + CSNBRKA(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * key_identifier_length, + unsigned char * key_identifier, + long * KEK_key_identifier_length, + unsigned char * KEK_key_identifier, + long * opt_parameter1_length, + unsigned char * opt_parameter1, + long * opt_parameter2_length, + unsigned char * opt_parameter2); + + /* Random Number/Known Answer Test */ -extern void SECURITYAPI - CSUARNT_32(long * return_code, +extern void SECURITYAPI + CSUARNT(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -1198,8 +2079,8 @@ extern void SECURITYAPI unsigned char * rule_array); /* Control Vector Translate */ -extern void SECURITYAPI - CSNBCVT_32(long * return_code, +extern void SECURITYAPI + CSNBCVT(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -1215,7 +2096,7 @@ extern void SECURITYAPI /* MDC Generate */ extern void SECURITYAPI - CSNBMDG_32(long * return_code, + CSNBMDG(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -1228,7 +2109,7 @@ extern void SECURITYAPI /* Cryptographic Resource Allocate */ extern void SECURITYAPI - CSUACRA_32(long * return_code, + CSUACRA(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -1239,7 +2120,7 @@ extern void SECURITYAPI /* Cryptographic Resource Deallocate */ extern void SECURITYAPI - CSUACRD_32(long * return_code, + CSUACRD(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -1250,7 +2131,7 @@ extern void SECURITYAPI /* Transaction Validation */ extern void SECURITYAPI - CSNBTRV_32(long * return_code, + CSNBTRV(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -1264,8 +2145,8 @@ extern void SECURITYAPI unsigned char * validation_values); /* Secure Messaging for Keys */ -extern void SECURITYAPI - CSNBSKY_32(long * return_code, +extern void SECURITYAPI + CSNBSKY(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -1283,8 +2164,8 @@ extern void SECURITYAPI unsigned char * output_chaining_value); /* Secure Messaging for PINs */ -extern void SECURITYAPI - CSNBSPN_32(long * return_code, +extern void SECURITYAPI + CSNBSPN(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -1306,8 +2187,8 @@ extern void SECURITYAPI unsigned char * output_chaining_value); /* PIN Change/Unblock */ -extern void SECURITYAPI - CSNBPCU_32(long * return_code, +extern void SECURITYAPI + CSNBPCU(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, @@ -1335,24 +2216,54 @@ extern void SECURITYAPI long * outputPinMessageLength, unsigned char * outputPinMessage); -/* PCF/CUSP Key Conversion */ -extern void SECURITYAPI - CSUAPCV_32(long * return_code, - long * reason_code, - long * exit_data_length, - unsigned char * exit_data, - long * rule_array_count, - unsigned char * rule_array, - long * KEK_key_identifier_length, - unsigned char * KEK_key_identifier, - long * PCF_key_list_length, - unsigned char * PCF_key_list, - long * output_key_list_length, - unsigned char * output_key_list); +/* DUKPT Key Generate verb */ +void SECURITYAPI + CSNBUKD(long * ReturnCode, + long * ReasonCode, + long * ExitDataLength, + unsigned char * ExitData, + long * pRuleArrayCount, + unsigned char * RuleArray, + long * pBaseDerivationKeyIdentifierLength, + unsigned char * pBaseDerivationKeyIdentifier, + long * pDerivationDataLength, + unsigned char * pDerivationData, + long * pGeneratedKeyIdentifier1Length, + unsigned char * GeneratedKeyIdentifier1, + long * pGeneratedKeyIdentifier2Length, + unsigned char * GeneratedKeyIdentifier2, + long * pGeneratedKeyIdentifier3Length, + unsigned char * GeneratedKeyIdentifier3, + long * pTransportKeyIdentifierLength, + unsigned char * TransportKeyIdentifier, + long * pReserved2Length, + unsigned char * Reserved2, + long * pReserved3Length, + unsigned char * Reserved3, + long * pReserved4Length, + unsigned char * Reserved4, + long * pReserved5Length, + unsigned char * Reserved5, + long * pReserved6Length, + unsigned char * Reserved6); + +/*Translate Characters */ +extern void SECURITYAPI + CSNBXEA(long * ReturnCode, + long * ReasonCode, + long * ExitDataLength, + unsigned char * ExitData, + long * RuleArrayCount, + unsigned char * RuleArray, + long * TextLength, + unsigned char * SourceText, + unsigned char * TargetText, + long * CodeTableLength, + unsigned char * CodeTable); /*Process Request Block*/ extern void SECURITYAPI - CSUAPRB_32(long * pReturnCode, + CSUAPRB(long * pReturnCode, long * pReasonCode, long * pExitDataLength, unsigned char * pExitData, @@ -1365,9 +2276,284 @@ extern void SECURITYAPI long * pReplyLength, unsigned char * pReply); +/* Trusted Block Create */ +extern void SECURITYAPI + CSNDTBC(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * input_block_length, + unsigned char * input_block_identifier, + unsigned char * transport_key_identifier, + long * trusted_block_length, + unsigned char * trusted_block_identifier); + +/* Remote Key Export */ +extern void SECURITYAPI + CSNDRKX(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * trusted_block_length, + unsigned char * trusted_block_identifier, + long * certificate_length, + unsigned char * certificate, + long * certificate_parms_length, + unsigned char * certificate_parms, + long * transport_key_length, + unsigned char * transport_key_identifier, + long * rule_id_length, + unsigned char * rule_id, + long * export_key_kek_length, + unsigned char * export_key_kek_identifier, + long * export_key_length, + unsigned char * export_key_identifier, + long * asym_encrypted_key_length, + unsigned char * asym_encrypted_key, + long * sym_encrypted_key_length, + unsigned char * sym_encrypted_key, + long * extra_data_length, + unsigned char * extra_data, + long * key_check_parameters_length, + unsigned char * key_check_parameters, + long * key_check_length, + unsigned char * key_check_value); + +/* Key Encryption Translate */ +extern void SECURITYAPI + CSNBKET(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * kek_identifier_length, + unsigned char * kek_identifier, + long * key_in_length, + unsigned char * key_in, + long * key_out_length, + unsigned char * key_out); + +/* Symmetric Algorithm Encipher */ +extern void SECURITYAPI + CSNBSAE(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * key_length, + unsigned char * key_identifier, + long * key_parms_length, + unsigned char * key_parms, + long * block_size, + long * initialization_vector_length, + unsigned char * initialization_vector, + long * chain_data_length, + unsigned char * chain_data, + long * clear_text_length, + unsigned char * clear_text, + long * cipher_text_length, + unsigned char * cipher_text, + long * optional_data_length, + unsigned char * optional_data); + +/* Symmetric Algorithm Decipher */ +extern void SECURITYAPI + CSNBSAD(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * key_length, + unsigned char * key_identifier, + long * key_parms_length, + unsigned char * key_parms, + long * block_size, + long * initialization_vector_length, + unsigned char * initialization_vector, + long * chain_data_length, + unsigned char * chain_data, + long * cipher_text_length, + unsigned char * cipher_text, + long * clear_text_length, + unsigned char * clear_text, + long * optional_data_length, + unsigned char * optional_data); + +/* Crypto Facility Version (SAPI_ONLY) */ +extern void SECURITYAPI + CSUACFV(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * version_data_length, + unsigned char * version_data); + +/* TR-31 Optional Data Build */ +extern void SECURITYAPI + CSNBT31O (long * pReturnCode, + long * pReasonCode, + long * pExitDataLength, + unsigned char * pExitData, + long * pRuleArrayCount, + unsigned char * pRuleArray, + long * pOptBlocksBfrLength, + long * pOptBlocksLength, + unsigned char * pOptBlocks, + long * pNumOptBlocks, + unsigned char * pOptBlockID, + long * pOptBlockDataLength, + unsigned char * pOptBlockData ); + +/* TR-31 Key Token Parse */ +extern void SECURITYAPI + CSNBT31P(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * tr31_key_length, + unsigned char * tr31_key, + unsigned char * key_block_version, + long * key_block_length, + unsigned char * key_usage, + unsigned char * algorithm, + unsigned char * mode, + unsigned char * key_version_number, + unsigned char * exportability, + long * num_opt_blocks ); + +/* TR-31 Key Import */ +extern void SECURITYAPI + CSNBT31I( long *return_code, + long *reason_code, + long *exit_data_length, + unsigned char *exit_data, + long *rule_array_count, + unsigned char *rule_array, + long *tr31_key_block_length, + unsigned char *tr31_key_block, + long *unwrap_kek_identifier_length, + unsigned char *unwrap_kek_identifier, + long *wrap_kek_identifier_length, + unsigned char *wrap_kek_identifier, + long *output_key_identifier_length, + unsigned char *output_key_identifier, + long *num_opt_blks, + long *cv_source, + long *protection_method); + +/* TR-31 Key Export */ +extern void SECURITYAPI + CSNBT31X( long *return_code, + long *reason_code, + long *exit_data_length, + unsigned char *exit_data, + long *rule_array_count, + unsigned char *rule_array, + unsigned char *key_version_number, + long *key_field_length, + long *source_key_identifier_length, + unsigned char *source_key_identifier, + long *unwrap_kek_identifier_length, + unsigned char *unwrap_kek_identifier, + long *wrap_kek_identifier_length, + unsigned char *wrap_kek_identifier, + long *opt_blks_length, + unsigned char *opt_blks, + long *tr31_key_block_length, + unsigned char *tr31_key_block); + +/* TR-31 Optional Data Read */ +extern void SECURITYAPI + CSNBT31R(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * tr31_key_length, + unsigned char * tr31_key, + unsigned char * opt_block_id, + long * num_opt_blocks, + unsigned char * opt_block_ids, + unsigned char * opt_block_lengths, + long * opt_block_data_length, + unsigned char * opt_block_data ); + +/* Elliptic Curve Diffie-Hellman */ +extern void SECURITYAPI + CSNDEDH(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * private_key_identifier_length, + unsigned char * private_key_identifier, + long * private_KEK_key_identifier_length, + unsigned char * private_KEK_key_identifier, + long * public_key_identifier_length, + unsigned char * public_key_identifier, + long * chaining_vector_length, + unsigned char * chaining_vector, + long * party_identifier_length, + unsigned char * party_identifier, + long * key_bit_length, + long * reserved_length, + unsigned char * reserved, + long * reserved2_length, + unsigned char * reserved2, + long * reserved3_length, + unsigned char * reserved3, + long * reserved4_length, + unsigned char * reserved4, + long * reserved5_length, + unsigned char * reserved5, + long * output_KEK_key_identifier_length, + unsigned char * output_KEK_key_identifier, + long * output_key_identifier_length, + unsigned char * output_key_identifier); + +/* Cipher Text Translate 2 */ +extern void SECURITYAPI + CSNBCTT2(long * pReturnCode, + long * pReasonCode, + long * pExitDataLength, + unsigned char * pExitData, + long * pRuleArrayCount, + unsigned char * pRuleArray, + long * pKeyIdInLen, + unsigned char * pKeyIdIn, + long * pInitVectorInLen, + unsigned char * pInitVectorIn, + long * pCipherTextInLen, + unsigned char * pCipherTextIn, + long * pChainingVectorLen, + unsigned char * pChainingVector, + long * pKeyIdOutLen, + unsigned char * pKeyIdOut, + long * pInitVectorOutLen, + unsigned char * pInitVectorOut, + long * pCipherTextOutLen, + unsigned char * pCipherTextOut, + long * pReserved1Len, + unsigned char * pReserved1, + long * pReserved2Len, + unsigned char * pReserved2 ); + + +#ifdef TKE_WKSTN /* Diffie-Hellman Key Load */ extern void SECURITYAPI - CSUADHK_32(long * ReturnCode, + CSUADHK(long * ReturnCode, long * ReasonCode, long * ExitDataLength, unsigned char * ExitData, @@ -1378,14 +2564,14 @@ extern void SECURITYAPI unsigned char * DHKeyPart, long * TransportKeyHashLength, unsigned char * TransportKeyHash, + long * DHModulusLength, + unsigned char * PartyID, unsigned char * Reserved1, - unsigned char * Reserved2, - unsigned char * Reserved3, - unsigned char * Reserved4); + unsigned char * Reserved2); /* Diffie-Hellman Key Query */ extern void SECURITYAPI - CSUADHQ_32(long * ReturnCode, + CSUADHQ(long * ReturnCode, long * ReasonCode, long * ExitDataLength, unsigned char * ExitData, @@ -1396,106 +2582,117 @@ extern void SECURITYAPI unsigned char * DHKeyPart, long * TransportKeyHashLength, unsigned char * TransportKeyHash, + long * DHModulusLength, + unsigned char * PartyID, unsigned char * Reserved1, - unsigned char * Reserved2, - unsigned char * Reserved3, - unsigned char * Reserved4); - -/* Trusted Block Create */ -extern void SECURITYAPI - CSNDTBC_32 ( long * return_code, - long * reason_code, - long * exit_data_length, - unsigned char * exit_data, - long * rule_array_count, - unsigned char * rule_array, - long * input_block_length, - unsigned char * input_block_identifier, - unsigned char * transport_key_identifier, - long * trusted_blokc_length, - unsigned char * trusted_blokc_identifier ); + unsigned char * Reserved2); -/* Remote Key Export */ +/* Certificate Import Export */ extern void SECURITYAPI - CSNDRKX_32 ( long * return_code, - long * reason_code, - long * exit_data_length, - unsigned char * exit_data, - long * rule_array_count, - unsigned char * rule_array, - long * trusted_block_length, - unsigned char * trusted_block_identifier, - long * certificate_length, - unsigned char * certificate, - long * certificate_parms_length, - unsigned char * certificate_parms, - long * transport_key_length, - unsigned char * transport_key_identifier, - long * rule_id_length, - unsigned char * rule_id, - long * export_key_kek_length, - unsigned char * export_key_kek_identifier, - long * export_key_length, - unsigned char * export_key_identifier, - long * asym_encrypted_key_length, - unsigned char * asym_encrypted_key, - long * sym_encrypted_key_length, - unsigned char * sym_encrypted_key, - long * extra_data_length, - unsigned char * extra_data, - long * key_check_parameters_length, - unsigned char * key_check_parameters, - long * key_check_length, - unsigned char * key_check_value ); - -/* Key Encryption Translate */ -extern void SECURITYAPI - CSNBKET_32(long * return_code, + CSUACIE(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, long * rule_array_count, unsigned char * rule_array, - long * kek_identifier_length, - unsigned char * kek_identifier, - long * key_in_length, - unsigned char * key_in, - long * key_out_length, - unsigned char * key_out); - - -#endif + long * public_key_certificate_length, + unsigned char * public_key_certificate); -/* HMAC Generate */ -extern void SECURITYAPI - CSNBHMG_32(long * return_code, - long * reason_code, - long * exit_data_length, - unsigned char * exit_data, +/* Random Number Extend */ +extern void SECURITYAPI + CSUARNX(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * key_length, + unsigned char * key, + long * rnum_length, + unsigned char * rnum, + long * rnum_hash_length, + unsigned char * rnum_hash, + long * sk_hash_length, + unsigned char * sk_hash, + long * secdata_length, + unsigned char * secdata, + long * optdata_length, + unsigned char * optdata); + +/* Session Key Establish */ +extern void SECURITYAPI + CSUASKE(long * return_code, + long * reason_code, + long * exit_data_length, + unsigned char * exit_data, + long * rule_array_count, + unsigned char * rule_array, + long * cert_in_length, + unsigned char * cert_in, + long * cert_out_length, + unsigned char * cert_out, + long * key_block_length, + unsigned char * key_block, + long * key_signature_length, + unsigned char * key_signature, + long * key_vp_length, + unsigned char * key_vp, + long * rnum_length, + unsigned char * rnum); + +/* Key Transport to Export */ +extern void SECURITYAPI + CSUAKTX(long * ReturnCode, + long * ReasonCode, + long * ExitDataLength, + unsigned char * ExitData, long * rule_array_count, unsigned char * rule_array, - long * key_identifier_length, - unsigned char * key_identifier, - long * message_text_length, - unsigned char * message_text, - long * chaining_vector_length, - unsigned char * chaining_vector, - long * MAC_length, - unsigned char * MAC_text); + long * key_data_length, + unsigned char * key_data, + long * secure_data_length, + unsigned char * secure_data, + long * key_data_vp_length, + unsigned char * key_data_vp, + long * session_key_vp_length, + unsigned char * session_key_vp, + long * xport_key_vp_length, + unsigned char * xport_key_vp, + long * xlt_key_data_length, + unsigned char * xlt_key_data, + long * xlt_secure_data_length, + unsigned char * xlt_secure_data); -/* HMAC Verify */ +/* Master Key Process Extended */ extern void SECURITYAPI - CSNBHMV_32(long * return_code, + CSUAMKX(long * return_code, long * reason_code, long * exit_data_length, unsigned char * exit_data, long * rule_array_count, unsigned char * rule_array, - long * key_identifier_length, - unsigned char * key_identifier, - long * message_text_length, - unsigned char * message_text, - long * chaining_vector_length, - unsigned char * chaining_vector, - long * MAC_length, - unsigned char * MAC_text); + unsigned char * Key_part, + long * Seskey_vp_length, + unsigned char * Seskey_vp, + long * Keypart_vp_length, + unsigned char * Keypart_vp); + +/* Key Part Import Extended */ +extern void SECURITYAPI + CSUAKIX(long * pReturnCode, + long * pReasonCode, + long * pExitDataLength, + unsigned char * pExitData, + long * pRuleArrayCount, + unsigned char * pRuleArray, + unsigned char * pKeyPart, + unsigned char * pKeyIdentifier, + long * pSeskey_vp_length, + unsigned char * pSeskey_vp, + long * pKeypart_vp_length, + unsigned char * pKeypart_vp); + + +#endif // TKE_WKSTN +#endif // __CSULINCL__ + diff --git a/usr/lib/pkcs11/cca_stdll/defs.h b/usr/lib/pkcs11/cca_stdll/defs.h index 274dd13..274dd13 100755..100644 --- a/usr/lib/pkcs11/cca_stdll/defs.h +++ b/usr/lib/pkcs11/cca_stdll/defs.h diff --git a/usr/lib/pkcs11/common/asn1.c b/usr/lib/pkcs11/common/asn1.c index 5c63861..8d0e33a 100755 --- a/usr/lib/pkcs11/common/asn1.c +++ b/usr/lib/pkcs11/common/asn1.c @@ -733,6 +733,7 @@ ber_encode_SEQUENCE( CK_BBOOL length_only, return CKR_OK; } + free( buf ); TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_FAILED)); return CKR_FUNCTION_FAILED; } @@ -1045,6 +1046,7 @@ ber_encode_RSAPrivateKey( CK_BBOOL length_only, memcpy( buf+offset, buf2, len ); offset += len; free( buf2 ); + buf2 = NULL; rc = ber_encode_INTEGER( FALSE, &buf2, &len, (CK_BYTE *)modulus + sizeof(CK_ATTRIBUTE), modulus->ulValueLen ); if (rc != CKR_OK){ @@ -1054,6 +1056,7 @@ ber_encode_RSAPrivateKey( CK_BBOOL length_only, memcpy( buf+offset, buf2, len ); offset += len; free( buf2 ); + buf2 = NULL; rc = ber_encode_INTEGER( FALSE, &buf2, &len, (CK_BYTE *)publ_exp + sizeof(CK_ATTRIBUTE), publ_exp->ulValueLen ); if (rc != CKR_OK){ @@ -1063,6 +1066,7 @@ ber_encode_RSAPrivateKey( CK_BBOOL length_only, memcpy( buf+offset, buf2, len ); offset += len; free( buf2 ); + buf2 = NULL; if (opaque != NULL) { // the CKA_IBM_OPAQUE attrib @@ -1074,6 +1078,7 @@ ber_encode_RSAPrivateKey( CK_BBOOL length_only, memcpy( buf+offset, buf2, len ); offset += len; free( buf2 ); + buf2 = NULL; } else { rc = ber_encode_INTEGER( FALSE, &buf2, &len, (CK_BYTE *)priv_exp + sizeof(CK_ATTRIBUTE), priv_exp->ulValueLen ); if (rc != CKR_OK){ @@ -1083,6 +1088,7 @@ ber_encode_RSAPrivateKey( CK_BBOOL length_only, memcpy( buf+offset, buf2, len ); offset += len; free( buf2 ); + buf2 = NULL; rc = ber_encode_INTEGER( FALSE, &buf2, &len, (CK_BYTE *)prime1 + sizeof(CK_ATTRIBUTE), prime1->ulValueLen ); if (rc != CKR_OK){ @@ -1092,6 +1098,7 @@ ber_encode_RSAPrivateKey( CK_BBOOL length_only, memcpy( buf+offset, buf2, len ); offset += len; free( buf2 ); + buf2 = NULL; rc = ber_encode_INTEGER( FALSE, &buf2, &len, (CK_BYTE *)prime2 + sizeof(CK_ATTRIBUTE), prime2->ulValueLen ); if (rc != CKR_OK){ @@ -1101,6 +1108,7 @@ ber_encode_RSAPrivateKey( CK_BBOOL length_only, memcpy( buf+offset, buf2, len ); offset += len; free( buf2 ); + buf2 = NULL; rc = ber_encode_INTEGER( FALSE, &buf2, &len, (CK_BYTE *)exponent1 + sizeof(CK_ATTRIBUTE), exponent1->ulValueLen ); if (rc != CKR_OK){ @@ -1110,6 +1118,7 @@ ber_encode_RSAPrivateKey( CK_BBOOL length_only, memcpy( buf+offset, buf2, len ); offset += len; free( buf2 ); + buf2 = NULL; rc = ber_encode_INTEGER( FALSE, &buf2, &len, (CK_BYTE *)exponent2 + sizeof(CK_ATTRIBUTE), exponent2->ulValueLen ); if (rc != CKR_OK){ @@ -1119,6 +1128,7 @@ ber_encode_RSAPrivateKey( CK_BBOOL length_only, memcpy( buf+offset, buf2, len ); offset += len; free( buf2 ); + buf2 = NULL; rc = ber_encode_INTEGER( FALSE, &buf2, &len, (CK_BYTE *)coeff + sizeof(CK_ATTRIBUTE), coeff->ulValueLen ); if (rc != CKR_OK){ @@ -1128,6 +1138,7 @@ ber_encode_RSAPrivateKey( CK_BBOOL length_only, memcpy( buf+offset, buf2, len ); offset += len; free( buf2 ); + buf2 = NULL; } rc = ber_encode_SEQUENCE( FALSE, &buf2, &len, buf, offset ); diff --git a/usr/lib/pkcs11/common/cert.c b/usr/lib/pkcs11/common/cert.c index f85f308..b478aab 100755 --- a/usr/lib/pkcs11/common/cert.c +++ b/usr/lib/pkcs11/common/cert.c @@ -370,8 +370,6 @@ cert_validate_attribute( TEMPLATE *tmpl, CK_ATTRIBUTE *attr, CK_ULONG mode ) default: return template_validate_base_attribute( tmpl, attr, mode ); } - - return template_validate_base_attribute( tmpl, attr, mode ); } diff --git a/usr/lib/pkcs11/common/h_extern.h b/usr/lib/pkcs11/common/h_extern.h index 2cd8a5e..a17e75b 100755 --- a/usr/lib/pkcs11/common/h_extern.h +++ b/usr/lib/pkcs11/common/h_extern.h @@ -2372,6 +2372,8 @@ CK_RV object_flatten( OBJECT * obj, void object_free( OBJECT *obj ); +void call_free( void* ptr ); + CK_RV object_get_attribute_values( OBJECT * obj, CK_ATTRIBUTE * pTemplate, CK_ULONG count ); diff --git a/usr/lib/pkcs11/common/loadsave.c b/usr/lib/pkcs11/common/loadsave.c index 04334dc..e843619 100755 --- a/usr/lib/pkcs11/common/loadsave.c +++ b/usr/lib/pkcs11/common/loadsave.c @@ -634,8 +634,8 @@ void set_perm(int file) * restrict access to a single user */ fchmod(file,S_IRUSR|S_IWUSR); } else { - // Set absolute permissions or rw-rw-r-- - fchmod(file, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH); + // Set absolute permissions or rw-rw---- + fchmod(file, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); grp = getgrnam("pkcs11"); // Obtain the group id if (grp) { @@ -828,7 +828,6 @@ CK_RV save_token_object(OBJECT * obj) TRACE_ERROR("fopen(%s): %s\n", fname, strerror(errno)); return CKR_FUNCTION_FAILED; } - set_perm(fileno(fp)); set_perm(fileno(fp)); fprintf(fp, "%s\n", obj->name); @@ -1602,8 +1601,8 @@ CK_RV save_masterkey_user(void) CK_BYTE *key = NULL; CK_ULONG key_len = 0L; CK_ULONG master_key_len = 0L; - CK_ULONG block_size; - CK_ULONG data_len; + CK_ULONG block_size = 0L; + CK_ULONG data_len = 0L; CK_BYTE fname[PATH_MAX]; CK_RV rc; char pk_dir_buf[PATH_MAX]; diff --git a/usr/lib/pkcs11/common/mech_aes.c b/usr/lib/pkcs11/common/mech_aes.c index 296c8e7..6c3fae7 100644 --- a/usr/lib/pkcs11/common/mech_aes.c +++ b/usr/lib/pkcs11/common/mech_aes.c @@ -1308,7 +1308,7 @@ aes_ctr_encrypt_update( SESSION *sess, // copy the remaining 'new' input data to the context buffer if (remain != 0) memcpy( context->data, in_data + (in_data_len - remain), remain ); - context->len = remain; + context->len = remain; } free( clear ); @@ -2933,14 +2933,14 @@ CK_RV aes_gcm_decrypt(SESSION *sess, CK_BBOOL length_only, CK_ULONG tag_data_len; CK_RV rc; - aesgcm = (CK_GCM_PARAMS *)ctx->mech.pParameter; - tag_data_len = (aesgcm->ulTagBits + 7) / 8; /* round to full byte */ - if (!sess || !ctx || !in_data || !out_data_len) { TRACE_ERROR("%s received bad argument(s)\n", __FUNCTION__); return CKR_FUNCTION_FAILED; } + aesgcm = (CK_GCM_PARAMS *)ctx->mech.pParameter; + tag_data_len = (aesgcm->ulTagBits + 7) / 8; /* round to full byte */ + if (length_only == TRUE) { *out_data_len = in_data_len - tag_data_len; return CKR_OK; diff --git a/usr/lib/pkcs11/common/mech_dh.c b/usr/lib/pkcs11/common/mech_dh.c index 0d67a05..467c708 100644 --- a/usr/lib/pkcs11/common/mech_dh.c +++ b/usr/lib/pkcs11/common/mech_dh.c @@ -398,6 +398,7 @@ dh_pkcs_derive( SESSION * sess, &temp_obj ); if (rc != CKR_OK){ TRACE_DEVEL("Object Mgr create skeleton failed.\n"); + free(new_attr); return rc; } diff --git a/usr/lib/pkcs11/common/mech_rsa.c b/usr/lib/pkcs11/common/mech_rsa.c index 0430863..06f78a3 100755 --- a/usr/lib/pkcs11/common/mech_rsa.c +++ b/usr/lib/pkcs11/common/mech_rsa.c @@ -2325,10 +2325,9 @@ rsa_hash_pkcs_sign_final( SESSION * sess, if (rc != CKR_OK) TRACE_DEVEL("Sign Mgr Sign failed.\n"); - if (length_only == TRUE || rc == CKR_BUFFER_TOO_SMALL) { - sign_mgr_cleanup( &sign_ctx ); - return rc; - } + /** Not sure why this check is here */ + if (length_only == TRUE || rc == CKR_BUFFER_TOO_SMALL) + goto done; done: if (octet_str) free( octet_str ); diff --git a/usr/lib/pkcs11/common/new_host.c b/usr/lib/pkcs11/common/new_host.c index 1bc0403..dd4cb0a 100755 --- a/usr/lib/pkcs11/common/new_host.c +++ b/usr/lib/pkcs11/common/new_host.c @@ -358,8 +358,8 @@ void Fork_Initializer(void) * When implemented... Although logout_all should clear this up. */ - bt_destroy(&priv_token_obj_btree, object_free); - bt_destroy(&publ_token_obj_btree, object_free); + bt_destroy(&priv_token_obj_btree, call_free); + bt_destroy(&publ_token_obj_btree, call_free); /* Need to do something to prevent the shared memory from * having the objects loaded again.... The most likely place @@ -627,7 +627,7 @@ CK_RV SC_GetMechanismList(CK_SLOT_ID sid, CK_MECHANISM_TYPE_PTR pMechList, } out: TRACE_INFO("C_GetMechanismList: rc = 0x%08lx, # mechanisms: %lu\n", - rc, *count); + rc, (count ? *count : 0)); return rc; } @@ -1355,7 +1355,8 @@ done: } TRACE_INFO("C_Login: rc = 0x%08lx\n", rc); - save_token_data(sess->session_info.slotID); + if (sess) + save_token_data(sess->session_info.slotID); MY_UnlockMutex(&login_mutex); return rc; } @@ -1850,7 +1851,7 @@ CK_RV SC_EncryptInit(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism, done: TRACE_INFO("C_EncryptInit: rc = 0x%08lx, sess = %ld, mech = 0x%lx\n", rc, (sess == NULL) ? -1 : (CK_LONG)sess->handle, - pMechanism->mechanism); + (pMechanism ? pMechanism->mechanism : -1)); return rc; } @@ -2083,7 +2084,7 @@ CK_RV SC_DecryptInit(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism, done: TRACE_INFO("C_DecryptInit: rc = 0x%08lx, sess = %ld, mech = 0x%lx\n", rc, (sess == NULL) ? -1 : (CK_LONG)sess->handle, - pMechanism->mechanism); + (pMechanism ? pMechanism->mechanism : -1)); return rc; } @@ -2242,7 +2243,7 @@ done: TRACE_INFO("C_DecryptFinal: rc = 0x%08lx, sess = %ld, amount = %lu\n", rc, (sess == NULL) ? -1 : (CK_LONG)sess->handle, - *pulLastPartLen); + (pulLastPartLen ? *pulLastPartLen : 0)); return rc; } @@ -2294,7 +2295,7 @@ CK_RV SC_DigestInit(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism) done: TRACE_INFO("C_DigestInit: rc = 0x%08lx, sess = %ld, mech = %lu\n", rc, (sess == NULL)?-1:(CK_LONG)sess->handle, - pMechanism->mechanism); + (pMechanism ? pMechanism->mechanism : -1)); return rc; } @@ -2530,7 +2531,7 @@ CK_RV SC_SignInit(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism, done: TRACE_INFO("C_SignInit: rc = %08lx, sess = %ld, mech = %lx\n", rc, (sess == NULL)?-1:(CK_LONG)sess->handle, - pMechanism->mechanism); + (pMechanism ? pMechanism->mechanism : -1)); return rc; } @@ -2732,7 +2733,7 @@ CK_RV SC_SignRecoverInit(ST_SESSION_HANDLE *sSession, done: TRACE_INFO("C_SignRecoverInit: rc = %08lx, sess = %ld, mech = %lx\n", rc, (sess == NULL)?-1:(CK_LONG)sess->handle, - pMechanism->mechanism); + (pMechanism ? pMechanism->mechanism : -1)); return rc; } @@ -2839,7 +2840,7 @@ CK_RV SC_VerifyInit(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism, done: TRACE_INFO("C_VerifyInit: rc = %08lx, sess = %ld, mech = %lx\n", rc, (sess == NULL)?-1:(CK_LONG)sess->handle, - pMechanism->mechanism); + (pMechanism ? pMechanism->mechanism : -1)); return rc; } @@ -3033,7 +3034,7 @@ CK_RV SC_VerifyRecoverInit(ST_SESSION_HANDLE *sSession, done: TRACE_INFO("C_VerifyRecoverInit: rc = %08lx, sess = %ld, mech = %lx\n", rc, (sess == NULL)?-1:(CK_LONG)sess->handle, - pMechanism->mechanism); + (pMechanism ? pMechanism->mechanism : -1)); return rc; } @@ -3088,7 +3089,7 @@ done: TRACE_INFO("C_VerifyRecover: rc = %08lx, sess = %ld, recover len = %lu, " "length_only = %d\n", rc, - (sess == NULL)?-1:(CK_LONG)sess->handle, *pulDataLen, + (sess == NULL)?-1:(CK_LONG)sess->handle, (pulDataLen ? *pulDataLen : 0), length_only); return rc; @@ -3194,7 +3195,7 @@ CK_RV SC_GenerateKey(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism, done: TRACE_INFO("C_GenerateKey: rc = %08lx, sess = %ld, mech = %lx\n", rc, (sess == NULL) ? -1 : (CK_LONG) sess->handle, - pMechanism->mechanism); + (pMechanism ? pMechanism->mechanism : -1)); #ifdef DEBUG CK_ATTRIBUTE *attr = NULL; @@ -3271,7 +3272,7 @@ CK_RV SC_GenerateKeyPair(ST_SESSION_HANDLE *sSession, done: TRACE_INFO("C_GenerateKeyPair: rc = %08lx, sess = %ld, mech = %lu\n", rc, (sess == NULL) ? -1 : ((CK_LONG) sess->handle), - pMechanism->mechanism); + (pMechanism ? pMechanism->mechanism : -1)); #ifdef DEBUG CK_ATTRIBUTE *attr = NULL; @@ -3413,7 +3414,7 @@ done: TRACE_INFO("C_UnwrapKey: rc = %08lx, sess = %ld, decrypting key = %lu," "unwrapped key = %lu\n", rc, (sess == NULL) ? -1 : (CK_LONG) sess->handle, - hUnwrappingKey, *phKey); + hUnwrappingKey, (phKey ? *phKey : 0)); #ifdef DEBUG CK_ATTRIBUTE *attr = NULL; @@ -3480,7 +3481,7 @@ CK_RV SC_DeriveKey(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism, done: TRACE_INFO("C_DeriveKey: rc = %08lx, sess = %ld, mech = %lu\n", rc, (sess == NULL)?-1:(CK_LONG)sess->handle, - pMechanism->mechanism); + (pMechanism ? pMechanism->mechanism : -1)); #ifdef DEBUG CK_ATTRIBUTE *attr = NULL; CK_BYTE *ptr = NULL; diff --git a/usr/lib/pkcs11/common/obj_mgr.c b/usr/lib/pkcs11/common/obj_mgr.c index 80f5998..b1289b5 100755 --- a/usr/lib/pkcs11/common/obj_mgr.c +++ b/usr/lib/pkcs11/common/obj_mgr.c @@ -1080,7 +1080,7 @@ destroy_object_cb(void *node) OBJECT *o; if (map->is_session_obj) - bt_node_free(&sess_obj_btree, map->obj_handle, object_free); + bt_node_free(&sess_obj_btree, map->obj_handle, call_free); else { if (map->is_private) o = bt_get_node_value(&priv_token_obj_btree, map->obj_handle); @@ -1105,9 +1105,9 @@ destroy_object_cb(void *node) XProcUnLock(); if (map->is_private) - bt_node_free(&priv_token_obj_btree, map->obj_handle, object_free); + bt_node_free(&priv_token_obj_btree, map->obj_handle, call_free); else - bt_node_free(&publ_token_obj_btree, map->obj_handle, object_free); + bt_node_free(&publ_token_obj_btree, map->obj_handle, call_free); } done: free(map); @@ -1187,9 +1187,9 @@ delete_token_obj_cb(void *node, unsigned long map_handle, void *p3) XProcUnLock(); if (map->is_private) - bt_node_free(&priv_token_obj_btree, map->obj_handle, object_free); + bt_node_free(&priv_token_obj_btree, map->obj_handle, call_free); else - bt_node_free(&publ_token_obj_btree, map->obj_handle, object_free); + bt_node_free(&publ_token_obj_btree, map->obj_handle, call_free); } done: /* delete @node from this btree */ @@ -1741,7 +1741,7 @@ purge_session_obj_cb(void *node, unsigned long obj_handle, void *p3) if (obj->map_handle) bt_node_free(&object_map_btree, obj->map_handle, free); - bt_node_free(&sess_obj_btree, obj_handle, object_free); + bt_node_free(&sess_obj_btree, obj_handle, call_free); } } } @@ -1790,7 +1790,7 @@ purge_token_obj_cb(void *node, unsigned long obj_handle, void *p3) if (obj->map_handle) bt_node_free(&object_map_btree, obj->map_handle, free); - bt_node_free(t, obj_handle, object_free); + bt_node_free(t, obj_handle, call_free); } // this routine cleans up the list of token objects. in general, we don't @@ -2343,7 +2343,7 @@ delete_objs_from_btree_cb(void *node, unsigned long obj_handle, void *p3) } /* didn't find it in SHM, delete it from its btree */ - bt_node_free(ua->t, obj_handle, object_free); + bt_node_free(ua->t, obj_handle, call_free); } void diff --git a/usr/lib/pkcs11/common/object.c b/usr/lib/pkcs11/common/object.c index fe001c1..faf4f33 100755 --- a/usr/lib/pkcs11/common/object.c +++ b/usr/lib/pkcs11/common/object.c @@ -335,7 +335,6 @@ object_create( CK_ATTRIBUTE * pTemplate, CK_ATTRIBUTE * attr = NULL; CK_ATTRIBUTE * sensitive = NULL; CK_ATTRIBUTE * extractable = NULL; - CK_ATTRIBUTE * local = NULL; CK_BBOOL class_given = FALSE; CK_BBOOL subclass_given = FALSE; CK_BBOOL flag; @@ -447,7 +446,6 @@ object_create( CK_ATTRIBUTE * pTemplate, error: if (sensitive) free( sensitive ); if (extractable) free( extractable ); - if (local) free( local ); object_free( o ); return rc; @@ -493,7 +491,10 @@ object_copy( CK_ATTRIBUTE * pTemplate, if (!o || !tmpl || !new_tmpl) { rc = CKR_HOST_MEMORY; TRACE_ERROR("%s\n", ock_err(ERR_HOST_MEMORY)); - goto error; + if (o) free(o); + if (tmpl) free(tmpl); + if (new_tmpl) free(new_tmpl); + return rc; // do not goto done -- memory might not be initialized } memset( o, 0x0, sizeof(OBJECT) ); @@ -632,12 +633,23 @@ object_flatten( OBJECT * obj, // void object_free(OBJECT *obj) { - if (obj && obj->template) { - template_free(obj->template); + /* refactorization here to do actual free - fix from coverity scan */ + if (obj) { + if (obj->template) + template_free(obj->template); free(obj); } } +//call_free() +//This function is added to silence the compiler during implicit void (*)(void*) function pointer casting in call back functions. +// +void call_free(void *ptr) +{ + if (ptr) + object_free ((OBJECT*) ptr); +} + // object_is_modifiable() // CK_BBOOL @@ -816,7 +828,7 @@ object_set_attribute_values( OBJECT * obj, CK_ATTRIBUTE * pTemplate, CK_ULONG ulCount ) { - TEMPLATE * new_tmpl; + TEMPLATE * new_tmpl = NULL; CK_BBOOL found; CK_ULONG class, subclass; CK_RV rc; diff --git a/usr/lib/pkcs11/common/sess_mgr.c b/usr/lib/pkcs11/common/sess_mgr.c index 32d1081..367e9c5 100755 --- a/usr/lib/pkcs11/common/sess_mgr.c +++ b/usr/lib/pkcs11/common/sess_mgr.c @@ -373,6 +373,7 @@ session_mgr_new( CK_ULONG flags, CK_SLOT_ID slot_id, CK_SESSION_HANDLE_PTR phSes rc = MY_LockMutex( &pkcs_mutex ); // this protects next_session_handle if (rc != CKR_OK){ TRACE_ERROR("Mutex lock failed.\n"); + free( new_session ); return rc; } pkcs_locked = TRUE; @@ -395,6 +396,7 @@ session_mgr_new( CK_ULONG flags, CK_SLOT_ID slot_id, CK_SESSION_HANDLE_PTR phSes rc = MY_LockMutex( &sess_list_mutex ); if (rc != CKR_OK){ TRACE_ERROR("Mutex lock failed.\n"); + free( new_session ); return rc; } sess_locked = TRUE; diff --git a/usr/lib/pkcs11/common/template.c b/usr/lib/pkcs11/common/template.c index 9173c4a..c1a12e9 100755 --- a/usr/lib/pkcs11/common/template.c +++ b/usr/lib/pkcs11/common/template.c @@ -1075,7 +1075,7 @@ CK_RV template_free(TEMPLATE *tmpl) CK_BBOOL template_get_class(TEMPLATE *tmpl, CK_ULONG *class, CK_ULONG *subclass) { DL_NODE *node; - CK_BBOOL found; + CK_BBOOL found = FALSE; if (!tmpl || !class || !subclass) return FALSE; diff --git a/usr/lib/pkcs11/common/trace.c b/usr/lib/pkcs11/common/trace.c index 4ba2c2d..da294f8 100644 --- a/usr/lib/pkcs11/common/trace.c +++ b/usr/lib/pkcs11/common/trace.c @@ -391,6 +391,7 @@ static const char *ock_err_msg[] = { "API already Initialized", /*ERR_CRYPTOKI_ALREADY_INITIALIZED*/ "Mutex Invalid", /*ERR_MUTEX_BAD*/ "Mutex was not locked", /*ERR_MUTEX_NOT_LOCKED*/ +"Unknown error", /*ERR_MAX*/ }; void set_trace(struct trace_handle_t t_handle) diff --git a/usr/lib/pkcs11/ep11_stdll/ep11_func.h b/usr/lib/pkcs11/ep11_stdll/ep11_func.h new file mode 100644 index 0000000..01c7dac --- /dev/null +++ b/usr/lib/pkcs11/ep11_stdll/ep11_func.h @@ -0,0 +1,472 @@ +/* + Common Public License Version 0.5 + + THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF + THIS COMMON PUBLIC LICENSE ("AGREEMENT"). ANY USE, + REPRODUCTION OR DISTRIBUTION OF THE PROGRAM CONSTITUTES + RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT. + + 1. DEFINITIONS + + "Contribution" means: + a) in the case of the initial Contributor, the + initial code and documentation distributed under + this Agreement, and + + b) in the case of each subsequent Contributor: + i) changes to the Program, and + ii) additions to the Program; + + where such changes and/or additions to the Program + originate from and are distributed by that + particular Contributor. A Contribution 'originates' + from a Contributor if it was added to the Program + by such Contributor itself or anyone acting on such + Contributor's behalf. Contributions do not include + additions to the Program which: (i) are separate + modules of software distributed in conjunction with + the Program under their own license agreement, and + (ii) are not derivative works of the Program. + + "Contributor" means any person or entity that distributes + the Program. + + "Licensed Patents " mean patent claims licensable by a + Contributor which are necessarily infringed by the use or + sale of its Contribution alone or when combined with the + Program. + + "Program" means the Contributions distributed in + accordance with this Agreement. + + "Recipient" means anyone who receives the Program under + this Agreement, including all Contributors. + + 2. GRANT OF RIGHTS + + a) Subject to the terms of this Agreement, each + Contributor hereby grants Recipient a + non-exclusive, worldwide, royalty-free copyright + license to reproduce, prepare derivative works of, + publicly display, publicly perform, distribute and + sublicense the Contribution of such Contributor, if + any, and such derivative works, in source code and + object code form. + + b) Subject to the terms of this Agreement, each + Contributor hereby grants Recipient a + non-exclusive, worldwide, royalty-free patent + license under Licensed Patents to make, use, sell, + offer to sell, import and otherwise transfer the + Contribution of such Contributor, if any, in source + code and object code form. This patent license + shall apply to the combination of the Contribution + and the Program if, at the time the Contribution is + added by the Contributor, such addition of the + Contribution causes such combination to be covered + by the Licensed Patents. The patent license shall + not apply to any other combinations which include + the Contribution. No hardware per se is licensed + hereunder. + + c) Recipient understands that although each + Contributor grants the licenses to its + Contributions set forth herein, no assurances are + provided by any Contributor that the Program does + not infringe the patent or other intellectual + property rights of any other entity. Each + Contributor disclaims any liability to Recipient + for claims brought by any other entity based on + infringement of intellectual property rights or + otherwise. As a condition to exercising the rights + and licenses granted hereunder, each Recipient + hereby assumes sole responsibility to secure any + other intellectual property rights needed, if any. + + For example, if a third party patent license is + required to allow Recipient to distribute the + Program, it is Recipient's responsibility to + acquire that license before distributing the + Program. + + d) Each Contributor represents that to its + knowledge it has sufficient copyright rights in its + Contribution, if any, to grant the copyright + license set forth in this Agreement. + + 3. REQUIREMENTS + + A Contributor may choose to distribute the Program in + object code form under its own license agreement, provided + that: + a) it complies with the terms and conditions of + this Agreement; and + + b) its license agreement: + i) effectively disclaims on behalf of all + Contributors all warranties and conditions, express + and implied, including warranties or conditions of + title and non-infringement, and implied warranties + or conditions of merchantability and fitness for a + particular purpose; + + ii) effectively excludes on behalf of all + Contributors all liability for damages, including + direct, indirect, special, incidental and + consequential damages, such as lost profits; + + iii) states that any provisions which differ from + this Agreement are offered by that Contributor + alone and not by any other party; and + + iv) states that source code for the Program is + available from such Contributor, and informs + licensees how to obtain it in a reasonable manner + on or through a medium customarily used for + software exchange. + + When the Program is made available in source code form: + a) it must be made available under this Agreement; + and + b) a copy of this Agreement must be included with + each copy of the Program. + + Contributors may not remove or alter any copyright notices + contained within the Program. + + Each Contributor must identify itself as the originator of + its Contribution, if any, in a manner that reasonably + allows subsequent Recipients to identify the originator of + the Contribution. + + 4. COMMERCIAL DISTRIBUTION + + Commercial distributors of software may accept certain + responsibilities with respect to end users, business + partners and the like. While this license is intended to + facilitate the commercial use of the Program, the + Contributor who includes the Program in a commercial + product offering should do so in a manner which does not + create potential liability for other Contributors. + Therefore, if a Contributor includes the Program in a + commercial product offering, such Contributor ("Commercial + Contributor") hereby agrees to defend and indemnify every + other Contributor ("Indemnified Contributor") against any + losses, damages and costs (collectively "Losses") arising + from claims, lawsuits and other legal actions brought by a + third party against the Indemnified Contributor to the + extent caused by the acts or omissions of such Commercial + Contributor in connection with its distribution of the + Program in a commercial product offering. The obligations + in this section do not apply to any claims or Losses + relating to any actual or alleged intellectual property + infringement. In order to qualify, an Indemnified + Contributor must: a) promptly notify the Commercial + Contributor in writing of such claim, and b) allow the + Commercial Contributor to control, and cooperate with the + Commercial Contributor in, the defense and any related + settlement negotiations. The Indemnified Contributor may + participate in any such claim at its own expense. + + For example, a Contributor might include the Program in a + commercial product offering, Product X. That Contributor + is then a Commercial Contributor. If that Commercial + Contributor then makes performance claims, or offers + warranties related to Product X, those performance claims + and warranties are such Commercial Contributor's + responsibility alone. Under this section, the Commercial + Contributor would have to defend claims against the other + Contributors related to those performance claims and + warranties, and if a court requires any other Contributor + to pay any damages as a result, the Commercial Contributor + must pay those damages. + + 5. NO WARRANTY + + EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE + PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT + WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR + IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR + CONDITIONS OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR + FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is solely + responsible for determining the appropriateness of using + and distributing the Program and assumes all risks + associated with its exercise of rights under this + Agreement, including but not limited to the risks and + costs of program errors, compliance with applicable laws, + damage to or loss of data, programs or equipment, and + unavailability or interruption of operations. + + 6. DISCLAIMER OF LIABILITY + EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER + RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION + LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE + OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGES. + + 7. GENERAL + + If any provision of this Agreement is invalid or + unenforceable under applicable law, it shall not affect + the validity or enforceability of the remainder of the + terms of this Agreement, and without further action by the + parties hereto, such provision shall be reformed to the + minimum extent necessary to make such provision valid and + enforceable. + + If Recipient institutes patent litigation against a + Contributor with respect to a patent applicable to + software (including a cross-claim or counterclaim in a + lawsuit), then any patent licenses granted by that + Contributor to such Recipient under this Agreement shall + terminate as of the date such litigation is filed. In + addition, If Recipient institutes patent litigation + against any entity (including a cross-claim or + counterclaim in a lawsuit) alleging that the Program + itself (excluding combinations of the Program with other + software or hardware) infringes such Recipient's + patent(s), then such Recipient's rights granted under + Section 2(b) shall terminate as of the date such + litigation is filed. + + All Recipient's rights under this Agreement shall + terminate if it fails to comply with any of the material + terms or conditions of this Agreement and does not cure + such failure in a reasonable period of time after becoming + aware of such noncompliance. If all Recipient's rights + under this Agreement terminate, Recipient agrees to cease + use and distribution of the Program as soon as reasonably + practicable. However, Recipient's obligations under this + Agreement and any licenses granted by Recipient relating + to the Program shall continue and survive. + + Everyone is permitted to copy and distribute copies of + this Agreement, but in order to avoid inconsistency the + Agreement is copyrighted and may only be modified in the + following manner. The Agreement Steward reserves the right + to publish new versions (including revisions) of this + Agreement from time to time. No one other than the + Agreement Steward has the right to modify this Agreement. + + IBM is the initial Agreement Steward. IBM may assign the + responsibility to serve as the Agreement Steward to a + suitable separate entity. Each new version of the + Agreement will be given a distinguishing version number. + The Program (including Contributions) may always be + distributed subject to the version of the Agreement under + which it was received. In addition, after a new version of + the Agreement is published, Contributor may elect to + distribute the Program (including its Contributions) under + the new version. Except as expressly stated in Sections + 2(a) and 2(b) above, Recipient receives no rights or + licenses to the intellectual property of any Contributor + under this Agreement, whether expressly, by implication, + estoppel or otherwise. All rights in the Program not + expressly granted under this Agreement are reserved. + + This Agreement is governed by the laws of the State of New + York and the intellectual property laws of the United + States of America. No party to this Agreement will bring a + legal action under this Agreement more than one year after + the cause of action arose. Each party waives its rights to + a jury trial in any resulting litigation. + + +*/ + +/* (C) COPYRIGHT International Business Machines Corp. 2016 */ + +typedef unsigned int (*m_GenerateRandom_t)(CK_BYTE_PTR rnd, CK_ULONG len, + uint64_t target); +typedef unsigned int (*m_SeedRandom_t)(CK_BYTE_PTR pSeed, CK_ULONG ulSeedLen, + uint64_t target); +typedef unsigned int (*m_Digest_t)(const unsigned char *state, size_t slen, + CK_BYTE_PTR data, CK_ULONG len, + CK_BYTE_PTR digest, CK_ULONG_PTR dglen, + uint64_t target); +typedef unsigned int (*m_DigestInit_t)(unsigned char *state, size_t *len, + const CK_MECHANISM_PTR pmech, + uint64_t target); +typedef unsigned int (*m_DigestUpdate_t)(unsigned char *state, size_t slen, + CK_BYTE_PTR data, CK_ULONG dlen, + uint64_t target); +typedef unsigned int (*m_DigestKey_t)(unsigned char *state, size_t slen, + const unsigned char *key, size_t klen, + uint64_t target); +typedef unsigned int (*m_DigestFinal_t)(const unsigned char *state, size_t slen, + CK_BYTE_PTR digest, CK_ULONG_PTR dlen, + uint64_t target); +typedef unsigned int (*m_DigestSingle_t)(CK_MECHANISM_PTR pmech, + CK_BYTE_PTR data, CK_ULONG len, + CK_BYTE_PTR digest, CK_ULONG_PTR dlen, + uint64_t target); +typedef unsigned int (*m_EncryptInit_t)(unsigned char *state, size_t *slen, + CK_MECHANISM_PTR pmech, + const unsigned char *key, size_t klen, + uint64_t target); +typedef unsigned int (*m_DecryptInit_t)(unsigned char *state, size_t *slen, + CK_MECHANISM_PTR pmech, + const unsigned char *key, size_t klen, + uint64_t target); +typedef unsigned int (*m_EncryptUpdate_t)(unsigned char *state, size_t slen, + CK_BYTE_PTR plain, CK_ULONG plen, + CK_BYTE_PTR cipher, CK_ULONG_PTR clen, + uint64_t target); +typedef unsigned int (*m_DecryptUpdate_t)(unsigned char *state, size_t slen, + CK_BYTE_PTR cipher, CK_ULONG clen, + CK_BYTE_PTR plain, CK_ULONG_PTR plen, + uint64_t target); +typedef unsigned int (*m_Encrypt_t)(const unsigned char *state, size_t slen, + CK_BYTE_PTR plain, CK_ULONG plen, + CK_BYTE_PTR cipher, CK_ULONG_PTR clen, + uint64_t target); +typedef unsigned int (*m_Decrypt_t)(const unsigned char *state, size_t slen, + CK_BYTE_PTR cipher, CK_ULONG clen, + CK_BYTE_PTR plain, CK_ULONG_PTR plen, + uint64_t target); +typedef unsigned int (*m_EncryptFinal_t)(const unsigned char *state, + size_t slen, CK_BYTE_PTR output, + CK_ULONG_PTR len, uint64_t target); +typedef unsigned int (*m_DecryptFinal_t)(const unsigned char *state, + size_t slen, CK_BYTE_PTR output, + CK_ULONG_PTR len, uint64_t target); +typedef unsigned int (*m_EncryptSingle_t)(const unsigned char *key, size_t klen, + CK_MECHANISM_PTR mech, + CK_BYTE_PTR plain, CK_ULONG plen, + CK_BYTE_PTR cipher, CK_ULONG_PTR clen, + uint64_t target); +typedef unsigned int (*m_DecryptSingle_t)(const unsigned char *key, size_t klen, + CK_MECHANISM_PTR mech, + CK_BYTE_PTR cipher, CK_ULONG clen, + CK_BYTE_PTR plain, CK_ULONG_PTR plen, + uint64_t target); +typedef unsigned int (*m_ReencryptSingle_t)(const unsigned char *dkey, + size_t dklen, + const unsigned char *ekey, + size_t eklen, + CK_MECHANISM_PTR pdecrmech, + CK_MECHANISM_PTR pencrmech, + CK_BYTE_PTR in, CK_ULONG ilen, + CK_BYTE_PTR out, CK_ULONG_PTR olen, + uint64_t target) ; +typedef unsigned int (*m_GenerateKey_t)(CK_MECHANISM_PTR pmech, + CK_ATTRIBUTE_PTR ptempl, + CK_ULONG templcount, + const unsigned char *pin, size_t pinlen, + unsigned char *key, size_t *klen, + unsigned char *csum, size_t *clen, + uint64_t target) ; +typedef unsigned int (*m_GenerateKeyPair_t)(CK_MECHANISM_PTR pmech, + CK_ATTRIBUTE_PTR ppublic, + CK_ULONG pubattrs, + CK_ATTRIBUTE_PTR pprivate, + CK_ULONG prvattrs, + const unsigned char *pin, + size_t pinlen, unsigned char *key, + size_t *klen, unsigned char *pubkey, + size_t *pklen, uint64_t target); +typedef unsigned int (*m_SignInit_t)(unsigned char *state, size_t *slen, + CK_MECHANISM_PTR alg, + const unsigned char *key, size_t klen, + uint64_t target); +typedef unsigned int (*m_VerifyInit_t)(unsigned char *state, size_t *slen, + CK_MECHANISM_PTR alg, + const unsigned char *key, size_t klen, + uint64_t target); +typedef unsigned int (*m_SignUpdate_t)(unsigned char *state, size_t slen, + CK_BYTE_PTR data, CK_ULONG dlen, + uint64_t target); +typedef unsigned int (*m_VerifyUpdate_t)(unsigned char *state, size_t slen, + CK_BYTE_PTR data, CK_ULONG dlen, + uint64_t target); +typedef unsigned int (*m_SignFinal_t)(const unsigned char *state, size_t stlen, + CK_BYTE_PTR sig, CK_ULONG_PTR siglen, + uint64_t target); +typedef unsigned int (*m_VerifyFinal_t)(const unsigned char *state, size_t stlen, + CK_BYTE_PTR sig, CK_ULONG siglen, + uint64_t target); +typedef unsigned int (*m_Sign_t)(const unsigned char *state, size_t stlen, + CK_BYTE_PTR data, CK_ULONG dlen, + CK_BYTE_PTR sig, CK_ULONG_PTR siglen, + uint64_t target); +typedef unsigned int (*m_Verify_t)(const unsigned char *state, size_t stlen, + CK_BYTE_PTR data, CK_ULONG dlen, + CK_BYTE_PTR sig, CK_ULONG siglen, + uint64_t target); +typedef unsigned int (*m_SignSingle_t)(const unsigned char *key, size_t klen, + CK_MECHANISM_PTR pmech, + CK_BYTE_PTR data, CK_ULONG dlen, + CK_BYTE_PTR sig, CK_ULONG_PTR slen, + uint64_t target); +typedef unsigned int (*m_VerifySingle_t)(const unsigned char *key, size_t klen, + CK_MECHANISM_PTR pmech, + CK_BYTE_PTR data, CK_ULONG dlen, + CK_BYTE_PTR sig, CK_ULONG slen, + uint64_t target); + +/* mackey is NULL for PKCS#11 formats, not for authenticated ones */ +typedef unsigned int (*m_WrapKey_t)(const unsigned char *key, size_t keylen, + const unsigned char *kek, size_t keklen, + const unsigned char *mackey, size_t mklen, + const CK_MECHANISM_PTR pmech, + CK_BYTE_PTR wrapped, CK_ULONG_PTR wlen, + uint64_t target); +/**/ +/* mackey is NULL for PKCS#11 formats, not for authenticated ones */ +typedef unsigned int (*m_UnwrapKey_t)(const CK_BYTE_PTR wrapped, CK_ULONG wlen, + const unsigned char *kek, size_t keklen, + const unsigned char *mackey, size_t mklen, + const unsigned char *pin, size_t pinlen, + const CK_MECHANISM_PTR uwmech, + const CK_ATTRIBUTE_PTR ptempl, + CK_ULONG pcount, unsigned char *unwrapped, + size_t *uwlen, CK_BYTE_PTR csum, + CK_ULONG *cslen, uint64_t target); + +typedef unsigned int (*m_DeriveKey_t)(CK_MECHANISM_PTR pderivemech, + CK_ATTRIBUTE_PTR ptempl, + CK_ULONG templcount, + const unsigned char *basekey, + size_t bklen, + const unsigned char *data, size_t dlen, + const unsigned char *pin, size_t pinlen, + unsigned char *newkey, size_t *nklen, + unsigned char *csum, size_t *cslen, + uint64_t target); + +typedef unsigned int (*m_GetMechanismList_t)(CK_SLOT_ID slot, + CK_MECHANISM_TYPE_PTR mechs, + CK_ULONG_PTR count, + uint64_t target); +typedef unsigned int (*m_GetMechanismInfo_t)(CK_SLOT_ID slot, + CK_MECHANISM_TYPE mech, + CK_MECHANISM_INFO_PTR pmechinfo, + uint64_t target) ; +typedef unsigned int (*m_GetAttributeValue_t)(const unsigned char *obj, + size_t olen, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + uint64_t target) ; +typedef unsigned int (*m_SetAttributeValue_t)(unsigned char *obj, size_t olen, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, + uint64_t target) ; +typedef unsigned int (*m_Login_t)(CK_UTF8CHAR_PTR pin, CK_ULONG pinlen, + const unsigned char *nonce, size_t nlen, + unsigned char *pinblob, size_t *pinbloblen, + uint64_t target); +typedef unsigned int (*m_Logout_t)(const unsigned char *pin, size_t len, + uint64_t target); +typedef unsigned int (*m_admin_t)(unsigned char *response1, size_t *r1len, + unsigned char *response2, size_t *r2len, + const unsigned char *cmd, size_t clen, + const unsigned char *sigs, size_t slen, + uint64_t target); +typedef unsigned int (*m_add_backend_t)(const char *name, unsigned int port); +typedef unsigned int (*m_init_t)(void); +typedef unsigned int (*m_shutdown_t)(void); diff --git a/usr/lib/pkcs11/ep11_stdll/ep11_specific.c b/usr/lib/pkcs11/ep11_stdll/ep11_specific.c index 15e948c..7e484b0 100644 --- a/usr/lib/pkcs11/ep11_stdll/ep11_specific.c +++ b/usr/lib/pkcs11/ep11_stdll/ep11_specific.c @@ -324,6 +324,7 @@ #endif #include "ep11.h" +#include "ep11_func.h" #define EP11SHAREDLIB "libep11.so" @@ -332,6 +333,59 @@ CK_RV ep11tok_get_mechanism_list(CK_MECHANISM_TYPE_PTR mlist, CK_RV ep11tok_get_mechanism_info(CK_MECHANISM_TYPE type, CK_MECHANISM_INFO_PTR pInfo); +static m_GenerateRandom_t dll_m_GenerateRandom; +static m_SeedRandom_t dll_m_SeedRandom; + +static m_Digest_t dll_m_Digest; +static m_DigestInit_t dll_m_DigestInit; +static m_DigestUpdate_t dll_m_DigestUpdate; +static m_DigestKey_t dll_m_DigestKey; +static m_DigestFinal_t dll_m_DigestFinal; +static m_DigestSingle_t dll_m_DigestSingle; + +static m_Encrypt_t dll_m_Encrypt; +static m_EncryptInit_t dll_m_EncryptInit; +static m_EncryptUpdate_t dll_m_EncryptUpdate; +static m_EncryptFinal_t dll_m_EncryptFinal; +static m_EncryptSingle_t dll_m_EncryptSingle; + +static m_Decrypt_t dll_m_Decrypt; +static m_DecryptInit_t dll_m_DecryptInit; +static m_DecryptUpdate_t dll_m_DecryptUpdate; +static m_DecryptFinal_t dll_m_DecryptFinal; +static m_DecryptSingle_t dll_m_DecryptSingle; + +static m_ReencryptSingle_t dll_m_ReencryptSingle; +static m_GenerateKey_t dll_m_GenerateKey; +static m_GenerateKeyPair_t dll_m_GenerateKeyPair; + +static m_Sign_t dll_m_Sign; +static m_SignInit_t dll_m_SignInit; +static m_SignUpdate_t dll_m_SignUpdate; +static m_SignFinal_t dll_m_SignFinal; +static m_SignSingle_t dll_m_SignSingle; + +static m_Verify_t dll_m_Verify; +static m_VerifyInit_t dll_m_VerifyInit; +static m_VerifyUpdate_t dll_m_VerifyUpdate; +static m_VerifyFinal_t dll_m_VerifyFinal; +static m_VerifySingle_t dll_m_VerifySingle; + +static m_WrapKey_t dll_m_WrapKey; +static m_UnwrapKey_t dll_m_UnwrapKey; +static m_DeriveKey_t dll_m_DeriveKey; + +static m_GetMechanismList_t dll_m_GetMechanismList; +static m_GetMechanismInfo_t dll_m_GetMechanismInfo; +static m_GetAttributeValue_t dll_m_GetAttributeValue; +static m_SetAttributeValue_t dll_m_SetAttributeValue; + +static m_Login_t dll_m_Login; +static m_Logout_t dll_m_Logout; +static m_admin_t dll_m_admin; +static m_add_backend_t dll_m_add_backend; +static m_init_t dll_m_init; +static m_shutdown_t dll_m_shutdown; #ifdef DEBUG @@ -1064,7 +1118,7 @@ static CK_RV rawkey_2_blob(unsigned char *key, CK_ULONG ksize, * calls the ep11 lib (which in turns sends the request to the card), * all m_ function are ep11 functions */ - rc = m_EncryptSingle(raw2key_wrap_blob, raw2key_wrap_blob_l, &mech, + rc = dll_m_EncryptSingle(raw2key_wrap_blob, raw2key_wrap_blob_l, &mech, key, ksize, cipher, &clen, ep11tok_target); if (rc != CKR_OK) { @@ -1086,7 +1140,7 @@ static CK_RV rawkey_2_blob(unsigned char *key, CK_ULONG ksize, /* the encrypted key is decrypted and a blob is build, * card accepts only blobs as keys */ - rc = m_UnwrapKey(cipher, clen, raw2key_wrap_blob, raw2key_wrap_blob_l, + rc = dll_m_UnwrapKey(cipher, clen, raw2key_wrap_blob, raw2key_wrap_blob_l, NULL, ~0, ep11_pin_blob, ep11_pin_blob_len, &mech, new_p_attrs, new_attrs_len, blob, blen, csum, &cslen, ep11tok_target); @@ -1190,7 +1244,7 @@ static CK_RV print_mechanism(void) /* random number generator */ CK_RV token_specific_rng(CK_BYTE *output, CK_ULONG bytes) { - CK_RV rc = m_GenerateRandom(output, bytes, ep11tok_target); + CK_RV rc = dll_m_GenerateRandom(output, bytes, ep11tok_target); if (rc != CKR_OK) TRACE_ERROR("%s output=%p bytes=%lu rc=0x%lx\n", __func__, output, bytes, rc); @@ -1216,7 +1270,7 @@ static CK_RV make_wrapblob(CK_ATTRIBUTE *tmpl_in, CK_ULONG tmpl_len) } raw2key_wrap_blob_l = sizeof(raw2key_wrap_blob); - rc = m_GenerateKey(&mech, tmpl_in, tmpl_len, NULL, 0, raw2key_wrap_blob, + rc = dll_m_GenerateKey(&mech, tmpl_in, tmpl_len, NULL, 0, raw2key_wrap_blob, &raw2key_wrap_blob_l, csum, &csum_l, ep11tok_target); @@ -1231,6 +1285,73 @@ static CK_RV make_wrapblob(CK_ATTRIBUTE *tmpl_in, CK_ULONG tmpl_len) return rc; } +CK_RV ep11_resolve_lib_sym(void *hdl) { + char *error = NULL; + + dlerror(); /* Clear existing error */ + + dll_m_GenerateRandom = (m_GenerateRandom_t)dlsym(hdl, "m_GenerateRandom"); + dll_m_SeedRandom = (m_SeedRandom_t)dlsym(hdl, "m_SeedRandom"); + + dll_m_Digest = (m_Digest_t)dlsym(hdl, "m_Digest"); + dll_m_DigestInit = (m_DigestInit_t)dlsym(hdl, "m_DigestInit"); + dll_m_DigestUpdate = (m_DigestUpdate_t)dlsym(hdl, "m_DigestUpdate"); + dll_m_DigestFinal = (m_DigestFinal_t)dlsym(hdl, "m_DigestFinal"); + dll_m_DigestKey = (m_DigestKey_t)dlsym(hdl, "m_DigestKey"); + dll_m_DigestSingle = (m_DigestSingle_t)dlsym(hdl, "m_DigestSingle"); + + dll_m_Encrypt = (m_Encrypt_t)dlsym(hdl, "m_Encrypt"); + dll_m_EncryptInit = (m_EncryptInit_t)dlsym(hdl, "m_EncryptInit"); + dll_m_EncryptUpdate = (m_EncryptUpdate_t)dlsym(hdl, "m_EncryptUpdate"); + dll_m_EncryptFinal = (m_EncryptFinal_t)dlsym(hdl, "m_EncryptFinal"); + dll_m_EncryptSingle = (m_EncryptSingle_t)dlsym(hdl, "m_EncryptSingle"); + + dll_m_Decrypt = (m_Decrypt_t)dlsym(hdl, "m_Decrypt"); + dll_m_DecryptInit = (m_DecryptInit_t)dlsym(hdl, "m_DecryptInit"); + dll_m_DecryptUpdate = (m_DecryptUpdate_t)dlsym(hdl, "m_DecryptUpdate"); + dll_m_DecryptFinal = (m_DecryptFinal_t)dlsym(hdl, "m_DecryptFinal"); + dll_m_DecryptSingle = (m_DecryptSingle_t)dlsym(hdl, "m_DecryptSingle"); + + dll_m_ReencryptSingle = (m_ReencryptSingle_t)dlsym(hdl, "m_ReencryptSingle"); + dll_m_GenerateKey = (m_GenerateKey_t)dlsym(hdl, "m_GenerateKey"); + dll_m_GenerateKeyPair = (m_GenerateKeyPair_t)dlsym(hdl, "m_GenerateKeyPair"); + + dll_m_Sign = (m_Sign_t)dlsym(hdl, "m_Sign"); + dll_m_SignInit = (m_SignInit_t)dlsym(hdl, "m_SignInit"); + dll_m_SignUpdate = (m_SignUpdate_t)dlsym(hdl, "m_SignUpdate"); + dll_m_SignFinal = (m_SignFinal_t)dlsym(hdl, "m_SignFinal"); + dll_m_SignSingle = (m_SignSingle_t)dlsym(hdl, "m_SignSingle"); + + dll_m_Verify = (m_Verify_t)dlsym(hdl, "m_Verify"); + dll_m_VerifyInit = (m_VerifyInit_t)dlsym(hdl, "m_VerifyInit"); + dll_m_VerifyUpdate = (m_VerifyUpdate_t)dlsym(hdl, "m_VerifyUpdate"); + dll_m_VerifyFinal = (m_VerifyFinal_t)dlsym(hdl, "m_VerifyFinal"); + dll_m_VerifySingle = (m_VerifySingle_t)dlsym(hdl, "m_VerifySingle"); + + dll_m_WrapKey = (m_WrapKey_t)dlsym(hdl, "m_WrapKey"); + dll_m_UnwrapKey = (m_UnwrapKey_t)dlsym(hdl, "m_UnwrapKey"); + dll_m_DeriveKey = (m_DeriveKey_t)dlsym(hdl, "m_DeriveKey"); + + dll_m_GetMechanismList = (m_GetMechanismList_t)dlsym(hdl, "m_GetMechanismList"); + dll_m_GetMechanismInfo = (m_GetMechanismInfo_t)dlsym(hdl, "m_GetMechanismInfo"); + dll_m_GetAttributeValue = (m_GetAttributeValue_t)dlsym(hdl, "m_GetAttributeValue"); + dll_m_SetAttributeValue = (m_SetAttributeValue_t)dlsym(hdl, "m_SetAttributeValue"); + + dll_m_Login = (m_Login_t)dlsym(hdl, "m_Login"); + dll_m_Logout = (m_Logout_t)dlsym(hdl, "m_Logout"); + dll_m_admin = (m_admin_t)dlsym(hdl, "m_admin"); + + dll_m_init = (m_init_t)dlsym(hdl, "m_init"); + dll_m_add_backend = (m_add_backend_t)dlsym(hdl, "m_add_backend"); + dll_m_shutdown = (m_shutdown_t)dlsym(hdl, "m_shutdown"); + + if ((error = dlerror()) != NULL) { + OCK_SYSLOG(LOG_ERR, "%s\n", error); + return (EXIT_FAILURE); + } + else + return CKR_OK; +} CK_RV ep11tok_init(CK_SLOT_ID SlotNumber, char *conf_name) { @@ -1247,7 +1368,7 @@ CK_RV ep11tok_init(CK_SLOT_ID SlotNumber, char *conf_name) {CKA_LABEL, (void*)wrap_key_name, sizeof(wrap_key_name)}, {CKA_TOKEN, (void*)&cktrue, sizeof(cktrue)}}; - TRACE_INFO("%s init running\n", __func__); + TRACE_INFO("ep11 %s slot=%lu running\n", __func__, SlotNumber); /* read ep11 specific config file with user specified adapter/domain pairs, ... */ rc = read_adapter_config_file(conf_name); @@ -1267,9 +1388,13 @@ CK_RV ep11tok_init(CK_SLOT_ID SlotNumber, char *conf_name) return CKR_FUNCTION_FAILED; } + rc = ep11_resolve_lib_sym(lib_ep11); + if (rc) + exit(rc); + #ifndef XCP_STANDALONE /* call ep11 shared lib init */ - if (m_init() < 0) { + if (dll_m_init() < 0) { TRACE_ERROR("%s ep11 lib init failed\n", __func__); return CKR_DEVICE_ERROR; } @@ -1306,7 +1431,7 @@ CK_RV ep11tok_init(CK_SLOT_ID SlotNumber, char *conf_name) CK_RV ep11tok_final() { - TRACE_INFO("%s final running\n", __func__); + TRACE_INFO("ep11 %s running\n", __func__); return CKR_OK; } @@ -1426,7 +1551,7 @@ static CK_RV import_RSA_key(OBJECT *rsa_key_obj, CK_BYTE *blob, size_t *blob_siz } /* encrypt */ - rc = m_EncryptSingle(raw2key_wrap_blob, raw2key_wrap_blob_l, &mech_w, + rc = dll_m_EncryptSingle(raw2key_wrap_blob, raw2key_wrap_blob_l, &mech_w, data, data_len, cipher, &cipher_l, ep11tok_target); TRACE_INFO("%s wrapping wrap key rc=0x%lx cipher_l=0x%lx\n", @@ -1449,7 +1574,7 @@ static CK_RV import_RSA_key(OBJECT *rsa_key_obj, CK_BYTE *blob, size_t *blob_siz /* calls the card, it decrypts the private RSA key, * reads its BER format and builds a blob. */ - rc = m_UnwrapKey(cipher, cipher_l, raw2key_wrap_blob, raw2key_wrap_blob_l, + rc = dll_m_UnwrapKey(cipher, cipher_l, raw2key_wrap_blob, raw2key_wrap_blob_l, NULL, ~0, ep11_pin_blob, ep11_pin_blob_len, &mech_w, new_p_attrs, new_attrs_len, blob, blob_size, csum, &cslen, ep11tok_target); @@ -1591,7 +1716,7 @@ CK_RV ep11tok_generate_key(SESSION *session, CK_MECHANISM_PTR mech, return rc; } - rc = m_GenerateKey(mech, new_attrs, new_attrs_len, ep11_pin_blob, + rc = dll_m_GenerateKey(mech, new_attrs, new_attrs_len, ep11_pin_blob, ep11_pin_blob_len, blob, &blobsize, csum, &csum_len, ep11tok_target); if (rc != CKR_OK) { @@ -1660,7 +1785,7 @@ CK_RV token_specific_sha_init(DIGEST_CONTEXT *c, CK_MECHANISM *mech) return CKR_HOST_MEMORY; } - rc = m_DigestInit (state, &state_len, mech, ep11tok_target) ; + rc = dll_m_DigestInit (state, &state_len, mech, ep11tok_target) ; if (rc != CKR_OK) { TRACE_ERROR("%s rc=0x%lx\n", __func__, rc); @@ -1689,7 +1814,7 @@ CK_RV token_specific_sha(DIGEST_CONTEXT *c, CK_BYTE *in_data, { CK_RV rc; - rc = m_Digest(c->context, c->context_len, in_data, in_data_len, + rc = dll_m_Digest(c->context, c->context_len, in_data, in_data_len, out_data, out_data_len, ep11tok_target); if (rc != CKR_OK) { @@ -1706,7 +1831,7 @@ CK_RV token_specific_sha_update(DIGEST_CONTEXT *c, CK_BYTE *in_data, { CK_RV rc; - rc = m_DigestUpdate(c->context, c->context_len, in_data, in_data_len, + rc = dll_m_DigestUpdate(c->context, c->context_len, in_data, in_data_len, ep11tok_target) ; if (rc != CKR_OK) { @@ -1723,7 +1848,7 @@ CK_RV token_specific_sha_final(DIGEST_CONTEXT *c, CK_BYTE *out_data, { CK_RV rc; - rc = m_DigestFinal(c->context, c->context_len, out_data, out_data_len, + rc = dll_m_DigestFinal(c->context, c->context_len, out_data, out_data_len, ep11tok_target) ; if (rc != CKR_OK) { @@ -1776,7 +1901,7 @@ CK_RV ep11tok_derive_key(SESSION *session, CK_MECHANISM_PTR mech, return rc; } - rc = m_DeriveKey (mech, new_attrs, new_attrs_len, keyblob, keyblobsize, NULL, + rc = dll_m_DeriveKey (mech, new_attrs, new_attrs_len, keyblob, keyblobsize, NULL, 0, ep11_pin_blob, ep11_pin_blob_len, newblob, &newblobsize, csum, &cslen, ep11tok_target); @@ -1960,7 +2085,7 @@ static CK_RV dh_generate_keypair(CK_MECHANISM_PTR pMechanism, memcpy(&(pPublicKeyTemplate_new[new_public_attr]), &(pgs[0]), sizeof(CK_ATTRIBUTE)); - rc = m_GenerateKeyPair(pMechanism, pPublicKeyTemplate_new, + rc = dll_m_GenerateKeyPair(pMechanism, pPublicKeyTemplate_new, new_public_attr+1, pPrivateKeyTemplate, ulPrivateKeyAttributeCount, ep11_pin_blob, ep11_pin_blob_len, privblob, &privblobsize, @@ -2227,7 +2352,7 @@ static CK_RV dsa_generate_keypair(CK_MECHANISM_PTR pMechanism, return rc; } - rc = m_GenerateKeyPair(pMechanism, dsa_pPublicKeyTemplate, + rc = dll_m_GenerateKeyPair(pMechanism, dsa_pPublicKeyTemplate, dsa_ulPublicKeyAttributeCount, dsa_pPrivateKeyTemplate, dsa_ulPrivateKeyAttributeCount, ep11_pin_blob, @@ -2383,7 +2508,7 @@ static CK_RV rsa_ec_generate_keypair(CK_MECHANISM_PTR pMechanism, new_ulPrivateKeyAttributeCount); } - rc = m_GenerateKeyPair(pMechanism, new_pPublicKeyTemplate, + rc = dll_m_GenerateKeyPair(pMechanism, new_pPublicKeyTemplate, new_ulPublicKeyAttributeCount, new_pPrivateKeyTemplate, new_ulPrivateKeyAttributeCount, ep11_pin_blob, ep11_pin_blob_len, privkey_blob, @@ -2849,7 +2974,7 @@ CK_RV ep11tok_sign_init(SESSION *session, CK_MECHANISM *mech, return rc; } - rc = m_SignInit(ep11_sign_state, &ep11_sign_state_l, + rc = dll_m_SignInit(ep11_sign_state, &ep11_sign_state_l, mech, keyblob, keyblobsize, ep11tok_target) ; if (rc != CKR_OK) { @@ -2880,7 +3005,7 @@ CK_RV ep11tok_sign(SESSION *session, CK_BBOOL length_only, CK_BYTE *in_data, CK_RV rc; SIGN_VERIFY_CONTEXT *ctx = &session->sign_ctx; - rc = m_Sign(ctx->context, ctx->context_len, in_data, in_data_len, + rc = dll_m_Sign(ctx->context, ctx->context_len, in_data, in_data_len, signature, sig_len, ep11tok_target); if (rc != CKR_OK) { @@ -2902,7 +3027,7 @@ CK_RV ep11tok_sign_update(SESSION *session, CK_BYTE *in_data, if (!in_data || !in_data_len) return CKR_OK; - rc = m_SignUpdate(ctx->context, ctx->context_len, in_data, + rc = dll_m_SignUpdate(ctx->context, ctx->context_len, in_data, in_data_len, ep11tok_target); if (rc != CKR_OK) { @@ -2921,7 +3046,7 @@ CK_RV ep11tok_sign_final(SESSION *session, CK_BBOOL length_only, CK_RV rc; SIGN_VERIFY_CONTEXT *ctx = &session->sign_ctx; - rc = m_SignFinal(ctx->context, ctx->context_len, signature, sig_len, + rc = dll_m_SignFinal(ctx->context, ctx->context_len, signature, sig_len, ep11tok_target); if (rc != CKR_OK) { @@ -2956,7 +3081,7 @@ CK_RV ep11tok_verify_init(SESSION *session, CK_MECHANISM *mech, return rc; } - rc = m_VerifyInit(ep11_sign_state, &ep11_sign_state_l, mech, + rc = dll_m_VerifyInit(ep11_sign_state, &ep11_sign_state_l, mech, spki, spki_len, ep11tok_target); if (rc != CKR_OK) { @@ -2987,7 +3112,7 @@ CK_RV ep11tok_verify(SESSION *session, CK_BYTE *in_data, CK_ULONG in_data_len, CK_RV rc; SIGN_VERIFY_CONTEXT *ctx = &session->verify_ctx; - rc = m_Verify(ctx->context, ctx->context_len, in_data, in_data_len, + rc = dll_m_Verify(ctx->context, ctx->context_len, in_data, in_data_len, signature, sig_len, ep11tok_target); if (rc != CKR_OK) { @@ -3009,7 +3134,7 @@ CK_RV ep11tok_verify_update(SESSION *session, CK_BYTE *in_data, if (!in_data || !in_data_len) return CKR_OK; - rc = m_VerifyUpdate(ctx->context, ctx->context_len, in_data, + rc = dll_m_VerifyUpdate(ctx->context, ctx->context_len, in_data, in_data_len, ep11tok_target); if (rc != CKR_OK) { @@ -3028,7 +3153,7 @@ CK_RV ep11tok_verify_final(SESSION *session, CK_BYTE *signature, CK_RV rc; SIGN_VERIFY_CONTEXT *ctx = &session->verify_ctx; - rc = m_VerifyFinal(ctx->context, ctx->context_len, signature, + rc = dll_m_VerifyFinal(ctx->context, ctx->context_len, signature, sig_len, ep11tok_target); if (rc != CKR_OK) { @@ -3047,7 +3172,7 @@ CK_RV ep11tok_decrypt_final(SESSION *session, CK_BYTE_PTR output_part, CK_RV rc = CKR_OK; ENCR_DECR_CONTEXT *ctx = &session->decr_ctx; - rc = m_DecryptFinal(ctx->context, ctx->context_len, + rc = dll_m_DecryptFinal(ctx->context, ctx->context_len, output_part, p_output_part_len, ep11tok_target); if (rc != CKR_OK) { @@ -3067,7 +3192,7 @@ CK_RV ep11tok_decrypt(SESSION *session, CK_BYTE_PTR input_data, CK_RV rc = CKR_OK; ENCR_DECR_CONTEXT *ctx = &session->decr_ctx; - rc = m_Decrypt(ctx->context, ctx->context_len, input_data, + rc = dll_m_Decrypt(ctx->context, ctx->context_len, input_data, input_data_len, output_data, p_output_data_len, ep11tok_target); @@ -3093,7 +3218,7 @@ CK_RV ep11tok_decrypt_update(SESSION *session, CK_BYTE_PTR input_part, return CKR_OK; /* nothing to update, keep context */ } - rc = m_DecryptUpdate(ctx->context, ctx->context_len, + rc = dll_m_DecryptUpdate(ctx->context, ctx->context_len, input_part, input_part_len, output_part, p_output_part_len, ep11tok_target) ; @@ -3113,7 +3238,7 @@ CK_RV ep11tok_encrypt_final(SESSION *session, CK_BYTE_PTR output_part, CK_RV rc = CKR_OK; ENCR_DECR_CONTEXT *ctx = &session->encr_ctx; - rc = m_EncryptFinal(ctx->context, ctx->context_len, + rc = dll_m_EncryptFinal(ctx->context, ctx->context_len, output_part, p_output_part_len, ep11tok_target); if (rc != CKR_OK) { @@ -3133,7 +3258,7 @@ CK_RV ep11tok_encrypt(SESSION *session, CK_BYTE_PTR input_data, CK_RV rc = CKR_OK; ENCR_DECR_CONTEXT *ctx = &session->encr_ctx; - rc = m_Encrypt(ctx->context, ctx->context_len, input_data, + rc = dll_m_Encrypt(ctx->context, ctx->context_len, input_data, input_data_len, output_data, p_output_data_len, ep11tok_target); @@ -3159,7 +3284,7 @@ CK_RV ep11tok_encrypt_update(SESSION *session, CK_BYTE_PTR input_part, return CKR_OK; /* nothing to update, keep context */ } - rc = m_EncryptUpdate(ctx->context, ctx->context_len, + rc = dll_m_EncryptUpdate(ctx->context, ctx->context_len, input_part, input_part_len, output_part, p_output_part_len, ep11tok_target); @@ -3196,7 +3321,7 @@ static CK_RV ep11_ende_crypt_init(SESSION *session, CK_MECHANISM_PTR mech, if (op == DECRYPT) { ENCR_DECR_CONTEXT *ctx = &session->decr_ctx; - rc = m_DecryptInit(ep11_state, &ep11_state_l, mech, blob, + rc = dll_m_DecryptInit(ep11_state, &ep11_state_l, mech, blob, blob_len, ep11tok_target); ctx->key = key; ctx->active = TRUE; @@ -3213,7 +3338,7 @@ static CK_RV ep11_ende_crypt_init(SESSION *session, CK_MECHANISM_PTR mech, } } else { ENCR_DECR_CONTEXT *ctx = &session->encr_ctx; - rc = m_EncryptInit (ep11_state, &ep11_state_l, mech, blob, + rc = dll_m_EncryptInit (ep11_state, &ep11_state_l, mech, blob, blob_len, ep11tok_target); ctx->key = key; ctx->active = TRUE; @@ -3341,7 +3466,7 @@ CK_RV ep11tok_wrap_key(SESSION *session, CK_MECHANISM_PTR mech, * the wrapping key (wrapping_blob). * The wrapped key can be processed by any PKCS11 implementation. */ - rc = m_WrapKey(wrap_target_blob, wrap_target_blob_len, wrapping_blob, + rc = dll_m_WrapKey(wrap_target_blob, wrap_target_blob_len, wrapping_blob, wrapping_blob_len, NULL, ~0, mech, wrapped_key, p_wrapped_key_len, ep11tok_target); @@ -3439,7 +3564,7 @@ CK_RV ep11tok_unwrap_key(SESSION *session, CK_MECHANISM_PTR mech, /* we need a blob for the new key created by unwrapping, * the wrapped key comes in BER */ - rc = m_UnwrapKey(wrapped_key, wrapped_key_len, wrapping_blob, + rc = dll_m_UnwrapKey(wrapped_key, wrapped_key_len, wrapping_blob, wrapping_blob_len, NULL, ~0, ep11_pin_blob, ep11_pin_blob_len, mech, new_attrs, new_attrs_len, keyblob, &keyblobsize, csum, &cslen, ep11tok_target); @@ -3568,7 +3693,7 @@ CK_RV ep11tok_get_mechanism_list(CK_MECHANISM_TYPE_PTR pMechanismList, /* size querry */ if (pMechanismList == NULL) { - rc = m_GetMechanismList(0, pMechanismList, pulCount, + rc = dll_m_GetMechanismList(0, pMechanismList, pulCount, ep11tok_target); if (rc != CKR_OK) { TRACE_ERROR("%s bad rc=0x%lx from m_GetMechanismList() #1\n", __func__, rc); @@ -3584,7 +3709,7 @@ CK_RV ep11tok_get_mechanism_list(CK_MECHANISM_TYPE_PTR pMechanismList, TRACE_ERROR("%s Memory allocation failed\n", __func__); return CKR_HOST_MEMORY; } - rc = m_GetMechanismList(0, mlist, &counter, ep11tok_target); + rc = dll_m_GetMechanismList(0, mlist, &counter, ep11tok_target); if (rc != CKR_OK) { TRACE_ERROR("%s bad rc=0x%lx from m_GetMechanismList() #2\n", __func__, rc); free(mlist); @@ -3614,7 +3739,7 @@ CK_RV ep11tok_get_mechanism_list(CK_MECHANISM_TYPE_PTR pMechanismList, * that comes as parameter, this is a 'reduced size', * ep11 would complain about insufficient list size */ - rc = m_GetMechanismList(0, mlist, &counter, ep11tok_target); + rc = dll_m_GetMechanismList(0, mlist, &counter, ep11tok_target); if (rc != CKR_OK) { TRACE_ERROR("%s bad rc=0x%lx from m_GetMechanismList() #3\n", __func__, rc); return rc; @@ -3626,7 +3751,7 @@ CK_RV ep11tok_get_mechanism_list(CK_MECHANISM_TYPE_PTR pMechanismList, return CKR_HOST_MEMORY; } /* all the card has */ - rc = m_GetMechanismList(0, mlist, &counter, ep11tok_target); + rc = dll_m_GetMechanismList(0, mlist, &counter, ep11tok_target); if (rc != CKR_OK) { TRACE_ERROR("%s bad rc=0x%lx from m_GetMechanismList() #4\n", __func__, rc); free(mlist); @@ -3666,7 +3791,7 @@ CK_RV ep11tok_get_mechanism_info(CK_MECHANISM_TYPE type, CK_RV rc; int i; - rc = m_GetMechanismInfo(0, type, pInfo, ep11tok_target); + rc = dll_m_GetMechanismInfo(0, type, pInfo, ep11tok_target); if (rc != CKR_OK) { TRACE_ERROR("%s m_GetMechanismInfo(0x%lx) failed with rc=0x%lx\n", __func__, type, rc); diff --git a/usr/lib/pkcs11/ep11_stdll/new_host.c b/usr/lib/pkcs11/ep11_stdll/new_host.c index 0c21b54..d1d0fd0 100644 --- a/usr/lib/pkcs11/ep11_stdll/new_host.c +++ b/usr/lib/pkcs11/ep11_stdll/new_host.c @@ -347,8 +347,8 @@ void Fork_Initializer(void) * When implemented... Although logout_all should clear this up. */ - bt_destroy(&priv_token_obj_btree, object_free); - bt_destroy(&publ_token_obj_btree, object_free); + bt_destroy(&priv_token_obj_btree, call_free); + bt_destroy(&publ_token_obj_btree, call_free); /* Need to do something to prevent the shared memory from * having the objects loaded again.... The most likely place diff --git a/usr/lib/pkcs11/ica_s390_stdll/ica_specific.c b/usr/lib/pkcs11/ica_s390_stdll/ica_specific.c index c16b384..3bbc1ad 100755 --- a/usr/lib/pkcs11/ica_s390_stdll/ica_specific.c +++ b/usr/lib/pkcs11/ica_s390_stdll/ica_specific.c @@ -354,15 +354,16 @@ token_specific_rng(CK_BYTE *output, CK_ULONG bytes) CK_RV token_specific_init(CK_SLOT_ID SlotNumber, char *conf_name) { - - return ica_open_adapter(&adapter_handle); + TRACE_INFO("ica %s slot=%lu running\n", __func__, SlotNumber); + return ica_open_adapter(&adapter_handle); } CK_RV token_specific_final() { - ica_close_adapter(adapter_handle); - return CKR_OK; + TRACE_INFO("ica %s running\n", __func__); + ica_close_adapter(adapter_handle); + return CKR_OK; } // count_ones_in_byte: for use in adjust_des_key_parity_bits below @@ -3377,8 +3378,6 @@ REF_MECH_LIST_ELEMENT ref_mech_list[] = { {70, CKM_AES_GCM, {16, 32, CKF_HW|CKF_ENCRYPT|CKF_DECRYPT}}, - {70, CKM_AES_GCM, {16, 32, CKF_HW|CKF_ENCRYPT|CKF_DECRYPT}}, - {68, CKM_AES_MAC, {16, 32, CKF_HW|CKF_SIGN|CKF_VERIFY}}, {68, CKM_AES_MAC_GENERAL, {16, 32, CKF_HW|CKF_SIGN|CKF_VERIFY}}, diff --git a/usr/lib/pkcs11/icsf_stdll/icsf.c b/usr/lib/pkcs11/icsf_stdll/icsf.c index 10a4f92..7cb317d 100644 --- a/usr/lib/pkcs11/icsf_stdll/icsf.c +++ b/usr/lib/pkcs11/icsf_stdll/icsf.c @@ -1701,6 +1701,8 @@ icsf_block_size(CK_MECHANISM_TYPE mech_type, CK_ULONG_PTR p_block_size) case CKM_SHA1_RSA_PKCS: case CKM_SHA256_RSA_PKCS: + case CKM_DSA_SHA1: + case CKM_ECDSA_SHA1: block_size = SHA1_BLOCK_SIZE; break; @@ -3392,3 +3394,78 @@ done: ber_free(msg, 1); return rc; } + +/** get size of an icsf object */ +int +icsf_get_object_size(LDAP *ld, int *reason, struct icsf_object_record *object, + CK_ULONG attrs_len, CK_ULONG *obj_size) +{ + + char handle[ICSF_HANDLE_LEN]; + BerElement *msg = NULL; + BerElement *result = NULL; + int rc = 0; + int size = 0; + + CHECK_ARG_NON_NULL(ld); + CHECK_ARG_NON_NULL(object); + + object_record_to_handle(handle, object); + + if (!(msg = ber_alloc_t(LBER_USE_DER))) { + TRACE_ERROR("%s\n", ock_err(ERR_HOST_MEMORY)); + return CKR_HOST_MEMORY; + } + + /* Encode message: + * + * GAVInput ::= attrListLen + * + * attrListLen ::= INTEGER (0 .. MaxCSFPInteger) + * + */ + + rc = ber_printf(msg, "i", attrs_len); + if (rc < 0) + goto cleanup; + + rc = icsf_call(ld, reason, handle, sizeof(handle), "", 0, + ICSF_TAG_CSFPGAV, msg, &result); + if (rc != 0) { + TRACE_DEVEL("icsf_call failed. rc=%d, reason=%d", rc, *reason); + goto cleanup; + } + + /* Decode the result: + * + * GAVOutput ::= SEQUENCE { + * attrList Attributes, + * attrListLen INTEGER (0 .. MaxCSFPInteger) + * } + * + * asn.1 {{{ito|i} {ito|i} ...}i} + */ + + if (ber_scanf(result, "{") == LBER_ERROR) { + TRACE_ERROR("Failed to decode message - icsf_get_object_size"); + goto cleanup; + } + + //interested only in the list length which will be the size of the object in bytes + if (ber_scanf(result, "xi}", &size) == LBER_ERROR) { + TRACE_ERROR("Failed to decode message - icsf_get_object_size"); + goto cleanup; + } + TRACE_INFO("icsf_get_object_size - size = %d\n", size); + + *obj_size = size; + +cleanup: + if (msg) + ber_free(msg, 1); + + if (result) + ber_free(result, 1); + + return rc; +} diff --git a/usr/lib/pkcs11/icsf_stdll/icsf.h b/usr/lib/pkcs11/icsf_stdll/icsf.h index 51238e9..74ca98f 100644 --- a/usr/lib/pkcs11/icsf_stdll/icsf.h +++ b/usr/lib/pkcs11/icsf_stdll/icsf.h @@ -263,4 +263,7 @@ int icsf_derive_multiple_keys(LDAP *ld, int *p_reason, CK_MECHANISM_PTR mech, unsigned char *client_iv, unsigned char *server_iv); +int +icsf_get_object_size(LDAP *ld, int *reason, struct icsf_object_record *object, + CK_ULONG attrs_len, CK_ULONG *obj_size); #endif diff --git a/usr/lib/pkcs11/icsf_stdll/icsf_config_lexer.l b/usr/lib/pkcs11/icsf_stdll/icsf_config_lexer.l index 9f9c185..45730b8 100644 --- a/usr/lib/pkcs11/icsf_stdll/icsf_config_lexer.l +++ b/usr/lib/pkcs11/icsf_stdll/icsf_config_lexer.l @@ -284,6 +284,9 @@ %{ #include <string.h> #include "icsf_config_parse.h" + +extern void yyerror(const char *s); + %} %option noyywrap diff --git a/usr/lib/pkcs11/icsf_stdll/icsf_config_parse.y b/usr/lib/pkcs11/icsf_stdll/icsf_config_parse.y index e65166a..7223e95 100644 --- a/usr/lib/pkcs11/icsf_stdll/icsf_config_parse.y +++ b/usr/lib/pkcs11/icsf_stdll/icsf_config_parse.y @@ -308,6 +308,8 @@ int out_rc; /* Function used to report error. */ void yyerror(const char *str); +extern int yylex(); + /* */ struct ref { char *key; diff --git a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c index efe2714..d71b19f 100644 --- a/usr/lib/pkcs11/icsf_stdll/icsf_specific.c +++ b/usr/lib/pkcs11/icsf_stdll/icsf_specific.c @@ -255,13 +255,13 @@ int icsf_to_ock_err(int icsf_return_code, int icsf_reason_code) case 3041: return CKR_KEY_NOT_WRAPPABLE; case 3043: - return CKR_BUFFER_TOO_SMALL; + return CKR_KEY_HANDLE_INVALID; case 3045: return CKR_KEY_UNEXTRACTABLE; - case 3046: - return CKR_BUFFER_TOO_SMALL; case 11000: return CKR_DATA_LEN_RANGE; + case 11028: + return CKR_SIGNATURE_INVALID; } break; } @@ -276,6 +276,8 @@ CK_RV icsftok_init(CK_SLOT_ID slot_id, char *conf_name) CK_RV rc = CKR_OK; struct slot_data *data; + TRACE_INFO("icsf %s slot=%lu running\n", __func__, slot_id); + /* Check Slot ID */ if (slot_id < 0 || slot_id > MAX_SLOT_ID) { TRACE_ERROR("Invalid slot ID: %lu\n", slot_id); @@ -478,7 +480,6 @@ CK_RV login(LDAP **ld, CK_SLOT_ID slot_id, CK_BYTE *pin, CK_ULONG pin_len, CK_RV rc = CKR_OK; struct slot_data data; LDAP *ldapd = NULL; - char *fname = NULL; int ret; /* Check Slot ID */ @@ -543,9 +544,6 @@ done: if (rc == CKR_OK && ld) *ld = ldapd; - if (fname) - free(fname); - return rc; } @@ -602,7 +600,7 @@ CK_RV reset_token_data(CK_SLOT_ID slot_id, CK_CHAR_PTR pin, CK_ULONG pin_len) TRACE_ERROR("Failed to reset so pin.\n"); return CKR_FUNCTION_FAILED; } - memset(nv_token_data->user_pin_sha, '0', + memset(nv_token_data->user_pin_sha, 0, sizeof(nv_token_data->user_pin_sha)); if (slot_data[slot_id]->mech == ICSF_CFG_MECH_SIMPLE) { @@ -934,6 +932,12 @@ CK_RV icsftok_open_session(SESSION *sess) LDAP *ld; struct session_state *session_state; + /* Sanity */ + if (sess == NULL) { + TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD)); + return CKR_FUNCTION_FAILED; + } + /* Add session to list */ session_state = malloc(sizeof(struct session_state)); if (!session_state) { @@ -1065,7 +1069,7 @@ CK_RV icsftok_close_session(SESSION *session) struct session_state *session_state; /* Get the related session_state */ - if (!(session_state = get_session_state(session->handle))) { + if (session == NULL || !(session_state = get_session_state(session->handle))) { TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID)); return CKR_SESSION_HANDLE_INVALID; } @@ -1856,6 +1860,61 @@ get_crypt_type(CK_MECHANISM_PTR mech, int *p_symmetric) return CKR_OK; } +/** + * Validate mechanism parameter length here for the applicable + * encryption/decryption mechanisms supported by icsf token + */ +static CK_RV +validate_mech_parameters(CK_MECHANISM_PTR mech) +{ + CK_RV rc = CKR_OK; + size_t expected_block_size = 0; + + /* Verify the mechanisms that has a parameter length + * specification per pkcs11#v2.2 spec + * */ + switch (mech->mechanism) { + case CKM_DES_CBC: + case CKM_DES_CBC_PAD: + case CKM_DES3_CBC: + case CKM_DES3_CBC_PAD: + case CKM_AES_CBC: + case CKM_AES_CBC_PAD: + /* Get the expected block size. This check needs to be here as + * CKM_RSA_X_509 and CKM_RSA_PKCS does not have a block size */ + if ((rc = icsf_block_size(mech->mechanism, + &expected_block_size))) + return rc; + + if (mech->ulParameterLen != expected_block_size) { + TRACE_ERROR("Invalid mechanism parameter length: %lu " + "(expected %lu)\n", + (unsigned long) mech->ulParameterLen, + (unsigned long) expected_block_size); + return CKR_MECHANISM_PARAM_INVALID; + } + break; + case CKM_DES_ECB: + case CKM_DES3_ECB: + case CKM_RSA_X_509: + case CKM_RSA_PKCS: + case CKM_AES_ECB: + if (mech->ulParameterLen != 0){ + TRACE_ERROR("%s\n", + ock_err(ERR_MECHANISM_PARAM_INVALID)); + return CKR_MECHANISM_PARAM_INVALID; + } + break; + default: + /** Encryption/decryption mechanism not supported by icsf token */ + TRACE_ERROR("icsf invalid mechanism %lu\n", mech->mechanism); + return CKR_MECHANISM_INVALID; + } + + return rc; +} + + /* * Initialize an encryption operation. */ @@ -1889,10 +1948,15 @@ CK_RV icsftok_encrypt_init(SESSION *session, CK_MECHANISM_PTR mech, if (rc != CKR_OK) goto done; + /** validate the mechanism parameter length here */ + if((rc = validate_mech_parameters(mech))) + goto done; + /* Initialize encryption context */ free_encr_ctx(encr_ctx); encr_ctx->key = key; encr_ctx->active = TRUE; + encr_ctx->multi = FALSE; /* Copy mechanism */ if (mech->pParameter == NULL || mech->ulParameterLen == 0) { @@ -2181,6 +2245,12 @@ CK_RV icsftok_encrypt_update(SESSION *session, CK_BYTE_PTR input_part, goto done; } + /** If this is the first block for multi-part operation, also set + * the encr_ctx->context_len here. This is needed for + * C_GetOperationState to work correctly */ + if(!multi_part_ctx->initiated) + encr_ctx->context_len = sizeof(*multi_part_ctx); + /* * When blocks are sent it's necessary to keep the chain data returned * to be used in a subsequent call. @@ -2192,6 +2262,9 @@ CK_RV icsftok_encrypt_update(SESSION *session, CK_BYTE_PTR input_part, /* Mark multi-part operation as initiated */ multi_part_ctx->initiated = TRUE; + /* Mark the multi-part operation in encr_ctx */ + encr_ctx->multi = TRUE; + /* Data stored in cache was used */ multi_part_ctx->used_data_len = 0; } @@ -2375,10 +2448,15 @@ CK_RV icsftok_decrypt_init(SESSION *session, CK_MECHANISM_PTR mech, if (rc != CKR_OK) goto done; + /** validate the mechanism parameter length here */ + if((rc = validate_mech_parameters(mech))) + goto done; + /* Initialize decryption context */ free_encr_ctx(decr_ctx); decr_ctx->key = key; decr_ctx->active = TRUE; + decr_ctx->multi = FALSE; /* Copy mechanism */ if (mech->pParameter == NULL || mech->ulParameterLen == 0) { @@ -2603,6 +2681,7 @@ CK_RV icsftok_decrypt_update(SESSION *session, CK_BYTE_PTR input_part, case CKM_DES_CBC_PAD: case CKM_DES3_CBC_PAD: padding = 1; + /* fallthrough */ default: if (multi_part_ctx->initiated) { chaining = ICSF_CHAINING_CONTINUE; @@ -2684,6 +2763,10 @@ CK_RV icsftok_decrypt_update(SESSION *session, CK_BYTE_PTR input_part, goto done; } + /* If this is the first block sent for multi-part set the context_len */ + if (!multi_part_ctx->initiated) + decr_ctx->context_len = sizeof(*multi_part_ctx); + /* * When blocks are sent it's necessary to keep the chain data returned * to be used in a subsequent call. @@ -2695,6 +2778,9 @@ CK_RV icsftok_decrypt_update(SESSION *session, CK_BYTE_PTR input_part, /* Mark multi-part operation as initiated */ multi_part_ctx->initiated = TRUE; + /* Mark multi-part operation in decr_ctx in session */ + decr_ctx->multi = TRUE; + /* Data stored in cache was used */ multi_part_ctx->used_data_len = 0; } @@ -2850,7 +2936,7 @@ done: * Get the attribute values for a list of attributes. */ CK_RV icsftok_get_attribute_value(SESSION *sess, CK_OBJECT_HANDLE handle, - CK_ATTRIBUTE *pTemplate, CK_ULONG ulCount) + CK_ATTRIBUTE *pTemplate, CK_ULONG ulCount, CK_ULONG *obj_size) { CK_RV rc = CKR_OK; CK_BBOOL priv_obj; @@ -2900,19 +2986,32 @@ CK_RV icsftok_get_attribute_value(SESSION *sess, CK_OBJECT_HANDLE handle, if (priv_obj == TRUE) { if (sess->session_info.state == CKS_RO_PUBLIC_SESSION || - sess->session_info.state == CKS_RW_PUBLIC_SESSION) { + sess->session_info.state == CKS_RW_PUBLIC_SESSION) { TRACE_ERROR("%s\n", ock_err(ERR_USER_NOT_LOGGED_IN)); rc = CKR_USER_NOT_LOGGED_IN; goto done; } } - /* Now call icsf to get the attribute values */ - rc = icsf_get_attribute(session_state->ld, &reason, + // get requested attributes and values if the obj_size ptr is not set + if (!obj_size) { + /* Now call icsf to get the attribute values */ + rc = icsf_get_attribute(session_state->ld, &reason, &mapping->icsf_object, pTemplate, ulCount); - if (rc != CKR_OK) { - TRACE_DEVEL("icsf_get_attribute failed\n"); - rc = icsf_to_ock_err(rc, reason); + + if (rc != CKR_OK) { + TRACE_DEVEL("icsf_get_attribute failed\n"); + rc = icsf_to_ock_err(rc, reason); + } + } else { + /* if size is specified get the object size from remote end*/ + rc = icsf_get_object_size(session_state->ld, &reason, + &mapping->icsf_object, ulCount, obj_size); + + if (rc != CKR_OK) { + TRACE_DEVEL("icsf_get_object_size failed\n"); + rc = icsf_to_ock_err(rc, reason); + } } done: @@ -3632,6 +3731,10 @@ CK_RV icsftok_sign_update(SESSION *session, CK_BYTE *in_data, if (multi_part_ctx->initiated) memcpy(chain_data, multi_part_ctx->chain_data, chain_data_len); + } else { + TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD)); + rc = ERR_ARGUMENTS_BAD; + goto done; } switch (ctx->mech.mechanism) { @@ -3786,6 +3889,10 @@ CK_RV icsftok_sign_final(SESSION *session, CK_BYTE *signature, if (ctx->context) { multi_part_ctx = (struct icsf_multi_part_context *)ctx->context; memcpy(chain_data, multi_part_ctx->chain_data, chain_data_len); + } else { + TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD)); + rc = ERR_ARGUMENTS_BAD; + goto done; } switch (ctx->mech.mechanism) { @@ -4184,6 +4291,10 @@ CK_RV icsftok_verify_update(SESSION *session, CK_BYTE *in_data, if (multi_part_ctx->initiated) memcpy(chain_data, multi_part_ctx->chain_data, chain_data_len); + } else { + TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD)); + rc = ERR_ARGUMENTS_BAD; + goto done; } switch (ctx->mech.mechanism) { @@ -4340,6 +4451,10 @@ CK_RV icsftok_verify_final(SESSION *session, CK_BYTE *signature, if (ctx->context) { multi_part_ctx = (struct icsf_multi_part_context *)ctx->context; memcpy(chain_data, multi_part_ctx->chain_data, chain_data_len); + } else { + TRACE_ERROR("%s\n", ock_err(ERR_ARGUMENTS_BAD)); + rc = ERR_ARGUMENTS_BAD; + goto done; } switch (ctx->mech.mechanism) { @@ -4418,6 +4533,7 @@ CK_RV icsftok_wrap_key(SESSION *session, CK_MECHANISM_PTR mech, struct session_state *session_state; struct icsf_object_mapping *wrapping_key_mapping = NULL; struct icsf_object_mapping *key_mapping = NULL; + size_t expected_block_size = 0; /* Check session */ if (!(session_state = get_session_state(session->handle))) { @@ -4441,6 +4557,37 @@ CK_RV icsftok_wrap_key(SESSION *session, CK_MECHANISM_PTR mech, return CKR_KEY_HANDLE_INVALID; } + /* validate mechanism parameters. Only 4 mechanisms support + * key wrapping in icsf token */ + switch(mech->mechanism){ + case CKM_DES_CBC_PAD: + case CKM_DES3_CBC_PAD: + case CKM_AES_CBC_PAD: + if ((rc = icsf_block_size(mech->mechanism, + &expected_block_size))) + return rc; + + if (mech->ulParameterLen != expected_block_size) { + TRACE_ERROR("Invalid mechanism parameter length: %lu " + "(expected %lu)\n", + (unsigned long) mech->ulParameterLen, + (unsigned long) expected_block_size); + return CKR_MECHANISM_PARAM_INVALID; + } + break; + case CKM_RSA_PKCS: + if (mech->ulParameterLen != 0){ + TRACE_ERROR("%s\n", + ock_err(ERR_MECHANISM_PARAM_INVALID)); + return CKR_MECHANISM_PARAM_INVALID; + } + break; + default: + TRACE_ERROR("icsf invalid %lu mechanism for key wrapping\n", + mech->mechanism); + return CKR_MECHANISM_INVALID; + } + /* Call ICSF service */ rc = icsf_wrap_key(session_state->ld, &reason, mech, &wrapping_key_mapping->icsf_object, @@ -4470,6 +4617,7 @@ CK_RV icsftok_unwrap_key(SESSION *session, CK_MECHANISM_PTR mech, struct icsf_object_mapping *key_mapping = NULL; int is_obj_locked = 0; CK_ULONG node_number; + size_t expected_block_size = 0; /* Check session */ if (!(session_state = get_session_state(session->handle))) { @@ -4500,6 +4648,37 @@ CK_RV icsftok_unwrap_key(SESSION *session, CK_MECHANISM_PTR mech, memset(key_mapping, 0, sizeof(*key_mapping)); key_mapping->session_id = session->handle; + /* validate mechanism parameters. Only 4 mechanisms support + * key wrapping in icsf token */ + switch(mech->mechanism){ + case CKM_DES_CBC_PAD: + case CKM_DES3_CBC_PAD: + case CKM_AES_CBC_PAD: + if ((rc = icsf_block_size(mech->mechanism, + &expected_block_size))) + return rc; + + if (mech->ulParameterLen != expected_block_size) { + TRACE_ERROR("Invalid mechanism parameter length: %lu " + "(expected %lu)\n", + (unsigned long) mech->ulParameterLen, + (unsigned long) expected_block_size); + return CKR_MECHANISM_PARAM_INVALID; + } + break; + case CKM_RSA_PKCS: + if (mech->ulParameterLen != 0){ + TRACE_ERROR("%s\n", + ock_err(ERR_MECHANISM_PARAM_INVALID)); + return CKR_MECHANISM_PARAM_INVALID; + } + break; + default: + TRACE_ERROR("icsf invalid %lu mechanism for key wrapping\n", + mech->mechanism); + return CKR_MECHANISM_INVALID; + } + /* Call ICSF service */ rc = icsf_unwrap_key(session_state->ld, &reason, mech, &wrapping_key_mapping->icsf_object, diff --git a/usr/lib/pkcs11/icsf_stdll/icsf_specific.h b/usr/lib/pkcs11/icsf_stdll/icsf_specific.h index 86f5a94..e1d7f08 100644 --- a/usr/lib/pkcs11/icsf_stdll/icsf_specific.h +++ b/usr/lib/pkcs11/icsf_stdll/icsf_specific.h @@ -41,7 +41,8 @@ CK_RV icsftok_copy_object(SESSION * session, CK_ATTRIBUTE_PTR attrs, CK_RV icsftok_destroy_object(SESSION *sess, CK_OBJECT_HANDLE handle); CK_RV icsftok_get_attribute_value(SESSION *sess, CK_OBJECT_HANDLE handle, - CK_ATTRIBUTE *pTemplate, CK_ULONG ulCount); + CK_ATTRIBUTE *pTemplate, + CK_ULONG ulCount, CK_ULONG *obj_size); CK_RV icsftok_set_attribute_value(SESSION *sess, CK_OBJECT_HANDLE handle, CK_ATTRIBUTE *pTemplate, CK_ULONG ulCount); diff --git a/usr/lib/pkcs11/icsf_stdll/new_host.c b/usr/lib/pkcs11/icsf_stdll/new_host.c index 3a36d36..4923a77 100644 --- a/usr/lib/pkcs11/icsf_stdll/new_host.c +++ b/usr/lib/pkcs11/icsf_stdll/new_host.c @@ -344,8 +344,8 @@ void Fork_Initializer(void) * When implemented... Although logout_all should clear this up. */ - bt_destroy(&priv_token_obj_btree, object_free); - bt_destroy(&publ_token_obj_btree, object_free); + bt_destroy(&priv_token_obj_btree, call_free); + bt_destroy(&publ_token_obj_btree, call_free); /* Need to do something to prevent the shared memory from * having the objects loaded again.... The most likely place @@ -605,7 +605,7 @@ CK_RV SC_GetMechanismList(CK_SLOT_ID sid, CK_MECHANISM_TYPE_PTR pMechList, } out: TRACE_INFO("C_GetMechanismList: rc = 0x%08lx, # mechanisms: %lu\n", - rc, *count); + rc, (count ? *count : 0)); return rc; } @@ -1082,12 +1082,15 @@ done: rc = session_mgr_login_all(userType); if (rc != CKR_OK) TRACE_DEVEL("session_mgr_login_all failed.\n"); - else - rc = icsf_get_handles(sess->session_info.slotID); + else { + if (sess) + rc = icsf_get_handles(sess->session_info.slotID); + } } TRACE_INFO("C_Login: rc = 0x%08lx\n", rc); - save_token_data(sess->session_info.slotID); + if (sess) + save_token_data(sess->session_info.slotID); MY_UnlockMutex(&login_mutex); return rc; } @@ -1256,13 +1259,44 @@ done: CK_RV SC_GetObjectSize(ST_SESSION_HANDLE *sSession, CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize) { + SESSION *sess = NULL; + CK_RV rc = CKR_OK; + /** + ock does not do object management for icsf token. To get the + object size call CSFPGAV and extract the attr_length returned. + icsf_get_attribute does not pass the user provided template + attributes to remote icsf, instead gets all the attributes from + remote icsf and returns only the user requested attributes. + icsf_get_object_size tries to do the same and extracts only the + attribute_list_length from the result. Setting attribute list to + NULL here and providing a dummy count value. + **/ + CK_ATTRIBUTE_PTR pTemplate = NULL; + CK_ULONG ulCount = 1; + if (initialized == FALSE) { TRACE_ERROR("%s\n", ock_err(ERR_CRYPTOKI_NOT_INITIALIZED)); return CKR_CRYPTOKI_NOT_INITIALIZED; } - TRACE_ERROR("%s\n", ock_err(ERR_FUNCTION_NOT_SUPPORTED)); - return CKR_FUNCTION_NOT_SUPPORTED; + sess = session_mgr_find(sSession->sessionh); + if (!sess) { + TRACE_ERROR("%s\n", ock_err(ERR_SESSION_HANDLE_INVALID)); + rc = CKR_SESSION_HANDLE_INVALID; + goto done; + } + + rc = icsftok_get_attribute_value(sess, hObject, pTemplate, + ulCount, pulSize); + if (rc != CKR_OK) + TRACE_DEVEL("icsftok_get_attribute_value() failed.\n"); + + +done: + TRACE_INFO("C_GetObjectSize: rc = 0x%08lx, handle = %lu\n", + rc, hObject); + + return rc; } @@ -1286,7 +1320,8 @@ CK_RV SC_GetAttributeValue(ST_SESSION_HANDLE *sSession, goto done; } - rc = icsftok_get_attribute_value(sess, hObject, pTemplate, ulCount); + rc = icsftok_get_attribute_value(sess, hObject, pTemplate, + ulCount, NULL); if (rc != CKR_OK) TRACE_DEVEL("icsftok_get_attribute_value() failed.\n"); @@ -1559,7 +1594,7 @@ CK_RV SC_EncryptInit(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism, done: TRACE_INFO("C_EncryptInit: rc = 0x%08lx, sess = %ld, mech = 0x%lx\n", rc, (sess == NULL) ? -1 : (CK_LONG)sess->handle, - pMechanism->mechanism); + (pMechanism ? pMechanism->mechanism : -1)); return rc; } @@ -1765,7 +1800,7 @@ CK_RV SC_DecryptInit(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism, done: TRACE_INFO("C_DecryptInit: rc = 0x%08lx, sess = %ld, mech = 0x%lx\n", rc, (sess == NULL) ? -1 : (CK_LONG)sess->handle, - pMechanism->mechanism); + (pMechanism ? pMechanism->mechanism : -1)); return rc; } @@ -1917,7 +1952,7 @@ done: TRACE_INFO("C_DecryptFinal: rc = 0x%08lx, sess = %ld, amount = %lu\n", rc, (sess == NULL) ? -1 : (CK_LONG)sess->handle, - *pulLastPartLen); + (pulLastPartLen ? *pulLastPartLen : -1)); return rc; } @@ -1969,7 +2004,7 @@ CK_RV SC_DigestInit(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism) done: TRACE_INFO("C_DigestInit: rc = 0x%08lx, sess = %ld, mech = %lx\n", rc, (sess == NULL)?-1:(CK_LONG)sess->handle, - pMechanism->mechanism); + (pMechanism ? pMechanism->mechanism : -1)); return rc; } @@ -2205,7 +2240,7 @@ CK_RV SC_SignInit(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism, done: TRACE_INFO("C_SignInit: rc = %08lx, sess = %ld, mech = %lx\n", rc, (sess == NULL)?-1:(CK_LONG)sess->handle, - pMechanism->mechanism); + (pMechanism ? pMechanism->mechanism : -1)); return rc; } @@ -2426,7 +2461,7 @@ CK_RV SC_VerifyInit(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism, done: TRACE_INFO("C_VerifyInit: rc = %08lx, sess = %ld, mech = %lx\n", rc, (sess == NULL)?-1:(CK_LONG)sess->handle, - pMechanism->mechanism); + (pMechanism ? pMechanism->mechanism : -1)); return rc; } @@ -2698,7 +2733,7 @@ CK_RV SC_GenerateKey(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism, done: TRACE_INFO("C_GenerateKey: rc = %08lx, sess = %ld, mech = %lu\n", rc, (sess == NULL) ? -1 : (CK_LONG) sess->handle, - pMechanism->mechanism); + (pMechanism ? pMechanism->mechanism : -1)); #ifdef DEBUG int i; @@ -2774,7 +2809,7 @@ CK_RV SC_GenerateKeyPair(ST_SESSION_HANDLE *sSession, done: TRACE_INFO("C_GenerateKeyPair: rc = %08lx, sess = %ld, mech = %lx\n", rc, (sess == NULL) ? -1 : ((CK_LONG) sess->handle), - pMechanism->mechanism); + (pMechanism ? pMechanism->mechanism : -1)); #ifdef DEBUG int i; @@ -2912,7 +2947,7 @@ done: TRACE_INFO("C_UnwrapKey: rc = %08lx, sess = %ld, decrypting key = %lu," "unwrapped key = %lu\n", rc, (sess == NULL) ? -1 : (CK_LONG) sess->handle, - hUnwrappingKey, *phKey); + hUnwrappingKey, (phKey ? *phKey : -1)); #ifdef DEBUG int i; @@ -2979,7 +3014,7 @@ CK_RV SC_DeriveKey(ST_SESSION_HANDLE *sSession, CK_MECHANISM_PTR pMechanism, done: TRACE_INFO("C_DeriveKey: rc = %08lx, sess = %ld, mech = %lu\n", rc, (sess == NULL)?-1:(CK_LONG)sess->handle, - pMechanism->mechanism); + (pMechanism ? pMechanism->mechanism : -1)); #ifdef DEBUG int i; CK_ATTRIBUTE *attr = NULL; diff --git a/usr/lib/pkcs11/soft_stdll/soft_specific.c b/usr/lib/pkcs11/soft_stdll/soft_specific.c index 64a63a9..66e3a2c 100644 --- a/usr/lib/pkcs11/soft_stdll/soft_specific.c +++ b/usr/lib/pkcs11/soft_stdll/soft_specific.c @@ -342,14 +342,15 @@ CK_CHAR label[] = "IBM OS PKCS#11 "; CK_RV token_specific_init(CK_SLOT_ID SlotNumber, char *conf_name) { - return CKR_OK; - + TRACE_INFO("soft %s slot=%lu running\n", __func__, SlotNumber); + return CKR_OK; } CK_RV token_specific_final() { - return CKR_OK; + TRACE_INFO("soft %s running\n", __func__); + return CKR_OK; } @@ -1751,7 +1752,7 @@ CK_RV token_specific_rsa_oaep_decrypt(ENCR_DECR_CONTEXT *ctx, CK_BYTE *in_data, rc = os_specific_rsa_decrypt(in_data, in_data_len, decr_data, key_obj); if (rc != CKR_OK) - return rc; + goto error; /* pkcs1v2.2, section 7.1.2 Step 2: * EME-OAEP decoding. @@ -1759,6 +1760,7 @@ CK_RV token_specific_rsa_oaep_decrypt(ENCR_DECR_CONTEXT *ctx, CK_BYTE *in_data, rc = decode_eme_oaep(decr_data, in_data_len, out_data, out_data_len, oaepParms->mgf, hash, hlen); +error: if (decr_data) free(decr_data); return rc; @@ -2469,21 +2471,25 @@ static CK_RV softtok_hmac(SIGN_VERIFY_CONTEXT *ctx, CK_BYTE *in_data, switch(ctx->mech.mechanism) { case CKM_SHA_1_HMAC_GENERAL: general = TRUE; + /* fallthrough */ case CKM_SHA_1_HMAC: mac_len = SHA1_HASH_SIZE; break; case CKM_SHA256_HMAC_GENERAL: general = TRUE; + /* fallthrough */ case CKM_SHA256_HMAC: mac_len = SHA2_HASH_SIZE; break; case CKM_SHA384_HMAC_GENERAL: general = TRUE; + /* fallthrough */ case CKM_SHA384_HMAC: mac_len = SHA3_HASH_SIZE; break; case CKM_SHA512_HMAC_GENERAL: general = TRUE; + /* fallthrough */ case CKM_SHA512_HMAC: mac_len = SHA5_HASH_SIZE; break; @@ -2609,21 +2615,25 @@ static CK_RV softtok_hmac_final(SIGN_VERIFY_CONTEXT *ctx, CK_BYTE *signature, switch(ctx->mech.mechanism) { case CKM_SHA_1_HMAC_GENERAL: general = TRUE; + /* fallthrough */ case CKM_SHA_1_HMAC: mac_len = SHA1_HASH_SIZE; break; case CKM_SHA256_HMAC_GENERAL: general = TRUE; + /* fallthrough */ case CKM_SHA256_HMAC: mac_len = SHA2_HASH_SIZE; break; case CKM_SHA384_HMAC_GENERAL: general = TRUE; + /* fallthrough */ case CKM_SHA384_HMAC: mac_len = SHA3_HASH_SIZE; break; case CKM_SHA512_HMAC_GENERAL: general = TRUE; + /* fallthrough */ case CKM_SHA512_HMAC: mac_len = SHA5_HASH_SIZE; break; diff --git a/usr/lib/pkcs11/tpm_stdll/tpm_specific.c b/usr/lib/pkcs11/tpm_stdll/tpm_specific.c index 9f711bd..f91032d 100644 --- a/usr/lib/pkcs11/tpm_stdll/tpm_specific.c +++ b/usr/lib/pkcs11/tpm_stdll/tpm_specific.c @@ -189,6 +189,8 @@ token_specific_init(CK_SLOT_ID SlotNumber, char *conf_name) char path_buf[PATH_MAX], fname[PATH_MAX]; struct stat statbuf; + TRACE_INFO("tpm %s slot=%lu running\n", __func__, SlotNumber); + // if the user specific directory doesn't exist, create it sprintf(path_buf, "%s", get_pk_dir(fname)); if (stat(path_buf, &statbuf) < 0) { @@ -980,7 +982,6 @@ token_store_priv_key(TSS_HKEY hKey, int key_type, CK_OBJECT_HANDLE *ckKey) flag = TRUE; if ((rc = build_attribute(CKA_HIDDEN, &flag, sizeof(CK_BBOOL), &new_attr))) { TRACE_DEVEL("build_attribute failed\n"); - free(key_id); return rc; } template_update_attribute( priv_key_obj->template, new_attr ); @@ -2165,6 +2166,8 @@ token_specific_final() { TSS_RESULT result; + TRACE_INFO("tpm %s running\n", __func__); + if ((result = Tspi_Context_Close(tspContext))) { TRACE_ERROR("Tspi_Context_Close failed. rc=0x%x\n", result); return CKR_FUNCTION_FAILED; diff --git a/usr/sbin/pkcsicsf/pkcsicsf.c b/usr/sbin/pkcsicsf/pkcsicsf.c index 81662fd..0a3100f 100644 --- a/usr/sbin/pkcsicsf/pkcsicsf.c +++ b/usr/sbin/pkcsicsf/pkcsicsf.c @@ -334,7 +334,7 @@ list_tokens(void) num_seen, tokens[i].name, tokens[i].manufacturer, tokens[i].model, tokens[i].serial, - tokens[i].flags ? "yes" : "no"); + ICSF_IS_TOKEN_READ_ONLY(tokens[i].flags) ? "yes" : "no"); num_seen++; } diff --git a/usr/sbin/pkcsslotd/lexer.l b/usr/sbin/pkcsslotd/lexer.l index d2d502c..7f67bc1 100644 --- a/usr/sbin/pkcsslotd/lexer.l +++ b/usr/sbin/pkcsslotd/lexer.l @@ -291,6 +291,7 @@ int line_num = 1; +extern void yyerror(const char *s); %} %option noyywrap diff --git a/usr/sbin/pkcsslotd/parser.y b/usr/sbin/pkcsslotd/parser.y index 6a7f12a..79965c0 100644 --- a/usr/sbin/pkcsslotd/parser.y +++ b/usr/sbin/pkcsslotd/parser.y @@ -310,6 +310,7 @@ extern FILE *yyin; extern int yyparse(); extern void yyerror(const char *s); extern int line_num; +extern int yylex(); typedef enum { KW_STDLL, @@ -337,6 +338,10 @@ static const struct ock_key ock_keywords[] = { void set_init(void); void set_defaults(void); +int lookup_keyword(const char *key); +int do_str(char *slotinfo, int size, char* kw, char *val); +int do_vers(CK_VERSION *slotinfo, char *kw, char *val); + %} %union { |