new_host.c

IBM的Linux上的PKCS#11实现

       * If so, reset the CKF_SO_PIN_TO_BE_CHANGED flag. - KEY 
       */
      if (memcmp(old_hash_sha, new_hash_sha, SHA1_HASH_SIZE) == 0) {
	 st_err_log(34, __FILE__, __LINE__);
	 rc = CKR_PIN_INVALID;
	 goto done;
      }
      
      rc = XProcLock( xproclock );
      if (rc != CKR_OK){
         st_err_log(150, __FILE__, __LINE__);
         goto done;
      }
         memcpy( nv_token_data->so_pin_sha, new_hash_sha, SHA1_HASH_SIZE );
         memcpy( so_pin_md5, hash_md5, MD5_HASH_SIZE );
      
	 // New in v2.11 - XXX KEY      
	 sess->session_info.flags &= ~(CKF_SO_PIN_TO_BE_CHANGED);

   	 XProcUnLock( xproclock );
         rc = save_token_data();

      if (rc != CKR_OK){
          st_err_log(104, __FILE__, __LINE__);
         goto done;
      }
      
      rc = save_masterkey_so();
   }
   else{
      st_err_log(142, __FILE__, __LINE__);
      rc = CKR_SESSION_READ_ONLY;
   }
done:
   LLOCK;
   if (debugfile) {
      stlogit2(debugfile, "%-25s:  session = %08x\n", "C_SetPin", rc, hSession );
   }

   UNLOCKIT;
   if (rc != CKR_SESSION_READ_ONLY && rc != CKR_OK)
      st_err_log(149, __FILE__, __LINE__);	
   return rc;
}


//
//
CK_RV SC_OpenSession( CK_SLOT_ID             sid,
                     CK_FLAGS               flags,
                     CK_SESSION_HANDLE_PTR  phSession )
{
   SESSION              * sess;
   CK_BBOOL               locked = FALSE;
   CK_RV                  rc = CKR_OK;
   SLT_CHECK



      LOCKIT;
   if (st_Initialized() == FALSE) {
      st_err_log(72, __FILE__, __LINE__);
      rc = CKR_CRYPTOKI_NOT_INITIALIZED;
      goto done;
   }

   if (phSession == NULL) {
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      rc = CKR_FUNCTION_FAILED;
      goto done;
   }

   if (slot_id > MAX_SLOT_ID) {
      st_err_log(2, __FILE__, __LINE__); 
      rc = CKR_SLOT_ID_INVALID;
      goto done;
   }

   if ((flags & CKF_SERIAL_SESSION) == 0) {
      st_err_log(41, __FILE__, __LINE__); 
      rc = CKR_SESSION_PARALLEL_NOT_SUPPORTED;
      goto done;
   }

   if ((flags & CKF_RW_SESSION) == 0) {
      if (session_mgr_so_session_exists()) {
         st_err_log(45, __FILE__, __LINE__); 
         rc = CKR_SESSION_READ_WRITE_SO_EXISTS;
         goto done;
      }
   }

   // Get the mutex because we may modify the pid_list
   //
   rc = MY_LockMutex( &pkcs_mutex );
   if (rc != CKR_OK){
         st_err_log(146, __FILE__, __LINE__); 
         goto done;
   }
   locked = TRUE;

   token_specific.t_session(slot_id);

   MY_UnlockMutex( &pkcs_mutex );
   locked = FALSE;

   rc = session_mgr_new( flags, &sess );
   if (rc != CKR_OK){
      st_err_log(152, __FILE__, __LINE__); 
      goto done;
   }
   *phSession = sess->handle;
   // Set the correct slot ID here. Was hard coded to 1. - KEY
   sess->session_info.slotID = sid;

done:
   if (locked)
      MY_UnlockMutex( &pkcs_mutex );

   LLOCK;
   if (debugfile) {
      stlogit2(debugfile, "%-25s:  rc = 0x%08x  ", "C_OpenSession", rc );
      if (rc == CKR_OK)
         stlogit2(debugfile, "sess = %d", (sess == NULL)?-1:sess->handle );
      stlogit2(debugfile, "\n");
   }

   UNLOCKIT;
   return rc;
}


//
//
CK_RV SC_CloseSession( ST_SESSION_HANDLE  sSession )
{
   SESSION  * sess = NULL;
   CK_RV      rc = CKR_OK;
   SESS_SET

      LOCKIT;
   if (st_Initialized() == FALSE) {
      st_err_log(72, __FILE__, __LINE__);
      rc = CKR_CRYPTOKI_NOT_INITIALIZED;
      goto done;
   }

   sess = SESSION_MGR_FIND( hSession );
   if (!sess) {
      st_err_log(40, __FILE__, __LINE__);
      rc = CKR_SESSION_HANDLE_INVALID;
      goto done;
   }

   rc = session_mgr_close_session( sess );

done:
   LLOCK;
   if (debugfile) {
      stlogit2(debugfile, "%-25s:  rc = 0x%08x  sess = %d\n", "C_CloseSession", rc, hSession );
   }

   UNLOCKIT;
   return rc;
}


//
//
CK_RV SC_CloseAllSessions( CK_SLOT_ID  sid )
{
   CK_RV rc = CKR_OK;
   SLT_CHECK

      LOCKIT;
   if (st_Initialized() == FALSE) {
      st_err_log(72, __FILE__, __LINE__);
      rc = CKR_CRYPTOKI_NOT_INITIALIZED;
      goto done;
   }

   rc = session_mgr_close_all_sessions();
   if (rc != CKR_OK){
      st_err_log(153, __FILE__, __LINE__);
   }
	
done:
   LLOCK;
   if (debugfile) {
      stlogit2(debugfile, "%-25s:  rc = 0x%08x  slot = %d\n", "C_CloseAllSessions", rc, slot_id );
   }

   UNLOCKIT;
   return rc;
}


//
//
CK_RV SC_GetSessionInfo( ST_SESSION_HANDLE   sSession,
                        CK_SESSION_INFO_PTR pInfo )
{
   SESSION  * sess = NULL;
   CK_RV      rc = CKR_OK;
   SESS_SET

      LOCKIT;
   if (st_Initialized() == FALSE) {
      st_err_log(72, __FILE__, __LINE__);
      rc = CKR_CRYPTOKI_NOT_INITIALIZED;
      goto done;
   }

   if (!pInfo) {
      st_err_log(5, __FILE__, __LINE__, __FUNCTION__);
      rc = CKR_ARGUMENTS_BAD;
      goto done;
   }

   sess = SESSION_MGR_FIND( hSession );
   if (!sess) {
      st_err_log(40, __FILE__, __LINE__);
      rc = CKR_SESSION_HANDLE_INVALID;
      goto done;
   }

   memcpy( pInfo, &sess->session_info, sizeof(CK_SESSION_INFO) );

done:
   if (debugfile) {
      stlogit2(debugfile, "%-25s:  session = %08d\n", "C_GetSessionInfo", hSession );
   }
   UNLOCKIT;
   return rc;
}


//
//
CK_RV SC_GetOperationState( ST_SESSION_HANDLE  sSession,
                           CK_BYTE_PTR        pOperationState,
                           CK_ULONG_PTR       pulOperationStateLen )
{
   SESSION  * sess = NULL;
   CK_BBOOL   length_only = FALSE;
   CK_RV      rc = CKR_OK;
   SESS_SET


      LOCKIT;
   if (st_Initialized() == FALSE) {
      st_err_log(72, __FILE__, __LINE__);
      rc = CKR_CRYPTOKI_NOT_INITIALIZED;
      goto done;
   }

   if (!pulOperationStateLen) {
      st_err_log(5, __FILE__, __LINE__, __FUNCTION__);
      rc = CKR_ARGUMENTS_BAD;
      goto done;
   }

   if (!pOperationState)
      length_only = TRUE;

   sess = SESSION_MGR_FIND( hSession );
   if (!sess) {
      st_err_log(40, __FILE__, __LINE__);
      rc = CKR_SESSION_HANDLE_INVALID;
      goto done;
   }


   rc = session_mgr_get_op_state( sess, length_only,
                                  pOperationState,
                                  pulOperationStateLen );
   if (rc != CKR_OK){
      st_err_log(154, __FILE__, __LINE__);
   }
done:
   LLOCK;
   if (debugfile) {
      stlogit2(debugfile, "%-25s:  session = %08x\n", "C_GetOperationState", rc, hSession );
   }

   UNLOCKIT;
   return rc;
}


//
//
CK_RV SC_SetOperationState( ST_SESSION_HANDLE  sSession,
                           CK_BYTE_PTR        pOperationState,
                           CK_ULONG           ulOperationStateLen,
                           CK_OBJECT_HANDLE   hEncryptionKey,
                           CK_OBJECT_HANDLE   hAuthenticationKey )
{
   SESSION  * sess = NULL;
   CK_RV      rc = CKR_OK;
   SESS_SET


      LOCKIT;
   if (st_Initialized() == FALSE) {
      st_err_log(72, __FILE__, __LINE__);
      rc = CKR_CRYPTOKI_NOT_INITIALIZED;
      goto done;
   }

   if (!pOperationState || (ulOperationStateLen == 0)) {
      st_err_log(5, __FILE__, __LINE__, __FUNCTION__);
      rc = CKR_ARGUMENTS_BAD;
      goto done;
   }

   sess = SESSION_MGR_FIND( hSession );
   if (!sess) {
      st_err_log(40, __FILE__, __LINE__);
      rc = CKR_SESSION_HANDLE_INVALID;
      goto done;
   }

   rc = session_mgr_set_op_state( sess,
                                  hEncryptionKey,  hAuthenticationKey,
                                  pOperationState, ulOperationStateLen );

   if (rc != CKR_OK){
      st_err_log(154, __FILE__, __LINE__);
   }
done:
   LLOCK;
   if (debugfile) {
      stlogit2(debugfile, "%-25s:  session = %08x\n", "C_SetOperationState", rc, hSession );
   }

   UNLOCKIT;
   return rc;
}



//
//
CK_RV SC_Login( ST_SESSION_HANDLE   sSession,
                CK_USER_TYPE        userType,
                CK_CHAR_PTR         pPin,
                CK_ULONG            ulPinLen )
{
	SESSION        * sess = NULL;
	CK_FLAGS_32    * flags = NULL;
	CK_BYTE          hash_sha[SHA1_HASH_SIZE];
	CK_RV            rc = CKR_OK;

	SESS_SET
	LOCKIT;
	// In v2.11, logins should be exclusive, since token
	// specific flags may need to be set for a bad login. - KEY
	rc = MY_LockMutex( &login_mutex );
	if (rc != CKR_OK){
	        st_err_log(146, __FILE__, __LINE__);
		return CKR_FUNCTION_FAILED;
	}
	  
	if (st_Initialized() == FALSE) {
		st_err_log(72, __FILE__, __LINE__);
		rc = CKR_CRYPTOKI_NOT_INITIALIZED;
		goto done;
	}
	
	sess = SESSION_MGR_FIND( hSession );
	if (!sess) {
		st_err_log(40, __FILE__, __LINE__);
		rc = CKR_SESSION_HANDLE_INVALID;
		goto done;
	}
	flags = &nv_token_data->token_info.flags;

	if (!pPin || ulPinLen > MAX_PIN_LEN) {
		set_login_flags(userType, flags);
		st_err_log(33, __FILE__, __LINE__);
		rc = CKR_PIN_INCORRECT;
		goto done;
	}
	
	// PKCS #11 v2.01 requires that all sessions have the same login status:
	//    --> all sessions are public, all are SO or all are USER
	//
	if (userType == CKU_USER) {
		if (session_mgr_so_session_exists()){
			st_err_log(60, __FILE__, __LINE__);
			rc = CKR_USER_ANOTHER_ALREADY_LOGGED_IN;
		}
		if (session_mgr_user_session_exists()){
			st_err_log(56, __FILE__, __LINE__);
			rc = CKR_USER_ALREADY_LOGGED_IN;
		}
	}
	else if (userType == CKU_SO) {
		if (session_mgr_user_session_exists()){
			st_err_log(60, __FILE__, __LINE__);
			rc = CKR_USER_ANOTHER_ALREADY_LOGGED_IN;
		}
		if (session_mgr_so_session_exists()){
			st_err_log(56, __FILE__, __LINE__);
			rc = CKR_USER_ALREADY_LOGGED_IN;
		}
		if (session_mgr_readonly_exists()){
			st_err_log(142, __FILE__, __LINE__);
			rc = CKR_SESSION_READ_ONLY_EXISTS;
		}
	}
	else {
		rc = CKR_USER_TYPE_INVALID;
		st_err_log(59, __FILE__, __LINE__);
	}
	if (rc != CKR_OK)
		goto done;
		
	if (userType == CKU_USER) {
		if (*flags & CKF_USER_PIN_LOCKED) {
			st_err_log(37, __FILE__, __LINE__);
			rc = CKR_PIN_LOCKED;
			goto done;
		}
		
		rc = compute_sha( pPin, ulPinLen, hash_sha );
		if (memcmp(nv_token_data->user_pin_sha, hash_sha, SHA1_HASH_SIZE) != 0) {
			set_login_flags(userType, flags);
			st_err_log(33, __FILE__, __LINE__);
			rc = CKR_PIN_INCORRECT;
			goto done;
		}
		/* Successful login, clear flags */
		*flags &= 	~(CKF_USER_PIN_LOCKED | 
				  CKF_USER_PIN_FINAL_TRY | 
				  CKF_USER_PIN_COUNT_LOW);
		
		compute_md5( pPin, ulPinLen, user_pin_md5 );
		memset( so_pin_md5, 0x0, MD5_HASH_SIZE );
		
		rc = load_masterkey_user();
		if (rc != CKR_OK){
			st_err_log(155, __FILE__, __LINE__);
			goto done;
		}
		rc = load_private_token_objects();
		
		XProcLock( xproclock );
		global_shm->priv_loaded = TRUE;
		XProcUnLock( xproclock );
		
	}
	else {
		if (*flags & CKF_SO_PIN_LOCKED) {