new_host.c

IBM的Linux上的PKCS#11实现

			st_err_log(37, __FILE__, __LINE__);
			rc = CKR_PIN_LOCKED;
			goto done;
		}
		rc = compute_sha( pPin, ulPinLen, hash_sha );
		if (memcmp(nv_token_data->so_pin_sha, hash_sha, SHA1_HASH_SIZE) != 0) {
			set_login_flags(userType, flags);
			st_err_log(33, __FILE__, __LINE__);
			rc = CKR_PIN_INCORRECT;
			goto done;
		}
		/* Successful login, clear flags */
		*flags &= 	~(CKF_SO_PIN_LOCKED | 
				  CKF_SO_PIN_FINAL_TRY | 
				  CKF_SO_PIN_COUNT_LOW);
		
		compute_md5( pPin, ulPinLen, so_pin_md5 );
		memset( user_pin_md5, 0x0, MD5_HASH_SIZE );
		
		rc = load_masterkey_so();
		if (rc != CKR_OK) {
			st_err_log(155, __FILE__, __LINE__);
		}
	}

	rc = session_mgr_login_all( userType );
	if (rc != CKR_OK) {
		st_err_log(174, __FILE__, __LINE__);
	}

done:
	LLOCK;
	if (debugfile) {
		stlogit2(debugfile, "%-25s:  rc = 0x%08x\n", "C_Login", rc );
	}

	UNLOCKIT;
	save_token_data();
	MY_UnlockMutex( &login_mutex );
	return rc;
}


//
//
CK_RV SC_Logout( ST_SESSION_HANDLE  sSession )
{
	SESSION  * sess = NULL;
	CK_RV      rc = CKR_OK;

	SESS_SET
	
	LOCKIT;
	if (st_Initialized() == FALSE) {
		st_err_log(72, __FILE__, __LINE__);
		rc = CKR_CRYPTOKI_NOT_INITIALIZED;
		goto done;
	}
	
	sess = SESSION_MGR_FIND( hSession );
	if (!sess) {
		st_err_log(40, __FILE__, __LINE__);
		rc = CKR_SESSION_HANDLE_INVALID;
		goto done;
	}
	
	// all sessions have the same state so we just have to check one
	//
	if (session_mgr_public_session_exists()) {
		st_err_log(57, __FILE__, __LINE__);
		rc = CKR_USER_NOT_LOGGED_IN;
		goto done;
	}

	rc = session_mgr_logout_all();
	if (rc != CKR_OK){
		st_err_log(57, __FILE__, __LINE__);
	}
	memset( user_pin_md5, 0x0, MD5_HASH_SIZE );
	memset( so_pin_md5,   0x0, MD5_HASH_SIZE );
	
	object_mgr_purge_private_token_objects();
	
done:
	LLOCK;
	if (debugfile) {
		stlogit2(debugfile, "%-25s:  rc = 0x%08x\n", "C_Logout", rc );
	}
   
	UNLOCKIT; return rc;
}


// This is a Leeds-Lite solution so we have to store objects on the host.
//
CK_RV SC_CreateObject( ST_SESSION_HANDLE    sSession,
                      CK_ATTRIBUTE_PTR     pTemplate,
                      CK_ULONG             ulCount,
                      CK_OBJECT_HANDLE_PTR phObject )
{
   SESSION               * sess = NULL;
   CK_ULONG                i;
   CK_RV                   rc = CKR_OK;
   SESS_SET

   LOCKIT;
   if (st_Initialized() == FALSE) {
      st_err_log(72, __FILE__, __LINE__);
      rc = CKR_CRYPTOKI_NOT_INITIALIZED;
      goto done;
   }

   sess = SESSION_MGR_FIND( hSession );
   if (!sess) {
      st_err_log(40, __FILE__, __LINE__);
      rc = CKR_SESSION_HANDLE_INVALID;
      goto done;
   }

   if (pin_expired(&sess->session_info) == TRUE) {
      st_err_log(36, __FILE__, __LINE__);
      rc = CKR_PIN_EXPIRED;
      goto done;
   }
   
   rc = object_mgr_add( sess, pTemplate, ulCount, phObject );
   if (rc != CKR_OK) {
      st_err_log(157, __FILE__, __LINE__);
   }

done:
   LLOCK;
   if (debugfile) {
      stlogit2(debugfile, "%-25s:  rc = %08x\n", "C_CreateObject", rc );

      for (i = 0; i < ulCount; i++) {
         if (pTemplate[i].type == CKA_CLASS)
           stlogit2(debugfile, "%28s:  0x%02x\n", "Object Type", *(CK_ULONG *)pTemplate[i].pValue );
      }
      if (rc == CKR_OK)
        stlogit2(debugfile, "%28s:  %d\n", "Handle", *phObject );

   }

   UNLOCKIT; return rc;
}



//
//
CK_RV  SC_CopyObject( ST_SESSION_HANDLE    sSession,
                     CK_OBJECT_HANDLE     hObject,
                     CK_ATTRIBUTE_PTR     pTemplate,
                     CK_ULONG             ulCount,
                     CK_OBJECT_HANDLE_PTR phNewObject )
{
   SESSION              * sess = NULL;
   CK_RV                  rc = CKR_OK;
   SESS_SET

   LOCKIT;
   if (st_Initialized() == FALSE) {
      st_err_log(72, __FILE__, __LINE__);
      rc = CKR_CRYPTOKI_NOT_INITIALIZED;
      goto done;
   }

   sess = SESSION_MGR_FIND( hSession );
   if (!sess) {
      st_err_log(40, __FILE__, __LINE__);
      rc = CKR_SESSION_HANDLE_INVALID;
      goto done;
   }
   
   if (pin_expired(&sess->session_info) == TRUE) {
      st_err_log(36, __FILE__, __LINE__);
      rc = CKR_PIN_EXPIRED;
      goto done;
   }
   
   rc = object_mgr_copy( sess, pTemplate, ulCount, hObject, phNewObject );
   if (rc != CKR_OK) {
      st_err_log(158, __FILE__, __LINE__);
   }

done:
   LLOCK;
   if (debugfile) {
      stlogit2(debugfile, "%-25s:  rc = %08x, old handle = %d, new handle = %d\n", "C_CopyObject", rc, hObject, *phNewObject );
   }

   UNLOCKIT; return rc;
}


//
//
CK_RV SC_DestroyObject( ST_SESSION_HANDLE  sSession,
                       CK_OBJECT_HANDLE   hObject )
{
   SESSION               * sess = NULL;
   CK_RV                   rc = CKR_OK;
   SESS_SET


   LOCKIT;
   if (st_Initialized() == FALSE) {
      st_err_log(72, __FILE__, __LINE__);
      rc = CKR_CRYPTOKI_NOT_INITIALIZED;
      goto done;
   }

   sess = SESSION_MGR_FIND( hSession );
   if (!sess) {
      st_err_log(40, __FILE__, __LINE__);
      rc = CKR_SESSION_HANDLE_INVALID;
      goto done;
   }

   if (pin_expired(&sess->session_info) == TRUE) {
      st_err_log(36, __FILE__, __LINE__);
      rc = CKR_PIN_EXPIRED;
      goto done;
   }
   
   rc = object_mgr_destroy_object( sess, hObject );
   if (rc != CKR_OK){
      st_err_log(182, __FILE__, __LINE__);
   }
done:
   LLOCK;
   if (debugfile) {
      stlogit2(debugfile, "%-25s:  rc = %08x, handle = %d\n", "C_DestroyObject", rc, hObject );
   }

   UNLOCKIT; return rc;
}


//
//
CK_RV SC_GetObjectSize( ST_SESSION_HANDLE  sSession,
                       CK_OBJECT_HANDLE   hObject,
                       CK_ULONG_PTR       pulSize )
{
   SESSION               * sess = NULL;
   CK_RV                   rc = CKR_OK;
   SESS_SET


   LOCKIT;
   if (st_Initialized() == FALSE) {
      st_err_log(72, __FILE__, __LINE__);
      rc = CKR_CRYPTOKI_NOT_INITIALIZED;
      goto done;
   }

   sess = SESSION_MGR_FIND( hSession );
   if (!sess) {
      st_err_log(40, __FILE__, __LINE__);
      rc = CKR_SESSION_HANDLE_INVALID;
      goto done;
   }

   rc = object_mgr_get_object_size( hObject, pulSize );
   if (rc != CKR_OK){
      st_err_log(184, __FILE__, __LINE__);
   }

done:
   LLOCK;
   if (debugfile) {
      stlogit2(debugfile, "%-25s:  rc = %08x, handle = %d\n", "C_GetObjectSize", rc, hObject );
   }

   UNLOCKIT; return rc;
}


//
//
CK_RV SC_GetAttributeValue( ST_SESSION_HANDLE  sSession,
                           CK_OBJECT_HANDLE   hObject,
                           CK_ATTRIBUTE_PTR   pTemplate,
                           CK_ULONG           ulCount )
{
   SESSION        * sess = NULL;
   CK_ATTRIBUTE   * attr = NULL;
   CK_BYTE        * ptr  = NULL;
   CK_ULONG         i;
   CK_RV            rc = CKR_OK;
   SESS_SET


   LOCKIT;
   if (st_Initialized() == FALSE) {
      st_err_log(72, __FILE__, __LINE__);
      rc = CKR_CRYPTOKI_NOT_INITIALIZED;
      goto done;
   }

   sess = SESSION_MGR_FIND( hSession );
   if (!sess) {
      st_err_log(40, __FILE__, __LINE__);
      rc = CKR_SESSION_HANDLE_INVALID;
      goto done;
   }

   rc = object_mgr_get_attribute_values( sess, hObject, pTemplate, ulCount );
   if (rc != CKR_OK){
      st_err_log(159, __FILE__, __LINE__);
   }


done:
   LLOCK;
   if (debugfile) {
      stlogit2(debugfile, "%-25s:  rc = %08x, handle = %d\n", "C_GetAttributeValue", rc, hObject );

      attr = pTemplate;
      for (i = 0; i < ulCount; i++, attr++) {
         ptr = (CK_BYTE *)attr->pValue;

         stlogit2(debugfile, "   %3d:  Attribute type:  0x%08x\n", i, attr->type );
         stlogit2(debugfile, "         Value Length:    %08d\n",   attr->ulValueLen );

         if (attr->ulValueLen != (CK_ULONG)(-1) && (ptr != NULL))
            stlogit2(debugfile, "         First 4 bytes:   %02x %02x %02x %02x", ptr[0], ptr[1], ptr[2], ptr[3] );

         stlogit2(debugfile, "\n\n");
      }

   }

   UNLOCKIT; return rc;
}


//
//
CK_RV  SC_SetAttributeValue( ST_SESSION_HANDLE    sSession,
                            CK_OBJECT_HANDLE     hObject,
                            CK_ATTRIBUTE_PTR     pTemplate,
                            CK_ULONG             ulCount )
{
   SESSION       * sess = NULL;
   CK_ATTRIBUTE  * attr = NULL;
   CK_ULONG        i;
   CK_RV           rc = CKR_OK;
   SESS_SET


   LOCKIT;
   if (st_Initialized() == FALSE) {
      st_err_log(72, __FILE__, __LINE__);
      rc = CKR_CRYPTOKI_NOT_INITIALIZED;
      goto done;
   }

   sess = SESSION_MGR_FIND( hSession );
   if (!sess) {
      st_err_log(40, __FILE__, __LINE__);
      rc = CKR_SESSION_HANDLE_INVALID;
      goto done;
   }

   rc = object_mgr_set_attribute_values( sess, hObject, pTemplate, ulCount);
   if (rc != CKR_OK){
      st_err_log(161, __FILE__, __LINE__);
   }

done:
   LLOCK;
   if (debugfile) {
      stlogit2(debugfile, "%-25s:  rc = %08x, handle = %d\n", "C_SetAttributeValue", rc, hObject );

      attr = pTemplate;
      for (i = 0; i < ulCount; i++, attr++) {
         CK_BYTE *ptr = (CK_BYTE *)attr->pValue;

         stlogit2(debugfile, "   %3d:  Attribute type:  0x%08x\n", i, attr->type );
         stlogit2(debugfile, "         Value Length:    %08d\n",   attr->ulValueLen );

         if (attr->ulValueLen != (CK_ULONG)(-1) && (ptr != NULL))
            stlogit2(debugfile, "         First 4 bytes:   %02x %02x %02x %02x", ptr[0], ptr[1], ptr[2], ptr[3] );

         stlogit2(debugfile, "\n\n");
      }

   }

   UNLOCKIT; return rc;
}


//
//
CK_RV SC_FindObjectsInit( ST_SESSION_HANDLE   sSession,
                         CK_ATTRIBUTE_PTR    pTemplate,
                         CK_ULONG            ulCount )
{
   SESSION        * sess  = NULL;
   CK_ATTRIBUTE   * attr = NULL;
   CK_ULONG         i;
   CK_RV            rc = CKR_OK;
   SESS_SET

   LOCKIT;
   if (st_Initialized() == FALSE) {
      st_err_log(72, __FILE__, __LINE__);
      rc = CKR_CRYPTOKI_NOT_INITIALIZED;
      goto done;
   }

   sess = SESSION_MGR_FIND( hSession );
   if (!sess) {
      st_err_log(40, __FILE__, __LINE__);
      rc = CKR_SESSION_HANDLE_INVALID;
      goto done;
   }

   if (pin_expired(&sess->session_info) == TRUE) {
      st_err_log(36, __FILE__, __LINE__);
      rc = CKR_PIN_EXPIRED;
      goto done;
   }
   
   if (sess->find_active == TRUE) {
      st_err_log(31, __FILE__, __LINE__);
      rc = CKR_OPERATION_ACTIVE;
      goto done;
   }

   rc = object_mgr_find_init( sess, pTemplate, ulCount );
   if (rc != CKR_OK){
      st_err_log(185, __FILE__, __LINE__);
   }

done:
   LLOCK;
   if (debugfile) {
      stlogit2(debugfile, "%-25s:  rc = %08x\n", "C_FindObjectsInit", rc );

      attr = pTemplate;
      for (i = 0; i < ulCount; i++, attr++) {
         CK_BYTE *ptr = (CK_BYTE *)attr->pValue;

         stlogit2(debugfile, "   %3d:  Attribute type:  0x%08x\n", i, attr->type );
         stlogit2(debugfile, "         Value Length:    %08d\n",   attr->ulValueLen );

         if (attr->ulValueLen != (CK_ULONG)(-1) && (ptr != NULL))