6439989 CKM_CMS_SIG & WTLS missing from pkcs11_mech2str mapping

6282064 C_GetSlotInfo returns CKR_SLOT_ID_INVALID when the logical provider is the only slot on the system 6177650 Wrong error code returned when key does not allow requested operation 6437677 C_GenerateKey with missing CKA_VALUE_LEN attr should fail with CKR_TEMPLATE_INCOMPLETE 6499687 softDSA.c should use a meaningful #define rather than a hard coded number 6773550 Crypto Framework is too strict when checking DSA key parameters 6815120 C_Logout with metaslot can leave metaslot object info in memory 6606384 SCF consumers crash after mechanisms are disabled using cryptoadm when using libumem 6636169 softtoken is confused by .nfs files 6636960 C_GetOperationState should fail if there is no active digest operation 6627939 functional test failure - got CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT
author: Anthony Scarpino <Anthony.Scarpino@Sun.COM> 2009-04-10 15:07:07 -0700
committer: Anthony Scarpino <Anthony.Scarpino@Sun.COM> 2009-04-10 15:07:07 -0700
commit: d288ba7491829a622697c947c3f1a30aec18c133 (patch)
tree: 7b4df4095fa05b996a5ddae56c434df274c8a624 /usr/src/lib/pkcs11/pkcs11_softtoken/common
parent: dde769a2c00c82faaf80563ddd5610de2f4da339 (diff)
download: illumos-joyent-d288ba7491829a622697c947c3f1a30aec18c133.tar.gz
9 files changed, 45 insertions, 59 deletions
diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softAttributeUtil.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softAttributeUtil.c
index fe7818c040..ac66970d2b 100644
--- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softAttributeUtil.c
+++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softAttributeUtil.c
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -2833,10 +2833,10 @@ soft_build_secret_key_object(CK_ATTRIBUTE_PTR template, CK_ULONG ulAttrNum,
 		 */
 		case CKK_RC4:
 			if (!isValueLen) {
-				rv = CKR_TEMPLATE_INCONSISTENT;
+				rv = CKR_TEMPLATE_INCOMPLETE;
 				goto fail_cleanup;
 			}
-
+			;
 			if ((sck->sk_value_len < ARCFOUR_MIN_KEY_BYTES) ||
 			    (sck->sk_value_len > ARCFOUR_MAX_KEY_BYTES)) {
 				rv = CKR_ATTRIBUTE_VALUE_INVALID;
@@ -2847,14 +2847,14 @@ soft_build_secret_key_object(CK_ATTRIBUTE_PTR template, CK_ULONG ulAttrNum,
 		case CKK_GENERIC_SECRET:
 			/* arbitrary key length - no length checking */
 			if (!isValueLen) {
-				rv = CKR_TEMPLATE_INCONSISTENT;
+				rv = CKR_TEMPLATE_INCOMPLETE;
 				goto fail_cleanup;
 			}
 			break;
 
 		case CKK_AES:
 			if (!isValueLen) {
-				rv = CKR_TEMPLATE_INCONSISTENT;
+				rv = CKR_TEMPLATE_INCOMPLETE;
 				goto fail_cleanup;
 			}
 
@@ -2869,7 +2869,7 @@ soft_build_secret_key_object(CK_ATTRIBUTE_PTR template, CK_ULONG ulAttrNum,
 
 		case CKK_BLOWFISH:
 			if (!isValueLen) {
-				rv = CKR_TEMPLATE_INCONSISTENT;
+				rv = CKR_TEMPLATE_INCOMPLETE;
 				goto fail_cleanup;
 			}
 			if ((sck->sk_value_len < BLOWFISH_MINBYTES) ||
diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDSA.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDSA.c
index 37c9c611f4..24e3d1b7f5 100644
--- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDSA.c
+++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDSA.c
@@ -19,12 +19,10 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #include <pthread.h>
 #include <stdlib.h>
 #include <string.h>
@@ -204,7 +202,7 @@ dsa_sign(soft_object_t *key, CK_BYTE_PTR in, CK_ULONG inlen, CK_BYTE_PTR out)
 		goto clean1;
 	}
 
-	if (20 != qlen) {
+	if (DSA_SUBPRIME_BYTES != qlen) {
 		rv = CKR_KEY_SIZE_RANGE;
 		goto clean1;
 	}
@@ -219,17 +217,12 @@ dsa_sign(soft_object_t *key, CK_BYTE_PTR in, CK_ULONG inlen, CK_BYTE_PTR out)
 		goto clean1;
 	}
 
-	if (glen != plen) {
-		rv = CKR_KEY_SIZE_RANGE;
-		goto clean1;
-	}
-
 	rv = soft_get_private_value(key, CKA_VALUE, x, &xlen);
 	if (rv != CKR_OK) {
 		goto clean1;
 	}
 
-	if (20 < xlen) {
+	if (DSA_SUBPRIME_BYTES < xlen) {
 		rv = CKR_KEY_SIZE_RANGE;
 		goto clean1;
 	}
@@ -254,9 +247,9 @@ dsa_sign(soft_object_t *key, CK_BYTE_PTR in, CK_ULONG inlen, CK_BYTE_PTR out)
 	}
 
 	bytestring2bignum(&(dsakey.g), g, plen);
-	bytestring2bignum(&(dsakey.x), x, 20);
+	bytestring2bignum(&(dsakey.x), x, DSA_SUBPRIME_BYTES);
 	bytestring2bignum(&(dsakey.p), p, plen);
-	bytestring2bignum(&(dsakey.q), q, 20);
+	bytestring2bignum(&(dsakey.q), q, DSA_SUBPRIME_BYTES);
 	bytestring2bignum(&msg, (uchar_t *)in, inlen);
 
 	if ((err = random_bignum(&(dsakey.k), DSA_SUBPRIME_BITS,
@@ -296,8 +289,9 @@ dsa_sign(soft_object_t *key, CK_BYTE_PTR in, CK_ULONG inlen, CK_BYTE_PTR out)
 	    BIG_OK)
 		goto clean10;
 
-	bignum2bytestring((uchar_t *)out, &(dsakey.r), 20);
-	bignum2bytestring((uchar_t *)out + 20, &(dsakey.s), 20);
+	bignum2bytestring((uchar_t *)out, &(dsakey.r), DSA_SUBPRIME_BYTES);
+	bignum2bytestring((uchar_t *)out + DSA_SUBPRIME_BYTES, &(dsakey.s),
+	    DSA_SUBPRIME_BYTES);
 
 	err = BIG_OK;
 
@@ -342,7 +336,7 @@ dsa_verify(soft_object_t *key, CK_BYTE_PTR data, CK_BYTE_PTR sig)
 		goto clean1;
 	}
 
-	if (20 != qlen) {
+	if (DSA_SUBPRIME_BYTES != qlen) {
 		rv = CKR_KEY_SIZE_RANGE;
 		goto clean1;
 	}
@@ -394,10 +388,11 @@ dsa_verify(soft_object_t *key, CK_BYTE_PTR data, CK_BYTE_PTR sig)
 	bytestring2bignum(&(dsakey.g), g, glen);
 	bytestring2bignum(&(dsakey.y), y, ylen);
 	bytestring2bignum(&(dsakey.p), p, plen);
-	bytestring2bignum(&(dsakey.q), q, 20);
-	bytestring2bignum(&(dsakey.r), (uchar_t *)sig, 20);
-	bytestring2bignum(&(dsakey.s), ((uchar_t *)sig) + 20, 20);
-	bytestring2bignum(&msg, (uchar_t *)data, 20);
+	bytestring2bignum(&(dsakey.q), q, DSA_SUBPRIME_BYTES);
+	bytestring2bignum(&(dsakey.r), (uchar_t *)sig, DSA_SUBPRIME_BYTES);
+	bytestring2bignum(&(dsakey.s), ((uchar_t *)sig) + DSA_SUBPRIME_BYTES,
+	    DSA_SUBPRIME_BYTES);
+	bytestring2bignum(&msg, (uchar_t *)data, DSA_SUBPRIME_BYTES);
 
 	if (big_ext_gcd_pos(NULL, &tmp2, NULL, &(dsakey.s), &(dsakey.q)) !=
 	    BIG_OK)
@@ -533,7 +528,7 @@ soft_dsa_sign(soft_session_t *session_p, CK_BYTE_PTR pData,
 	}
 
 	/* Input data length needs to be 20 bytes. */
-	if (ulDataLen != 20) {
+	if (ulDataLen != DSA_SUBPRIME_BYTES) {
 		rv = CKR_DATA_LEN_RANGE;
 		goto clean_exit;
 	}
@@ -581,7 +576,7 @@ soft_dsa_verify(soft_session_t *session_p, CK_BYTE_PTR pData,
 	}
 
 	/* Input data length needs to be 20 bytes. */
-	if (ulDataLen != 20) {
+	if (ulDataLen != DSA_SUBPRIME_BYTES) {
 		rv = CKR_DATA_LEN_RANGE;
 		goto clean_exit;
 	}
diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDecrypt.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDecrypt.c
index 3915ffd822..230af0b3f9 100644
--- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDecrypt.c
+++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDecrypt.c
@@ -19,12 +19,10 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #include <pthread.h>
 #include <security/cryptoki.h>
 #include "softGlobal.h"
@@ -63,7 +61,7 @@ C_DecryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
 
 	/* Check to see if key object allows for decryption. */
 	if (!(key_p->bool_attr_mask & DECRYPT_BOOL_ON)) {
-		rv = CKR_KEY_TYPE_INCONSISTENT;
+		rv = CKR_KEY_FUNCTION_NOT_PERMITTED;
 		goto clean_exit1;
 	}
 
diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softEncrypt.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softEncrypt.c
index 16516f5f07..35dc5b1978 100644
--- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softEncrypt.c
+++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softEncrypt.c
@@ -19,12 +19,10 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #include <pthread.h>
 #include <security/cryptoki.h>
 #include "softGlobal.h"
@@ -63,7 +61,7 @@ C_EncryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
 
 	/* Check to see if key object allows for encryption. */
 	if (!(key_p->bool_attr_mask & ENCRYPT_BOOL_ON)) {
-		rv = CKR_KEY_TYPE_INCONSISTENT;
+		rv = CKR_KEY_FUNCTION_NOT_PERMITTED;
 		goto clean_exit1;
 	}
 
diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeys.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeys.c
index 4683a68e3d..639b754285 100644
--- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeys.c
+++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeys.c
@@ -19,13 +19,10 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
-
 #include <security/cryptoki.h>
 #include "softGlobal.h"
 #include "softSession.h"
@@ -165,7 +162,7 @@ C_WrapKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
 
 	/* Check if given wrapping key may be used for encryption. */
 	if (!(wrappingkey_p->bool_attr_mask & ENCRYPT_BOOL_ON)) {
-		rv = CKR_WRAPPING_KEY_TYPE_INCONSISTENT;
+		rv = CKR_KEY_FUNCTION_NOT_PERMITTED;
 		goto clean_exit2;
 	}
 
@@ -271,7 +268,7 @@ C_UnwrapKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
 
 	/* Check if given unwrapping key may be used to decrypt. */
 	if (!(unwrappingkey_p->bool_attr_mask & DECRYPT_BOOL_ON)) {
-		rv = CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT;
+		rv = CKR_KEY_FUNCTION_NOT_PERMITTED;
 		goto clean_exit1;
 	}
 
@@ -354,7 +351,7 @@ C_DeriveKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
 
 	/* Check to see if key object allows for derivation. */
 	if (!(basekey_p->bool_attr_mask & DERIVE_BOOL_ON)) {
-		rv = CKR_KEY_TYPE_INCONSISTENT;
+		rv = CKR_KEY_FUNCTION_NOT_PERMITTED;
 		goto clean_exit1;
 	}
 
diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeystoreUtil.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeystoreUtil.c
index 8498d2985b..b28e9e9c5a 100644
--- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeystoreUtil.c
+++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeystoreUtil.c
@@ -55,6 +55,7 @@
 #define	DS_FILE		"objstore_info"	/* keystore description file */
 #define	TMP_DS_FILE	"t_info"	/* temp name for keystore desc. file */
 #define	OBJ_PREFIX	"obj"	/* prefix of the keystore object file names */
+#define	OBJ_PREFIX_LEN	sizeof (OBJ_PREFIX) - 1	/* length of prefix */
 #define	TMP_OBJ_PREFIX	"t_o"	/* prefix of the temp object file names */
 
 /*
@@ -810,10 +811,8 @@ get_all_objs_in_dir(DIR *dirp, ks_obj_handle_t *ks_handle,
 
 	while ((dp = readdir(dirp)) != NULL) {
 
-		if ((strcmp(dp->d_name, ".") == 0) ||
-		    (strcmp(dp->d_name, "..") == 0)) {
+		if (strncmp(dp->d_name, OBJ_PREFIX, OBJ_PREFIX_LEN) != 0)
 			continue;
-		}
 
 		(void) strcpy((char *)ks_handle->name, dp->d_name);
 		rv = soft_keystore_get_single_obj(ks_handle, &obj, lock_held);
@@ -1706,7 +1705,7 @@ soft_keystore_setpin(uchar_t *oldpin, uchar_t *newpin, boolean_t lock_held)
 		    "%s/%s", pri_obj_path, pri_ent->d_name);
 		(void) snprintf(obj->tmp_name, MAXPATHLEN, "%s/%s%s",
 		    pri_obj_path, TMP_OBJ_PREFIX,
-		    (pri_ent->d_name) + strlen(OBJ_PREFIX));
+		    (pri_ent->d_name) + OBJ_PREFIX_LEN);
 		if (reencrypt_obj(new_crypt_key, new_hmac_key,
 		    obj->orig_name, obj->tmp_name) != 0) {
 			free(obj);
@@ -2533,13 +2532,13 @@ soft_keystore_modify_obj(ks_obj_handle_t *ks_handle, uchar_t *buf,
 		    get_pub_obj_path(pub_obj_path), ks_handle->name);
 		(void) snprintf(tmp_name, MAXPATHLEN, "%s/%s%s",
 		    pub_obj_path, TMP_OBJ_PREFIX,
-		    (ks_handle->name) + strlen(OBJ_PREFIX));
+		    (ks_handle->name) + OBJ_PREFIX_LEN);
 	} else {
 		(void) snprintf(orig_name, MAXPATHLEN, "%s/%s",
 		    get_pri_obj_path(pri_obj_path), ks_handle->name);
 		(void) snprintf(tmp_name, MAXPATHLEN, "%s/%s%s",
 		    pri_obj_path, TMP_OBJ_PREFIX,
-		    (ks_handle->name) + strlen(OBJ_PREFIX));
+		    (ks_handle->name) + OBJ_PREFIX_LEN);
 	}
 
 	tmp_fd = open_nointr(tmp_name,
diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSessionUtil.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSessionUtil.c
index 70693b36e1..11484096d0 100644
--- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSessionUtil.c
+++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSessionUtil.c
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -548,6 +548,9 @@ soft_get_operationstate(soft_session_t *session_p, CK_BYTE_PTR pOperationState,
 		default:
 			rv = CKR_STATE_UNSAVEABLE;
 		}
+	} else {
+		rv = CKR_OPERATION_NOT_INITIALIZED;
+		goto unlock_session;
 	}
 
 	*pulOperationStateLen = op_data_len;
diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSign.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSign.c
index 343e47f27e..0d4f0d36c4 100644
--- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSign.c
+++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSign.c
@@ -19,12 +19,10 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #include <pthread.h>
 #include <security/cryptoki.h>
 #include "softGlobal.h"
@@ -64,7 +62,7 @@ C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
 
 	/* Check to see if key object supports signature. */
 	if (!(key_p->bool_attr_mask & SIGN_BOOL_ON)) {
-		rv = CKR_KEY_TYPE_INCONSISTENT;
+		rv = CKR_KEY_FUNCTION_NOT_PERMITTED;
 		goto clean_exit1;
 	}
 
@@ -321,7 +319,7 @@ C_SignRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
 
 	/* Check to see if key object supports sign_recover. */
 	if (!(key_p->bool_attr_mask & SIGN_RECOVER_BOOL_ON)) {
-		rv = CKR_KEY_TYPE_INCONSISTENT;
+		rv = CKR_KEY_FUNCTION_NOT_PERMITTED;
 		goto clean_exit1;
 	}
 
diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softVerify.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softVerify.c
index e4e2666ec8..0feedf6f7e 100644
--- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softVerify.c
+++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softVerify.c
@@ -19,12 +19,10 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #include <pthread.h>
 #include <security/cryptoki.h>
 #include "softGlobal.h"
@@ -64,7 +62,7 @@ C_VerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
 
 	/* Check to see if key object supports verification. */
 	if (!(key_p->bool_attr_mask & VERIFY_BOOL_ON)) {
-		rv = CKR_KEY_TYPE_INCONSISTENT;
+		rv = CKR_KEY_FUNCTION_NOT_PERMITTED;
 		goto clean_exit1;
 	}
 
@@ -292,7 +290,7 @@ C_VerifyRecoverInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
 
 	/* Check to see if key object supports verify_recover. */
 	if (!(key_p->bool_attr_mask & VERIFY_RECOVER_BOOL_ON)) {
-		rv = CKR_KEY_TYPE_INCONSISTENT;
+		rv = CKR_KEY_FUNCTION_NOT_PERMITTED;
 		goto clean_exit1;
 	}
author	Anthony Scarpino <Anthony.Scarpino@Sun.COM>	2009-04-10 15:07:07 -0700
committer	Anthony Scarpino <Anthony.Scarpino@Sun.COM>	2009-04-10 15:07:07 -0700
commit	d288ba7491829a622697c947c3f1a30aec18c133 (patch)
tree	7b4df4095fa05b996a5ddae56c434df274c8a624 /usr/src/lib/pkcs11/pkcs11_softtoken/common
parent	dde769a2c00c82faaf80563ddd5610de2f4da339 (diff)
download	illumos-joyent-d288ba7491829a622697c947c3f1a30aec18c133.tar.gz