From 49af8650a34cb4ee603cc924ca9e3945e2a792db Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Fri, 19 May 2017 17:53:19 -0400 Subject: Start cleaning up info functions. --- pkcs11.c | 135 +++++++++++++++------------------------------------------------ 1 file changed, 31 insertions(+), 104 deletions(-) diff --git a/pkcs11.c b/pkcs11.c index de639ab..de96a79 100644 --- a/pkcs11.c +++ b/pkcs11.c @@ -87,17 +87,23 @@ #endif /* - * Version numbers. Placeholders for now. - * - * Software version number is just the version of this PKCS #11 - * implementation. Probably. + * Manufacturer ID, version numbers (hardware, firmware, software), etc. + * Some of this really should be coming from RPC queries. */ -#warning Figure out hardware and software version numbers -#define P11_VERSION_SW_MAJOR 0 -#define P11_VERSION_SW_MINOR 1 +#warning Figure out IDs and version numbers +#define P11_MANUFACTURER_ID "Cryptech Project" +#define P11_TOKEN_LABEL "Cryptech Token" +#define P11_BOARD_MODEL "Alpha Board" +#define P11_BOARD_SERIAL "007" +#define P11_LIBRARY_DESCRIPTION "libcryptech-pkcs11.so" +#define P11_SLOT_DESCRIPTION "Cryptech Alpha slot" #define P11_VERSION_HW_MAJOR 0 -#define P11_VERSION_HW_MINOR 1 +#define P11_VERSION_HW_MINOR 3 +#define P11_VERSION_FW_MAJOR 3 +#define P11_VERSION_FW_MINOR 0 +#define P11_VERSION_SW_MAJOR 3 +#define P11_VERSION_SW_MINOR 0 /* * Debugging control. @@ -1108,12 +1114,6 @@ static inline handle_flavor_t p11_object_flavor_from_cka_token(const CK_BBOOL *b return (bbool != NULL && *bbool) ? handle_flavor_token_object : handle_flavor_session_object; } -static inline hal_key_flags_t p11_object_hal_flags(const CK_OBJECT_HANDLE handle) -{ - return handle_flavor(handle) == handle_flavor_token_object ? HAL_KEY_FLAG_TOKEN : 0; -} - - /* * Open the HSM pkey object (if any) corresponding to the PKCS #11 handle. */ @@ -2677,19 +2677,10 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, * right token, so hard-wire something for now. */ - psnprintf(pInfo->label, sizeof(pInfo->label), - "Cryptech Token"); - - psnprintf(pInfo->manufacturerID, sizeof(pInfo->manufacturerID), - "Cryptech Project"); - - psnprintf(pInfo->model, sizeof(pInfo->model), - "%04x%04x%04x%04x", - P11_VERSION_HW_MAJOR, P11_VERSION_HW_MINOR, - P11_VERSION_SW_MAJOR, P11_VERSION_SW_MINOR); - - psnprintf(pInfo->serialNumber, sizeof(pInfo->serialNumber), - "007"); + psnprintf(pInfo->label, sizeof(pInfo->label), P11_TOKEN_LABEL); + psnprintf(pInfo->manufacturerID, sizeof(pInfo->manufacturerID), P11_MANUFACTURER_ID); + psnprintf(pInfo->model, sizeof(pInfo->model), P11_BOARD_MODEL); + psnprintf(pInfo->serialNumber, sizeof(pInfo->serialNumber), P11_BOARD_SERIAL); pInfo->flags = CKF_RNG | CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED | CKF_TOKEN_INITIALIZED; @@ -2729,17 +2720,14 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, pInfo->ulFreePrivateMemory = CK_UNAVAILABLE_INFORMATION; pInfo->hardwareVersion.major = P11_VERSION_HW_MAJOR; pInfo->hardwareVersion.minor = P11_VERSION_HW_MINOR; - pInfo->firmwareVersion.major = P11_VERSION_SW_MAJOR; - pInfo->firmwareVersion.minor = P11_VERSION_SW_MINOR; + pInfo->firmwareVersion.major = P11_VERSION_FW_MAJOR; + pInfo->firmwareVersion.minor = P11_VERSION_FW_MINOR; -#warning Need to sort out hardware clock -#if 0 /* - * Eventually we expect cryptech devices to have their own hardware - * clocks. Not implemented yet. + * Eventually we expect Cryptech devices to have their own hardware + * clocks, in which case we'd set CKF_CLOCK_ON_TOKEN and + * pInfo->utcTime. Hardware not implemented yet, so not here either. */ - pInfo->utcTime; -#endif return CKR_OK; } @@ -4253,12 +4241,6 @@ CK_RV C_GenerateRandom(CK_SESSION_HANDLE hSession, * Supply information about a particular mechanism. We may want a * more generic structure for this, for the moment, just answer the * questions that applications we care about are asking. - * - * Not really sure whether I should be setting CKF_HW here or not, RSA - * is a mix of hardware and software at the moment, but I'm also a - * little unclear on what "the device" means in this context, so let's - * just say that if it's implemented by libhal or the Verilog hiding - * behind libhal, it's implemented in hardware. */ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID, @@ -4285,61 +4267,6 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID, if (p11_uninitialized()) return CKR_CRYPTOKI_NOT_INITIALIZED; -#if 0 - /* - * Perhaps revisit this after adding an RPC call to let us check - * which cores are available. For now, given that we now have - * software core support for these hash algorithms, this test isn't - * particularly useful. - */ - - hal_digest_algorithm_t algorithm = HAL_DIGEST_ALGORITHM_NONE; - CK_RV rv = CKR_OK; - - switch (type) { - - case CKM_SHA_1: - case CKM_SHA1_RSA_PKCS: - case CKM_SHA_1_HMAC: - algorithm = HAL_DIGEST_ALGORITHM_SHA1; - break; - - case CKM_SHA224: - case CKM_SHA224_RSA_PKCS: - case CKM_SHA224_HMAC: - case CKM_ECDSA_SHA224: - algorithm = HAL_DIGEST_ALGORITHM_SHA224; - break; - - case CKM_SHA256: - case CKM_SHA256_RSA_PKCS: - case CKM_SHA256_HMAC: - case CKM_ECDSA_SHA256: - algorithm = HAL_DIGEST_ALGORITHM_SHA256; - break; - - case CKM_SHA384: - case CKM_SHA384_RSA_PKCS: - case CKM_SHA384_HMAC: - case CKM_ECDSA_SHA384: - algorithm = HAL_DIGEST_ALGORITHM_SHA384; - break; - - case CKM_SHA512: - case CKM_SHA512_RSA_PKCS: - case CKM_SHA512_HMAC: - case CKM_ECDSA_SHA512: - algorithm = HAL_DIGEST_ALGORITHM_SHA512; - break; - - default: - break; - } - - if (algorithm != HAL_DIGEST_ALGORITHM_NONE && (rv = digest_available(algorithm)) != CKR_OK) - return rv; -#endif - switch (type) { case CKM_RSA_PKCS_KEY_PAIR_GEN: @@ -4450,8 +4377,8 @@ CK_RV C_GetInfo(CK_INFO_PTR pInfo) memset(pInfo, 0, sizeof(*pInfo)); pInfo->cryptokiVersion.major = 2; pInfo->cryptokiVersion.minor = 30; - psnprintf(pInfo->manufacturerID, sizeof(pInfo->manufacturerID), "cryptech.is project"); - psnprintf(pInfo->libraryDescription, sizeof(pInfo->libraryDescription), "cryptech.is pkcs11"); + psnprintf(pInfo->manufacturerID, sizeof(pInfo->manufacturerID), P11_MANUFACTURER_ID); + psnprintf(pInfo->libraryDescription, sizeof(pInfo->libraryDescription), P11_LIBRARY_DESCRIPTION); pInfo->libraryVersion.major = P11_VERSION_SW_MAJOR; pInfo->libraryVersion.minor = P11_VERSION_SW_MINOR; @@ -4473,13 +4400,13 @@ CK_RV C_GetSlotInfo(CK_SLOT_ID slotID, return CKR_CRYPTOKI_NOT_INITIALIZED; memset(pInfo, 0, sizeof(*pInfo)); - psnprintf(pInfo->slotDescription, sizeof(pInfo->slotDescription), "cryptech.is slot on alpha"); - psnprintf(pInfo->manufacturerID, sizeof(pInfo->manufacturerID), "cryptech.is project"); + psnprintf(pInfo->slotDescription, sizeof(pInfo->slotDescription), P11_SLOT_DESCRIPTION); + psnprintf(pInfo->manufacturerID, sizeof(pInfo->manufacturerID), P11_MANUFACTURER_ID); pInfo->flags = CKF_TOKEN_PRESENT | CKF_HW_SLOT; - pInfo->hardwareVersion.major = 0; - pInfo->hardwareVersion.minor = 2; - pInfo->firmwareVersion.major = P11_VERSION_HW_MAJOR; - pInfo->firmwareVersion.minor = P11_VERSION_HW_MINOR; + pInfo->hardwareVersion.major = P11_VERSION_HW_MAJOR; + pInfo->hardwareVersion.minor = P11_VERSION_HW_MINOR; + pInfo->firmwareVersion.major = P11_VERSION_FW_MAJOR; + pInfo->firmwareVersion.minor = P11_VERSION_FW_MINOR; return CKR_OK; } -- cgit v1.2.3