From 77b560e4129a5e499a7418a1c43083511b3b97ab Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Sat, 20 May 2017 18:06:16 -0400 Subject: Clean up C_GetTokenInfo(). --- pkcs11.c | 49 +++++++++---------------------------------------- 1 file changed, 9 insertions(+), 40 deletions(-) diff --git a/pkcs11.c b/pkcs11.c index f3ac77b..06205b6 100644 --- a/pkcs11.c +++ b/pkcs11.c @@ -91,7 +91,6 @@ * Some of this really should be coming from RPC queries. */ -#warning Figure out IDs and version numbers #define P11_MANUFACTURER_ID "Cryptech Project" #define P11_TOKEN_LABEL "Cryptech Token" #define P11_BOARD_MODEL "Alpha Board" @@ -2638,6 +2637,15 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, /* * No locking required here as long as we're just returning constants. + * + * Some of the values below are nonsensical, because they don't map + * particularly well to what the HSM is really doing. In some cases + * (particularly for some of the flags) we hard-wire whatever client + * software insists that we say before it will talk to us. Feh. + * + * Eventually we expect Cryptech devices to have their own hardware + * clocks, in which case we'd set CKF_CLOCK_ON_TOKEN and + * pInfo->utcTime. Hardware not implemented yet, so not here either. */ if (pInfo == NULL) @@ -2651,15 +2659,6 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, memset(pInfo, 0, sizeof(*pInfo)); - /* - * No real idea (yet) how we get many of the following parameters. - * - * pInfo->label is supposed to be set when the token is initialized. - * Not yet sure what that means in our context, but need something - * here or the libhsm test programs will bomb trying to find the - * right token, so hard-wire something for now. - */ - psnprintf(pInfo->label, sizeof(pInfo->label), P11_TOKEN_LABEL); psnprintf(pInfo->manufacturerID, sizeof(pInfo->manufacturerID), P11_MANUFACTURER_ID); psnprintf(pInfo->model, sizeof(pInfo->model), P11_BOARD_MODEL); @@ -2667,30 +2666,6 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, pInfo->flags = CKF_RNG | CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED | CKF_TOKEN_INITIALIZED; -#warning Have not yet sorted out token flags -#if 0 - CKF_RNG - CKF_WRITE_PROTECTED - CKF_LOGIN_REQUIRED - CKF_USER_PIN_INITIALIZED - CKF_RESTORE_KEY_NOT_NEEDED - CKF_CLOCK_ON_TOKEN - CKF_PROTECTED_AUTHENTICATION_PATH - CKF_DUAL_CRYPTO_OPERATIONS - CKF_TOKEN_INITIALIZED - CKF_SECONDARY_AUTHENTICATION - CKF_USER_PIN_COUNT_LOW - CKF_USER_PIN_FINAL_TRY - CKF_USER_PIN_LOCKED - CKF_USER_PIN_TO_BE_CHANGED - CKF_SO_PIN_COUNT_LOW - CKF_SO_PIN_FINAL_TRY - CKF_SO_PIN_LOCKED - CKF_SO_PIN_TO_BE_CHANGED - CKF_ERROR_STATE -#endif - -#warning Much of the TOKEN_INFO we return is nonsense pInfo->ulMaxSessionCount = CK_EFFECTIVELY_INFINITE; pInfo->ulSessionCount = CK_UNAVAILABLE_INFORMATION; pInfo->ulMaxRwSessionCount = CK_EFFECTIVELY_INFINITE; @@ -2706,12 +2681,6 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, pInfo->firmwareVersion.major = P11_VERSION_FW_MAJOR; pInfo->firmwareVersion.minor = P11_VERSION_FW_MINOR; - /* - * Eventually we expect Cryptech devices to have their own hardware - * clocks, in which case we'd set CKF_CLOCK_ON_TOKEN and - * pInfo->utcTime. Hardware not implemented yet, so not here either. - */ - return CKR_OK; } -- cgit v1.2.3