Loading...
Searching...
No Matches
util_pkcs11.h File Reference
Include dependency graph for util_pkcs11.h:
This graph shows which files directly or indirectly include this file:
Go to the source code of this file.
Function Documentation
◆ add_connectors()
| bool add_connectors | ( | yubihsm_pkcs11_context * | ctx, |
| int | n_connectors, | ||
| char ** | connector_names, | ||
| yh_connector ** | connectors ) |
Definition at line 2924 of file util_pkcs11.c.
2925 {
2928 }
2929
2930 for (int i = 0; i < n_connectors; i++) {
2937 return false;
2938 }
2942 return false;
2943 }
2944 }
2947 return false;
2948 }
2949 }
2950 return true;
2951}
Definition yubihsm_pkcs11.h:163
Definition yubihsm_pkcs11.h:150
memset(pInfo->slotDescription, ' ', 64)
Here is the call graph for this function:
Here is the caller graph for this function:
◆ apply_decrypt_mechanism_finalize()
| CK_RV apply_decrypt_mechanism_finalize | ( | yubihsm_pkcs11_op_info * | op_info | ) |
◆ apply_decrypt_mechanism_init()
| CK_RV apply_decrypt_mechanism_init | ( | yubihsm_pkcs11_op_info * | op_info | ) |
Definition at line 1884 of file util_pkcs11.c.
Here is the call graph for this function:
◆ apply_decrypt_mechanism_update()
| CK_RV apply_decrypt_mechanism_update | ( | yubihsm_pkcs11_op_info * | op_info, |
| CK_BYTE_PTR | in, | ||
| CK_ULONG | in_len ) |
Definition at line 2053 of file util_pkcs11.c.
2054 {
2055
2062 }
2063
2066 break;
2067
2068 default:
2070 }
2071
2073}
uint8_t buffer[YUBIHSM_PKCS11_OP_BUFSIZE]
Definition yubihsm_pkcs11.h:137
memcpy((char *) pInfo->slotDescription, s, l)
Here is the call graph for this function:
Here is the caller graph for this function:
◆ apply_digest_mechanism_finalize()
| CK_RV apply_digest_mechanism_finalize | ( | yubihsm_pkcs11_op_info * | op_info | ) |
Definition at line 2163 of file util_pkcs11.c.
◆ apply_digest_mechanism_init()
| CK_RV apply_digest_mechanism_init | ( | yubihsm_pkcs11_op_info * | op_info | ) |
Definition at line 1902 of file util_pkcs11.c.
1902 {
1903
1904 const EVP_MD *md = NULL;
1905
1906 op_info->buffer_length = 0;
1907
1910 md = EVP_sha1();
1911 break;
1912
1914 md = EVP_sha256();
1915 break;
1916
1918 md = EVP_sha384();
1919 break;
1920
1922 md = EVP_sha512();
1923 break;
1924
1925 default:
1928 }
1929
1931
1933
1938 }
1939
1941}
Here is the call graph for this function:
◆ apply_digest_mechanism_update()
| CK_RV apply_digest_mechanism_update | ( | yubihsm_pkcs11_op_info * | op_info, |
| CK_BYTE_PTR | in, | ||
| CK_ULONG | in_len ) |
Definition at line 2095 of file util_pkcs11.c.
2096 {
2097
2107 }
2108 break;
2109
2110 default:
2112 }
2113
2115}
Here is the call graph for this function:
◆ apply_encrypt_mechanism_update()
| CK_RV apply_encrypt_mechanism_update | ( | yubihsm_pkcs11_op_info * | op_info, |
| CK_BYTE_PTR | in, | ||
| CK_ULONG | in_len ) |
Definition at line 2075 of file util_pkcs11.c.
2076 {
2077
2082 }
2083
2086 break;
2087
2088 default:
2090 }
2091
2093}
Here is the call graph for this function:
◆ apply_sign_mechanism_finalize()
| CK_RV apply_sign_mechanism_finalize | ( | yubihsm_pkcs11_op_info * | op_info | ) |
Definition at line 2117 of file util_pkcs11.c.
2117 {
2118
2122 &op_info->buffer_length);
2123
2126
2129 }
2130 }
2131
2134 uint16_t padding =
2137 op_info->buffer_length);
2139 op_info->buffer_length += padding;
2142 }
2143 }
2144
2145 // TODO(adma): check if more steps are need for PSS or ECDSA
2146
2148}
bool is_ECDSA_sign_mechanism(CK_MECHANISM_TYPE m)
Definition util_pkcs11.c:2690
Here is the call graph for this function:
◆ apply_sign_mechanism_init()
| CK_RV apply_sign_mechanism_init | ( | yubihsm_pkcs11_op_info * | op_info | ) |
Definition at line 1763 of file util_pkcs11.c.
1763 {
1764
1765 const EVP_MD *md = NULL;
1766
1767 op_info->buffer_length = 0;
1768
1777 // NOTE(adma): no hash required for these mechanisms
1780
1784 md = EVP_sha1();
1785 break;
1786
1790 md = EVP_sha256();
1791 break;
1792
1796 md = EVP_sha384();
1797 break;
1798
1802 md = EVP_sha512();
1803 break;
1804
1805 default:
1808 }
1809
1811
1816 }
1817
1819}
Here is the call graph for this function:
◆ apply_sign_mechanism_update()
| CK_RV apply_sign_mechanism_update | ( | yubihsm_pkcs11_op_info * | op_info, |
| CK_BYTE_PTR | in, | ||
| CK_ULONG | in_len ) |
Definition at line 1943 of file util_pkcs11.c.
1944 {
1945
1948 // NOTE(adma): Specs say there should be enough space for PKCS#1 padding
1952 }
1953
1956 break;
1957
1960 // NOTE(adma): Specs say ECDSA only supports data up to 1024 bit
1962 }
1963
1966 break;
1967
1975 }
1976
1979 break;
1980
1997 }
1998 break;
1999
2000 default:
2002 }
2003
2005}
Here is the call graph for this function:
◆ apply_verify_mechanism_finalize()
| CK_RV apply_verify_mechanism_finalize | ( | yubihsm_pkcs11_op_info * | op_info | ) |
◆ apply_verify_mechanism_init()
| CK_RV apply_verify_mechanism_init | ( | yubihsm_pkcs11_op_info * | op_info | ) |
Definition at line 1821 of file util_pkcs11.c.
1821 {
1822
1823 const EVP_MD *md = NULL;
1824
1825 op_info->buffer_length = 0;
1831
1840 // NOTE(adma): no hash required for these mechanisms
1842
1846 md = EVP_sha1();
1847 break;
1848
1852 md = EVP_sha256();
1853 break;
1854
1858 md = EVP_sha384();
1859 break;
1860
1864 md = EVP_sha512();
1865 break;
1866
1867 default:
1870 }
1871
1876 }
1879 }
1880
1882}
Here is the call graph for this function:
◆ apply_verify_mechanism_update()
| CK_RV apply_verify_mechanism_update | ( | yubihsm_pkcs11_op_info * | op_info, |
| CK_BYTE_PTR | in, | ||
| CK_ULONG | in_len ) |
Definition at line 2007 of file util_pkcs11.c.
2008 {
2009
2018 // NOTE(adma): no hash required for these mechanisms
2021 }
2022
2025 break;
2026
2043 }
2044 break;
2045
2046 default:
2048 }
2049
2051}
Here is the call graph for this function:
◆ check_decrypt_mechanism()
| bool check_decrypt_mechanism | ( | yubihsm_pkcs11_slot * | slot, |
| CK_MECHANISM_PTR | pMechanism ) |
Definition at line 1678 of file util_pkcs11.c.
1679 {
1680
1681 CK_MECHANISM_TYPE mechanisms[128];
1683
1686 return false;
1687 }
1688
1690 return false;
1691 }
1692
1695 return true;
1696 }
1697 }
1698
1699 return false;
1700}
CK_RV get_mechanism_list(yubihsm_pkcs11_slot *slot, CK_MECHANISM_TYPE_PTR pMechanismList, CK_ULONG_PTR count)
Definition util_pkcs11.c:73
bool is_RSA_decrypt_mechanism(CK_MECHANISM_TYPE m)
Definition util_pkcs11.c:2627
Here is the call graph for this function:
◆ check_digest_mechanism()
| bool check_digest_mechanism | ( | CK_MECHANISM_PTR | pMechanism | ) |
Definition at line 1725 of file util_pkcs11.c.
1725 {
1726
1732 break;
1733 default:
1734 return false;
1735 }
1736
1737 return true;
1738}
◆ check_encrypt_mechanism()
| bool check_encrypt_mechanism | ( | yubihsm_pkcs11_slot * | slot, |
| CK_MECHANISM_PTR | pMechanism ) |
Definition at line 1702 of file util_pkcs11.c.
1703 {
1704
1705 CK_MECHANISM_TYPE mechanisms[128];
1707
1709 return false;
1710 }
1711
1713 return false;
1714 }
1715
1718 return true;
1719 }
1720 }
1721
1722 return false;
1723}
Here is the call graph for this function:
◆ check_sign_mechanism()
| bool check_sign_mechanism | ( | yubihsm_pkcs11_slot * | slot, |
| CK_MECHANISM_PTR | pMechanism ) |
Definition at line 1646 of file util_pkcs11.c.
1647 {
1648
1649 CK_MECHANISM_TYPE mechanisms[128];
1651
1655
1656 return false;
1657 }
1658
1660 return false;
1661 }
1662
1665 return true;
1666 }
1667 }
1668
1669 return false;
1670}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ check_verify_mechanism()
| bool check_verify_mechanism | ( | yubihsm_pkcs11_slot * | slot, |
| CK_MECHANISM_PTR | pMechanism ) |
Definition at line 1672 of file util_pkcs11.c.
1673 {
1674
1676}
bool check_sign_mechanism(yubihsm_pkcs11_slot *slot, CK_MECHANISM_PTR pMechanism)
Definition util_pkcs11.c:1646
Here is the call graph for this function:
◆ check_wrap_mechanism()
| bool check_wrap_mechanism | ( | yubihsm_pkcs11_slot * | slot, |
| CK_MECHANISM_PTR | pMechanism ) |
Definition at line 1740 of file util_pkcs11.c.
1741 {
1742
1743 CK_MECHANISM_TYPE mechanisms[128];
1745
1747 return false;
1748 }
1749
1751 return false;
1752 }
1753
1756 return true;
1757 }
1758 }
1759
1760 return false;
1761}
Here is the call graph for this function:
◆ create_session()
| bool create_session | ( | yubihsm_pkcs11_slot * | slot, |
| CK_FLAGS | flags, | ||
| CK_SESSION_HANDLE_PTR | phSession ) |
Definition at line 491 of file util_pkcs11.c.
492 {
493
494 bool authed = false;
501 authed = true;
502 }
503 }
505 session.session_state =
507 } else {
508 session.session_state =
510 }
516}
Definition yubihsm_pkcs11.h:122
CK_SLOT_ID CK_FLAGS CK_VOID_PTR CK_NOTIFY CK_SESSION_HANDLE_PTR phSession
Definition yubihsm_pkcs11.c:810
Here is the call graph for this function:
◆ decrypt_mechanism_cleanup()
| bool decrypt_mechanism_cleanup | ( | yubihsm_pkcs11_op_info * | op_info | ) |
Definition at line 2566 of file util_pkcs11.c.
2566 {
2567
2568 (void) op_info;
2569
2570 return true;
2571}
◆ delete_object_from_cache()
| void delete_object_from_cache | ( | yubihsm_pkcs11_object_desc * | objects, |
| CK_OBJECT_HANDLE | objHandle ) |
Definition at line 1571 of file util_pkcs11.c.
1572 {
1574 uint8_t type = objHandle >> 16;
1575 uint8_t sequence = objHandle >> 24;
1576
1578 if (objects[i].object.id == id &&
1579 (objects[i].object.type & 0x7f) == (type & 0x7f) &&
1580 objects[i].object.sequence == sequence) {
1582 return;
1583 }
1584 }
1585}
Here is the call graph for this function:
◆ delete_session()
| bool delete_session | ( | yubihsm_pkcs11_context * | ctx, |
| CK_SESSION_HANDLE_PTR | phSession ) |
Definition at line 2831 of file util_pkcs11.c.
2832 {
2837
2839 ListItem *item =
2841 if (item) {
2844 }
2846 }
2848}
ListItem * list_get(List *list, void *data, CompareItemFn compare_item_fn)
Definition list.c:105
void release_slot(yubihsm_pkcs11_context *ctx, yubihsm_pkcs11_slot *slot)
Definition util_pkcs11.c:2782
yubihsm_pkcs11_slot * get_slot(yubihsm_pkcs11_context *ctx, CK_ULONG id)
Definition util_pkcs11.c:2766
Here is the call graph for this function:
Here is the caller graph for this function:
◆ destroy_session()
| void destroy_session | ( | yubihsm_pkcs11_context * | ctx, |
| CK_SESSION_HANDLE | hSession ) |
◆ digest_mechanism_cleanup()
| bool digest_mechanism_cleanup | ( | yubihsm_pkcs11_op_info * | op_info | ) |
◆ get_attribute()
| CK_RV get_attribute | ( | CK_ATTRIBUTE_TYPE | type, |
| yh_object_descriptor * | object, | ||
| CK_VOID_PTR | value, | ||
| CK_ULONG_PTR | length, | ||
| yh_session * | session ) |
Definition at line 1455 of file util_pkcs11.c.
1457 {
1458
1459 CK_BYTE tmp[2048];
1460 CK_VOID_PTR ptr;
1462 // NOTE(adma): we just need the length, use a scratchpad for the data
1463 ptr = tmp;
1464 *length = sizeof(tmp);
1465 } else {
1466 // NOTE(adma): otherwise actually save the data
1467 ptr = value;
1468 }
1469
1473
1476 return get_attribute_secret_key(type, object, ptr, length);
1477
1482
1486 // TODO: do something good here.
1487 break;
1488 } // TODO(adma): try to check common attributes in some convenience function
1489
1491}
@ YH_OTP_AEAD_KEY
OTP AEAD Key is a secret key used to decrypt Yubico OTP values.
Definition yubihsm.h:376
@ YH_HMAC_KEY
HMAC Key is a secret key used when computing and verifying HMAC signatures.
Definition yubihsm.h:371
@ YH_ASYMMETRIC_KEY
Asymmetric Key is the private key of an asymmetric key-pair.
Definition yubihsm.h:366
@ YH_AUTHENTICATION_KEY
Authentication Key is used to establish Sessions with a device.
Definition yubihsm.h:364
Here is the caller graph for this function:
◆ get_attribute_ecsession_key()
| CK_RV get_attribute_ecsession_key | ( | CK_ATTRIBUTE_TYPE | type, |
| ecdh_session_key * | key, | ||
| CK_VOID_PTR | value, | ||
| CK_ULONG_PTR | length ) |
Definition at line 1493 of file util_pkcs11.c.
1494 {
1495
1496 CK_BYTE tmp[2048];
1497 CK_VOID_PTR ptr;
1499 ptr = tmp;
1500 *length = sizeof(tmp);
1501 } else {
1502 ptr = value;
1503 }
1504
1505 switch (type) {
1507 *((CK_OBJECT_CLASS *) ptr) = CKO_SECRET_KEY;
1508 *length = sizeof(CK_OBJECT_CLASS);
1509 break;
1510
1512 *((CK_KEY_TYPE *) ptr) = CKK_GENERIC_SECRET;
1513 *length = sizeof(CK_KEY_TYPE);
1514 break;
1515
1517 CK_OBJECT_HANDLE *id = ptr;
1518 *id = key->id;
1519 *length = sizeof(CK_OBJECT_HANDLE);
1520 break;
1521 }
1522
1524 *length = strlen(key->label);
1525 memcpy(ptr, key->label, *length);
1526 break;
1527
1532 break;
1533
1538 break;
1539
1556 break;
1557
1559 memcpy(ptr, key->ecdh_key, key->len);
1560 *length = key->len;
1561 break;
1562
1563 default:
1564 *length = CK_UNAVAILABLE_INFORMATION;
1566 }
1567
1569}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ get_digest_bytelength()
| CK_ULONG get_digest_bytelength | ( | CK_MECHANISM_TYPE | m | ) |
Definition at line 2583 of file util_pkcs11.c.
2583 {
2584
2585 switch (m) {
2587 return 20;
2588
2590 return 32;
2591
2593 return 48;
2594
2596 return 64;
2597
2598 default:
2599 break;
2600 }
2601
2602 return 0;
2603}
◆ get_mechanism_info()
| bool get_mechanism_info | ( | yubihsm_pkcs11_slot * | slot, |
| CK_MECHANISM_TYPE | type, | ||
| CK_MECHANISM_INFO_PTR | pInfo ) |
Definition at line 313 of file util_pkcs11.c.
314 {
315
322 return false;
323 }
324 }
325
327 switch (type) {
330
336 &pInfo->ulMinKeySize,
337 &pInfo->ulMaxKeySize);
339 break;
340
347 &pInfo->ulMinKeySize,
348 &pInfo->ulMaxKeySize);
350 break;
351
354 &pInfo->ulMinKeySize,
355 &pInfo->ulMaxKeySize);
357 break;
358
361 &pInfo->ulMinKeySize,
362 &pInfo->ulMaxKeySize);
364 break;
365
368 &pInfo->ulMinKeySize,
369 &pInfo->ulMaxKeySize);
372 break;
373
375 pInfo->ulMaxKeySize = 64 * 8;
376 pInfo->ulMinKeySize = 1;
378 break;
379
381 pInfo->ulMaxKeySize = 64 * 8;
382 pInfo->ulMinKeySize = 1;
384 break;
385
387 pInfo->ulMaxKeySize = 128 * 8;
388 pInfo->ulMinKeySize = 1;
390 break;
391
393 pInfo->ulMaxKeySize = 128 * 8;
394 pInfo->ulMinKeySize = 1;
396 break;
397
403 // should all ecdsa mechanisms have all keylengths? or should they be
404 // bounded to length of hash?
406 &pInfo->ulMinKeySize,
407 &pInfo->ulMaxKeySize);
409 CKF_EC_UNCOMPRESS;
410 break;
411
414 &pInfo->ulMinKeySize,
415 &pInfo->ulMaxKeySize);
417 CKF_EC_UNCOMPRESS;
418 break;
419
424 break;
425
430 break;
431
436 break;
437
442 break;
443
445 pInfo->ulMaxKeySize = 256;
446 pInfo->ulMinKeySize = 128;
448 break;
449
451 pInfo->ulMaxKeySize =
452 128 * 8; // NOTE: 128*8 is max key size for sha512-hmac keys
453 pInfo->ulMinKeySize = 1;
455 break;
456
457 default:
458 return false;
459 }
460
461 return true;
462}
yh_algorithm algorithms[YH_MAX_ALGORITHM_COUNT]
Definition yubihsm_pkcs11.h:158
yh_rc yh_util_get_device_info(yh_connector *connector, uint8_t *major, uint8_t *minor, uint8_t *patch, uint32_t *serial, uint8_t *log_total, uint8_t *log_used, yh_algorithm *algorithms, size_t *n_algorithms)
Definition yubihsm.c:938
Here is the call graph for this function:
◆ get_mechanism_list()
| CK_RV get_mechanism_list | ( | yubihsm_pkcs11_slot * | slot, |
| CK_MECHANISM_TYPE_PTR | pMechanismList, | ||
| CK_ULONG_PTR | count ) |
Definition at line 73 of file util_pkcs11.c.
75 {
76
84 }
85 }
86
87 CK_MECHANISM_TYPE buffer[128]; // NOTE: this is a bit hardcoded, but much more
88 // than what we might add below.
89 CK_ULONG items = 0;
90
94 add_mech(buffer, &items, CKM_RSA_PKCS);
95 add_mech(buffer, &items, CKM_SHA1_RSA_PKCS);
96 break;
97
99 add_mech(buffer, &items, CKM_RSA_PKCS);
100 add_mech(buffer, &items, CKM_SHA256_RSA_PKCS);
101 break;
102
104 add_mech(buffer, &items, CKM_RSA_PKCS);
105 add_mech(buffer, &items, CKM_SHA384_RSA_PKCS);
106 break;
107
109 add_mech(buffer, &items, CKM_RSA_PKCS);
110 add_mech(buffer, &items, CKM_SHA512_RSA_PKCS);
111 break;
112
114 add_mech(buffer, &items, CKM_RSA_PKCS_PSS);
115 add_mech(buffer, &items, CKM_SHA1_RSA_PKCS_PSS);
116 break;
117
119 add_mech(buffer, &items, CKM_RSA_PKCS_PSS);
120 add_mech(buffer, &items, CKM_SHA256_RSA_PKCS_PSS);
121 break;
122
124 add_mech(buffer, &items, CKM_RSA_PKCS_PSS);
125 add_mech(buffer, &items, CKM_SHA384_RSA_PKCS_PSS);
126 break;
127
129 add_mech(buffer, &items, CKM_RSA_PKCS_PSS);
130 add_mech(buffer, &items, CKM_SHA512_RSA_PKCS_PSS);
131 break;
132
136 add_mech(buffer, &items, CKM_RSA_PKCS_KEY_PAIR_GEN);
137 break;
138
147 add_mech(buffer, &items, CKM_EC_KEY_PAIR_GEN);
148 break;
149
151 add_mech(buffer, &items, CKM_SHA_1_HMAC);
152 add_mech(buffer, &items, CKM_GENERIC_SECRET_KEY_GEN);
153 break;
154
156 add_mech(buffer, &items, CKM_SHA256_HMAC);
157 add_mech(buffer, &items, CKM_GENERIC_SECRET_KEY_GEN);
158 break;
159
161 add_mech(buffer, &items, CKM_SHA384_HMAC);
162 add_mech(buffer, &items, CKM_GENERIC_SECRET_KEY_GEN);
163 break;
164
166 add_mech(buffer, &items, CKM_SHA512_HMAC);
167 add_mech(buffer, &items, CKM_GENERIC_SECRET_KEY_GEN);
168 break;
169
171 add_mech(buffer, &items, CKM_ECDSA);
172 add_mech(buffer, &items, CKM_ECDSA_SHA1);
173 break;
174
176 add_mech(buffer, &items, CKM_ECDSA);
177 add_mech(buffer, &items, CKM_ECDSA_SHA256);
178 break;
179
181 add_mech(buffer, &items, CKM_ECDSA);
182 add_mech(buffer, &items, CKM_ECDSA_SHA384);
183 break;
184
186 add_mech(buffer, &items, CKM_ECDSA);
187 add_mech(buffer, &items, CKM_ECDSA_SHA512);
188 break;
189
191 add_mech(buffer, &items, CKM_ECDH1_DERIVE);
192 break;
193
198 add_mech(buffer, &items, CKM_RSA_PKCS_OAEP);
199 break;
200
204 add_mech(buffer, &items, CKM_YUBICO_AES_CCM_WRAP);
205 add_mech(buffer, &items, CKM_GENERIC_SECRET_KEY_GEN);
206 break;
207
208 // NOTE: there are algorithms don't have corresponding mechanisms
209 default:
210 break;
211 }
212 }
213
214 // NOTE(adma): manually add digest mechanisms
215 add_mech(buffer, &items, CKM_SHA_1);
216 add_mech(buffer, &items, CKM_SHA256);
217 add_mech(buffer, &items, CKM_SHA384);
218 add_mech(buffer, &items, CKM_SHA512);
219
222 *count = items;
223
225 }
226
228 }
229
230 *count = items;
231
233}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ get_object_desc()
| yubihsm_pkcs11_object_desc * get_object_desc | ( | yh_session * | session, |
| yubihsm_pkcs11_object_desc * | objects, | ||
| CK_OBJECT_HANDLE | objectHandle ) |
Definition at line 1587 of file util_pkcs11.c.
1589 {
1590
1593 uint8_t type = objHandle >> 16;
1594 uint8_t sequence = objHandle >> 24;
1595
1597 if (objects[i].object.id == id &&
1598 (objects[i].object.type & 0x7f) == (type & 0x7f) &&
1599 objects[i].object.sequence == sequence) {
1600 object = &objects[i];
1601 break;
1602 }
1603 }
1604
1605 if (!object) {
1606 uint16_t low;
1607 struct timeval *low_time = NULL;
1608
1610 if (objects[i].tv.tv_sec == 0) {
1611 low = i;
1612 low_time = &objects[i].tv;
1613 break;
1614 } else {
1615 if (!low_time || objects[i].tv.tv_sec < low_time->tv_sec ||
1616 (objects[i].tv.tv_sec == low_time->tv_sec &&
1617 objects[i].tv.tv_usec < low_time->tv_usec)) {
1618
1619 low_time = &objects[i].tv;
1620 low = i;
1621 }
1622 }
1623 }
1624 object = &objects[low];
1626 }
1627
1629 uint16_t real_type =
1630 type & ~0x80; // NOTE(adma): public key are not real objects
1633 return NULL;
1634 }
1635
1636 object->filled = true;
1637 }
1638
1640
1641 gettimeofday(&object->tv, NULL);
1642
1644}
yh_rc yh_util_get_object_info(yh_session *session, uint16_t id, yh_object_type type, yh_object_descriptor *object)
Definition yubihsm.c:1128
Here is the call graph for this function:
◆ get_session()
| CK_RV get_session | ( | yubihsm_pkcs11_context * | ctx, |
| CK_SESSION_HANDLE | hSession, | ||
| yubihsm_pkcs11_session ** | session, | ||
| int | session_state ) |
Definition at line 2789 of file util_pkcs11.c.
2790 {
2793
2798 }
2799
2800 ListItem *item =
2802 if (item == NULL) {
2806 }
2807
2811 // NOTE(thorduri): slot is locked.
2813 }
2814
2825 }
2826
2829}
Definition yubihsm_curl.c:28
Here is the call graph for this function:
Here is the caller graph for this function:
◆ get_slot()
| yubihsm_pkcs11_slot * get_slot | ( | yubihsm_pkcs11_context * | ctx, |
| CK_ULONG | id ) |
Definition at line 2766 of file util_pkcs11.c.
2766 {
2767
2769 if (item) {
2773 return NULL;
2774 }
2775 }
2777 }
2778
2779 return NULL;
2780}
Here is the call graph for this function:
Here is the caller graph for this function:
◆ is_ECDSA_sign_mechanism()
| bool is_ECDSA_sign_mechanism | ( | CK_MECHANISM_TYPE | m | ) |
Definition at line 2690 of file util_pkcs11.c.
2690 {
2691
2692 switch (m) {
2698 return true;
2699
2700 default:
2701 break;
2702 }
2703
2704 return false;
2705}
Here is the caller graph for this function:
◆ is_hashed_mechanism()
| bool is_hashed_mechanism | ( | CK_MECHANISM_TYPE | m | ) |
Definition at line 2645 of file util_pkcs11.c.
2645 {
2646
2647 switch (m) {
2664 return true;
2665
2666 default:
2667 break;
2668 }
2669
2670 return false;
2671}
Here is the caller graph for this function:
◆ is_HMAC_sign_mechanism()
| bool is_HMAC_sign_mechanism | ( | CK_MECHANISM_TYPE | m | ) |
Definition at line 2724 of file util_pkcs11.c.
2724 {
2725
2726 switch (m) {
2731 return true;
2732
2733 default:
2734 break;
2735 }
2736
2737 return false;
2738}
Here is the caller graph for this function:
◆ is_PKCS1v1_5_sign_mechanism()
| bool is_PKCS1v1_5_sign_mechanism | ( | CK_MECHANISM_TYPE | m | ) |
Definition at line 2673 of file util_pkcs11.c.
2673 {
2674
2675 switch (m) {
2681 return true;
2682
2683 default:
2684 break;
2685 }
2686
2687 return false;
2688}
Here is the caller graph for this function:
◆ is_PSS_sign_mechanism()
| bool is_PSS_sign_mechanism | ( | CK_MECHANISM_TYPE | m | ) |
Definition at line 2707 of file util_pkcs11.c.
2707 {
2708
2709 switch (m) {
2715 return true;
2716
2717 default:
2718 break;
2719 }
2720
2721 return false;
2722}
Here is the caller graph for this function:
◆ is_RSA_decrypt_mechanism()
| bool is_RSA_decrypt_mechanism | ( | CK_MECHANISM_TYPE | m | ) |
Definition at line 2627 of file util_pkcs11.c.
2627 {
2628
2629 switch (m) {
2636 return true;
2637
2638 default:
2639 break;
2640 }
2641
2642 return false;
2643}
Here is the caller graph for this function:
◆ is_RSA_sign_mechanism()
| bool is_RSA_sign_mechanism | ( | CK_MECHANISM_TYPE | m | ) |
Definition at line 2605 of file util_pkcs11.c.
2605 {
2606
2607 switch (m) {
2618 return true;
2619
2620 default:
2621 break;
2622 }
2623
2624 return false;
2625}
Here is the caller graph for this function:
◆ parse_ec_generate_template()
| CK_RV parse_ec_generate_template | ( | CK_ATTRIBUTE_PTR | pPublicKeyTemplate, |
| CK_ULONG | ulPublicKeyAttributeCount, | ||
| CK_ATTRIBUTE_PTR | pPrivateKeyTemplate, | ||
| CK_ULONG | ulPrivateKeyAttributeCount, | ||
| yubihsm_pkcs11_object_template * | template ) |
Definition at line 3570 of file util_pkcs11.c.
3574 {
3575
3576 uint8_t *ecparams = NULL;
3577 uint16_t ecparams_len = 0;
3579 CK_RV rv;
3580
3582
3589 }
3590 break;
3591
3596 }
3597 break;
3598
3602 pPublicKeyTemplate[i].ulValueLen);
3603 if (id == -1) {
3606 }
3608 } else {
3611 }
3612 break;
3613
3615 if (ecparams == NULL) {
3617 ecparams_len = pPublicKeyTemplate[i].ulValueLen;
3618 } else {
3621 }
3622 break;
3623
3628 }
3629
3631 pPublicKeyTemplate[i].ulValueLen);
3632
3633 label_set = TRUE;
3634
3635 break;
3636
3639 CKR_OK) {
3641 pPublicKeyTemplate[i].type);
3643 }
3644 break;
3645
3652 CKR_OK) {
3654 pPublicKeyTemplate[i].type);
3656 }
3657 break;
3658
3665 break;
3666
3667 default:
3669 pPublicKeyTemplate[i].type);
3671 }
3672 }
3673
3678 CKO_PRIVATE_KEY) {
3681 }
3682 break;
3683
3688 }
3689 break;
3690
3693 pPrivateKeyTemplate[i].ulValueLen);
3694 if (id == -1) {
3697 }
3701 } else {
3703 }
3704 } break;
3705
3708 pPrivateKeyTemplate[i].pValue)) !=
3709 CKR_OK) {
3712 }
3713 break;
3714
3717 pPrivateKeyTemplate[i].pValue)) !=
3718 CKR_OK) {
3721 }
3722 break;
3723
3726 pPrivateKeyTemplate[i].pValue)) !=
3727 CKR_OK) {
3730 }
3731 break;
3732
3737 }
3738
3741 pPrivateKeyTemplate[i].ulValueLen) != 0) {
3744 }
3745 } else {
3747 pPrivateKeyTemplate[i].ulValueLen);
3748 }
3749 break;
3750
3756 CKR_OK) {
3758 pPrivateKeyTemplate[i].type);
3760 }
3761 break;
3762
3770 CKR_OK) {
3772 pPrivateKeyTemplate[i].type);
3774 }
3775 break;
3776
3779 break;
3780
3781 default:
3783 }
3784 }
3785
3786 if (ecparams == NULL) {
3789 }
3790
3796 }
3797
3799}
yubihsm_pkcs11_attribute exportable
Definition yubihsm_pkcs11.h:185
yubihsm_pkcs11_attribute derive
Definition yubihsm_pkcs11.h:184
CK_RV set_template_attribute(yubihsm_pkcs11_attribute *attribute, void *value)
Definition util_pkcs11.c:2953
CK_SESSION_HANDLE CK_MECHANISM_PTR CK_ATTRIBUTE_PTR CK_ULONG CK_ATTRIBUTE_PTR CK_ULONG ulPrivateKeyAttributeCount
Definition yubihsm_pkcs11.c:4538
CK_SESSION_HANDLE CK_MECHANISM_PTR CK_ATTRIBUTE_PTR CK_ULONG CK_ATTRIBUTE_PTR pPrivateKeyTemplate
Definition yubihsm_pkcs11.c:4538
CK_SESSION_HANDLE CK_MECHANISM_PTR CK_ATTRIBUTE_PTR CK_ULONG ulPublicKeyAttributeCount
Definition yubihsm_pkcs11.c:4537
CK_SESSION_HANDLE CK_MECHANISM_PTR CK_ATTRIBUTE_PTR pPublicKeyTemplate
Definition yubihsm_pkcs11.c:4537
Here is the call graph for this function:
◆ parse_ec_template()
| CK_RV parse_ec_template | ( | CK_ATTRIBUTE_PTR | pTemplate, |
| CK_ULONG | ulCount, | ||
| yubihsm_pkcs11_object_template * | template ) |
Definition at line 3150 of file util_pkcs11.c.
3151 {
3152
3153 uint8_t *ecparams = NULL;
3154 uint16_t ecparams_len;
3155 CK_RV rv;
3156
3159
3164 } else {
3166 }
3167 break;
3168
3170 if (ecparams == NULL) {
3172 ecparams_len = pTemplate[i].ulValueLen;
3173 } else {
3175 }
3176 break;
3177
3182 }
3183 break;
3184
3189 }
3190 break;
3191
3197 }
3198 break;
3199
3206 break;
3207
3208 default:
3210 }
3211 }
3214 CK_RV rv =
3218 }
3221 }
3222 } else {
3224 }
3225
3227}
union yubihsm_pkcs11_object_template::@114 obj
Here is the call graph for this function:
◆ parse_hex()
| bool parse_hex | ( | CK_UTF8CHAR_PTR | hex, |
| CK_ULONG | hex_len, | ||
| uint8_t * | parsed ) |
Definition at line 464 of file util_pkcs11.c.
464 {
465
467
469 if (isxdigit(hex[i]) == 0 || isxdigit(hex[i + 1]) == 0) {
470 return false;
471 }
472
473 if (isdigit(hex[i])) {
475 } else {
477 }
478
479 if (isdigit(hex[i + 1])) {
481 } else {
483 }
484
485 j++;
486 }
487
488 return true;
489}
◆ parse_hmac_template()
| CK_RV parse_hmac_template | ( | CK_ATTRIBUTE_PTR | pTemplate, |
| CK_ULONG | ulCount, | ||
| yubihsm_pkcs11_object_template * | template, | ||
| bool | generate ) |
Definition at line 3229 of file util_pkcs11.c.
3231 {
3232
3233 CK_RV rv;
3234
3237
3240 // TODO: consider hanshing the key here if it's longer than blocklen
3243 } else {
3245 }
3246 break;
3247
3252 }
3253 break;
3254
3259 }
3260 break;
3261
3266 break;
3269 break;
3272 break;
3275 break;
3276 default:
3278 }
3279 break;
3280
3284 }
3285 break;
3286
3292 break;
3293
3294 default:
3296 }
3297 }
3300 } else {
3302 }
3303}
yubihsm_pkcs11_attribute verify
Definition yubihsm_pkcs11.h:186
Here is the call graph for this function:
◆ parse_id_value()
| int parse_id_value | ( | void * | value, |
| CK_ULONG | len ) |
Definition at line 3556 of file util_pkcs11.c.
3556 {
3558 case 0:
3559 return 0;
3560 case 1:
3562 case 2:
3564 default:
3567 }
3568}
Here is the caller graph for this function:
◆ parse_rsa_generate_template()
| CK_RV parse_rsa_generate_template | ( | CK_ATTRIBUTE_PTR | pPublicKeyTemplate, |
| CK_ULONG | ulPublicKeyAttributeCount, | ||
| CK_ATTRIBUTE_PTR | pPrivateKeyTemplate, | ||
| CK_ULONG | ulPrivateKeyAttributeCount, | ||
| yubihsm_pkcs11_object_template * | template ) |
Definition at line 3305 of file util_pkcs11.c.
3309 {
3310
3311 uint8_t *e = NULL;
3313 CK_RV rv;
3314
3316
3323 }
3324 break;
3325
3330 }
3331 break;
3332
3336 pPublicKeyTemplate[i].ulValueLen);
3337 if (id == -1) {
3340 }
3342 } else {
3345 }
3346 break;
3347
3349 if (e == NULL) {
3352 memcmp(e, "\x01\x00\x01", 3) == 0) ||
3353 (pPublicKeyTemplate[i].ulValueLen == 4 &&
3354 memcmp(e, "\x00\x01\x00\x01", 4) == 0))) {
3357 }
3358 } else {
3361 }
3362 break;
3363
3366 case 2048:
3368 break;
3369
3370 case 3072:
3372 break;
3373
3374 case 4096:
3376 break;
3377
3378 default:
3382 }
3383 break;
3384
3389 }
3390
3392 pPublicKeyTemplate[i].ulValueLen);
3393
3394 label_set = TRUE;
3395
3396 break;
3397
3400 CKR_OK) {
3402 pPublicKeyTemplate[i].type);
3404 }
3405 break;
3406
3412 CKR_OK) {
3414 pPublicKeyTemplate[i].type);
3416 }
3417 break;
3418
3426 break;
3427
3428 default:
3430 pPublicKeyTemplate[i].type);
3432 }
3433 }
3434
3439 CKO_PRIVATE_KEY) {
3442 }
3443 break;
3444
3449 }
3450 break;
3451
3454 pPrivateKeyTemplate[i].ulValueLen);
3455 if (id == -1) {
3458 }
3462 } else {
3464 }
3465 } break;
3466
3469 pPrivateKeyTemplate[i].pValue)) !=
3470 CKR_OK) {
3473 }
3474 break;
3475
3478 pPrivateKeyTemplate[i].pValue)) !=
3479 CKR_OK) {
3482 }
3483 break;
3484
3487 pPrivateKeyTemplate[i].pValue)) !=
3488 CKR_OK) {
3491 }
3492 break;
3493
3498 }
3499
3502 pPrivateKeyTemplate[i].ulValueLen) != 0) {
3505 }
3506 } else {
3508 pPrivateKeyTemplate[i].ulValueLen);
3509 }
3510 break;
3511
3517 CKR_OK) {
3519 pPrivateKeyTemplate[i].type);
3521 }
3522 break;
3523
3530 CKR_OK) {
3532 pPrivateKeyTemplate[i].type);
3534 }
3535 break;
3536
3539 break;
3540
3541 default:
3543 pPrivateKeyTemplate[i].type);
3545 }
3546 }
3547
3551 }
3552
3554}
yubihsm_pkcs11_attribute decrypt
Definition yubihsm_pkcs11.h:183
Here is the call graph for this function:
Here is the caller graph for this function:
◆ parse_rsa_template()
| CK_RV parse_rsa_template | ( | CK_ATTRIBUTE_PTR | pTemplate, |
| CK_ULONG | ulCount, | ||
| yubihsm_pkcs11_object_template * | template ) |
Definition at line 2976 of file util_pkcs11.c.
2977 {
2978
2979 uint8_t *e = NULL;
2980 uint16_t primelen = 0;
2981 CK_RV rv;
2982
2985
2990 pTemplate[i].ulValueLen--;
2991 template->obj.rsa.p++;
2992 }
2994 primelen = pTemplate[i].ulValueLen;
2995 } else {
2997 }
2998 } else {
3000 }
3001 break;
3002
3007 pTemplate[i].ulValueLen--;
3008 template->obj.rsa.q++;
3009 }
3011 primelen = pTemplate[i].ulValueLen;
3012 } else {
3014 }
3015 } else {
3017 }
3018 break;
3019
3021 if (e == NULL) {
3024 memcmp(e, "\x01\x00\x01", 3) != 0) {
3026 }
3027 } else {
3029 }
3030 break;
3031
3036 }
3037 break;
3038
3043 }
3044 break;
3045
3051 }
3052 break;
3053
3065 break;
3066
3067 default:
3069 }
3070 }
3072 template->objlen = primelen;
3073 switch (primelen) {
3074 case 128:
3076 break;
3077 case 192:
3079 break;
3080 case 256:
3082 break;
3083 default:
3085 }
3086 } else {
3088 }
3089
3091}
struct yubihsm_pkcs11_object_template::@114::@115 rsa
Here is the call graph for this function:
◆ parse_wrap_template()
| CK_RV parse_wrap_template | ( | CK_ATTRIBUTE_PTR | pTemplate, |
| CK_ULONG | ulCount, | ||
| yubihsm_pkcs11_object_template * | template, | ||
| bool | generate ) |
Definition at line 3801 of file util_pkcs11.c.
3803 {
3804
3805 CK_RV rv;
3806
3809
3814 } else {
3816 }
3817 break;
3818
3823 }
3824 break;
3825
3830 }
3831 break;
3832
3837 }
3838 break;
3839
3844 }
3845 break;
3846
3850 }
3851 break;
3852
3859 break;
3860
3861 default:
3863 }
3864 }
3867 } else {
3869 }
3870}
yubihsm_pkcs11_attribute encrypt
Definition yubihsm_pkcs11.h:182
yubihsm_pkcs11_attribute unwrap
Definition yubihsm_pkcs11.h:188
Here is the call graph for this function:
◆ perform_decrypt()
| CK_RV perform_decrypt | ( | yh_session * | session, |
| yubihsm_pkcs11_op_info * | op_info, | ||
| uint8_t * | ciphertext, | ||
| uint16_t * | ciphertext_len ) |
Definition at line 2463 of file util_pkcs11.c.
2464 {
2465
2468
2472 op_info->buffer, &outlen);
2474 yrc =
2481 yrc =
2484 } else {
2487 }
2488
2492 }
2493
2494 if (outlen > *data_len) {
2496 *data_len = outlen;
2498 }
2500 *data_len = outlen;
2501
2503}
struct mechanism::@110::@112 oaep
yh_rc yh_util_unwrap_data(yh_session *session, uint16_t key_id, const uint8_t *in, size_t in_len, uint8_t *out, size_t *out_len)
Definition yubihsm.c:3716
yh_rc yh_util_decrypt_pkcs1v1_5(yh_session *session, uint16_t key_id, const uint8_t *in, size_t in_len, uint8_t *out, size_t *out_len)
Definition yubihsm.c:2059
yh_rc yh_util_decrypt_oaep(yh_session *session, uint16_t key_id, const uint8_t *in, size_t in_len, uint8_t *out, size_t *out_len, const uint8_t *label, size_t label_len, yh_algorithm mgf1Algo)
Definition yubihsm.c:2107
Here is the call graph for this function:
◆ perform_digest()
| CK_RV perform_digest | ( | yubihsm_pkcs11_op_info * | op_info, |
| uint8_t * | digest, | ||
| uint16_t * | digest_len ) |
Definition at line 2533 of file util_pkcs11.c.
2534 {
2535
2538 }
2539
2542
2544}
Here is the call graph for this function:
◆ perform_encrypt()
| CK_RV perform_encrypt | ( | yh_session * | session, |
| yubihsm_pkcs11_op_info * | op_info, | ||
| uint8_t * | plaintext, | ||
| uint16_t * | plaintext_len ) |
Definition at line 2505 of file util_pkcs11.c.
2506 {
2507
2510
2512 yrc =
2515 } else {
2518 }
2519
2522 }
2523
2524 if (outlen > *data_len) {
2526 }
2528 *data_len = outlen;
2529
2531}
yh_rc yh_util_wrap_data(yh_session *session, uint16_t key_id, const uint8_t *in, size_t in_len, uint8_t *out, size_t *out_len)
Definition yubihsm.c:3667
Here is the call graph for this function:
◆ perform_signature()
| CK_RV perform_signature | ( | yh_session * | session, |
| yubihsm_pkcs11_op_info * | op_info, | ||
| uint8_t * | signature, | ||
| uint16_t * | signature_len ) |
Definition at line 2410 of file util_pkcs11.c.
2411 {
2412
2415
2422 } else {
2424 is_hashed_mechanism(
2427 op_info->buffer, &outlen);
2428 }
2435
2436 } else {
2439 }
2440
2443 }
2444
2446 // NOTE(adma): ECDSA, we must remove the DER encoding and only
2447 // return R,S as required by the specs
2451 }
2452 }
2453
2454 if (outlen > *signature_len) {
2456 }
2458 *signature_len = outlen;
2459
2461}
struct mechanism::@110::@113 pss
yh_rc yh_util_sign_ecdsa(yh_session *session, uint16_t key_id, const uint8_t *in, size_t in_len, uint8_t *out, size_t *out_len)
Definition yubihsm.c:1411
yh_rc yh_util_sign_hmac(yh_session *session, uint16_t key_id, const uint8_t *in, size_t in_len, uint8_t *out, size_t *out_len)
Definition yubihsm.c:1520
yh_rc yh_util_sign_pss(yh_session *session, uint16_t key_id, const uint8_t *in, size_t in_len, uint8_t *out, size_t *out_len, size_t salt_len, yh_algorithm mgf1Algo)
Definition yubihsm.c:1346
yh_rc yh_util_sign_pkcs1v1_5(yh_session *session, uint16_t key_id, bool hashed, const uint8_t *in, size_t in_len, uint8_t *out, size_t *out_len)
Definition yubihsm.c:1287
Here is the call graph for this function:
◆ perform_verify()
| CK_RV perform_verify | ( | yh_session * | session, |
| yubihsm_pkcs11_op_info * | op_info, | ||
| uint8_t * | signature, | ||
| uint16_t | signature_len ) |
Definition at line 2225 of file util_pkcs11.c.
2226 {
2227
2230 bool verified = false;
2231
2233 signature_len, op_info->buffer,
2234 op_info->buffer_length, &verified);
2235
2238 }
2239
2240 if (verified == false) {
2242 }
2243
2245 } else {
2246 CK_RV rv;
2247 EVP_PKEY *key = EVP_PKEY_new();
2248 uint8_t md_data[EVP_MAX_MD_SIZE];
2249 uint8_t *md = md_data;
2250 unsigned int md_len = sizeof(md_data);
2251 EVP_PKEY_CTX *ctx = NULL;
2252
2253 if (key == NULL) {
2255 goto pv_failure;
2256 }
2257
2260 goto pv_failure;
2261 }
2262
2263 ctx = EVP_PKEY_CTX_new(key, NULL);
2264 if (ctx == NULL) {
2266 goto pv_failure;
2267 }
2268 if (EVP_PKEY_verify_init(ctx) <= 0) {
2270 goto pv_failure;
2271 }
2272
2273 int res;
2274 unsigned char data[2048];
2278 goto pv_failure;
2279 }
2280 } else if (EVP_PKEY_base_id(key) == EVP_PKEY_RSA) {
2281 const EVP_MD *md_type;
2282 int di_len;
2283
2285 md = op_info->buffer;
2286 md_len = op_info->buffer_length;
2287 } else {
2289 if (md_type == EVP_md_null()) {
2291 goto pv_failure;
2292 }
2293
2295 md = op_info->buffer + di_len;
2296 md_len = op_info->buffer_length - di_len;
2297 }
2298 } else if (EVP_PKEY_base_id(key) == EVP_PKEY_EC) {
2299 md = op_info->buffer;
2300 md_len = op_info->buffer_length;
2301 if (md_len == 20) {
2303 } else if (md_len == 32) {
2305 } else if (md_len == 48) {
2307 } else if (md_len == 64) {
2309 } else {
2311 goto pv_failure;
2312 }
2313 } else {
2315 goto pv_failure;
2316 }
2319 goto pv_failure;
2320 }
2324 goto pv_failure;
2325 }
2328 0) {
2330 goto pv_failure;
2331 }
2334 goto pv_failure;
2335 }
2336 }
2337 }
2339 memcpy(data, signature, signature_len);
2340 signature = data;
2341 if (apply_DER_encoding_to_ECSIG(signature, &signature_len) == false) {
2344 goto pv_failure;
2345 }
2346 }
2347 res = EVP_PKEY_verify(ctx, signature, signature_len, md, md_len);
2348
2349 if (res == 1) {
2351 } else if (res == 0) {
2353 } else {
2355 }
2356
2357 pv_failure:
2358 if (ctx != NULL) {
2359 EVP_PKEY_CTX_free(ctx);
2360 ctx = NULL;
2361 }
2362
2363 if (key != NULL) {
2364 EVP_PKEY_free(key);
2365 key = NULL;
2366 }
2367
2369 }
2370
2372}
void parse_NID(uint8_t *data, uint16_t data_len, const EVP_MD **md_type, int *digestinfo_len)
Definition util.c:452
yh_rc yh_util_verify_hmac(yh_session *session, uint16_t key_id, const uint8_t *signature, size_t signature_len, const uint8_t *data, size_t data_len, bool *verified)
Definition yubihsm.c:1939
Here is the call graph for this function:
◆ populate_template()
| CK_RV populate_template | ( | int | type, |
| void * | object, | ||
| CK_ATTRIBUTE_PTR | pTemplate, | ||
| CK_ULONG | ulCount, | ||
| yh_session * | session ) |
Definition at line 3872 of file util_pkcs11.c.
3873 {
3874
3876
3879
3880 CK_VOID_PTR object_ptr;
3882 // NOTE(adma): just asking for the length
3883 object_ptr = NULL;
3885 } else {
3886 // NOTE(adma): actually get the attribute
3887 object_ptr = pTemplate[i].pValue;
3889 }
3890
3891 CK_RV attribute_rc;
3894 attribute_rc =
3896 &pTemplate[i].ulValueLen);
3897 } else {
3901 }
3902
3904 rv = attribute_rc;
3909 } else {
3911 }
3912 } else {
3914 pTemplate[i].ulValueLen);
3915 }
3916
3917 // NOTE(adma): Array of attributes like CKA_WRAP_TEMPLATE are special
3918 // cases.
3919 /* In the special case of an attribute whose value is an array of
3920 * attributes, for example CKA_WRAP_TEMPLATE, where it is passed in with
3921 * pValue not NULL, then if the pValue of elements within the array is
3922 * NULL_PTR then the ulValueLen of elements within the array will be set
3923 * to the required length. If the pValue of elements within the array is
3924 * not NULL_PTR, then the ulValueLen element of attributes within the
3925 * array MUST reflect the space that the corresponding pValue points to,
3926 * and pValue is filled in if there is sufficient room. Therefore it is
3927 * important to initialize the contents of a buffer before calling
3928 * C_GetAttributeValue to get such an array value. If any ulValueLen
3929 * within the array isn't large enough, it will be set to
3930 * CK_UNAVAILABLE_INFORMATION and the function will return
3931 * CKR_BUFFER_TOO_SMALL, as it does if an attribute in the pTemplate
3932 * argument has ulValueLen too small. Note that any attribute whose value
3933 * is an array of attributes is identifiable by virtue of the attribute
3934 * type having the CKF_ARRAY_ATTRIBUTE bit set.*/
3935 }
3936
3938}
CK_RV get_attribute_ecsession_key(CK_ATTRIBUTE_TYPE type, ecdh_session_key *key, CK_VOID_PTR value, CK_ULONG_PTR length)
Definition util_pkcs11.c:1493
CK_RV get_attribute(CK_ATTRIBUTE_TYPE type, yh_object_descriptor *object, CK_VOID_PTR value, CK_ULONG_PTR length, yh_session *session)
Definition util_pkcs11.c:1455
Here is the call graph for this function:
◆ release_session()
| void release_session | ( | yubihsm_pkcs11_context * | ctx, |
| yubihsm_pkcs11_session * | session ) |
Definition at line 2850 of file util_pkcs11.c.
Here is the call graph for this function:
Here is the caller graph for this function:
◆ release_slot()
| void release_slot | ( | yubihsm_pkcs11_context * | ctx, |
| yubihsm_pkcs11_slot * | slot ) |
Definition at line 2782 of file util_pkcs11.c.
2782 {
2783
2786 }
2787}
Here is the caller graph for this function:
◆ set_native_locking()
| void set_native_locking | ( | yubihsm_pkcs11_context * | ctx | ) |
Definition at line 2916 of file util_pkcs11.c.
2916 {
2917
2918 ctx->create_mutex = native_create_mutex;
2919 ctx->destroy_mutex = native_destroy_mutex;
2920 ctx->lock_mutex = native_lock_mutex;
2921 ctx->unlock_mutex = native_unlock_mutex;
2922}
Here is the caller graph for this function:
◆ set_template_attribute()
| CK_RV set_template_attribute | ( | yubihsm_pkcs11_attribute * | attribute, |
| void * | value ) |
Definition at line 2953 of file util_pkcs11.c.
2953 {
2956 *attribute = ATTRIBUTE_TRUE;
2957 } else {
2958 *attribute = ATTRIBUTE_FALSE;
2959 }
2961 } else {
2963 }
2964}
Here is the caller graph for this function:
◆ sign_mechanism_cleanup()
| bool sign_mechanism_cleanup | ( | yubihsm_pkcs11_op_info * | op_info | ) |
◆ validate_derive_key_attribute()
| CK_RV validate_derive_key_attribute | ( | CK_ATTRIBUTE_TYPE | type, |
| void * | value ) |
Definition at line 3940 of file util_pkcs11.c.
3940 {
3941 switch (type) {
3946 }
3947 break;
3948
3953 }
3954 break;
3955
3960 }
3961 break;
3962
3967 }
3968 break;
3969
3970 default:
3972 type);
3973 break;
3974 }
3975
3977}
