Wire Sysio Wire Sysion 1.0.0
Loading...
Searching...
No Matches
Macros | Functions | Variables
yubihsm_pkcs11.c File Reference
#include <sys/types.h>
#include <sys/stat.h>
#include <stdbool.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <arpa/inet.h>
#include <cmdline.h>
#include <yubihsm.h>
#include <openssl/rsa.h>
#include "debug_p11.h"
#include "util_pkcs11.h"
#include "yubihsm_pkcs11.h"
#include "../common/insecure_memzero.h"
Include dependency graph for yubihsm_pkcs11.c:

Go to the source code of this file.

Macros

#define YUBIHSM_PKCS11_MANUFACTURER   "Yubico (www.yubico.com)"
 
#define YUBIHSM_PKCS11_LIBDESC   "YubiHSM PKCS#11 Library"
 
#define YUBIHSM_PKCS11_MIN_PIN_LEN   12
 
#define YUBIHSM_PKCS11_MAX_PIN_LEN   68
 
#define UNUSED(x)
 
#define GLOBAL_LOCK_OR_RETURN
 
#define GLOBAL_UNLOCK_OR_RETURN
 

Functions

 CK_DEFINE_FUNCTION (CK_RV, C_Initialize)
 
 CK_DEFINE_FUNCTION (CK_RV, C_Finalize)
 
 CK_DEFINE_FUNCTION (CK_RV, C_GetInfo)
 
 if (ppFunctionList==NULL)
 
 if (g_yh_initialized==false)
 
 if (!pulCount)
 
 if (pSlotList==NULL)
 
 for (ListItem *item=g_ctx.slots.head;item !=NULL;item=item->next)
 
 if (overflow==true)
 
 if (slot==NULL)
 
 memset (pInfo->slotDescription, ' ', 64)
 
 memcpy ((char *) pInfo->slotDescription, s, l)
 
 yh_get_connector_address (slot->connector, &s)
 
 memcpy ((char *) pInfo->slotDescription+l, s, strlen(s))
 
 memset (pInfo->manufacturerID, ' ', 32)
 
 if (yh_connector_has_device(slot->connector)==true)
 
 yh_get_connector_version (slot->connector, &major, &minor, &patch)
 
 if (yrc !=YHR_SUCCESS)
 
 memset (pInfo->model, ' ', 16)
 
 UNUSED (flags)
 
 UNUSED (pSlot)
 
 UNUSED (pReserved)
 
 if (pulCount==NULL)
 
 if (rv==CKR_BUFFER_TOO_SMALL)
 
 DBG_INFO ("Found %lu mechanisms", *pulCount)
 
 if (pInfo==NULL)
 
 if (get_mechanism_info(slot, type, pInfo)==false)
 
 UNUSED (slotID)
 
 UNUSED (pPin)
 
 UNUSED (ulPinLen)
 
 UNUSED (pLabel)
 
 UNUSED (hSession)
 
 UNUSED (pOldPin)
 
 UNUSED (ulOldLen)
 
 UNUSED (pNewPin)
 
 UNUSED (ulNewLen)
 
 UNUSED (Notify)
 
 UNUSED (pApplication)
 
 if (phSession==NULL)
 
 if ((flags &CKF_SERIAL_SESSION)==0)
 
 if (create_session(slot, flags, phSession)==false)
 
 DBG_INFO ("Allocated session %lu", *phSession)
 
 CK_DEFINE_FUNCTION (CK_RV, C_CloseSession)
 
 CK_DEFINE_FUNCTION (CK_RV, C_CloseAllSessions)
 
 if (ret !=CKR_OK)
 
 switch (session->session_state)
 
 UNUSED (pOperationState)
 
 UNUSED (pulOperationStateLen)
 
 UNUSED (ulOperationStateLen)
 
 UNUSED (hEncryptionKey)
 
 UNUSED (hAuthenticationKey)
 
 if (userType !=CKU_USER)
 
 if (ulPinLen< YUBIHSM_PKCS11_MIN_PIN_LEN||ulPinLen > YUBIHSM_PKCS11_MAX_PIN_LEN)
 
 if (parse_hex(pPin, 4,(uint8_t *) &key_id)==false)
 
 if (rv !=CKR_OK)
 
 CK_DEFINE_FUNCTION (CK_RV, C_Logout)
 
 if (pTemplate==NULL||ulCount==0||phObject==NULL)
 
 if (session->operation.type !=OPERATION_NOOP)
 
memsettemplate (template)
 
 for (CK_ULONG i=0;i< ulCount;i++)
 
 if (class.set==false)
 
 if (template.exportable==ATTRIBUTE_TRUE)
 
 if (yh_util_get_object_info(session->slot->device_session, template.id, type, &object) !=YHR_SUCCESS)
 
 DBG_INFO ("Created object %08lx", *phObject)
 
 UNUSED (hObject)
 
 UNUSED (pTemplate)
 
 UNUSED (ulCount)
 
 UNUSED (phNewObject)
 
 if (type==ECDH_KEY_TYPE)
 
 if (object==NULL)
 
 if (yh_util_delete_object(session->slot->device_session, object->object.id, object->object.type) !=YHR_SUCCESS)
 
 DBG_INFO ("Deleted object %08lx", hObject)
 
 delete_object_from_cache (session->slot->objects, hObject)
 
 if (pulSize==NULL)
 
 DBG_INFO ("For object %08lx", hObject)
 
 if (ulCount !=0 &&pTemplate==NULL)
 
 if (session->session_state &SESSION_NOT_AUTHENTICATED)
 
 DBG_INFO ("find with %lu attributes", ulCount)
 
 if (unknown==false)
 
 if (phObject==NULL||ulMaxObjectCount==0||pulObjectCount==NULL)
 
 DBG_INFO ("Can return %lu object(s)", ulMaxObjectCount)
 
 for (uint16_t i=0;i< ulMaxObjectCount &&session->operation.op.find.current_object< session->operation.op.find.n_objects;session->operation.op.find.current_object++)
 
 DBG_INFO ("Returning %lu object(s)", *pulObjectCount)
 
 CK_DEFINE_FUNCTION (CK_RV, C_FindObjectsFinal)
 
 if (pMechanism==NULL||pMechanism->mechanism !=CKM_YUBICO_AES_CCM_WRAP)
 
 DBG_INFO ("Trying to encrypt data with mechanism 0x%04lx and key %08lx", pMechanism->mechanism, hKey)
 
 if (check_encrypt_mechanism(session->slot, pMechanism) !=true)
 
 if (object->object.type !=YH_WRAP_KEY)
 
 if (session->operation.mechanism.mechanism !=CKM_YUBICO_AES_CCM_WRAP)
 
 DBG_INFO ("The size of the data will be %lu", datalen)
 
 if (pEncryptedData==NULL)
 
 DBG_INFO ("Encrypting %lu bytes", ulDataLen)
 
 DBG_INFO ("Got %lu butes back", *pulEncryptedDataLen)
 
 if (terminate==true)
 
 if (pPart==NULL)
 
 DBG_INFO ("Encrypt update with %lu bytes", ulPartLen)
 
 UNUSED (pEncryptedPart)
 
 if (session->operation.mechanism.mechanism==CKM_YUBICO_AES_CCM_WRAP)
 
 if (pLastEncryptedPart==NULL)
 
 DBG_INFO ("Got %lu bytes back", *pulLastEncryptedPartLen)
 
 DBG_INFO ("Trying to decrypt data with mechanism 0x%04lx and key %08lx", pMechanism->mechanism, hKey)
 
 if (check_decrypt_mechanism(session->slot, pMechanism) !=true)
 
 if (object->object.type==YH_ASYMMETRIC_KEY &&yh_is_rsa(object->object.algorithm))
 
 if (pData==NULL)
 
 if (session->operation.op.decrypt.finalized==false)
 
 DBG_INFO ("Using key %04x", session->operation.op.decrypt.key_id)
 
 if (pEncryptedPart==NULL)
 
 DBG_INFO ("Decrypt update with %lu bytes", ulEncryptedPartLen)
 
 UNUSED (pPart)
 
 if (pLastPart==NULL)
 
 DBG_INFO ("Trying to digest data with mechanism 0x%04lx", pMechanism->mechanism)
 
 if (check_digest_mechanism(pMechanism) !=true)
 
 if (session->operation.op.digest.is_multipart==true)
 
 if (pulDigestLen==NULL)
 
 if (pDigest==NULL)
 
 DBG_INFO ("Sending %lu bytes to digest", ulDataLen)
 
 DBG_INFO ("Digest update with %lu bytes", ulPartLen)
 
 UNUSED (hKey)
 
 DBG_INFO ("Trying to sign data with mechanism 0x%04lx and key %08lx", pMechanism->mechanism, hKey)
 
 if (check_sign_mechanism(session->slot, pMechanism) !=true)
 
 DBG_INFO ("The size of the signature will be %u", session->operation.op.sign.sig_len)
 
 if (pSignature==NULL)
 
 DBG_INFO ("Sending %lu bytes to sign", ulDataLen)
 
 DBG_INFO ("Using key %04x", session->operation.op.sign.key_id)
 
 DBG_INFO ("After padding and transformation there are %u bytes", session->operation.buffer_length)
 
 DBG_INFO ("Signature update with %lu bytes", ulPartLen)
 
 UNUSED (pMechanism)
 
 UNUSED (pData)
 
 UNUSED (ulDataLen)
 
 UNUSED (pSignature)
 
 UNUSED (pulSignatureLen)
 
 DBG_INFO ("Trying to verify data with mechanism 0x%04lx and key %lx", pMechanism->mechanism, hKey)
 
 if (check_verify_mechanism(session->slot, pMechanism) !=true)
 
 if (yh_is_rsa(object->object.algorithm))
 
 if (is_HMAC_sign_mechanism(session->operation.mechanism.mechanism)==true)
 
else if (is_RSA_sign_mechanism(session->operation.mechanism.mechanism)==true)
 
else if (is_ECDSA_sign_mechanism(session->operation.mechanism.mechanism))
 
 if (ulSignatureLen !=siglen)
 
 DBG_INFO ("Using key %04x", session->operation.op.verify.key_id)
 
 DBG_INFO ("Signature successfully verified")
 
 DBG_ERR ("Verification update with %lu bytes", ulPartLen)
 
 UNUSED (ulSignatureLen)
 
 UNUSED (pulDataLen)
 
 UNUSED (ulPartLen)
 
 UNUSED (pulEncryptedPartLen)
 
 UNUSED (ulEncryptedPartLen)
 
 UNUSED (pulPartLen)
 
 if (pMechanism->mechanism !=CKM_GENERIC_SECRET_KEY_GEN)
 
memsettemplate (yubihsm_pkcs11_object_template)
 
 if (key_type.set==false||class.set==false)
 
 if (pMechanism->mechanism==CKM_RSA_PKCS_KEY_PAIR_GEN)
 
 if (yh_is_rsa(template.algorithm))
 
 if (rc !=YHR_SUCCESS)
 
 if (yh_util_get_object_info(session->slot->device_session, template.id, YH_ASYMMETRIC_KEY, &object) !=YHR_SUCCESS)
 
c_gkp_out sizeof (template))
 
 if (wrapped_key_type==ECDH_KEY_TYPE||wrapping_key_type==ECDH_KEY_TYPE)
 
 if (pWrappedKey==NULL)
 
 if (check_wrap_mechanism(session->slot, pMechanism) !=true)
 
 if (key==NULL)
 
 if (yh_check_capability(&key->object.capabilities, "export-wrapped")==false)
 
 if (yh_check_capability(&object->object.capabilities, "exportable-under-wrap")==false)
 
 if (len > *pulWrappedKeyLen)
 
 memcpy (pWrappedKey, buf, len)
 
 UNUSED (ulAttributeCount)
 
 if (unwrapping_key_type==ECDH_KEY_TYPE)
 
 if (yh_util_get_object_info(session->slot->device_session, target_id, target_type, &object) !=YHR_SUCCESS)
 
 DBG_INFO ("Unwrapped object %08lx", *phKey)
 
 if (basekey_type==ECDH_KEY_TYPE)
 
 if (params->kdf==CKD_NULL)
 
 if (in_len !=params->ulPublicDataLen)
 
 if (seq > MAX_ECDH_SESSION_KEYS)
 
memsetecdh_key (ecdh_key)
 
 if ((expected_key_length > 0) &&(expected_key_length !=out_len))
 
 memcpy (ecdh_key.label, label_buf, label_len)
 
list_appendsession (void *) &ecdh_key
 
 insecure_memzero (ecdh_key.ecdh_key, out_len)
 
 DBG_INFO ("Created object %04lx", *phKey)
 
 UNUSED (pSeed)
 
 UNUSED (ulSeedLen)
 
 if (len !=ulRandomLen||pRandomData==NULL)
 
 CK_DEFINE_FUNCTION (CK_RV, C_CancelFunction)
 

Variables

CK_FUNCTION_LIST function_list
 
CK_FUNCTION_LIST_PTR_PTR ppFunctionList
 
 DIN
 
 DOUT
 
return CKR_OK
 
CK_BBOOL tokenPresent
 
CK_BBOOL CK_SLOT_ID_PTR pSlotList
 
CK_BBOOL CK_SLOT_ID_PTR CK_ULONG_PTR pulCount
 
 GLOBAL_LOCK_OR_RETURN
 
uint16_t j = 0
 
bool full = false
 
bool overflow = false
 
 GLOBAL_UNLOCK_OR_RETURN
 
CK_SLOT_ID slotID = session->slot->id
 
CK_SLOT_ID CK_SLOT_INFO_PTR pInfo
 
yubihsm_pkcs11_slotslot = get_slot(&g_ctx, slotID)
 
char * s = "YubiHSM Connector "
 
int l = strlen(s)
 
pInfo flags = CKF_REMOVABLE_DEVICE | CKF_HW_SLOT
 
uint8_t major = major
 
uint8_t minor = (minor * 100) + patch
 
uint8_t patch
 
CK_RV rv = CKR_OK
 
yh_rc yrc
 
uint32_t serial
 
pInfo serialNumber [l] = ' '
 
pInfo ulMaxSessionCount
 
pInfo ulSessionCount
 
pInfo ulMaxRwSessionCount
 
pInfo ulRwSessionCount
 
pInfo ulMaxPinLen
 
pInfo ulMinPinLen
 
pInfo ulTotalPublicMemory = CK_UNAVAILABLE_INFORMATION
 
pInfo ulFreePublicMemory = CK_UNAVAILABLE_INFORMATION
 
pInfo ulTotalPrivateMemory = CK_UNAVAILABLE_INFORMATION
 
pInfo ulFreePrivateMemory = CK_UNAVAILABLE_INFORMATION
 
CK_VERSION ver = {major, (minor * 100) + patch}
 
pInfo hardwareVersion = ver
 
pInfo firmwareVersion = ver
 
c_gt_out __pad0__
 
CK_FLAGS CK_SLOT_ID_PTR pSlot
 
CK_FLAGS CK_SLOT_ID_PTR CK_VOID_PTR pReserved
 
return CKR_FUNCTION_NOT_SUPPORTED
 
CK_SLOT_ID CK_MECHANISM_TYPE_PTR pMechanismList
 
c_gml_out __pad1__
 
CK_SLOT_ID CK_MECHANISM_TYPE type = hObject >> 16
 
 else
 
CK_SLOT_ID CK_UTF8CHAR_PTR pPin = 4
 
CK_SLOT_ID CK_UTF8CHAR_PTR CK_ULONG ulPinLen
 
CK_SLOT_ID CK_UTF8CHAR_PTR CK_ULONG CK_UTF8CHAR_PTR pLabel
 
CK_SESSION_HANDLE hSession
 
CK_SESSION_HANDLE CK_UTF8CHAR_PTR pOldPin
 
CK_SESSION_HANDLE CK_UTF8CHAR_PTR CK_ULONG ulOldLen
 
CK_SESSION_HANDLE CK_UTF8CHAR_PTR CK_ULONG CK_UTF8CHAR_PTR pNewPin
 
CK_SESSION_HANDLE CK_UTF8CHAR_PTR CK_ULONG CK_UTF8CHAR_PTR CK_ULONG ulNewLen
 
CK_SLOT_ID CK_FLAGS CK_VOID_PTR pApplication
 
CK_SLOT_ID CK_FLAGS CK_VOID_PTR CK_NOTIFY Notify
 
CK_SLOT_ID CK_FLAGS CK_VOID_PTR CK_NOTIFY CK_SESSION_HANDLE_PTR phSession
 
c_os_out __pad2__
 
yubihsm_pkcs11_sessionsession = NULL
 
CK_RV ret = get_session(&g_ctx, hSession, &session, 0)
 
pInfo ulDeviceError = 0
 
CK_SESSION_HANDLE CK_BYTE_PTR pOperationState
 
CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG_PTR pulOperationStateLen
 
CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG ulOperationStateLen
 
CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG CK_OBJECT_HANDLE hEncryptionKey
 
CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG CK_OBJECT_HANDLE CK_OBJECT_HANDLE hAuthenticationKey
 
CK_SESSION_HANDLE CK_USER_TYPE userType
 
uint16_t key_id = ntohs(key_id)
 
c_l_out __pad3__
 
CK_SESSION_HANDLE CK_ATTRIBUTE_PTR pTemplate
 
CK_SESSION_HANDLE CK_ATTRIBUTE_PTR CK_ULONG ulCount
 
CK_SESSION_HANDLE CK_ATTRIBUTE_PTR CK_ULONG CK_OBJECT_HANDLE_PTR phObject
 
struct { 
 
   bool   set 
 
   CK_ULONG   d 
 
class 
 
struct { 
 
   bool   set 
 
   CK_ULONG   d 
 
key_type 
 
struct { 
 
   bool   set 
 
   CK_ULONG   d 
 
id = id.d 
 
yubihsm_pkcs11_object_template template
 
yh_capabilities capabilities = {{0}}
 
yh_capabilities delegated_capabilities = {{0}}
 
yh_rc rc
 
goto c_co_out
 
yh_object_descriptor object
 
c_co_out __pad4__
 
CK_SESSION_HANDLE CK_OBJECT_HANDLE hObject
 
CK_SESSION_HANDLE CK_OBJECT_HANDLE CK_ATTRIBUTE_PTR CK_ULONG CK_OBJECT_HANDLE_PTR phNewObject
 
c_do_out __pad5__
 
CK_SESSION_HANDLE CK_OBJECT_HANDLE CK_ULONG_PTR pulSize
 
c_gav_out __pad6__
 
c_sav_out __pad7__
 
char * label = NULL
 
session operation op find only_private = false
 
session operation op find n_objects = 0
 
uint16_t domains = 0
 
bool pub = false
 
yh_algorithm algorithm = 0
 
bool unknown = false
 
bool secret_key = false
 
bool extractable_set = false
 
session operation op find current_object = 0
 
c_foi_out __pad8__
 
CK_SESSION_HANDLE CK_OBJECT_HANDLE_PTR CK_ULONG ulMaxObjectCount
 
CK_SESSION_HANDLE CK_OBJECT_HANDLE_PTR CK_ULONG CK_ULONG_PTR pulObjectCount
 
c_fo_out __pad9__
 
CK_SESSION_HANDLE CK_MECHANISM_PTR pMechanism
 
CK_SESSION_HANDLE CK_MECHANISM_PTR CK_OBJECT_HANDLE hKey
 
session operation mechanism mechanism = pMechanism->mechanism
 
session operation buffer_length = 0
 
c_ei_out __pad10__
 
CK_SESSION_HANDLE CK_BYTE_PTR pData
 
CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG ulDataLen
 
CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG CK_BYTE_PTR pEncryptedData
 
CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG CK_BYTE_PTR CK_ULONG_PTR pulEncryptedDataLen
 
bool terminate = true
 
CK_ULONG datalen = YH_CCM_WRAP_OVERHEAD + ulDataLen
 
goto c_e_out
 
c_e_out __pad11__
 
CK_SESSION_HANDLE CK_BYTE_PTR pPart
 
CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG ulPartLen
 
CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG CK_BYTE_PTR pEncryptedPart
 
CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG CK_BYTE_PTR CK_ULONG_PTR pulEncryptedPartLen
 
c_eu_out __pad12__
 
CK_SESSION_HANDLE CK_BYTE_PTR pLastEncryptedPart
 
CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG_PTR pulLastEncryptedPartLen
 
goto c_ef_out
 
c_ef_out __pad13__
 
EVP_MD_CTX * mdctx = NULL
 
goto c_di_out
 
c_di_out __pad14__
 
CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG ulEncryptedDataLen
 
CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG CK_BYTE_PTR CK_ULONG_PTR pulDataLen
 
goto c_d_out
 
c_d_out __pad15__
 
CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG ulEncryptedPartLen
 
CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG CK_BYTE_PTR CK_ULONG_PTR pulPartLen
 
c_du_out __pad16__
 
CK_SESSION_HANDLE CK_BYTE_PTR pLastPart
 
CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG_PTR pulLastPartLen
 
goto c_df_out
 
c_df_out __pad17__
 
CK_ULONG digest_length = get_digest_bytelength(pMechanism->mechanism)
 
session operation op digest digest_len = digest_length
 
c_di_out __pad18__
 
CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG CK_BYTE_PTR pDigest
 
CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG CK_BYTE_PTR CK_ULONG_PTR pulDigestLen
 
c_d_out __pad19__
 
session operation op digest is_multipart = true
 
c_du_out __pad20__
 
c_df_out __pad21__
 
size_t key_length
 
session operation op sign key_len = key_length
 
goto c_si_out
 
c_si_out __pad22__
 
CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG CK_BYTE_PTR pSignature
 
CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG CK_BYTE_PTR CK_ULONG_PTR pulSignatureLen
 
goto c_s_out
 
c_s_out __pad23__
 
c_su_out __pad24__
 
c_sf_out __pad25__
 
goto c_vi_out
 
c_vi_out __pad26__
 
CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG CK_BYTE_PTR CK_ULONG ulSignatureLen
 
CK_ULONG siglen
 
goto c_v_out
 
c_v_out __pad27__
 
c_vu_out __pad28__
 
c_vf_out __pad29__
 
CK_SESSION_HANDLE CK_MECHANISM_PTR CK_ATTRIBUTE_PTR CK_ULONG CK_OBJECT_HANDLE_PTR phKey
 
goto c_gk_out
 
c_gk_out __pad30__
 
CK_SESSION_HANDLE CK_MECHANISM_PTR CK_ATTRIBUTE_PTR pPublicKeyTemplate
 
CK_SESSION_HANDLE CK_MECHANISM_PTR CK_ATTRIBUTE_PTR CK_ULONG ulPublicKeyAttributeCount
 
CK_SESSION_HANDLE CK_MECHANISM_PTR CK_ATTRIBUTE_PTR CK_ULONG CK_ATTRIBUTE_PTR pPrivateKeyTemplate
 
CK_SESSION_HANDLE CK_MECHANISM_PTR CK_ATTRIBUTE_PTR CK_ULONG CK_ATTRIBUTE_PTR CK_ULONG ulPrivateKeyAttributeCount
 
CK_SESSION_HANDLE CK_MECHANISM_PTR CK_ATTRIBUTE_PTR CK_ULONG CK_ATTRIBUTE_PTR CK_ULONG CK_OBJECT_HANDLE_PTR phPublicKey = object.sequence << 24 | (object.type | 0x80) << 16 | object.id
 
CK_SESSION_HANDLE CK_MECHANISM_PTR CK_ATTRIBUTE_PTR CK_ULONG CK_ATTRIBUTE_PTR CK_ULONG CK_OBJECT_HANDLE_PTR CK_OBJECT_HANDLE_PTR phPrivateKey
 
goto c_gkp_out
 
c_gkp_out __pad31__
 
CK_SESSION_HANDLE CK_MECHANISM_PTR CK_OBJECT_HANDLE hWrappingKey
 
CK_SESSION_HANDLE CK_MECHANISM_PTR CK_OBJECT_HANDLE CK_OBJECT_HANDLE CK_BYTE_PTR pWrappedKey
 
CK_SESSION_HANDLE CK_MECHANISM_PTR CK_OBJECT_HANDLE CK_OBJECT_HANDLE CK_BYTE_PTR CK_ULONG_PTR pulWrappedKeyLen
 
int wrapped_key_type = hKey >> 16
 
int wrapping_key_type = hWrappingKey >> 16
 
yubihsm_pkcs11_object_desckey
 
uint8_t buf [2048]
 
size_t len = sizeof(buf)
 
c_wk_out __pad32__
 
CK_SESSION_HANDLE CK_MECHANISM_PTR CK_OBJECT_HANDLE hUnwrappingKey
 
CK_SESSION_HANDLE CK_MECHANISM_PTR CK_OBJECT_HANDLE CK_BYTE_PTR CK_ULONG ulWrappedKeyLen
 
CK_SESSION_HANDLE CK_MECHANISM_PTR CK_OBJECT_HANDLE CK_BYTE_PTR CK_ULONG CK_ATTRIBUTE_PTR CK_ULONG ulAttributeCount
 
int unwrapping_key_type = hUnwrappingKey >> 16
 
uint16_t target_id
 
yh_object_type target_type
 
c_uk_out __pad33__
 
CK_SESSION_HANDLE CK_MECHANISM_PTR CK_OBJECT_HANDLE hBaseKey
 
int basekey_type = hBaseKey >> 16
 
char * label_buf = NULL
 
size_t label_len = 0
 
size_t expected_key_length = 0
 
CK_ECDH1_DERIVE_PARAMSparams = pMechanism->pParameter
 
goto c_drv_out
 
size_t in_len = params->ulPublicDataLen
 
CK_BYTE_PTR pubkey = params->pPublicData
 
int seq = session->ecdh_session_keys.length + 1
 
uint16_t privkey_id = hBaseKey & 0xffff
 
ecdh_session_key ecdh_key
 
size_t out_len = sizeof(ecdh_key.ecdh_key)
 
c_drv_out __pad34__
 
CK_SESSION_HANDLE CK_BYTE_PTR pSeed
 
CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG ulSeedLen
 
return CKR_RANDOM_SEED_NOT_SUPPORTED
 
CK_SESSION_HANDLE CK_BYTE_PTR pRandomData
 
CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG ulRandomLen
 
c_gr_out __pad35__
 
return CKR_FUNCTION_NOT_PARALLEL
 

Macro Definition Documentation

◆ GLOBAL_LOCK_OR_RETURN

#define GLOBAL_LOCK_OR_RETURN
Value:
do { \
if (g_ctx.mutex != NULL) { \
CK_RV lock_rv = g_ctx.lock_mutex(g_ctx.mutex); \
if (lock_rv != CKR_OK) { \
DBG_ERR("Unable to acquire global lock"); \
return lock_rv; \
} \
} \
} while (0)
yubihsm_pkcs11_context::mutex
void * mutex
Definition yubihsm_pkcs11.h:147
yubihsm_pkcs11_context::lock_mutex
CK_LOCKMUTEX lock_mutex
Definition yubihsm_pkcs11.h:145
CKR_OK
return CKR_OK
Definition yubihsm_pkcs11.c:417

Definition at line 48 of file yubihsm_pkcs11.c.

48#define GLOBAL_LOCK_OR_RETURN \
49 do { \
50 if (g_ctx.mutex != NULL) { \
51 CK_RV lock_rv = g_ctx.lock_mutex(g_ctx.mutex); \
52 if (lock_rv != CKR_OK) { \
53 DBG_ERR("Unable to acquire global lock"); \
54 return lock_rv; \
55 } \
56 } \
57 } while (0)

◆ GLOBAL_UNLOCK_OR_RETURN

#define GLOBAL_UNLOCK_OR_RETURN
Value:
do { \
if (g_ctx.mutex != NULL) { \
CK_RV lock_rv = g_ctx.unlock_mutex(g_ctx.mutex); \
if (lock_rv != CKR_OK) { \
DBG_ERR("Unable to release global lock"); \
return lock_rv; \
} \
} \
} while (0)
yubihsm_pkcs11_context::unlock_mutex
CK_UNLOCKMUTEX unlock_mutex
Definition yubihsm_pkcs11.h:146

Definition at line 59 of file yubihsm_pkcs11.c.

59#define GLOBAL_UNLOCK_OR_RETURN \
60 do { \
61 if (g_ctx.mutex != NULL) { \
62 CK_RV lock_rv = g_ctx.unlock_mutex(g_ctx.mutex); \
63 if (lock_rv != CKR_OK) { \
64 DBG_ERR("Unable to release global lock"); \
65 return lock_rv; \
66 } \
67 } \
68 } while (0)

◆ UNUSED

#define UNUSED ( x)
Value:
(void) (x)

Definition at line 46 of file yubihsm_pkcs11.c.

◆ YUBIHSM_PKCS11_LIBDESC

#define YUBIHSM_PKCS11_LIBDESC   "YubiHSM PKCS#11 Library"

Definition at line 42 of file yubihsm_pkcs11.c.

◆ YUBIHSM_PKCS11_MANUFACTURER

#define YUBIHSM_PKCS11_MANUFACTURER   "Yubico (www.yubico.com)"

Definition at line 41 of file yubihsm_pkcs11.c.

◆ YUBIHSM_PKCS11_MAX_PIN_LEN

#define YUBIHSM_PKCS11_MAX_PIN_LEN   68

Definition at line 44 of file yubihsm_pkcs11.c.

◆ YUBIHSM_PKCS11_MIN_PIN_LEN

#define YUBIHSM_PKCS11_MIN_PIN_LEN   12

Definition at line 43 of file yubihsm_pkcs11.c.

Function Documentation

◆ CK_DEFINE_FUNCTION() [1/8]

CK_DEFINE_FUNCTION ( CK_RV ,
C_CancelFunction  )

Definition at line 5114 of file yubihsm_pkcs11.c.

5114 {
5115
5116 DIN;
5117
5118 UNUSED(hSession);
5119
5120 DOUT;
5121 return CKR_FUNCTION_NOT_PARALLEL;
5122}
hSession
CK_SESSION_HANDLE hSession
Definition yubihsm_pkcs11.c:780
CKR_FUNCTION_NOT_PARALLEL
return CKR_FUNCTION_NOT_PARALLEL
Definition yubihsm_pkcs11.c:5111
DOUT
DOUT
Definition yubihsm_pkcs11.c:416
UNUSED
#define UNUSED(x)
Definition yubihsm_pkcs11.c:46
DIN
DIN
Definition yubihsm_pkcs11.c:407

◆ CK_DEFINE_FUNCTION() [2/8]

CK_DEFINE_FUNCTION ( CK_RV ,
C_CloseAllSessions  )

Definition at line 916 of file yubihsm_pkcs11.c.

916 {
917
918 DIN;
919
920 CK_RV rv = CKR_OK;
921
922 if (g_yh_initialized == false) {
923 DBG_ERR("libyubihsm is not initialized or already finalized");
924 return CKR_CRYPTOKI_NOT_INITIALIZED;
925 }
926
927 yubihsm_pkcs11_slot *slot = get_slot(&g_ctx, slotID);
928 if (slot == NULL) {
929 DBG_ERR("Invalid slot");
930 return CKR_SLOT_ID_INVALID;
931 }
932
933 DBG_INFO("Closing all sessions for slot %lu", slotID);
934
935 if (slot->device_session) {
936 if (yh_util_close_session(slot->device_session) != YHR_SUCCESS) {
937 DBG_ERR("Failed closing device session, continuing");
938 }
939 if (yh_destroy_session(&slot->device_session) != YHR_SUCCESS) {
940 // TODO: handle or ignore these errrors?
941 DBG_ERR("Failed destroying device session");
942 }
943 slot->device_session = NULL;
944 }
945
946 list_destroy(&slot->pkcs11_sessions);
947 list_create(&slot->pkcs11_sessions, sizeof(yubihsm_pkcs11_session), NULL);
948
949 release_slot(&g_ctx, slot);
950
951 DOUT;
952 return rv;
953}
DBG_ERR
#define DBG_ERR(...)
Definition debug_lib.h:76
DBG_INFO
#define DBG_INFO(...)
Definition debug_lib.h:63
list_create
void list_create(List *list, int item_size, FreeItemFn free_item_fn)
Definition list.c:24
list_destroy
void list_destroy(List *list)
Definition list.c:33
CKR_SLOT_ID_INVALID
#define CKR_SLOT_ID_INVALID
Definition pkcs11.h:1095
CKR_CRYPTOKI_NOT_INITIALIZED
#define CKR_CRYPTOKI_NOT_INITIALIZED
Definition pkcs11.h:1173
yubihsm_pkcs11_session
Definition yubihsm_pkcs11.h:163
yubihsm_pkcs11_slot
Definition yubihsm_pkcs11.h:150
yubihsm_pkcs11_slot::pkcs11_sessions
List pkcs11_sessions
Definition yubihsm_pkcs11.h:156
yubihsm_pkcs11_slot::device_session
yh_session * device_session
Definition yubihsm_pkcs11.h:155
release_slot
void release_slot(yubihsm_pkcs11_context *ctx, yubihsm_pkcs11_slot *slot)
Definition util_pkcs11.c:2782
get_slot
yubihsm_pkcs11_slot * get_slot(yubihsm_pkcs11_context *ctx, CK_ULONG id)
Definition util_pkcs11.c:2766
yh_destroy_session
yh_rc yh_destroy_session(yh_session **session)
Definition yubihsm.c:890
yh_util_close_session
yh_rc yh_util_close_session(yh_session *session)
Definition yubihsm.c:1257
YHR_SUCCESS
@ YHR_SUCCESS
Returned value when function was successful.
Definition yubihsm.h:172
slot
yubihsm_pkcs11_slot * slot
Definition yubihsm_pkcs11.c:518
slotID
CK_SLOT_ID slotID
Definition yubihsm_pkcs11.c:504
rv
CK_RV rv
Definition yubihsm_pkcs11.c:569
Here is the call graph for this function:

◆ CK_DEFINE_FUNCTION() [3/8]

CK_DEFINE_FUNCTION ( CK_RV ,
C_CloseSession  )

Definition at line 868 of file yubihsm_pkcs11.c.

868 {
869
870 DIN;
871
872 if (g_yh_initialized == false) {
873 DBG_ERR("libyubihsm is not initialized or already finalized");
874 return CKR_CRYPTOKI_NOT_INITIALIZED;
875 }
876
877 yubihsm_pkcs11_session *session;
878 CK_RV rv = get_session(&g_ctx, hSession, &session, SESSION_AUTHENTICATED);
879 if (rv == CKR_OK) {
880 if (session->slot->pkcs11_sessions.length == 1) {
881 // NOTE: if this is the last session and is authenticated we need to
882 // de-auth
883 if (yh_util_close_session(session->slot->device_session) != YHR_SUCCESS) {
884 DBG_ERR("Failed closing device session, continuing");
885 }
886
887 if (yh_destroy_session(&session->slot->device_session) != YHR_SUCCESS) {
888 DBG_ERR("Failed destroying session");
889 // TODO: should we handle the error cases here better?
890 }
891 session->slot->device_session = NULL;
892 }
893
894 release_session(&g_ctx, session);
895 } else if (rv == CKR_SESSION_HANDLE_INVALID) {
896 // BUG(thorduri): piggybacking off of the validation in get_session()
897 // above, which might not hold forever.
898 DBG_ERR("Trying to close invalid session");
899 return CKR_SESSION_HANDLE_INVALID;
900 }
901
902 if (session) {
903 list_destroy(&session->ecdh_session_keys);
904 }
905 if (delete_session(&g_ctx, &hSession) == false) {
906 DBG_ERR("Trying to close invalid session");
907 return CKR_SESSION_HANDLE_INVALID;
908 }
909
910 DBG_INFO("Closing session %lu", hSession);
911
912 DOUT;
913 return CKR_OK;
914}
CKR_SESSION_HANDLE_INVALID
#define CKR_SESSION_HANDLE_INVALID
Definition pkcs11.h:1138
List::length
int length
Definition list.h:36
yubihsm_pkcs11_session::slot
yubihsm_pkcs11_slot * slot
Definition yubihsm_pkcs11.h:167
yubihsm_pkcs11_session::ecdh_session_keys
List ecdh_session_keys
Definition yubihsm_pkcs11.h:168
get_session
CK_RV get_session(yubihsm_pkcs11_context *ctx, CK_SESSION_HANDLE hSession, yubihsm_pkcs11_session **session, int session_state)
Definition util_pkcs11.c:2789
delete_session
bool delete_session(yubihsm_pkcs11_context *ctx, CK_SESSION_HANDLE_PTR phSession)
Definition util_pkcs11.c:2831
release_session
void release_session(yubihsm_pkcs11_context *ctx, yubihsm_pkcs11_session *session)
Definition util_pkcs11.c:2850
session
yubihsm_pkcs11_session * session
Definition yubihsm_pkcs11.c:972
SESSION_AUTHENTICATED
#define SESSION_AUTHENTICATED
Definition yubihsm_pkcs11.h:37
Here is the call graph for this function:

◆ CK_DEFINE_FUNCTION() [4/8]

CK_DEFINE_FUNCTION ( CK_RV ,
C_Finalize  )

Definition at line 334 of file yubihsm_pkcs11.c.

334 {
335
336 DIN;
337
338 if (pReserved != NULL) {
339 DBG_ERR("Finalized called with pReserved != NULL");
340 return CKR_ARGUMENTS_BAD;
341 }
342
343 if (g_yh_initialized == false) {
344 DBG_ERR("libyubihsm is not initialized or already finalized");
345 return CKR_CRYPTOKI_NOT_INITIALIZED;
346 }
347
348 list_iterate(&g_ctx.slots, destroy_slot_mutex);
349 list_destroy(&g_ctx.slots);
350
351 if (g_ctx.mutex != NULL) {
352 g_ctx.destroy_mutex(g_ctx.mutex);
353 g_ctx.mutex = NULL;
354 }
355
356 g_yh_initialized = false;
357
358 yh_exit();
359
360 DOUT;
361
362 if (_YHP11_OUTPUT != stdout && _YHP11_OUTPUT != stderr &&
363 _YHP11_OUTPUT != NULL) {
364 fclose(_YHP11_OUTPUT);
365 _YHP11_OUTPUT = stderr;
366 }
367
368 return CKR_OK;
369}
_YHP11_OUTPUT
FILE * _YHP11_OUTPUT
Definition debug_p11.c:25
list_iterate
void list_iterate(List *list, IteratorFn iterator_fn)
Definition list.c:175
CKR_ARGUMENTS_BAD
#define CKR_ARGUMENTS_BAD
Definition pkcs11.h:1098
yubihsm_pkcs11_context::destroy_mutex
CK_DESTROYMUTEX destroy_mutex
Definition yubihsm_pkcs11.h:144
yubihsm_pkcs11_context::slots
List slots
Definition yubihsm_pkcs11.h:142
yh_exit
yh_rc yh_exit(void)
Definition yubihsm.c:3910
pReserved
CK_FLAGS CK_SLOT_ID_PTR CK_VOID_PTR pReserved
Definition yubihsm_pkcs11.c:673
Here is the call graph for this function:

◆ CK_DEFINE_FUNCTION() [5/8]

CK_DEFINE_FUNCTION ( CK_RV ,
C_FindObjectsFinal  )

Definition at line 2281 of file yubihsm_pkcs11.c.

2281 {
2282
2283 DIN;
2284
2285 CK_RV rv = CKR_OK;
2286
2287 if (g_yh_initialized == false) {
2288 DBG_ERR("libyubihsm is not initialized or already finalized");
2289 return CKR_CRYPTOKI_NOT_INITIALIZED;
2290 }
2291
2292 yubihsm_pkcs11_session *session;
2293 rv = get_session(&g_ctx, hSession, &session, 0);
2294 if (rv != CKR_OK) {
2295 DBG_ERR("Unknown session %lu", hSession);
2296 return rv;
2297 }
2298
2299 if (session->operation.type != OPERATION_FIND) {
2300 rv = CKR_OPERATION_NOT_INITIALIZED;
2301 goto c_fof_out;
2302 }
2303
2304 session->operation.op.find.current_object = 0;
2305 session->operation.op.find.n_objects = 0;
2306
2307 session->operation.type = OPERATION_NOOP;
2308
2309 DOUT;
2310
2311c_fof_out:
2312
2313 release_session(&g_ctx, session);
2314
2315 return rv;
2316}
CKR_OPERATION_NOT_INITIALIZED
#define CKR_OPERATION_NOT_INITIALIZED
Definition pkcs11.h:1130
find_info::current_object
uint16_t current_object
Definition yubihsm_pkcs11.h:60
find_info::n_objects
size_t n_objects
Definition yubihsm_pkcs11.h:61
yubihsm_pkcs11_op_info::op
op op
Definition yubihsm_pkcs11.h:136
yubihsm_pkcs11_op_info::type
yubihsm_pkcs11_op_type type
Definition yubihsm_pkcs11.h:134
yubihsm_pkcs11_session::operation
yubihsm_pkcs11_op_info operation
Definition yubihsm_pkcs11.h:165
op::find
find_info find
Definition yubihsm_pkcs11.h:99
OPERATION_FIND
@ OPERATION_FIND
Definition yubihsm_pkcs11.h:49
OPERATION_NOOP
@ OPERATION_NOOP
Definition yubihsm_pkcs11.h:48
Here is the call graph for this function:

◆ CK_DEFINE_FUNCTION() [6/8]

CK_DEFINE_FUNCTION ( CK_RV ,
C_GetInfo  )

Definition at line 371 of file yubihsm_pkcs11.c.

371 {
372
373 DIN;
374
375 if (g_yh_initialized == false) {
376 DBG_ERR("libyubihsm is not initialized or already finalized");
377 return CKR_CRYPTOKI_NOT_INITIALIZED;
378 }
379 if (pInfo == NULL) {
380 return CKR_ARGUMENTS_BAD;
381 }
382
383 CK_VERSION ver = {VERSION_MAJOR, (VERSION_MINOR * 10) + VERSION_PATCH};
384
385 pInfo->cryptokiVersion = function_list.version;
386
387 memset(pInfo->manufacturerID, ' ', sizeof(pInfo->manufacturerID));
388 memcpy((char *) pInfo->manufacturerID, YUBIHSM_PKCS11_MANUFACTURER,
389 strlen(YUBIHSM_PKCS11_MANUFACTURER));
390
391 pInfo->flags = 0;
392
393 memset(pInfo->libraryDescription, ' ', sizeof(pInfo->libraryDescription));
394 memcpy((char *) pInfo->libraryDescription, YUBIHSM_PKCS11_LIBDESC,
395 strlen(YUBIHSM_PKCS11_LIBDESC));
396
397 pInfo->libraryVersion = ver;
398
399 DOUT;
400 return CKR_OK;
401}
ck_function_list::version
struct ck_version version
Definition pkcs11.h:1004
ck_slot_info::flags
ck_flags_t flags
Definition pkcs11.h:215
ck_version
Definition pkcs11.h:193
pInfo
CK_SLOT_ID CK_SLOT_INFO_PTR pInfo
Definition yubihsm_pkcs11.c:504
function_list
CK_FUNCTION_LIST function_list
Definition yubihsm_pkcs11.c:5124
YUBIHSM_PKCS11_MANUFACTURER
#define YUBIHSM_PKCS11_MANUFACTURER
Definition yubihsm_pkcs11.c:41
ver
CK_VERSION ver
Definition yubihsm_pkcs11.c:657
memset
memset(pInfo->slotDescription, ' ', 64)
memcpy
memcpy((char *) pInfo->slotDescription, s, l)
YUBIHSM_PKCS11_LIBDESC
#define YUBIHSM_PKCS11_LIBDESC
Definition yubihsm_pkcs11.c:42
Here is the call graph for this function:

◆ CK_DEFINE_FUNCTION() [7/8]

CK_DEFINE_FUNCTION ( CK_RV ,
C_Initialize  )

Definition at line 101 of file yubihsm_pkcs11.c.

101 {
102
103 DIN;
104
105 if (g_yh_initialized == true) {
106 return CKR_CRYPTOKI_ALREADY_INITIALIZED;
107 }
108
109 CK_C_INITIALIZE_ARGS_PTR init_args = pInitArgs;
110
111 yh_dbg_init(false, false, 0, "stderr");
112
113 if (pInitArgs != NULL) {
114 if ((init_args->flags & CKF_OS_LOCKING_OK) == 0 &&
115 init_args->CreateMutex == NULL && init_args->DestroyMutex == NULL &&
116 init_args->LockMutex == NULL && init_args->UnlockMutex == NULL) {
117 // NOTE(adma): no threading required
118 // all is good, do nothing
119 g_ctx.create_mutex = NULL;
120 g_ctx.destroy_mutex = NULL;
121 g_ctx.lock_mutex = NULL;
122 g_ctx.unlock_mutex = NULL;
123 } else if ((init_args->flags & CKF_OS_LOCKING_OK) != 0 &&
124 init_args->CreateMutex == NULL &&
125 init_args->DestroyMutex == NULL &&
126 init_args->LockMutex == NULL && init_args->UnlockMutex == NULL) {
127 // NOTE(adma): threading with native OS locks
128 set_native_locking(&g_ctx);
129 } else if ((init_args->flags & CKF_OS_LOCKING_OK) == 0 &&
130 init_args->CreateMutex != NULL &&
131 init_args->DestroyMutex != NULL &&
132 init_args->LockMutex != NULL && init_args->UnlockMutex != NULL) {
133 // NOTE(adma): threading with supplied functions
134 g_ctx.create_mutex = init_args->CreateMutex;
135 g_ctx.destroy_mutex = init_args->DestroyMutex;
136 g_ctx.lock_mutex = init_args->LockMutex;
137 g_ctx.unlock_mutex = init_args->UnlockMutex;
138 } else if ((init_args->flags & CKF_OS_LOCKING_OK) != 0 &&
139 init_args->CreateMutex != NULL &&
140 init_args->DestroyMutex != NULL &&
141 init_args->LockMutex != NULL && init_args->UnlockMutex != NULL) {
142 // NOTE(adma): threading with native or supplied functions
143 g_ctx.create_mutex = init_args->CreateMutex;
144 g_ctx.destroy_mutex = init_args->DestroyMutex;
145 g_ctx.lock_mutex = init_args->LockMutex;
146 g_ctx.unlock_mutex = init_args->UnlockMutex;
147 } else {
148 return CKR_ARGUMENTS_BAD;
149 }
150 }
151
152 if (g_ctx.create_mutex != NULL) {
153 if (g_ctx.create_mutex(&g_ctx.mutex) != CKR_OK) {
154 DBG_ERR("Unable to create global mutex");
155 return CKR_FUNCTION_FAILED;
156 }
157 } else {
158 g_ctx.mutex = NULL;
159 }
160
161 struct cmdline_parser_params params;
162
163 struct gengetopt_args_info args_info;
164
165 cmdline_parser_params_init(&params);
166
167 params.initialize = 1;
168 params.check_required = 1;
169
170 char *tmp = "";
171
172 if (cmdline_parser(0, &tmp, &args_info) != 0) {
173 DBG_ERR("Unable to initialize ggo structure");
174 return CKR_FUNCTION_FAILED;
175 }
176
177 params.initialize = 0;
178 params.override = 1;
179
180 char *args = NULL;
181 char *args_parsed = NULL;
182
183 yh_connector **connector_list = NULL;
184
185 if (init_args != NULL && init_args->pReserved != NULL) {
186 args = strdup(init_args->pReserved);
187 if (args == NULL) {
188 DBG_ERR("Failed copying reserved string");
189 return CKR_FUNCTION_FAILED;
190 }
191
192 char *str = args;
193 char *save = NULL;
194 char *part;
195 while ((part = strtok_r(str, " \r\n\t", &save))) {
196 char *new_ptr;
197 str = NULL;
198 if (args_parsed == NULL) {
199 new_ptr = calloc(strlen(part) + 4, sizeof(char));
200 } else {
201 new_ptr = realloc(args_parsed, strlen(args_parsed) + strlen(part) + 4);
202 }
203 if (new_ptr) {
204 args_parsed = new_ptr;
205 sprintf(args_parsed + strlen(args_parsed), "--%s ", part);
206 } else {
207 DBG_ERR("Failed allocating memory for args");
208 goto c_i_failure;
209 }
210 }
211
212 DBG_INFO("Now parsing supplied init args as '%s'", args_parsed);
213
214 if (cmdline_parser_string_ext(args_parsed, &args_info,
215 "yubihsm_pkcs11 module", &params) != 0) {
216 DBG_ERR("Parsing of the reserved init args '%s' failed", args);
217 goto c_i_failure;
218 }
219
220 free(args);
221 args = NULL;
222 free(args_parsed);
223 args_parsed = NULL;
224 }
225
226 // NOTE(thorduri): #TOCTOU
227 char *config_file = args_info.config_file_arg;
228 struct stat sb;
229 if (stat(config_file, &sb) == -1) {
230 config_file = getenv("YUBIHSM_PKCS11_CONF");
231 }
232
233 params.override = 0;
234
235 if (config_file != NULL &&
236 cmdline_parser_config_file(config_file, &args_info, &params) != 0) {
237 DBG_ERR("Unable to parse configuration file");
238 return CKR_FUNCTION_FAILED;
239 }
240
241 yh_dbg_init(args_info.debug_flag, args_info.dinout_flag,
242 args_info.libdebug_flag, args_info.debug_file_arg);
243
244 // NOTE(adma): it's better to set the argument optional and check its presence
245 // here
246 if (args_info.connector_given == 0) {
247 DBG_ERR("No connector defined");
248 return CKR_FUNCTION_FAILED;
249 }
250
251 if (yh_init() != YHR_SUCCESS) {
252 DBG_ERR("Unable to initialize libyubihsm");
253 return CKR_FUNCTION_FAILED;
254 }
255
256 DBG_INFO("Found %u configured connector(s)", args_info.connector_given);
257
258 connector_list = calloc(args_info.connector_given, sizeof(yh_connector *));
259 if (connector_list == NULL) {
260 DBG_ERR("Failed allocating memory");
261 goto c_i_failure;
262 }
263 size_t n_connectors = 0;
264 for (unsigned int i = 0; i < args_info.connector_given; i++) {
265 if (yh_init_connector(args_info.connector_arg[i], &connector_list[i]) !=
266 YHR_SUCCESS) {
267 DBG_ERR("Failed to init connector");
268 goto c_i_failure;
269 }
270 if (args_info.cacert_given) {
271 if (yh_set_connector_option(connector_list[i], YH_CONNECTOR_HTTPS_CA,
272 args_info.cacert_arg) != YHR_SUCCESS) {
273 DBG_ERR("Failed to set HTTPS CA option");
274 goto c_i_failure;
275 }
276 }
277 if (args_info.proxy_given) {
278 if (yh_set_connector_option(connector_list[i], YH_CONNECTOR_PROXY_SERVER,
279 args_info.proxy_arg) != YHR_SUCCESS) {
280 DBG_ERR("Failed to set proxy server option");
281 goto c_i_failure;
282 }
283 }
284
285 if (yh_connect(connector_list[i], args_info.timeout_arg) != YHR_SUCCESS) {
286 DBG_ERR("Failed to connect '%s'", args_info.connector_arg[i]);
287 continue;
288 } else {
289 n_connectors++;
290 }
291 }
292
293 if (add_connectors(&g_ctx, args_info.connector_given, args_info.connector_arg,
294 connector_list) == false) {
295 DBG_ERR("Failed building connectors list");
296 goto c_i_failure;
297 }
298
299 cmdline_parser_free(&args_info);
300 free(connector_list);
301
302 DBG_INFO("Found %zu usable connector(s)", n_connectors);
303
304 g_yh_initialized = true;
305
306 DOUT;
307 return CKR_OK;
308
309c_i_failure:
310
311 free(args_parsed);
312 free(args);
313
314 list_iterate(&g_ctx.slots, destroy_slot_mutex);
315 list_destroy(&g_ctx.slots);
316
317 if (connector_list) {
318 for (unsigned int i = 0; i < args_info.connector_given; i++) {
319 yh_disconnect(connector_list[i]);
320 }
321 }
322
323 cmdline_parser_free(&args_info);
324 free(connector_list);
325
326 if (g_ctx.mutex != NULL) {
327 g_ctx.destroy_mutex(g_ctx.mutex);
328 g_ctx.mutex = NULL;
329 }
330
331 return CKR_FUNCTION_FAILED;
332}
yh_dbg_init
void yh_dbg_init(int dbg, int dinout, int libdbg, const char *debug_file)
Definition debug_p11.c:27
CLI::detail::str
return str
Definition CLI11.hpp:1359
CKF_OS_LOCKING_OK
#define CKF_OS_LOCKING_OK
Definition pkcs11.h:1090
CKR_CRYPTOKI_ALREADY_INITIALIZED
#define CKR_CRYPTOKI_ALREADY_INITIALIZED
Definition pkcs11.h:1174
CKR_FUNCTION_FAILED
#define CKR_FUNCTION_FAILED
Definition pkcs11.h:1097
ck_c_initialize_args
Definition pkcs11.h:1080
ck_c_initialize_args::flags
ck_flags_t flags
Definition pkcs11.h:1085
yh_connector
Definition internal.h:37
yubihsm_pkcs11_context::create_mutex
CK_CREATEMUTEX create_mutex
Definition yubihsm_pkcs11.h:143
params
account_query_db::get_accounts_by_authorizers_params params
Definition test_account_query_db.cpp:20
add_connectors
bool add_connectors(yubihsm_pkcs11_context *ctx, int n_connectors, char **connector_names, yh_connector **connectors)
Definition util_pkcs11.c:2924
set_native_locking
void set_native_locking(yubihsm_pkcs11_context *ctx)
Definition util_pkcs11.c:2916
yh_init
yh_rc yh_init(void)
Definition yubihsm.c:3857
yh_set_connector_option
yh_rc yh_set_connector_option(yh_connector *connector, yh_connector_option opt, const void *val)
Definition yubihsm.c:4063
yh_init_connector
yh_rc yh_init_connector(const char *url, yh_connector **connector)
Definition yubihsm.c:4024
yh_connect
yh_rc yh_connect(yh_connector *connector, int timeout)
Definition yubihsm.c:4079
yh_disconnect
yh_rc yh_disconnect(yh_connector *connector)
Definition yubihsm.c:4097
YH_CONNECTOR_PROXY_SERVER
@ YH_CONNECTOR_PROXY_SERVER
Definition yubihsm.h:506
YH_CONNECTOR_HTTPS_CA
@ YH_CONNECTOR_HTTPS_CA
Definition yubihsm.h:503
Here is the call graph for this function:

◆ CK_DEFINE_FUNCTION() [8/8]

CK_DEFINE_FUNCTION ( CK_RV ,
C_Logout  )

Definition at line 1160 of file yubihsm_pkcs11.c.

1160 {
1161
1162 DIN;
1163
1164 CK_RV rv = CKR_OK;
1165
1166 if (g_yh_initialized == false) {
1167 DBG_ERR("libyubihsm is not initialized or already finalized");
1168 return CKR_CRYPTOKI_NOT_INITIALIZED;
1169 }
1170
1171 yubihsm_pkcs11_session *session;
1172 rv = get_session(&g_ctx, hSession, &session, SESSION_AUTHENTICATED);
1173 if (rv != CKR_OK) {
1174 DBG_ERR("Invalid session ID: %lu", hSession);
1175 return rv;
1176 }
1177
1178 if (yh_util_close_session(session->slot->device_session) != YHR_SUCCESS) {
1179 DBG_ERR("Failed closing session");
1180 rv = CKR_FUNCTION_FAILED;
1181 goto c_l_out;
1182 }
1183
1184 if (yh_destroy_session(&session->slot->device_session) != YHR_SUCCESS) {
1185 DBG_ERR("Failed destroying session");
1186 rv = CKR_FUNCTION_FAILED;
1187 goto c_l_out;
1188 }
1189
1190 session->slot->device_session = NULL;
1191
1192 list_iterate(&session->slot->pkcs11_sessions, logout_sessions);
1193
1194 DOUT;
1195
1196c_l_out:
1197
1198 release_session(&g_ctx, session);
1199
1200 return rv;
1201}
Here is the call graph for this function:

◆ DBG_ERR()

DBG_ERR ( "Verification update with %lu bytes" ,
ulPartLen  )

◆ DBG_INFO() [1/31]

DBG_INFO ( "After padding and transformation there are %u bytes" ,
session->operation. buffer_length )

◆ DBG_INFO() [2/31]

DBG_INFO ( "Allocated session %lu" ,
* phSession )

◆ DBG_INFO() [3/31]

DBG_INFO ( "Can return %lu object(s)" ,
ulMaxObjectCount  )

◆ DBG_INFO() [4/31]

DBG_INFO ( "Created object %04lx" ,
* phKey )

◆ DBG_INFO() [5/31]

DBG_INFO ( "Created object %08lx" ,
* phObject )

◆ DBG_INFO() [6/31]

DBG_INFO ( "Decrypt update with %lu bytes" ,
ulEncryptedPartLen  )

◆ DBG_INFO() [7/31]

DBG_INFO ( "Deleted object %08lx" ,
hObject  )

◆ DBG_INFO() [8/31]

DBG_INFO ( "Digest update with %lu bytes" ,
ulPartLen  )

◆ DBG_INFO() [9/31]

DBG_INFO ( "Encrypt update with %lu bytes" ,
ulPartLen  )

◆ DBG_INFO() [10/31]

DBG_INFO ( "Encrypting %lu bytes" ,
ulDataLen  )

◆ DBG_INFO() [11/31]

DBG_INFO ( "find with %lu attributes" ,
ulCount  )

◆ DBG_INFO() [12/31]

DBG_INFO ( "For object %08lx" ,
hObject  )

◆ DBG_INFO() [13/31]

DBG_INFO ( "Found %lu mechanisms" ,
* pulCount )

◆ DBG_INFO() [14/31]

DBG_INFO ( "Got %lu butes back" ,
* pulEncryptedDataLen )

◆ DBG_INFO() [15/31]

DBG_INFO ( "Got %lu bytes back" ,
* pulLastEncryptedPartLen )

◆ DBG_INFO() [16/31]

DBG_INFO ( "Returning %lu object(s)" ,
* pulObjectCount )

◆ DBG_INFO() [17/31]

DBG_INFO ( "Sending %lu bytes to digest" ,
ulDataLen  )

◆ DBG_INFO() [18/31]

DBG_INFO ( "Sending %lu bytes to sign" ,
ulDataLen  )

◆ DBG_INFO() [19/31]

DBG_INFO ( "Signature successfully verified" )

◆ DBG_INFO() [20/31]

DBG_INFO ( "Signature update with %lu bytes" ,
ulPartLen  )

◆ DBG_INFO() [21/31]

DBG_INFO ( "The size of the data will be %lu" ,
datalen  )

◆ DBG_INFO() [22/31]

DBG_INFO ( "The size of the signature will be %u" ,
session->operation.op.sign. sig_len )

◆ DBG_INFO() [23/31]

DBG_INFO ( "Trying to decrypt data with mechanism 0x%04lx and key %08lx" ,
pMechanism-> mechanism,
hKey  )

◆ DBG_INFO() [24/31]

DBG_INFO ( "Trying to digest data with mechanism 0x%04lx" ,
pMechanism-> mechanism )

◆ DBG_INFO() [25/31]

DBG_INFO ( "Trying to encrypt data with mechanism 0x%04lx and key %08lx" ,
pMechanism-> mechanism,
hKey  )

◆ DBG_INFO() [26/31]

DBG_INFO ( "Trying to sign data with mechanism 0x%04lx and key %08lx" ,
pMechanism-> mechanism,
hKey  )

◆ DBG_INFO() [27/31]

DBG_INFO ( "Trying to verify data with mechanism 0x%04lx and key %lx" ,
pMechanism-> mechanism,
hKey  )

◆ DBG_INFO() [28/31]

DBG_INFO ( "Unwrapped object %08lx" ,
* phKey )

◆ DBG_INFO() [29/31]

DBG_INFO ( "Using key %04x" ,
session->operation.op.decrypt. key_id )

◆ DBG_INFO() [30/31]

DBG_INFO ( "Using key %04x" ,
session->operation.op.sign. key_id )

◆ DBG_INFO() [31/31]

DBG_INFO ( "Using key %04x" ,
session->operation.op.verify. key_id )

◆ delete_object_from_cache()

delete_object_from_cache ( session->slot-> objects,
hObject  )

◆ ecdh_key()

memset & ecdh_key ( ecdh_key )

◆ for() [1/3]

for ( )

Definition at line 1245 of file yubihsm_pkcs11.c.

1245 {
1246 switch (pTemplate[i].type) {
1247 case CKA_CLASS:
1248 if (class.set == false) {
1249 class.d = *((CK_ULONG_PTR) pTemplate[i].pValue);
1250 class.set = true;
1251 } else {
1252 rv = CKR_TEMPLATE_INCONSISTENT;
1253 goto c_co_out;
1254 }
1255 break;
1256
1257 case CKA_KEY_TYPE:
1258 if (key_type.set == false) {
1259 key_type.d = *((CK_ULONG_PTR) pTemplate[i].pValue);
1260 key_type.set = true;
1261 } else {
1262 rv = CKR_TEMPLATE_INCONSISTENT;
1263 goto c_co_out;
1264 }
1265 break;
1266
1267 case CKA_ID:
1268 if (id.set == false) {
1269 id.d = parse_id_value(pTemplate[i].pValue, pTemplate[i].ulValueLen);
1270 if (id.d == (CK_ULONG) -1) {
1271 rv = CKR_ATTRIBUTE_VALUE_INVALID;
1272 goto c_co_out;
1273 }
1274 id.set = true;
1275 } else {
1276 rv = CKR_TEMPLATE_INCONSISTENT;
1277 goto c_co_out;
1278 }
1279 break;
1280
1281 case CKA_LABEL:
1282 if (pTemplate[i].ulValueLen > YH_OBJ_LABEL_LEN) {
1283 rv = CKR_ATTRIBUTE_VALUE_INVALID;
1284 goto c_co_out;
1285 }
1286
1287 memcpy(template.label, pTemplate[i].pValue, pTemplate[i].ulValueLen);
1288
1289 break;
1290
1291 case CKA_EXTRACTABLE:
1292 if ((rv = set_template_attribute(&template.exportable,
1293 pTemplate[i].pValue)) != CKR_OK) {
1294 goto c_co_out;
1295 }
1296 }
1297 }
CKA_ID
#define CKA_ID
Definition pkcs11.h:385
CK_ULONG_PTR
CK_ULONG * CK_ULONG_PTR
Definition pkcs11.h:1199
CK_ULONG
unsigned long int CK_ULONG
Definition pkcs11.h:1194
CKR_TEMPLATE_INCONSISTENT
#define CKR_TEMPLATE_INCONSISTENT
Definition pkcs11.h:1147
CKA_KEY_TYPE
#define CKA_KEY_TYPE
Definition pkcs11.h:383
CKR_ATTRIBUTE_VALUE_INVALID
#define CKR_ATTRIBUTE_VALUE_INVALID
Definition pkcs11.h:1105
CKA_LABEL
#define CKA_LABEL
Definition pkcs11.h:366
CKA_EXTRACTABLE
#define CKA_EXTRACTABLE
Definition pkcs11.h:415
CKA_CLASS
#define CKA_CLASS
Definition pkcs11.h:363
set_template_attribute
CK_RV set_template_attribute(yubihsm_pkcs11_attribute *attribute, void *value)
Definition util_pkcs11.c:2953
parse_id_value
int parse_id_value(void *value, CK_ULONG len)
Definition util_pkcs11.c:3556
YH_OBJ_LABEL_LEN
#define YH_OBJ_LABEL_LEN
Max length of object labels.
Definition yubihsm.h:123
d
CK_ULONG d
Definition yubihsm_pkcs11.c:1238
label
char * label
Definition yubihsm_pkcs11.c:1883
pTemplate
CK_SESSION_HANDLE CK_ATTRIBUTE_PTR pTemplate
Definition yubihsm_pkcs11.c:1204
c_co_out
goto c_co_out
Definition yubihsm_pkcs11.c:1541
key_type
struct @108 key_type
Here is the call graph for this function:

◆ for() [2/3]

for ( ListItem * item = g_ctx.slots.head; item != NULL; item = item->next)

Definition at line 468 of file yubihsm_pkcs11.c.

468 {
469 if (j == *pulCount) {
470 full = true;
471 }
472
473 yubihsm_pkcs11_slot *slot = (yubihsm_pkcs11_slot *) item->data;
474 if (tokenPresent == CK_TRUE) {
475 if (yh_connector_has_device(slot->connector) != true) {
476 continue;
477 }
478 }
479 if (full == false) {
480 pSlotList[j] = slot->id;
481
482 DBG_INFO("Returning slot %lu", pSlotList[j]);
483 } else {
484 overflow = true;
485 }
486
487 j += 1;
488 }
CK_TRUE
#define CK_TRUE
Definition pkcs11.h:1203
ListItem::data
void * data
Definition list.h:31
yubihsm_pkcs11_slot::id
uint16_t id
Definition yubihsm_pkcs11.h:151
yubihsm_pkcs11_slot::connector
yh_connector * connector
Definition yubihsm_pkcs11.h:154
yh_connector_has_device
bool yh_connector_has_device(yh_connector *connector)
Definition yubihsm.c:906
full
bool full
Definition yubihsm_pkcs11.c:466
pSlotList
CK_BBOOL CK_SLOT_ID_PTR pSlotList
Definition yubihsm_pkcs11.c:423
overflow
bool overflow
Definition yubihsm_pkcs11.c:467
j
uint16_t j
Definition yubihsm_pkcs11.c:465
pulCount
CK_BBOOL CK_SLOT_ID_PTR CK_ULONG_PTR pulCount
Definition yubihsm_pkcs11.c:423
tokenPresent
CK_BBOOL tokenPresent
Definition yubihsm_pkcs11.c:423
Here is the call graph for this function:

◆ for() [3/3]

for ( uint16_t i = 0; i < ulMaxObjectCount && session->operation.op.find.current_object < session->operation.op.find.n_objectssession->operation.op.find.current_object++)

Definition at line 2227 of file yubihsm_pkcs11.c.

2230 {
2231 yh_object_descriptor *object =
2232 &session->operation.op.find
2233 .objects[session->operation.op.find.current_object];
2234 uint32_t id;
2235 switch (object->type) {
2236 case YH_ASYMMETRIC_KEY:
2237 case YH_OPAQUE:
2238 case YH_WRAP_KEY:
2239 case YH_HMAC_KEY:
2240 case YH_PUBLIC_KEY:
2241 id = object->sequence << 24;
2242 id |= object->type << 16;
2243 id |= object->id;
2244 break;
2245 default:
2246 if (object->type == ECDH_KEY_TYPE) {
2247 id = ECDH_KEY_TYPE << 16;
2248 id |= object->id;
2249 } else {
2250 DBG_INFO("Found unknown object type %x, skipping over", object->type);
2251 continue;
2252 }
2253 }
2254
2255 phObject[i++] = id;
2256
2257 *pulObjectCount += 1;
2258
2259 if (!session->operation.op.find.only_private &&
2260 object->type == YH_ASYMMETRIC_KEY) {
2261 object->type |= 0x80;
2262 session->operation.op.find.current_object--;
2263 DBG_INFO("stepping back");
2264 }
2265
2266 DBG_INFO("Returning object %d as %08x",
2267 session->operation.op.find.current_object, id);
2268 }
uint32_t
unsigned int uint32_t
Definition stdint.h:126
find_info::only_private
bool only_private
Definition yubihsm_pkcs11.h:62
find_info::objects
yh_object_descriptor objects[YH_MAX_ITEMS_COUNT]
Definition yubihsm_pkcs11.h:59
yh_object_descriptor
Definition yubihsm.h:540
yh_object_descriptor::type
yh_object_type type
Object type.
Definition yubihsm.h:550
YH_WRAP_KEY
@ YH_WRAP_KEY
Definition yubihsm.h:369
YH_OPAQUE
@ YH_OPAQUE
Definition yubihsm.h:362
YH_HMAC_KEY
@ YH_HMAC_KEY
HMAC Key is a secret key used when computing and verifying HMAC signatures.
Definition yubihsm.h:371
YH_ASYMMETRIC_KEY
@ YH_ASYMMETRIC_KEY
Asymmetric Key is the private key of an asymmetric key-pair.
Definition yubihsm.h:366
YH_PUBLIC_KEY
@ YH_PUBLIC_KEY
Definition yubihsm.h:379
object
yh_object_descriptor object
Definition yubihsm_pkcs11.c:1544
id
struct @108 id
Definition yubihsm_pkcs11.c:1304
phObject
CK_SESSION_HANDLE CK_ATTRIBUTE_PTR CK_ULONG CK_OBJECT_HANDLE_PTR phObject
Definition yubihsm_pkcs11.c:1205
pulObjectCount
CK_SESSION_HANDLE CK_OBJECT_HANDLE_PTR CK_ULONG CK_ULONG_PTR pulObjectCount
Definition yubihsm_pkcs11.c:2196
ECDH_KEY_TYPE
#define ECDH_KEY_TYPE
Definition yubihsm_pkcs11.h:28

◆ if() [1/81]

if ( ! pulCount)

Definition at line 432 of file yubihsm_pkcs11.c.

432 {
433 DBG_ERR("pulCount argument bad");
434 return CKR_ARGUMENTS_BAD;
435 }

◆ if() [2/81]

if ( (expected_key_length > 0) &&(expected_key_length !=out_len) )

Definition at line 5008 of file yubihsm_pkcs11.c.

5008 {
5009 DBG_ERR("Failed to derive a key with the expected length");
5010 rv = CKR_FUNCTION_FAILED;
5011 goto c_drv_out;
5012 }
c_drv_out
goto c_drv_out
Definition yubihsm_pkcs11.c:4975

◆ if() [3/81]

if ( (flags &CKF_SERIAL_SESSION) = = 0)

Definition at line 829 of file yubihsm_pkcs11.c.

829 {
830 // NOTE(adma): required by specs
831 DBG_ERR("Open session called without CKF_SERIAL_SESSION set");
832 return CKR_SESSION_PARALLEL_NOT_SUPPORTED;
833 }
CKR_SESSION_PARALLEL_NOT_SUPPORTED
#define CKR_SESSION_PARALLEL_NOT_SUPPORTED
Definition pkcs11.h:1139

◆ if() [4/81]

if ( basekey_type = ECDH_KEY_TYPE)

Definition at line 4931 of file yubihsm_pkcs11.c.

4931 {
4932 DBG_ERR("Cannot derive an ECDH key from another ECDH key");
4933 rv = CKR_ARGUMENTS_BAD;
4934 goto c_drv_out;
4935 }

◆ if() [5/81]

if ( check_decrypt_mechanism(session->slot, pMechanism) ! = true)

Definition at line 2673 of file yubihsm_pkcs11.c.

2673 {
2674 DBG_ERR("Decryption mechanism %lu not supported", pMechanism->mechanism);
2675 rv = CKR_MECHANISM_INVALID;
2676 goto c_di_out;
2677 }
CKR_MECHANISM_INVALID
#define CKR_MECHANISM_INVALID
Definition pkcs11.h:1126
ck_mechanism::mechanism
ck_mechanism_type_t mechanism
Definition pkcs11.h:695
c_di_out
goto c_di_out
Definition yubihsm_pkcs11.c:2781
pMechanism
CK_SESSION_HANDLE CK_MECHANISM_PTR pMechanism
Definition yubihsm_pkcs11.c:2319

◆ if() [6/81]

if ( check_digest_mechanism(pMechanism) ! = true)

Definition at line 3116 of file yubihsm_pkcs11.c.

3116 {
3117 DBG_ERR("Digest mechanism %lu not supported", pMechanism->mechanism);
3118 rv = CKR_MECHANISM_INVALID;
3119 goto c_di_out;
3120 }

◆ if() [7/81]

if ( check_encrypt_mechanism(session->slot, pMechanism) ! = true)

Definition at line 2369 of file yubihsm_pkcs11.c.

2369 {
2370 DBG_ERR("Encryption mechanism %lu not supported", pMechanism->mechanism);
2371 rv = CKR_MECHANISM_INVALID;
2372 goto c_ei_out;
2373 }

◆ if() [8/81]

if ( check_sign_mechanism(session->slot, pMechanism) ! = true)

Definition at line 3477 of file yubihsm_pkcs11.c.

3477 {
3478 DBG_ERR("Signing mechanism %lu not supported", pMechanism->mechanism);
3479 rv = CKR_MECHANISM_INVALID;
3480 goto c_si_out;
3481 }
c_si_out
goto c_si_out
Definition yubihsm_pkcs11.c:3565

◆ if() [9/81]

if ( check_verify_mechanism(session->slot, pMechanism) ! = true)

Definition at line 3901 of file yubihsm_pkcs11.c.

3901 {
3902 DBG_ERR("Verification mechanism %lu not supported", pMechanism->mechanism);
3903 rv = CKR_MECHANISM_INVALID;
3904 goto c_vi_out;
3905 }
c_vi_out
goto c_vi_out
Definition yubihsm_pkcs11.c:3916

◆ if() [10/81]

if ( check_wrap_mechanism(session->slot, pMechanism) ! = true)

Definition at line 4741 of file yubihsm_pkcs11.c.

4741 {
4742 DBG_ERR("Wrapping mechanism %lu not supported", pMechanism->mechanism);
4743 rv = CKR_MECHANISM_INVALID;
4744 goto c_wk_out;
4745 }

◆ if() [11/81]

if ( class. set = = false)

Definition at line 1299 of file yubihsm_pkcs11.c.

1299 {
1300 rv = CKR_TEMPLATE_INCOMPLETE;
1301 goto c_co_out;
1302 }
CKR_TEMPLATE_INCOMPLETE
#define CKR_TEMPLATE_INCOMPLETE
Definition pkcs11.h:1146

◆ if() [12/81]

if ( create_session(slot, flags, phSession) = = false)

Definition at line 851 of file yubihsm_pkcs11.c.

851 {
852 DBG_ERR("Connector %lu has too many open sessions", slotID);
853 rv = CKR_SESSION_COUNT;
854 goto c_os_out;
855 }
CKR_SESSION_COUNT
#define CKR_SESSION_COUNT
Definition pkcs11.h:1137

◆ if() [13/81]

if ( g_yh_initialized = = false)

Definition at line 427 of file yubihsm_pkcs11.c.

427 {
428 DBG_ERR("libyubihsm is not initialized or already finalized");
429 return CKR_CRYPTOKI_NOT_INITIALIZED;
430 }

◆ if() [14/81]

if ( get_mechanism_info(slot, type, pInfo) = = false)

Definition at line 752 of file yubihsm_pkcs11.c.

752 {
753 DBG_ERR("Invalid mechanism %lu", type);
754 rv = CKR_MECHANISM_INVALID;
755 } else {

◆ if() [15/81]

if ( in_len ! = params->ulPublicDataLen)

Definition at line 4979 of file yubihsm_pkcs11.c.

4979 {
4980 DBG_ERR("Invalid parameter");
4981 return CKR_ARGUMENTS_BAD;
4982 }

◆ if() [16/81]

else if ( is_ECDSA_sign_mechanism(session->operation.mechanism.mechanism) )

Definition at line 4054 of file yubihsm_pkcs11.c.

4054 {
4055 siglen = ((session->operation.op.verify.key_len + 7) / 8) * 2;
4056 } else {
verify_info::key_len
CK_ULONG key_len
Definition yubihsm_pkcs11.h:95
op::verify
verify_info verify
Definition yubihsm_pkcs11.h:102
siglen
CK_ULONG siglen
Definition yubihsm_pkcs11.c:4029

◆ if() [17/81]

if ( is_HMAC_sign_mechanism(session->operation.mechanism.mechanism) = = true)

Definition at line 4030 of file yubihsm_pkcs11.c.

4030 {
4031 switch (session->operation.mechanism.mechanism) {
4032 case CKM_SHA_1_HMAC:
4033 siglen = 20;
4034 break;
4035
4036 case CKM_SHA256_HMAC:
4037 siglen = 32;
4038 break;
4039
4040 case CKM_SHA384_HMAC:
4041 siglen = 48;
4042 break;
4043
4044 case CKM_SHA512_HMAC:
4045 siglen = 64;
4046 break;
4047 default:
4048 rv = CKR_ARGUMENTS_BAD;
4049 goto c_v_out;
4050 }
4051 } else if (is_RSA_sign_mechanism(session->operation.mechanism.mechanism) ==
CKM_SHA_1_HMAC
#define CKM_SHA_1_HMAC
Definition pkcs11.h:533
CKM_SHA256_HMAC
#define CKM_SHA256_HMAC
Definition pkcs11.h:542
CKM_SHA384_HMAC
#define CKM_SHA384_HMAC
Definition pkcs11.h:545
CKM_SHA512_HMAC
#define CKM_SHA512_HMAC
Definition pkcs11.h:548
mechanism::mechanism
CK_MECHANISM_TYPE mechanism
Definition yubihsm_pkcs11.h:108
yubihsm_pkcs11_op_info::mechanism
mechanism mechanism
Definition yubihsm_pkcs11.h:135
is_RSA_sign_mechanism
bool is_RSA_sign_mechanism(CK_MECHANISM_TYPE m)
Definition util_pkcs11.c:2605
c_v_out
goto c_v_out
Definition yubihsm_pkcs11.c:4060
Here is the call graph for this function:

◆ if() [18/81]

else if ( is_RSA_sign_mechanism(session->operation.mechanism.mechanism) = = true)

Definition at line 4051 of file yubihsm_pkcs11.c.

4052 {
4053 siglen = (session->operation.op.verify.key_len + 7) / 8;
4054 } else if (is_ECDSA_sign_mechanism(session->operation.mechanism.mechanism)) {
is_ECDSA_sign_mechanism
bool is_ECDSA_sign_mechanism(CK_MECHANISM_TYPE m)
Definition util_pkcs11.c:2690

◆ if() [19/81]

if ( key = = NULL)

Definition at line 4750 of file yubihsm_pkcs11.c.

4750 {
4751 DBG_ERR("No wrap key found");
4752 rv = CKR_WRAPPING_KEY_HANDLE_INVALID;
4753 goto c_wk_out;
4754 }
CKR_WRAPPING_KEY_HANDLE_INVALID
#define CKR_WRAPPING_KEY_HANDLE_INVALID
Definition pkcs11.h:1162

◆ if() [20/81]

if ( key_type. set = = false || class.set == false)

Definition at line 4413 of file yubihsm_pkcs11.c.

4413 {
4414 rv = CKR_TEMPLATE_INCOMPLETE;
4415 goto c_gk_out;
4416 }
c_gk_out
goto c_gk_out
Definition yubihsm_pkcs11.c:4512

◆ if() [21/81]

if ( len ! = ulRandomLen || pRandomData == NULL)

Definition at line 5063 of file yubihsm_pkcs11.c.

5063 {
5064 DBG_ERR("Invalid parameter");
5065 return CKR_ARGUMENTS_BAD;
5066 }

◆ if() [22/81]

if ( len ,
* pulWrappedKeyLen )

Definition at line 4782 of file yubihsm_pkcs11.c.

4782 {
4783 DBG_ERR("buffer to small, needed %lu, got %lu", (unsigned long) len,
4784 *pulWrappedKeyLen);
4785 rv = CKR_BUFFER_TOO_SMALL;
4786 goto c_wk_out;
4787 }
CKR_BUFFER_TOO_SMALL
#define CKR_BUFFER_TOO_SMALL
Definition pkcs11.h:1169
pulWrappedKeyLen
CK_SESSION_HANDLE CK_MECHANISM_PTR CK_OBJECT_HANDLE CK_OBJECT_HANDLE CK_BYTE_PTR CK_ULONG_PTR pulWrappedKeyLen
Definition yubihsm_pkcs11.c:4686
len
size_t len
Definition yubihsm_pkcs11.c:4771

◆ if() [23/81]

if ( object->object.type ! = YH_WRAP_KEY)

Definition at line 2376 of file yubihsm_pkcs11.c.

2376 {
2377 DBG_ERR("Wrong key type or algorithm");
2378 rv = CKR_KEY_TYPE_INCONSISTENT;
2379 goto c_ei_out;
2380 }
CKR_KEY_TYPE_INCONSISTENT
#define CKR_KEY_TYPE_INCONSISTENT
Definition pkcs11.h:1118

◆ if() [24/81]

else if ( object->object. type = YH_ASYMMETRIC_KEY && yh_is_rsa(object->object.algorithm))

Definition at line 2680 of file yubihsm_pkcs11.c.

2681 {
2682 DBG_INFO("RSA decryption requested");
2683
2684 size_t key_length;
2685 yh_rc yrc = yh_get_key_bitlength(object->object.algorithm, &key_length);
2686 if (yrc != YHR_SUCCESS) {
2687 DBG_ERR("Unable to get key length: %s", yh_strerror(yrc));
2688 rv = CKR_FUNCTION_FAILED;
2689 goto c_di_out;
2690 }
2691
2692 session->operation.op.decrypt.key_len = key_length;
2693
2694 if (pMechanism->mechanism == CKM_RSA_PKCS_OAEP) {
2695 if (pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_OAEP_PARAMS)) {
2696 DBG_ERR("Length of mechanism parameters does not match expected value: "
2697 "found %lu, expected %zu",
2698 pMechanism->ulParameterLen, sizeof(CK_RSA_PKCS_OAEP_PARAMS));
2699 rv = CKR_MECHANISM_PARAM_INVALID;
2700 goto c_di_out;
2701 }
2702
2703 CK_RSA_PKCS_OAEP_PARAMS *params = pMechanism->pParameter;
2704
2705 if (params->source == 0 && params->ulSourceDataLen != 0) {
2706 DBG_ERR("Source parameter empty but sourceDataLen != 0");
2707 rv = CKR_MECHANISM_PARAM_INVALID;
2708 goto c_di_out;
2709 } else if (params->source != 0 && params->source != CKZ_DATA_SPECIFIED) {
2710 DBG_ERR("Unknown value in parameter source");
2711 rv = CKR_MECHANISM_PARAM_INVALID;
2712 goto c_di_out;
2713 }
2714
2715 switch (params->mgf) {
2716 case CKG_MGF1_SHA1:
2717 session->operation.mechanism.oaep.mgf1Algo = YH_ALGO_MGF1_SHA1;
2718 break;
2719 case CKG_MGF1_SHA256:
2720 session->operation.mechanism.oaep.mgf1Algo = YH_ALGO_MGF1_SHA256;
2721 break;
2722 case CKG_MGF1_SHA384:
2723 session->operation.mechanism.oaep.mgf1Algo = YH_ALGO_MGF1_SHA384;
2724 break;
2725 case CKG_MGF1_SHA512:
2726 session->operation.mechanism.oaep.mgf1Algo = YH_ALGO_MGF1_SHA512;
2727 break;
2728 default:
2729 rv = CKR_MECHANISM_PARAM_INVALID;
2730 goto c_di_out;
2731 };
2732
2733 const EVP_MD *md = NULL;
2734
2735 switch (params->hashAlg) {
2736 case CKM_SHA_1:
2737 md = EVP_sha1();
2738 break;
2739 case CKM_SHA256:
2740 md = EVP_sha256();
2741 break;
2742 case CKM_SHA384:
2743 md = EVP_sha384();
2744 break;
2745 case CKM_SHA512:
2746 md = EVP_sha512();
2747 break;
2748 default:
2749 rv = CKR_MECHANISM_PARAM_INVALID;
2750 goto c_di_out;
2751 }
2752 mdctx = EVP_MD_CTX_create();
2753
2754 if (EVP_DigestInit_ex(mdctx, md, NULL) == 0) {
2755 rv = CKR_MECHANISM_PARAM_INVALID;
2756 goto c_di_out;
2757 }
2758
2759 if (EVP_DigestUpdate(mdctx, params->pSourceData,
2760 params->ulSourceDataLen) != 1) {
2761 rv = CKR_FUNCTION_FAILED;
2762 goto c_di_out;
2763 }
2764 if (EVP_DigestFinal_ex(mdctx, session->operation.mechanism.oaep.label,
2765 &session->operation.mechanism.oaep.label_len) !=
2766 1) {
2767 rv = CKR_FUNCTION_FAILED;
2768 goto c_di_out;
2769 }
2770 } else if (pMechanism->mechanism != CKM_RSA_PKCS) {
2771 DBG_ERR("Mechanism %lu not supported", pMechanism->mechanism);
2772 rv = CKR_MECHANISM_INVALID;
2773 goto c_di_out;
2774 }
2775 } else if (object->object.type == YH_WRAP_KEY &&
yh_strerror
const char * yh_strerror(yh_rc err)
Definition error.c:65
CKG_MGF1_SHA256
#define CKG_MGF1_SHA256
Definition pkcs11.h:746
CKM_RSA_PKCS
#define CKM_RSA_PKCS
Definition pkcs11.h:470
CKR_MECHANISM_PARAM_INVALID
#define CKR_MECHANISM_PARAM_INVALID
Definition pkcs11.h:1127
CKG_MGF1_SHA512
#define CKG_MGF1_SHA512
Definition pkcs11.h:748
CKM_SHA256
#define CKM_SHA256
Definition pkcs11.h:541
CKG_MGF1_SHA384
#define CKG_MGF1_SHA384
Definition pkcs11.h:747
CKZ_DATA_SPECIFIED
#define CKZ_DATA_SPECIFIED
Definition pkcs11.h:752
CKM_RSA_PKCS_OAEP
#define CKM_RSA_PKCS_OAEP
Definition pkcs11.h:478
CKM_SHA384
#define CKM_SHA384
Definition pkcs11.h:544
CKM_SHA512
#define CKM_SHA512
Definition pkcs11.h:547
CKG_MGF1_SHA1
#define CKG_MGF1_SHA1
Definition pkcs11.h:744
CKM_SHA_1
#define CKM_SHA_1
Definition pkcs11.h:532
CK_RSA_PKCS_OAEP_PARAMS
Definition pkcs11.h:754
decrypt_info::key_len
CK_ULONG key_len
Definition yubihsm_pkcs11.h:80
mechanism::oaep
struct mechanism::@110::@112 oaep
yh_object_descriptor::algorithm
yh_algorithm algorithm
Object algorithm.
Definition yubihsm.h:552
op::decrypt
decrypt_info decrypt
Definition yubihsm_pkcs11.h:103
yh_get_key_bitlength
yh_rc yh_get_key_bitlength(yh_algorithm algorithm, size_t *result)
Definition yubihsm.c:4309
YH_ALGO_MGF1_SHA512
@ YH_ALGO_MGF1_SHA512
mgf1-sha512
Definition yubihsm.h:460
YH_ALGO_MGF1_SHA384
@ YH_ALGO_MGF1_SHA384
mgf1-sha384
Definition yubihsm.h:458
YH_ALGO_MGF1_SHA1
@ YH_ALGO_MGF1_SHA1
mgf1-sha1
Definition yubihsm.h:454
YH_ALGO_MGF1_SHA256
@ YH_ALGO_MGF1_SHA256
mgf1-sha256
Definition yubihsm.h:456
yh_rc
yh_rc
Definition yubihsm.h:170
mdctx
EVP_MD_CTX * mdctx
Definition yubihsm_pkcs11.c:2628
yrc
yh_rc yrc
Definition yubihsm_pkcs11.c:606
key_length
size_t key_length
Definition yubihsm_pkcs11.c:3467
Here is the call graph for this function:

◆ if() [25/81]

if ( object = = NULL)

Definition at line 1626 of file yubihsm_pkcs11.c.

1626 {
1627 DBG_ERR("Object not found");
1628 rv = CKR_OBJECT_HANDLE_INVALID;
1629 goto c_do_out;
1630 }
CKR_OBJECT_HANDLE_INVALID
#define CKR_OBJECT_HANDLE_INVALID
Definition pkcs11.h:1128

◆ if() [26/81]

if ( overflow = = true)

Definition at line 492 of file yubihsm_pkcs11.c.

492 {
493 GLOBAL_UNLOCK_OR_RETURN;
494 return CKR_BUFFER_TOO_SMALL;
495 }
GLOBAL_UNLOCK_OR_RETURN
#define GLOBAL_UNLOCK_OR_RETURN
Definition yubihsm_pkcs11.c:59

◆ if() [27/81]

if ( params-> kdf = CKD_NULL)

Definition at line 4965 of file yubihsm_pkcs11.c.

4965 {
4966 if ((params->pSharedData != NULL) || (params->ulSharedDataLen != 0)) {
4967 DBG_ERR("Mechanism parameters incompatible with key derivation function "
4968 "CKD_NULL");
4969 rv = CKR_MECHANISM_PARAM_INVALID;
4970 goto c_drv_out;
4971 }
4972 } else {

◆ if() [28/81]

if ( parse_hex(pPin, 4,(uint8_t *) &key_id) = = false)

Definition at line 1106 of file yubihsm_pkcs11.c.

1106 {
1107 DBG_ERR(
1108 "PIN contains invalid characters, first four digits must be [0-9A-Fa-f]");
1109 return CKR_PIN_INCORRECT;
1110 }
CKR_PIN_INCORRECT
#define CKR_PIN_INCORRECT
Definition pkcs11.h:1131

◆ if() [29/81]

if ( pData = = NULL)

Definition at line 2863 of file yubihsm_pkcs11.c.

2863 {
2864 // NOTE(adma): Just return the size of the data
2865 *pulDataLen = datalen;
2866
2867 rv = CKR_OK;
2868 terminate = false;
2869
2870 DOUT;
2871 goto c_d_out;
2872 }
pulDataLen
CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG CK_BYTE_PTR CK_ULONG_PTR pulDataLen
Definition yubihsm_pkcs11.c:2812
datalen
CK_ULONG datalen
Definition yubihsm_pkcs11.c:2428
terminate
bool terminate
Definition yubihsm_pkcs11.c:2400
c_d_out
goto c_d_out
Definition yubihsm_pkcs11.c:2858

◆ if() [30/81]

if ( pDigest = = NULL)

Definition at line 3186 of file yubihsm_pkcs11.c.

3186 {
3187 // NOTE(adma): Just return the size of the digest
3188 DBG_INFO("The size of the digest will be %lu",
3189 session->operation.op.digest.digest_len);
3190
3191 *pulDigestLen = session->operation.op.digest.digest_len;
3192
3193 rv = CKR_OK;
3194 terminate = false;
3195
3196 DOUT;
3197 goto c_d_out;
3198 }
digest_info::digest_len
CK_ULONG digest_len
Definition yubihsm_pkcs11.h:74
op::digest
digest_info digest
Definition yubihsm_pkcs11.h:101
pulDigestLen
CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG CK_BYTE_PTR CK_ULONG_PTR pulDigestLen
Definition yubihsm_pkcs11.c:3147

◆ if() [31/81]

if ( pEncryptedData = = NULL)

Definition at line 2431 of file yubihsm_pkcs11.c.

2431 {
2432 // NOTE: if data is NULL, just return size we'll need
2433 *pulEncryptedDataLen = datalen;
2434 rv = CKR_OK;
2435 terminate = false;
2436
2437 DOUT;
2438 goto c_e_out;
2439 }
pulEncryptedDataLen
CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG CK_BYTE_PTR CK_ULONG_PTR pulEncryptedDataLen
Definition yubihsm_pkcs11.c:2395
c_e_out
goto c_e_out
Definition yubihsm_pkcs11.c:2448

◆ if() [32/81]

if ( pEncryptedPart = = NULL)

Definition at line 2956 of file yubihsm_pkcs11.c.

2956 {
2957 DBG_ERR("No data provided");
2958 rv = CKR_ARGUMENTS_BAD;
2959 goto c_du_out;
2960 }

◆ if() [33/81]

if ( phObject = = NULL || ulMaxObjectCount == 0 || pulObjectCount == NULL)

Definition at line 2214 of file yubihsm_pkcs11.c.

2214 {
2215 rv = CKR_ARGUMENTS_BAD;
2216 goto c_fo_out;
2217 }

◆ if() [34/81]

if ( phSession = = NULL)

Definition at line 824 of file yubihsm_pkcs11.c.

824 {
825 DBG_ERR("Wrong/Missing parameter");
826 return CKR_ARGUMENTS_BAD;
827 }

◆ if() [35/81]

if ( pInfo = = NULL)

Definition at line 741 of file yubihsm_pkcs11.c.

741 {
742 DBG_ERR("Wrong/missing parameter");
743 return CKR_ARGUMENTS_BAD;
744 }

◆ if() [36/81]

if ( pLastEncryptedPart = = NULL)

Definition at line 2589 of file yubihsm_pkcs11.c.

2589 {
2590 // NOTE: should this rather return length and ok?
2591 DBG_ERR("No buffer provided");
2592 rv = CKR_ARGUMENTS_BAD;
2593 goto c_ef_out;
2594 }
c_ef_out
goto c_ef_out
Definition yubihsm_pkcs11.c:2574

◆ if() [37/81]

if ( pLastPart = = NULL)

Definition at line 3040 of file yubihsm_pkcs11.c.

3040 {
3041 DBG_ERR("No buffer provided, length check only");
3042 *pulLastPartLen = datalen;
3043 rv = CKR_OK;
3044 terminate = false;
3045 goto c_df_out;
3046 }
c_df_out
goto c_df_out
Definition yubihsm_pkcs11.c:3037
pulLastPartLen
CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG_PTR pulLastPartLen
Definition yubihsm_pkcs11.c:2992

◆ if() [38/81]

if ( pMechanism->mechanism ! = CKM_GENERIC_SECRET_KEY_GEN)

Definition at line 4345 of file yubihsm_pkcs11.c.

4345 {
4346 DBG_ERR("Invalid mechanism %lu", pMechanism->mechanism);
4347 rv = CKR_MECHANISM_INVALID;
4348 goto c_gk_out;
4349 }

◆ if() [39/81]

else if ( pMechanism-> mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN)

Definition at line 4573 of file yubihsm_pkcs11.c.

4573 {
4574 rv =
4575 parse_rsa_generate_template(pPublicKeyTemplate, ulPublicKeyAttributeCount,
4576 pPrivateKeyTemplate,
4577 ulPrivateKeyAttributeCount, &template);
4578 } else if (pMechanism->mechanism == CKM_EC_KEY_PAIR_GEN) {
CKM_EC_KEY_PAIR_GEN
#define CKM_EC_KEY_PAIR_GEN
Definition pkcs11.h:645
parse_rsa_generate_template
CK_RV parse_rsa_generate_template(CK_ATTRIBUTE_PTR pPublicKeyTemplate, CK_ULONG ulPublicKeyAttributeCount, CK_ATTRIBUTE_PTR pPrivateKeyTemplate, CK_ULONG ulPrivateKeyAttributeCount, yubihsm_pkcs11_object_template *template)
Definition util_pkcs11.c:3305
ulPrivateKeyAttributeCount
CK_SESSION_HANDLE CK_MECHANISM_PTR CK_ATTRIBUTE_PTR CK_ULONG CK_ATTRIBUTE_PTR CK_ULONG ulPrivateKeyAttributeCount
Definition yubihsm_pkcs11.c:4538
pPrivateKeyTemplate
CK_SESSION_HANDLE CK_MECHANISM_PTR CK_ATTRIBUTE_PTR CK_ULONG CK_ATTRIBUTE_PTR pPrivateKeyTemplate
Definition yubihsm_pkcs11.c:4538
ulPublicKeyAttributeCount
CK_SESSION_HANDLE CK_MECHANISM_PTR CK_ATTRIBUTE_PTR CK_ULONG ulPublicKeyAttributeCount
Definition yubihsm_pkcs11.c:4537
pPublicKeyTemplate
CK_SESSION_HANDLE CK_MECHANISM_PTR CK_ATTRIBUTE_PTR pPublicKeyTemplate
Definition yubihsm_pkcs11.c:4537
Here is the call graph for this function:

◆ if() [40/81]

if ( pMechanism = = NULL || pMechanism->mechanism != CKM_YUBICO_AES_CCM_WRAP)

Definition at line 2331 of file yubihsm_pkcs11.c.

2331 {
2332 DBG_ERR("Invalid Mechanism");
2333 return CKR_ARGUMENTS_BAD;
2334 }

◆ if() [41/81]

if ( pPart = = NULL)

Definition at line 2508 of file yubihsm_pkcs11.c.

2508 {
2509 DBG_ERR("No data provided");
2510 rv = CKR_ARGUMENTS_BAD;
2511 goto c_eu_out;
2512 }

◆ if() [42/81]

if ( ppFunctionList = = NULL)

Definition at line 409 of file yubihsm_pkcs11.c.

409 {
410 DBG_ERR("GetFunctionList called with ppFunctionList = NULL");
411 return CKR_ARGUMENTS_BAD;
412 }
Here is the caller graph for this function:

◆ if() [43/81]

if ( pSignature = = NULL)

Definition at line 3623 of file yubihsm_pkcs11.c.

3623 {
3624 // NOTE(adma): Just return the size of the signature
3625 *pulSignatureLen = session->operation.op.sign.sig_len;
3626
3627 rv = CKR_OK;
3628 terminate = false;
3629 DOUT;
3630 goto c_s_out;
3631 }
sign_info::sig_len
uint16_t sig_len
Definition yubihsm_pkcs11.h:69
op::sign
sign_info sign
Definition yubihsm_pkcs11.h:100
c_s_out
goto c_s_out
Definition yubihsm_pkcs11.c:3640
pulSignatureLen
CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG CK_BYTE_PTR CK_ULONG_PTR pulSignatureLen
Definition yubihsm_pkcs11.c:3593

◆ if() [44/81]

if ( pSlotList = = NULL)

Definition at line 439 of file yubihsm_pkcs11.c.

439 {
440 *pulCount = 0;
441 // NOTE(adma) just return the number of slots
442 if (tokenPresent == CK_TRUE) {
443 for (ListItem *item = g_ctx.slots.head; item != NULL; item = item->next) {
444 yubihsm_pkcs11_slot *slot = (yubihsm_pkcs11_slot *) item->data;
445 if (yh_connector_has_device(slot->connector) == true) {
446 *pulCount += 1;
447 }
448 }
449
450 DBG_INFO("Number of slots with a token is %lu", *pulCount);
451 } else {
452 *pulCount = g_ctx.slots.length;
453
454 DBG_INFO("Total number of slots is %lu", *pulCount);
455 }
456 // NOTE(adma): actually return the slot IDs
457 DBG_INFO("Can return %lu slot(s)", *pulCount);
458
459 GLOBAL_UNLOCK_OR_RETURN;
460
461 DOUT;
462 return CKR_OK;
463 }
List::head
ListItem * head
Definition list.h:38
ListItem::next
ListItem * next
Definition list.h:32
Here is the call graph for this function:

◆ if() [45/81]

if ( pTemplate = = NULL || ulCount == 0 || phObject == NULL)

Definition at line 1216 of file yubihsm_pkcs11.c.

1216 {
1217 DBG_ERR("Called with invalid parameters: pTemplate=%p ulCount=%lu "
1218 "phObject=%p",
1219 (void *) pTemplate, ulCount, (void *) phObject);
1220 return CKR_ARGUMENTS_BAD;
1221 }
ulCount
CK_SESSION_HANDLE CK_ATTRIBUTE_PTR CK_ULONG ulCount
Definition yubihsm_pkcs11.c:1204

◆ if() [46/81]

if ( pulCount = = NULL)

Definition at line 698 of file yubihsm_pkcs11.c.

698 {
699 DBG_ERR("Wrong/missing parameter");
700 return CKR_ARGUMENTS_BAD;
701 }

◆ if() [47/81]

if ( pulDigestLen = = NULL)

Definition at line 3180 of file yubihsm_pkcs11.c.

3180 {
3181 DBG_ERR("Wrong/missing parameter");
3182 rv = CKR_ARGUMENTS_BAD;
3183 goto c_d_out;
3184 }

◆ if() [48/81]

if ( pulSize = = NULL)

Definition at line 1664 of file yubihsm_pkcs11.c.

1664 {
1665 return CKR_ARGUMENTS_BAD;
1666 }

◆ if() [49/81]

if ( pWrappedKey = = NULL)

Definition at line 4727 of file yubihsm_pkcs11.c.

4727 {
4728 *pulWrappedKeyLen =
4729 sizeof(yh_object_descriptor) + object->object.len + YH_CCM_WRAP_OVERHEAD;
4730 DBG_INFO("Calculated that wrapping will need %lu bytes", *pulWrappedKeyLen);
4731 rv = CKR_OK;
4732 goto c_wk_out;
4733 }
yh_object_descriptor::len
uint16_t len
Object length.
Definition yubihsm.h:546
YH_CCM_WRAP_OVERHEAD
#define YH_CCM_WRAP_OVERHEAD
Definition yubihsm.h:149

◆ if() [50/81]

if ( rc ! = YHR_SUCCESS)

Definition at line 4656 of file yubihsm_pkcs11.c.

4656 {
4657 DBG_ERR("Failed writing EC key to device");
4658 rv = CKR_FUNCTION_FAILED;
4659 goto c_gkp_out;
4660 }
c_gkp_out
goto c_gkp_out
Definition yubihsm_pkcs11.c:4586

◆ if() [51/81]

if ( ret ! = CKR_OK)

Definition at line 974 of file yubihsm_pkcs11.c.

974 {
975 DBG_ERR("Session handle invalid");
976 return ret;
977 }
ret
CK_RV ret
Definition yubihsm_pkcs11.c:973

◆ if() [52/81]

if ( rv ! = CKR_OK)

Definition at line 1119 of file yubihsm_pkcs11.c.

1119 {
1120 DBG_ERR("Invalid session ID: %lu", hSession);
1121 return rv;
1122 }

◆ if() [53/81]

if ( rv = CKR_BUFFER_TOO_SMALL)

Definition at line 710 of file yubihsm_pkcs11.c.

710 {
711 DBG_ERR("Mechanism buffer too small");
712 goto c_gml_out;
713 } else if (rv == CKR_FUNCTION_FAILED) {

◆ if() [54/81]

if ( seq ,
MAX_ECDH_SESSION_KEYS  )

Definition at line 4987 of file yubihsm_pkcs11.c.

4987 {
4988 DBG_ERR("There are already %d ECDH keys available for this session. "
4989 "Cannot derive more",
4990 MAX_ECDH_SESSION_KEYS);
4991 rv = CKR_FUNCTION_FAILED;
4992 goto c_drv_out;
4993 }
MAX_ECDH_SESSION_KEYS
#define MAX_ECDH_SESSION_KEYS
Definition yubihsm_pkcs11.h:26

◆ if() [55/81]

if ( session->operation.mechanism.mechanism ! = CKM_YUBICO_AES_CCM_WRAP)

Definition at line 2422 of file yubihsm_pkcs11.c.

2422 {
2423 DBG_ERR("Wrong mechanism: %lu", session->operation.mechanism.mechanism);
2424 rv = CKR_MECHANISM_INVALID;
2425 goto c_e_out;
2426 }
Here is the call graph for this function:

◆ if() [56/81]

else if ( session->operation.mechanism. mechanism = CKM_YUBICO_AES_CCM_WRAP)

Definition at line 2568 of file yubihsm_pkcs11.c.

2568 {
2569 datalen = session->operation.buffer_length + YH_CCM_WRAP_OVERHEAD;
2570 } else {
yubihsm_pkcs11_op_info::buffer_length
unsigned int buffer_length
Definition yubihsm_pkcs11.h:138

◆ if() [57/81]

if ( session->operation.op.decrypt. finalized = = false)

Definition at line 2878 of file yubihsm_pkcs11.c.

2878 {
2879 DBG_INFO("Sending %lu bytes to decrypt", ulEncryptedDataLen);
2880
2881 rv = apply_decrypt_mechanism_update(&session->operation, pEncryptedData,
2882 ulEncryptedDataLen);
2883 if (rv != CKR_OK) {
2884 DBG_ERR("Unable to perform decrypt operation step");
2885 goto c_d_out;
2886 }
2887
2888 rv = apply_decrypt_mechanism_finalize(&session->operation);
2889 if (rv != CKR_OK) {
2890 DBG_ERR("Unable to finalize decrypt operation");
2891 goto c_d_out;
2892 }
2893 }
apply_decrypt_mechanism_finalize
CK_RV apply_decrypt_mechanism_finalize(yubihsm_pkcs11_op_info *op_info __attribute((unused)))
Definition util_pkcs11.c:2156
apply_decrypt_mechanism_update
CK_RV apply_decrypt_mechanism_update(yubihsm_pkcs11_op_info *op_info, CK_BYTE_PTR in, CK_ULONG in_len)
Definition util_pkcs11.c:2053
pEncryptedData
CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG CK_BYTE_PTR pEncryptedData
Definition yubihsm_pkcs11.c:2395
ulEncryptedDataLen
CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG ulEncryptedDataLen
Definition yubihsm_pkcs11.c:2812
Here is the call graph for this function:

◆ if() [58/81]

if ( session->operation.op.digest. is_multipart = = true)

Definition at line 3174 of file yubihsm_pkcs11.c.

3174 {
3175 DBG_ERR("Another digest operation is already active");
3176 rv = CKR_OPERATION_ACTIVE;
3177 goto c_d_out;
3178 }
CKR_OPERATION_ACTIVE
#define CKR_OPERATION_ACTIVE
Definition pkcs11.h:1129

◆ if() [59/81]

if ( session->operation.type ! = OPERATION_NOOP)

Definition at line 1230 of file yubihsm_pkcs11.c.

1230 {
1231 DBG_ERR("A different operation is already active");
1232 rv = CKR_OPERATION_ACTIVE;
1233 goto c_co_out;
1234 }

◆ if() [60/81]

if ( session->session_state & SESSION_NOT_AUTHENTICATED)

Definition at line 1911 of file yubihsm_pkcs11.c.

1911 {
1912 rv = CKR_OK;
1913 // NOTE: we need to take extra care here, we're lying about the operation
1914 // being succesful, so we need to setup the internal state correctly as
1915 // well.
1916 session->operation.type = OPERATION_FIND;
1917 session->operation.op.find.current_object = 0;
1918 DOUT;
1919 goto c_foi_out;
1920 }

◆ if() [61/81]

if ( slot = = NULL)

Definition at line 519 of file yubihsm_pkcs11.c.

519 {
520 DBG_ERR("Invalid slot ID %lu", slotID);
521 return CKR_SLOT_ID_INVALID;
522 }

◆ if() [62/81]

if ( template. exportable = ATTRIBUTE_TRUE)

Definition at line 1310 of file yubihsm_pkcs11.c.

1310 {
1311 rc = yh_string_to_capabilities("exportable-under-wrap", &capabilities);
1312 if (rc != YHR_SUCCESS) {
1313 DBG_ERR("Failed setting exportable-under-wrap capability");
1314 rv = CKR_FUNCTION_FAILED;
1315 goto c_co_out;
1316 }
1317 }
yh_string_to_capabilities
yh_rc yh_string_to_capabilities(const char *capability, yh_capabilities *result)
Definition yubihsm.c:4115
capabilities
yh_capabilities capabilities
Definition yubihsm_pkcs11.c:1305
rc
yh_rc rc
Definition yubihsm_pkcs11.c:1308
Here is the call graph for this function:

◆ if() [63/81]

if ( terminate = = true)

Definition at line 2474 of file yubihsm_pkcs11.c.

2474 {
2475 session->operation.type = OPERATION_NOOP;
2476 }

◆ if() [64/81]

if ( type = ECDH_KEY_TYPE)

Definition at line 1608 of file yubihsm_pkcs11.c.

1608 {
1609 ListItem *item =
1610 list_get(&session->ecdh_session_keys, &hObject, compare_ecdh_keys);
1611 if (item) {
1612 list_delete(&session->ecdh_session_keys, item);
1613 DBG_INFO("Deleted ECDH session key %08lx", hObject);
1614 } else {
1615 DBG_INFO("No ECDH session key with ID %08lx was found", hObject);
1616 }
1617 } else {
list_delete
void list_delete(List *list, ListItem *item)
Definition list.c:117
list_get
ListItem * list_get(List *list, void *data, CompareItemFn compare_item_fn)
Definition list.c:105
hObject
CK_SESSION_HANDLE CK_OBJECT_HANDLE hObject
Definition yubihsm_pkcs11.c:1565
Here is the call graph for this function:

◆ if() [65/81]

if ( ulCount ! = 0 && pTemplate == NULL)

Definition at line 1890 of file yubihsm_pkcs11.c.

1890 {
1891 DBG_ERR("Asking for specific objects but no template given");
1892 return CKR_ARGUMENTS_BAD;
1893 }

◆ if() [66/81]

if ( ulPinLen< YUBIHSM_PKCS11_MIN_PIN_LEN||ulPinLen > YUBIHSM_PKCS11_MAX_PIN_LEN)

Definition at line 1097 of file yubihsm_pkcs11.c.

1098 {
1099 DBG_ERR("Wrong PIN length, must be [%d, %d] got %lu",
1100 YUBIHSM_PKCS11_MIN_PIN_LEN, YUBIHSM_PKCS11_MAX_PIN_LEN, ulPinLen);
1101 return CKR_ARGUMENTS_BAD;
1102 }
YUBIHSM_PKCS11_MAX_PIN_LEN
#define YUBIHSM_PKCS11_MAX_PIN_LEN
Definition yubihsm_pkcs11.c:44
YUBIHSM_PKCS11_MIN_PIN_LEN
#define YUBIHSM_PKCS11_MIN_PIN_LEN
Definition yubihsm_pkcs11.c:43
ulPinLen
CK_SLOT_ID CK_UTF8CHAR_PTR CK_ULONG ulPinLen
Definition yubihsm_pkcs11.c:765

◆ if() [67/81]

if ( ulSignatureLen ! = siglen)

Definition at line 4063 of file yubihsm_pkcs11.c.

4063 {
4064 DBG_ERR("Wrong data length, expected %lu, got %lu", siglen, ulSignatureLen);
4065 rv = CKR_SIGNATURE_LEN_RANGE;
4066 goto c_v_out;
4067 }
CKR_SIGNATURE_LEN_RANGE
#define CKR_SIGNATURE_LEN_RANGE
Definition pkcs11.h:1145
ulSignatureLen
CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG CK_BYTE_PTR CK_ULONG ulSignatureLen
Definition yubihsm_pkcs11.c:3997

◆ if() [68/81]

if ( unknown = = false)

Definition at line 2098 of file yubihsm_pkcs11.c.

2098 {
2099 uint16_t found_objects = 0;
2100 if (secret_key == true) {
2101 // NOTE(adma): looking for a secret key. Get items of all types and filter
2102 // manually
2103 yh_object_descriptor
2104 tmp_objects[YH_MAX_ITEMS_COUNT + MAX_ECDH_SESSION_KEYS];
2105 size_t tmp_n_objects = YH_MAX_ITEMS_COUNT + MAX_ECDH_SESSION_KEYS;
2106 rc = yh_util_list_objects(session->slot->device_session, id, 0, domains,
2107 &capabilities, algorithm, label, tmp_objects,
2108 &tmp_n_objects);
2109 if (rc != YHR_SUCCESS) {
2110 DBG_ERR("Failed to get object list");
2111 rv = CKR_FUNCTION_FAILED;
2112 goto c_foi_out;
2113 }
2114
2115 for (uint16_t i = 0; i < tmp_n_objects; i++) {
2116 if (tmp_objects[i].type == YH_WRAP_KEY ||
2117 tmp_objects[i].type == YH_HMAC_KEY) {
2118 memcpy(session->operation.op.find.objects + found_objects,
2119 tmp_objects + i, sizeof(yh_object_descriptor));
2120 found_objects++;
2121 }
2122 }
2123 } else {
2124 session->operation.op.find.n_objects =
2125 YH_MAX_ITEMS_COUNT + MAX_ECDH_SESSION_KEYS;
2126 rc = yh_util_list_objects(session->slot->device_session, id, type,
2127 domains, &capabilities, algorithm, label,
2128 session->operation.op.find.objects,
2129 &session->operation.op.find.n_objects);
2130 if (rc != YHR_SUCCESS) {
2131 DBG_ERR("Failed to get object list");
2132 rv = CKR_FUNCTION_FAILED;
2133 goto c_foi_out;
2134 }
2135 found_objects = session->operation.op.find.n_objects;
2136
2137 if (pub) {
2138 for (uint16_t i = 0; i < session->operation.op.find.n_objects; i++) {
2139 if (session->operation.op.find.objects[i].type == YH_ASYMMETRIC_KEY) {
2140 session->operation.op.find.objects[i].type |= 0x80;
2141 }
2142 }
2143 }
2144 }
2145
2146 if (ulCount == 0 ||
2147 should_include_sessionkeys(secret_key, extractable_set,
2148 session->operation.op.find.only_private,
2149 id)) {
2150 for (ListItem *item = session->ecdh_session_keys.head; item != NULL;
2151 item = item->next) {
2152 ecdh_session_key *key = (ecdh_session_key *) item->data;
2153
2154 if (label == NULL || strcmp(label, key->label) == 0) {
2155
2156 yh_object_descriptor desc;
2157 memset(&desc, 0, sizeof(desc));
2158 desc.id = key->id & 0xffff;
2159 desc.len = key->len;
2160 desc.type = ECDH_KEY_TYPE;
2161 memcpy(desc.label, key->label, strlen(key->label) + 1);
2162
2163 // Add this item/key to the list of found objects
2164 memcpy(session->operation.op.find.objects + found_objects, &desc,
2165 sizeof(yh_object_descriptor));
2166
2167 found_objects++;
2168 }
2169 }
2170 }
2171
2172 session->operation.op.find.n_objects = found_objects;
2173 }
uint16_t
unsigned short uint16_t
Definition stdint.h:125
ecdh_session_key
Definition yubihsm_pkcs11.h:122
yh_object_descriptor::id
uint16_t id
Object ID.
Definition yubihsm.h:544
yh_object_descriptor::label
char label[YH_OBJ_LABEL_LEN+1]
Object label.
Definition yubihsm.h:558
yh_util_list_objects
yh_rc yh_util_list_objects(yh_session *session, uint16_t id, yh_object_type type, uint16_t domains, const yh_capabilities *capabilities, yh_algorithm algorithm, const char *label, yh_object_descriptor *objects, size_t *n_objects)
Definition yubihsm.c:1030
YH_MAX_ITEMS_COUNT
#define YH_MAX_ITEMS_COUNT
Max items the device may hold.
Definition yubihsm.h:103
secret_key
bool secret_key
Definition yubihsm_pkcs11.c:1931
pub
bool pub
Definition yubihsm_pkcs11.c:1928
extractable_set
bool extractable_set
Definition yubihsm_pkcs11.c:1932
domains
uint16_t domains
Definition yubihsm_pkcs11.c:1926
algorithm
yh_algorithm algorithm
Definition yubihsm_pkcs11.c:1929
Here is the call graph for this function:

◆ if() [69/81]

if ( unwrapping_key_type = ECDH_KEY_TYPE)

Definition at line 4839 of file yubihsm_pkcs11.c.

4839 {
4840 DBG_ERR("Unwrapping using ECDH session key is not supported");
4841 rv = CKR_FUNCTION_NOT_SUPPORTED;
4842 goto c_uk_out;
4843 }
CKR_FUNCTION_NOT_SUPPORTED
return CKR_FUNCTION_NOT_SUPPORTED
Definition yubihsm_pkcs11.c:682

◆ if() [70/81]

if ( userType ! = CKU_USER)

Definition at line 1092 of file yubihsm_pkcs11.c.

1092 {
1093 DBG_ERR("Inalid user type, only regular user allowed");
1094 return CKR_USER_TYPE_INVALID;
1095 }
CKR_USER_TYPE_INVALID
#define CKR_USER_TYPE_INVALID
Definition pkcs11.h:1157

◆ if() [71/81]

if ( wrapped_key_type = ECDH_KEY_TYPE || wrapping_key_type == ECDH_KEY_TYPE)

Definition at line 4711 of file yubihsm_pkcs11.c.

4711 {
4712 DBG_ERR("Wrapping involving ECDH session keys is not supported");
4713 rv = CKR_FUNCTION_NOT_SUPPORTED;
4714 goto c_wk_out;
4715 }

◆ if() [72/81]

if ( yh_check_capability &->., "-" wrapped = = false)

Definition at line 4756 of file yubihsm_pkcs11.c.

4757 {
4758 DBG_ERR("Wrap key does not have \"export-wrapped\" set");
4759 rv = CKR_WRAPPING_KEY_TYPE_INCONSISTENT; // TODO: say something better?
4760 goto c_wk_out;
4761 }
CKR_WRAPPING_KEY_TYPE_INCONSISTENT
#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT
Definition pkcs11.h:1164

◆ if() [73/81]

if ( yh_check_capability &->., "--" wrap = = false)

Definition at line 4763 of file yubihsm_pkcs11.c.

4764 {
4765 DBG_ERR("Key to be wrapped does not have \"exportable-under-wrap\" set");
4766 rv = CKR_KEY_UNEXTRACTABLE;
4767 goto c_wk_out;
4768 }
CKR_KEY_UNEXTRACTABLE
#define CKR_KEY_UNEXTRACTABLE
Definition pkcs11.h:1125

◆ if() [74/81]

if ( yh_connector_has_device(slot->connector) = = true)

Definition at line 542 of file yubihsm_pkcs11.c.

542 {
543 pInfo->flags |= CKF_TOKEN_PRESENT;
544 }
CKF_TOKEN_PRESENT
#define CKF_TOKEN_PRESENT
Definition pkcs11.h:220

◆ if() [75/81]

if ( yh_is_rsa(object->object.algorithm) )

Definition at line 3927 of file yubihsm_pkcs11.c.

3927 {
3928 if (is_PSS_sign_mechanism(session->operation.mechanism.mechanism)) {
3929 if (pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS)) {
3930 DBG_ERR("Length of mechanism parameters does not match expected value, "
3931 "%lu != %zu",
3932 pMechanism->ulParameterLen, sizeof(CK_RSA_PKCS_PSS_PARAMS));
3933 rv = CKR_MECHANISM_PARAM_INVALID;
3934 goto c_vi_out;
3935 }
3936
3937 // TODO: validate that params->hashAlg matches mechanism
3938 CK_RSA_PKCS_PSS_PARAMS *params = pMechanism->pParameter;
3939
3940 session->operation.op.verify.padding = RSA_PKCS1_PSS_PADDING;
3941 session->operation.op.verify.saltLen = params->sLen;
3942 switch (params->mgf) {
3943 case CKG_MGF1_SHA1:
3944 session->operation.op.verify.mgf1md = EVP_sha1();
3945 break;
3946 case CKG_MGF1_SHA256:
3947 session->operation.op.verify.mgf1md = EVP_sha256();
3948 break;
3949 case CKG_MGF1_SHA384:
3950 session->operation.op.verify.mgf1md = EVP_sha384();
3951 break;
3952 case CKG_MGF1_SHA512:
3953 session->operation.op.verify.mgf1md = EVP_sha512();
3954 break;
3955 default:
3956 DBG_ERR("Unsupported mgf algorithm: %lu", params->mgf);
3957 rv = CKR_MECHANISM_PARAM_INVALID;
3958 goto c_vi_out;
3959 }
3960 switch (params->hashAlg) {
3961 case CKM_SHA_1:
3962 session->operation.op.verify.md = EVP_sha1();
3963 break;
3964 case CKM_SHA256:
3965 session->operation.op.verify.md = EVP_sha256();
3966 break;
3967 case CKM_SHA384:
3968 session->operation.op.verify.md = EVP_sha384();
3969 break;
3970 case CKM_SHA512:
3971 session->operation.op.verify.md = EVP_sha512();
3972 break;
3973 default:
3974 DBG_ERR("Unsupported pss hash algorithm: %lu", params->hashAlg);
3975 rv = CKR_MECHANISM_PARAM_INVALID;
3976 goto c_vi_out;
3977 }
3978 } else if (is_PKCS1v1_5_sign_mechanism(
3979 session->operation.mechanism.mechanism)) {
3980 session->operation.op.verify.padding = RSA_PKCS1_PADDING;
3981 }
3982 }
CK_RSA_PKCS_PSS_PARAMS
Definition pkcs11.h:762
verify_info::padding
int padding
Definition yubihsm_pkcs11.h:91
verify_info::saltLen
unsigned long saltLen
Definition yubihsm_pkcs11.h:92
verify_info::md
const EVP_MD * md
Definition yubihsm_pkcs11.h:90
verify_info::mgf1md
const EVP_MD * mgf1md
Definition yubihsm_pkcs11.h:93
is_PKCS1v1_5_sign_mechanism
bool is_PKCS1v1_5_sign_mechanism(CK_MECHANISM_TYPE m)
Definition util_pkcs11.c:2673
is_PSS_sign_mechanism
bool is_PSS_sign_mechanism(CK_MECHANISM_TYPE m)
Definition util_pkcs11.c:2707
Here is the call graph for this function:

◆ if() [76/81]

if ( yh_is_rsa(template.algorithm) )

Definition at line 4607 of file yubihsm_pkcs11.c.

4607 {
4608
4609 if (template.sign == ATTRIBUTE_TRUE) {
4610 rc = yh_string_to_capabilities("sign-pkcs,sign-pss", &capabilities);
4611 if (rc != YHR_SUCCESS) {
4612 rv = CKR_FUNCTION_FAILED;
4613 goto c_gkp_out;
4614 }
4615 }
4616
4617 if (template.decrypt == ATTRIBUTE_TRUE) {
4618 rc =
4619 yh_string_to_capabilities("decrypt-pkcs,decrypt-oaep", &capabilities);
4620 if (rc != YHR_SUCCESS) {
4621 rv = CKR_FUNCTION_FAILED;
4622 goto c_gkp_out;
4623 }
4624 }
4625
4626 rc = yh_util_generate_rsa_key(session->slot->device_session, &template.id,
4627 template.label, 0xffff, &capabilities,
4628 template.algorithm);
4629 if (rc != YHR_SUCCESS) {
4630 DBG_ERR("Failed writing RSA key to device");
4631 rv = CKR_FUNCTION_FAILED;
4632 goto c_gkp_out;
4633 }
4634 } else {
yh_util_generate_rsa_key
yh_rc yh_util_generate_rsa_key(yh_session *session, uint16_t *key_id, const char *label, uint16_t domains, const yh_capabilities *capabilities, yh_algorithm algorithm)
Definition yubihsm.c:1900
ATTRIBUTE_TRUE
@ ATTRIBUTE_TRUE
Definition yubihsm_pkcs11.h:174
Here is the call graph for this function:

◆ if() [77/81]

if ( yh_util_delete_object(session->slot->device_session, object->object.id, object->object.type) ! = YHR_SUCCESS)

Definition at line 1632 of file yubihsm_pkcs11.c.

1633 {
1634 DBG_ERR("Failed deleting object");
1635 rv = CKR_FUNCTION_FAILED;
1636 goto c_do_out;
1637 }

◆ if() [78/81]

if ( yh_util_get_object_info(session->slot->device_session, target_id, target_type, &object) ! = YHR_SUCCESS)

Definition at line 4879 of file yubihsm_pkcs11.c.

4880 {
4881 rv = CKR_FUNCTION_FAILED;
4882 goto c_uk_out;
4883 }

◆ if() [79/81]

if ( yh_util_get_object_info(session->slot->device_session, template.id, type, &object) ! = YHR_SUCCESS)

Definition at line 1545 of file yubihsm_pkcs11.c.

1546 {
1547 DBG_ERR("Failed executing get object info after creating");
1548 rv = CKR_FUNCTION_FAILED;
1549 goto c_co_out;
1550 }

◆ if() [80/81]

if ( yh_util_get_object_info(session->slot->device_session, template.id, YH_ASYMMETRIC_KEY, &object) ! = YHR_SUCCESS)

Definition at line 4664 of file yubihsm_pkcs11.c.

4665 {
4666 rv = CKR_FUNCTION_FAILED;
4667 goto c_gkp_out;
4668 }

◆ if() [81/81]

if ( yrc ! = YHR_SUCCESS)

Definition at line 615 of file yubihsm_pkcs11.c.

615 {
616 DBG_ERR("Unable to get device version and serial number: %s",
617 yh_strerror(yrc));
618 rv = CKR_DEVICE_ERROR;
619 goto c_gt_out;
620 }
CKR_DEVICE_ERROR
#define CKR_DEVICE_ERROR
Definition pkcs11.h:1108
Here is the call graph for this function:

◆ insecure_memzero()

insecure_memzero ( ecdh_key. ecdh_key,
out_len  )

◆ memcpy() [1/4]

memcpy ( (char *) pInfo->slotDescription+ l,
s ,
strlen(s)  )

◆ memcpy() [2/4]

memcpy ( (char *) pInfo-> slotDescription,
s ,
l  )

◆ memcpy() [3/4]

memcpy ( ecdh_key. label,
label_buf ,
label_len  )

◆ memcpy() [4/4]

memcpy ( pWrappedKey ,
buf ,
len  )

◆ memset() [1/3]

memset ( pInfo-> manufacturerID,
' ' ,
32  )

◆ memset() [2/3]

memset ( pInfo-> model,
' ' ,
16  )

◆ memset() [3/3]

memset ( pInfo-> slotDescription,
' ' ,
64  )

◆ session()

list_append & session ( void * ) &

◆ sizeof()

c_gkp_out sizeof ( template )

◆ switch()

switch ( session-> session_state)

Definition at line 982 of file yubihsm_pkcs11.c.

982 {
983 case SESSION_RESERVED_RO:
984 pInfo->state = CKS_RO_PUBLIC_SESSION;
985 break;
986
987 case SESSION_RESERVED_RW:
988 pInfo->state = CKS_RW_PUBLIC_SESSION;
989 pInfo->flags |= CKF_RW_SESSION;
990 break;
991
992 case SESSION_AUTHENTICATED_RO:
993 pInfo->state = CKS_RO_USER_FUNCTIONS;
994 break;
995
996 case SESSION_AUTHENTICATED_RW:
997 pInfo->state = CKS_RW_USER_FUNCTIONS;
998 pInfo->flags |= CKF_RW_SESSION;
999 break;
1000
1001 default:
1002 DBG_ERR("Unknown session %lu", hSession);
1003 rv = CKR_SESSION_HANDLE_INVALID;
1004 }
CKS_RW_PUBLIC_SESSION
#define CKS_RW_PUBLIC_SESSION
Definition pkcs11.h:282
CKF_RW_SESSION
#define CKF_RW_SESSION
Definition pkcs11.h:293
CKS_RO_USER_FUNCTIONS
#define CKS_RO_USER_FUNCTIONS
Definition pkcs11.h:281
CKS_RW_USER_FUNCTIONS
#define CKS_RW_USER_FUNCTIONS
Definition pkcs11.h:283
CKS_RO_PUBLIC_SESSION
#define CKS_RO_PUBLIC_SESSION
Definition pkcs11.h:280
SESSION_AUTHENTICATED_RW
@ SESSION_AUTHENTICATED_RW
Definition yubihsm_pkcs11.h:34
SESSION_AUTHENTICATED_RO
@ SESSION_AUTHENTICATED_RO
Definition yubihsm_pkcs11.h:33
SESSION_RESERVED_RO
@ SESSION_RESERVED_RO
Definition yubihsm_pkcs11.h:31
SESSION_RESERVED_RW
@ SESSION_RESERVED_RW
Definition yubihsm_pkcs11.h:32

◆ template() [1/2]

memset & template ( template )

◆ template() [2/2]

memset & template ( yubihsm_pkcs11_object_template )

◆ UNUSED() [1/40]

UNUSED ( flags )

◆ UNUSED() [2/40]

UNUSED ( hAuthenticationKey )

◆ UNUSED() [3/40]

UNUSED ( hEncryptionKey )

◆ UNUSED() [4/40]

UNUSED ( hKey )

◆ UNUSED() [5/40]

UNUSED ( hObject )

◆ UNUSED() [6/40]

UNUSED ( hSession )

◆ UNUSED() [7/40]

UNUSED ( Notify )

◆ UNUSED() [8/40]

UNUSED ( pApplication )

◆ UNUSED() [9/40]

UNUSED ( pData )

◆ UNUSED() [10/40]

UNUSED ( pEncryptedPart )

◆ UNUSED() [11/40]

UNUSED ( phNewObject )

◆ UNUSED() [12/40]

UNUSED ( pLabel )

◆ UNUSED() [13/40]

UNUSED ( pMechanism )

◆ UNUSED() [14/40]

UNUSED ( pNewPin )

◆ UNUSED() [15/40]

UNUSED ( pOldPin )

◆ UNUSED() [16/40]

UNUSED ( pOperationState )

◆ UNUSED() [17/40]

UNUSED ( pPart )

◆ UNUSED() [18/40]

UNUSED ( pPin )

◆ UNUSED() [19/40]

UNUSED ( pReserved )

◆ UNUSED() [20/40]

UNUSED ( pSeed )

◆ UNUSED() [21/40]

UNUSED ( pSignature )

◆ UNUSED() [22/40]

UNUSED ( pSlot )

◆ UNUSED() [23/40]

UNUSED ( pTemplate )

◆ UNUSED() [24/40]

UNUSED ( pulDataLen )

◆ UNUSED() [25/40]

UNUSED ( pulEncryptedPartLen )

◆ UNUSED() [26/40]

UNUSED ( pulOperationStateLen )

◆ UNUSED() [27/40]

UNUSED ( pulPartLen )

◆ UNUSED() [28/40]

UNUSED ( pulSignatureLen )

◆ UNUSED() [29/40]

UNUSED ( slotID )

◆ UNUSED() [30/40]

UNUSED ( ulAttributeCount )

◆ UNUSED() [31/40]

UNUSED ( ulCount )

◆ UNUSED() [32/40]

UNUSED ( ulDataLen )

◆ UNUSED() [33/40]

UNUSED ( ulEncryptedPartLen )

◆ UNUSED() [34/40]

UNUSED ( ulNewLen )

◆ UNUSED() [35/40]

UNUSED ( ulOldLen )

◆ UNUSED() [36/40]

UNUSED ( ulOperationStateLen )

◆ UNUSED() [37/40]

UNUSED ( ulPartLen )

◆ UNUSED() [38/40]

UNUSED ( ulPinLen )

◆ UNUSED() [39/40]

UNUSED ( ulSeedLen )

◆ UNUSED() [40/40]

UNUSED ( ulSignatureLen )

◆ yh_get_connector_address()

yh_get_connector_address ( slot-> connector,
& s )

◆ yh_get_connector_version()

yh_get_connector_version ( slot-> connector,
& major,
& minor,
& patch )

Variable Documentation

◆ __pad0__

c_gt_out __pad0__

Definition at line 665 of file yubihsm_pkcs11.c.

◆ __pad10__

c_ei_out __pad10__

Definition at line 2388 of file yubihsm_pkcs11.c.

◆ __pad11__

c_e_out __pad11__

Definition at line 2471 of file yubihsm_pkcs11.c.

◆ __pad12__

c_eu_out __pad12__

Definition at line 2527 of file yubihsm_pkcs11.c.

◆ __pad13__

c_ef_out __pad13__

Definition at line 2609 of file yubihsm_pkcs11.c.

◆ __pad14__

c_di_out __pad14__

Definition at line 2799 of file yubihsm_pkcs11.c.

◆ __pad15__

c_d_out __pad15__

Definition at line 2913 of file yubihsm_pkcs11.c.

◆ __pad16__

c_du_out __pad16__

Definition at line 2978 of file yubihsm_pkcs11.c.

◆ __pad17__

c_df_out __pad17__

Definition at line 3071 of file yubihsm_pkcs11.c.

◆ __pad18__

c_di_out __pad18__

Definition at line 3138 of file yubihsm_pkcs11.c.

◆ __pad19__

c_d_out __pad19__

Definition at line 3238 of file yubihsm_pkcs11.c.

◆ __pad1__

c_gml_out __pad1__

Definition at line 722 of file yubihsm_pkcs11.c.

◆ __pad20__

c_du_out __pad20__

Definition at line 3298 of file yubihsm_pkcs11.c.

◆ __pad21__

c_df_out __pad21__

Definition at line 3404 of file yubihsm_pkcs11.c.

◆ __pad22__

c_si_out __pad22__

Definition at line 3584 of file yubihsm_pkcs11.c.

◆ __pad23__

c_s_out __pad23__

Definition at line 3672 of file yubihsm_pkcs11.c.

◆ __pad24__

c_su_out __pad24__

Definition at line 3730 of file yubihsm_pkcs11.c.

◆ __pad25__

c_sf_out __pad25__

Definition at line 3798 of file yubihsm_pkcs11.c.

◆ __pad26__

c_vi_out __pad26__

Definition at line 3988 of file yubihsm_pkcs11.c.

◆ __pad27__

c_v_out __pad27__

Definition at line 4094 of file yubihsm_pkcs11.c.

◆ __pad28__

c_vu_out __pad28__

Definition at line 4150 of file yubihsm_pkcs11.c.

◆ __pad29__

c_vf_out __pad29__

Definition at line 4210 of file yubihsm_pkcs11.c.

◆ __pad2__

c_os_out __pad2__

Definition at line 861 of file yubihsm_pkcs11.c.

◆ __pad30__

c_gk_out __pad30__

Definition at line 4528 of file yubihsm_pkcs11.c.

◆ __pad31__

c_gkp_out __pad31__

Definition at line 4674 of file yubihsm_pkcs11.c.

◆ __pad32__

c_wk_out __pad32__

Definition at line 4794 of file yubihsm_pkcs11.c.

◆ __pad33__

c_uk_out __pad33__

Definition at line 4890 of file yubihsm_pkcs11.c.

◆ __pad34__

c_drv_out __pad34__

Definition at line 5028 of file yubihsm_pkcs11.c.

◆ __pad35__

c_gr_out __pad35__

Definition at line 5094 of file yubihsm_pkcs11.c.

◆ __pad3__

c_l_out __pad3__

Definition at line 1153 of file yubihsm_pkcs11.c.

◆ __pad4__

c_co_out __pad4__

Definition at line 1557 of file yubihsm_pkcs11.c.

◆ __pad5__

c_do_out __pad5__

Definition at line 1645 of file yubihsm_pkcs11.c.

◆ __pad6__

c_gav_out __pad6__

Definition at line 1775 of file yubihsm_pkcs11.c.

◆ __pad7__

c_sav_out __pad7__

Definition at line 1856 of file yubihsm_pkcs11.c.

◆ __pad8__

c_foi_out __pad8__

Definition at line 2182 of file yubihsm_pkcs11.c.

◆ __pad9__

c_fo_out __pad9__

Definition at line 2274 of file yubihsm_pkcs11.c.

◆ algorithm

yh_algorithm algorithm = 0

Definition at line 1929 of file yubihsm_pkcs11.c.

◆ basekey_type

int basekey_type = hBaseKey >> 16

Definition at line 4930 of file yubihsm_pkcs11.c.

◆ buf

uint8_t buf[2048]

Definition at line 4770 of file yubihsm_pkcs11.c.

◆ buffer_length

session operation buffer_length = 0

Definition at line 2384 of file yubihsm_pkcs11.c.

◆ c_co_out

goto c_co_out

Definition at line 1541 of file yubihsm_pkcs11.c.

◆ c_d_out

goto c_d_out

Definition at line 2858 of file yubihsm_pkcs11.c.

◆ c_df_out

goto c_df_out

Definition at line 3037 of file yubihsm_pkcs11.c.

◆ c_di_out

goto c_di_out

Definition at line 2781 of file yubihsm_pkcs11.c.

◆ c_drv_out

goto c_drv_out

Definition at line 4975 of file yubihsm_pkcs11.c.

◆ c_e_out

goto c_e_out

Definition at line 2448 of file yubihsm_pkcs11.c.

◆ c_ef_out

goto c_ef_out

Definition at line 2574 of file yubihsm_pkcs11.c.

◆ c_gk_out

goto c_gk_out

Definition at line 4512 of file yubihsm_pkcs11.c.

◆ c_gkp_out

goto c_gkp_out

Definition at line 4586 of file yubihsm_pkcs11.c.

◆ c_s_out

goto c_s_out

Definition at line 3640 of file yubihsm_pkcs11.c.

◆ c_si_out

goto c_si_out

Definition at line 3565 of file yubihsm_pkcs11.c.

◆ c_v_out

goto c_v_out

Definition at line 4060 of file yubihsm_pkcs11.c.

◆ c_vi_out

goto c_vi_out

Definition at line 3916 of file yubihsm_pkcs11.c.

◆ capabilities

yh_capabilities capabilities = {{0}}

Definition at line 1305 of file yubihsm_pkcs11.c.

1305{{0}};

◆ CKR_FUNCTION_NOT_PARALLEL

return CKR_FUNCTION_NOT_PARALLEL

Definition at line 5111 of file yubihsm_pkcs11.c.

◆ CKR_FUNCTION_NOT_SUPPORTED

return CKR_FUNCTION_NOT_SUPPORTED

Definition at line 682 of file yubihsm_pkcs11.c.

◆ CKR_OK

return CKR_OK

Definition at line 417 of file yubihsm_pkcs11.c.

◆ CKR_RANDOM_SEED_NOT_SUPPORTED

return CKR_RANDOM_SEED_NOT_SUPPORTED

Definition at line 5047 of file yubihsm_pkcs11.c.

◆ [struct]

struct { ... } class

◆ current_object

session operation op find current_object = 0

Definition at line 2178 of file yubihsm_pkcs11.c.

◆ d

CK_ULONG d

Definition at line 1238 of file yubihsm_pkcs11.c.

◆ datalen

CK_ULONG datalen = YH_CCM_WRAP_OVERHEAD + ulDataLen

Definition at line 2428 of file yubihsm_pkcs11.c.

◆ delegated_capabilities

yh_capabilities delegated_capabilities = {{0}}

Definition at line 1306 of file yubihsm_pkcs11.c.

1306{{0}};

◆ digest_len

session operation op digest digest_len = digest_length

Definition at line 3126 of file yubihsm_pkcs11.c.

◆ digest_length

digest_length = get_digest_bytelength(pMechanism->mechanism)

Definition at line 3123 of file yubihsm_pkcs11.c.

◆ DIN

DIN

Definition at line 407 of file yubihsm_pkcs11.c.

◆ domains

uint16_t domains = 0

Definition at line 1926 of file yubihsm_pkcs11.c.

◆ DOUT

DOUT

Definition at line 416 of file yubihsm_pkcs11.c.

◆ ecdh_key

ecdh_session_key ecdh_key

Definition at line 4998 of file yubihsm_pkcs11.c.

◆ else

else
Initial value:
{
DOUT

Definition at line 755 of file yubihsm_pkcs11.c.

◆ expected_key_length

size_t expected_key_length = 0

Definition at line 4939 of file yubihsm_pkcs11.c.

◆ extractable_set

bool extractable_set = false

Definition at line 1932 of file yubihsm_pkcs11.c.

◆ firmwareVersion

pInfo firmwareVersion = ver

Definition at line 661 of file yubihsm_pkcs11.c.

◆ flags

pInfo flags = CKF_REMOVABLE_DEVICE | CKF_HW_SLOT

Definition at line 540 of file yubihsm_pkcs11.c.

◆ full

bool full = false

Definition at line 466 of file yubihsm_pkcs11.c.

◆ function_list

CK_FUNCTION_LIST function_list

Definition at line 5124 of file yubihsm_pkcs11.c.

5124 {
5125 {CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR},
5126 C_Initialize,
5127 C_Finalize,
5128 C_GetInfo,
5129 C_GetFunctionList,
5130 C_GetSlotList,
5131 C_GetSlotInfo,
5132 C_GetTokenInfo,
5133 C_GetMechanismList,
5134 C_GetMechanismInfo,
5135 C_InitToken,
5136 C_InitPIN,
5137 C_SetPIN,
5138 C_OpenSession,
5139 C_CloseSession,
5140 C_CloseAllSessions,
5141 C_GetSessionInfo,
5142 C_GetOperationState,
5143 C_SetOperationState,
5144 C_Login,
5145 C_Logout,
5146 C_CreateObject,
5147 C_CopyObject,
5148 C_DestroyObject,
5149 C_GetObjectSize,
5150 C_GetAttributeValue,
5151 C_SetAttributeValue,
5152 C_FindObjectsInit,
5153 C_FindObjects,
5154 C_FindObjectsFinal,
5155 C_EncryptInit,
5156 C_Encrypt,
5157 C_EncryptUpdate,
5158 C_EncryptFinal,
5159 C_DecryptInit,
5160 C_Decrypt,
5161 C_DecryptUpdate,
5162 C_DecryptFinal,
5163 C_DigestInit,
5164 C_Digest,
5165 C_DigestUpdate,
5166 C_DigestKey,
5167 C_DigestFinal,
5168 C_SignInit,
5169 C_Sign,
5170 C_SignUpdate,
5171 C_SignFinal,
5172 C_SignRecoverInit,
5173 C_SignRecover,
5174 C_VerifyInit,
5175 C_Verify,
5176 C_VerifyUpdate,
5177 C_VerifyFinal,
5178 C_VerifyRecoverInit,
5179 C_VerifyRecover,
5180 C_DigestEncryptUpdate,
5181 C_DecryptDigestUpdate,
5182 C_SignEncryptUpdate,
5183 C_DecryptVerifyUpdate,
5184 C_GenerateKey,
5185 C_GenerateKeyPair,
5186 C_WrapKey,
5187 C_UnwrapKey,
5188 C_DeriveKey,
5189 C_SeedRandom,
5190 C_GenerateRandom,
5191 C_GetFunctionStatus,
5192 C_CancelFunction,
5193 C_WaitForSlotEvent,
5194};
CRYPTOKI_VERSION_MINOR
#define CRYPTOKI_VERSION_MINOR
Definition pkcs11.h:66
CRYPTOKI_VERSION_MAJOR
#define CRYPTOKI_VERSION_MAJOR
Definition pkcs11.h:65

◆ GLOBAL_LOCK_OR_RETURN

GLOBAL_LOCK_OR_RETURN

Definition at line 437 of file yubihsm_pkcs11.c.

◆ GLOBAL_UNLOCK_OR_RETURN

GLOBAL_UNLOCK_OR_RETURN

Definition at line 497 of file yubihsm_pkcs11.c.

◆ hardwareVersion

pInfo hardwareVersion = ver

Definition at line 659 of file yubihsm_pkcs11.c.

◆ hAuthenticationKey

CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG CK_OBJECT_HANDLE CK_OBJECT_HANDLE hAuthenticationKey
Initial value:
{
DIN

Definition at line 1035 of file yubihsm_pkcs11.c.

◆ hBaseKey

CK_SESSION_HANDLE CK_MECHANISM_PTR CK_OBJECT_HANDLE hBaseKey

Definition at line 4899 of file yubihsm_pkcs11.c.

◆ hEncryptionKey

CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG CK_OBJECT_HANDLE hEncryptionKey

Definition at line 1034 of file yubihsm_pkcs11.c.

◆ hKey

CK_SESSION_HANDLE CK_MECHANISM_PTR CK_OBJECT_HANDLE CK_OBJECT_HANDLE hKey
Initial value:
{
DIN

Definition at line 2320 of file yubihsm_pkcs11.c.

◆ hObject

CK_SESSION_HANDLE CK_OBJECT_HANDLE hObject
Initial value:
{
DIN

Definition at line 1565 of file yubihsm_pkcs11.c.

◆ hSession

CK_SESSION_HANDLE hSession
Initial value:
{
DIN

Definition at line 780 of file yubihsm_pkcs11.c.

◆ hUnwrappingKey

CK_SESSION_HANDLE CK_MECHANISM_PTR CK_OBJECT_HANDLE hUnwrappingKey

Definition at line 4803 of file yubihsm_pkcs11.c.

◆ hWrappingKey

CK_SESSION_HANDLE CK_MECHANISM_PTR CK_OBJECT_HANDLE hWrappingKey

Definition at line 4685 of file yubihsm_pkcs11.c.

◆ id

ecdh_key id = id.d

Definition at line 1304 of file yubihsm_pkcs11.c.

◆ in_len

size_t in_len = params->ulPublicDataLen

Definition at line 4978 of file yubihsm_pkcs11.c.

◆ is_multipart

session operation op digest is_multipart = true

Definition at line 3294 of file yubihsm_pkcs11.c.

◆ j

uint16_t j = 0

Definition at line 465 of file yubihsm_pkcs11.c.

◆ key

yubihsm_pkcs11_object_desc* key
Initial value:
=
get_object_desc(session->slot->device_session, session->slot->objects,
hWrappingKey)
yubihsm_pkcs11_slot::objects
yubihsm_pkcs11_object_desc objects[YH_MAX_ITEMS_COUNT]
Definition yubihsm_pkcs11.h:157
get_object_desc
yubihsm_pkcs11_object_desc * get_object_desc(yh_session *session, yubihsm_pkcs11_object_desc *objects, CK_OBJECT_HANDLE objHandle)
Definition util_pkcs11.c:1587
hWrappingKey
CK_SESSION_HANDLE CK_MECHANISM_PTR CK_OBJECT_HANDLE hWrappingKey
Definition yubihsm_pkcs11.c:4685

Definition at line 4747 of file yubihsm_pkcs11.c.

◆ key_id

session operation op verify key_id = ntohs(key_id)

Definition at line 1104 of file yubihsm_pkcs11.c.

◆ key_len

session operation op verify key_len = key_length

Definition at line 3475 of file yubihsm_pkcs11.c.

◆ key_length

size_t key_length

Definition at line 3467 of file yubihsm_pkcs11.c.

◆ [struct]

struct { ... } key_type

◆ l

int l = strlen(s)

Definition at line 525 of file yubihsm_pkcs11.c.

◆ label

label = NULL

Definition at line 1883 of file yubihsm_pkcs11.c.

◆ label_buf

char* label_buf = NULL

Definition at line 4937 of file yubihsm_pkcs11.c.

◆ label_len

size_t label_len = 0

Definition at line 4938 of file yubihsm_pkcs11.c.

◆ len

size_t len = sizeof(buf)

Definition at line 4771 of file yubihsm_pkcs11.c.

◆ major

uint8_t major = major

Definition at line 546 of file yubihsm_pkcs11.c.

◆ mdctx

EVP_MD_CTX* mdctx = NULL

Definition at line 2628 of file yubihsm_pkcs11.c.

◆ mechanism

session operation mechanism mechanism = pMechanism->mechanism

Definition at line 2374 of file yubihsm_pkcs11.c.

◆ minor

uint8_t minor = (minor * 100) + patch

Definition at line 547 of file yubihsm_pkcs11.c.

◆ n_objects

session operation op find n_objects = 0

Definition at line 1909 of file yubihsm_pkcs11.c.

◆ Notify

CK_SLOT_ID CK_FLAGS CK_VOID_PTR CK_NOTIFY Notify

Definition at line 809 of file yubihsm_pkcs11.c.

◆ object

yh_object_descriptor object
Initial value:
=
get_object_desc(session->slot->device_session, session->slot->objects,
hObject)

Definition at line 1544 of file yubihsm_pkcs11.c.

◆ only_private

session operation op find only_private = false

Definition at line 1908 of file yubihsm_pkcs11.c.

◆ out_len

size_t out_len = sizeof(ecdh_key.ecdh_key)

Definition at line 5000 of file yubihsm_pkcs11.c.

◆ overflow

bool overflow = false

Definition at line 467 of file yubihsm_pkcs11.c.

◆ pApplication

CK_SLOT_ID CK_FLAGS CK_VOID_PTR pApplication

Definition at line 809 of file yubihsm_pkcs11.c.

◆ params

CK_ECDH1_DERIVE_PARAMS* params = pMechanism->pParameter

Definition at line 4963 of file yubihsm_pkcs11.c.

◆ patch

uint8_t patch

Definition at line 548 of file yubihsm_pkcs11.c.

◆ pData

CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG CK_BYTE_PTR pData

Definition at line 2394 of file yubihsm_pkcs11.c.

◆ pDigest

CK_SESSION_HANDLE CK_BYTE_PTR pDigest

Definition at line 3147 of file yubihsm_pkcs11.c.

◆ pEncryptedData

CK_SESSION_HANDLE CK_BYTE_PTR pEncryptedData

Definition at line 2395 of file yubihsm_pkcs11.c.

◆ pEncryptedPart

CK_SESSION_HANDLE CK_BYTE_PTR pEncryptedPart

Definition at line 2483 of file yubihsm_pkcs11.c.

◆ phKey

* phKey
Initial value:
{
DIN

Definition at line 4316 of file yubihsm_pkcs11.c.

◆ phNewObject

CK_SESSION_HANDLE CK_OBJECT_HANDLE CK_ATTRIBUTE_PTR CK_ULONG CK_OBJECT_HANDLE_PTR phNewObject
Initial value:
{
DIN

Definition at line 1567 of file yubihsm_pkcs11.c.

◆ phObject

CK_SESSION_HANDLE CK_OBJECT_HANDLE_PTR phObject
Initial value:
{
DIN

Definition at line 1205 of file yubihsm_pkcs11.c.

◆ phPrivateKey

* phPrivateKey
Initial value:
{
DIN

Definition at line 4539 of file yubihsm_pkcs11.c.

◆ phPublicKey

* phPublicKey = object.sequence << 24 | (object.type | 0x80) << 16 | object.id

Definition at line 4539 of file yubihsm_pkcs11.c.

◆ phSession

CK_SLOT_ID CK_FLAGS CK_VOID_PTR CK_NOTIFY CK_SESSION_HANDLE_PTR phSession
Initial value:
{
DIN

Definition at line 810 of file yubihsm_pkcs11.c.

◆ pInfo

CK_SESSION_HANDLE CK_SESSION_INFO_PTR pInfo
Initial value:
{
DIN

Definition at line 504 of file yubihsm_pkcs11.c.

◆ pLabel

CK_SLOT_ID CK_UTF8CHAR_PTR CK_ULONG CK_UTF8CHAR_PTR pLabel
Initial value:
{
DIN

Definition at line 766 of file yubihsm_pkcs11.c.

◆ pLastEncryptedPart

CK_SESSION_HANDLE CK_BYTE_PTR pLastEncryptedPart

Definition at line 2540 of file yubihsm_pkcs11.c.

◆ pLastPart

CK_SESSION_HANDLE CK_BYTE_PTR pLastPart

Definition at line 2991 of file yubihsm_pkcs11.c.

◆ pMechanism

CK_SESSION_HANDLE CK_MECHANISM_PTR pMechanism
Initial value:
{
DIN

Definition at line 2319 of file yubihsm_pkcs11.c.

◆ pMechanismList

CK_SLOT_ID CK_MECHANISM_TYPE_PTR pMechanismList

Definition at line 686 of file yubihsm_pkcs11.c.

◆ pNewPin

CK_SESSION_HANDLE CK_UTF8CHAR_PTR CK_ULONG CK_UTF8CHAR_PTR pNewPin

Definition at line 794 of file yubihsm_pkcs11.c.

◆ pOldPin

CK_SESSION_HANDLE CK_UTF8CHAR_PTR pOldPin

Definition at line 793 of file yubihsm_pkcs11.c.

◆ pOperationState

CK_SESSION_HANDLE CK_BYTE_PTR pOperationState

Definition at line 1019 of file yubihsm_pkcs11.c.

◆ pPart

CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG CK_BYTE_PTR pPart

Definition at line 2482 of file yubihsm_pkcs11.c.

◆ ppFunctionList

* ppFunctionList
Initial value:
{
yh_dbg_init(false, false, 0, "stderr")

Definition at line 404 of file yubihsm_pkcs11.c.

◆ pPin

CK_SESSION_HANDLE CK_USER_TYPE CK_UTF8CHAR_PTR pPin = 4

Definition at line 765 of file yubihsm_pkcs11.c.

◆ pPrivateKeyTemplate

CK_SESSION_HANDLE CK_MECHANISM_PTR CK_ATTRIBUTE_PTR CK_ULONG CK_ATTRIBUTE_PTR pPrivateKeyTemplate

Definition at line 4538 of file yubihsm_pkcs11.c.

◆ pPublicKeyTemplate

CK_SESSION_HANDLE CK_MECHANISM_PTR CK_ATTRIBUTE_PTR pPublicKeyTemplate

Definition at line 4537 of file yubihsm_pkcs11.c.

◆ pRandomData

CK_SESSION_HANDLE CK_BYTE_PTR pRandomData

Definition at line 5051 of file yubihsm_pkcs11.c.

◆ pReserved

CK_FLAGS CK_SLOT_ID_PTR CK_VOID_PTR pReserved
Initial value:
{
DIN

Definition at line 673 of file yubihsm_pkcs11.c.

◆ privkey_id

uint16_t privkey_id = hBaseKey & 0xffff

Definition at line 4996 of file yubihsm_pkcs11.c.

◆ pSeed

CK_SESSION_HANDLE CK_BYTE_PTR pSeed

Definition at line 5038 of file yubihsm_pkcs11.c.

◆ pSignature

CK_SESSION_HANDLE CK_BYTE_PTR pSignature

Definition at line 3593 of file yubihsm_pkcs11.c.

◆ pSlot

CK_FLAGS CK_SLOT_ID_PTR pSlot

Definition at line 673 of file yubihsm_pkcs11.c.

◆ pSlotList

CK_BBOOL CK_SLOT_ID_PTR pSlotList

Definition at line 423 of file yubihsm_pkcs11.c.

◆ pTemplate

CK_SESSION_HANDLE CK_MECHANISM_PTR CK_OBJECT_HANDLE CK_ATTRIBUTE_PTR pTemplate

Definition at line 1204 of file yubihsm_pkcs11.c.

◆ pub

bool pub = false

Definition at line 1928 of file yubihsm_pkcs11.c.

◆ pubkey

CK_BYTE_PTR pubkey = params->pPublicData

Definition at line 4984 of file yubihsm_pkcs11.c.

◆ pulCount

CK_SLOT_ID CK_MECHANISM_TYPE_PTR CK_ULONG_PTR pulCount
Initial value:
{
DIN

Definition at line 423 of file yubihsm_pkcs11.c.

◆ pulDataLen

CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG CK_BYTE_PTR CK_ULONG_PTR pulDataLen
Initial value:
{
DIN

Definition at line 2812 of file yubihsm_pkcs11.c.

◆ pulDigestLen

* pulDigestLen
Initial value:
{
DIN

Definition at line 3147 of file yubihsm_pkcs11.c.

◆ pulEncryptedDataLen

* pulEncryptedDataLen
Initial value:
{
DIN

Definition at line 2395 of file yubihsm_pkcs11.c.

◆ pulEncryptedPartLen

CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG CK_BYTE_PTR CK_ULONG_PTR pulEncryptedPartLen
Initial value:
{
DIN

Definition at line 2483 of file yubihsm_pkcs11.c.

◆ pulLastEncryptedPartLen

* pulLastEncryptedPartLen
Initial value:
{
DIN

Definition at line 2541 of file yubihsm_pkcs11.c.

◆ pulLastPartLen

CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG_PTR pulLastPartLen
Initial value:
{
DIN

Definition at line 2992 of file yubihsm_pkcs11.c.

◆ pulObjectCount

* pulObjectCount
Initial value:
{
DIN

Definition at line 2196 of file yubihsm_pkcs11.c.

◆ pulOperationStateLen

CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG_PTR pulOperationStateLen
Initial value:
{
DIN

Definition at line 1020 of file yubihsm_pkcs11.c.

◆ pulPartLen

CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG CK_BYTE_PTR CK_ULONG_PTR pulPartLen
Initial value:
{
DIN

Definition at line 2927 of file yubihsm_pkcs11.c.

◆ pulSignatureLen

CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG CK_BYTE_PTR CK_ULONG_PTR pulSignatureLen
Initial value:
{
DIN

Definition at line 3593 of file yubihsm_pkcs11.c.

◆ pulSize

CK_SESSION_HANDLE CK_OBJECT_HANDLE CK_ULONG_PTR pulSize
Initial value:
{
DIN

Definition at line 1653 of file yubihsm_pkcs11.c.

◆ pulWrappedKeyLen

* pulWrappedKeyLen
Initial value:
{
DIN

Definition at line 4686 of file yubihsm_pkcs11.c.

◆ pWrappedKey

CK_SESSION_HANDLE CK_MECHANISM_PTR CK_OBJECT_HANDLE CK_BYTE_PTR pWrappedKey

Definition at line 4685 of file yubihsm_pkcs11.c.

◆ rc

yh_rc rc

Definition at line 1308 of file yubihsm_pkcs11.c.

◆ ret

CK_RV ret = get_session(&g_ctx, hSession, &session, 0)

Definition at line 973 of file yubihsm_pkcs11.c.

◆ rv

return rv = CKR_OK

Definition at line 569 of file yubihsm_pkcs11.c.

◆ s

char * s = "YubiHSM Connector "

Definition at line 524 of file yubihsm_pkcs11.c.

◆ secret_key

bool secret_key = false

Definition at line 1931 of file yubihsm_pkcs11.c.

◆ seq

int seq = session->ecdh_session_keys.length + 1

Definition at line 4986 of file yubihsm_pkcs11.c.

◆ serial

uint32_t serial

Definition at line 611 of file yubihsm_pkcs11.c.

◆ serialNumber

pInfo serialNumber[l] = ' '

Definition at line 629 of file yubihsm_pkcs11.c.

◆ session

c_gr_out session = NULL

Definition at line 972 of file yubihsm_pkcs11.c.

◆ set

bool set

Definition at line 1237 of file yubihsm_pkcs11.c.

◆ siglen

CK_ULONG siglen

Definition at line 4029 of file yubihsm_pkcs11.c.

◆ slot

c_os_out slot = get_slot(&g_ctx, slotID)

Definition at line 518 of file yubihsm_pkcs11.c.

◆ slotID

pInfo slotID = session->slot->id

Definition at line 504 of file yubihsm_pkcs11.c.

◆ target_id

uint16_t target_id

Definition at line 4867 of file yubihsm_pkcs11.c.

◆ target_type

yh_object_type target_type

Definition at line 4868 of file yubihsm_pkcs11.c.

◆ template

memset & template

Definition at line 1242 of file yubihsm_pkcs11.c.

◆ terminate

bool terminate = true

Definition at line 2400 of file yubihsm_pkcs11.c.

◆ tokenPresent

CK_BBOOL tokenPresent

Definition at line 423 of file yubihsm_pkcs11.c.

◆ type

uint8_t type = hObject >> 16

Definition at line 730 of file yubihsm_pkcs11.c.

◆ ulAttributeCount

CK_SESSION_HANDLE CK_MECHANISM_PTR CK_OBJECT_HANDLE CK_ATTRIBUTE_PTR CK_ULONG ulAttributeCount

Definition at line 4805 of file yubihsm_pkcs11.c.

◆ ulCount

CK_SESSION_HANDLE CK_MECHANISM_PTR CK_ATTRIBUTE_PTR CK_ULONG ulCount
Initial value:
{
DIN

Definition at line 1204 of file yubihsm_pkcs11.c.

◆ ulDataLen

CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG ulDataLen

Definition at line 2394 of file yubihsm_pkcs11.c.

◆ ulDeviceError

pInfo ulDeviceError = 0

Definition at line 1007 of file yubihsm_pkcs11.c.

◆ ulEncryptedDataLen

CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG ulEncryptedDataLen

Definition at line 2812 of file yubihsm_pkcs11.c.

◆ ulEncryptedPartLen

CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG ulEncryptedPartLen

Definition at line 2927 of file yubihsm_pkcs11.c.

◆ ulFreePrivateMemory

pInfo ulFreePrivateMemory = CK_UNAVAILABLE_INFORMATION

Definition at line 655 of file yubihsm_pkcs11.c.

◆ ulFreePublicMemory

pInfo ulFreePublicMemory = CK_UNAVAILABLE_INFORMATION

Definition at line 653 of file yubihsm_pkcs11.c.

◆ ulMaxObjectCount

CK_SESSION_HANDLE CK_OBJECT_HANDLE_PTR CK_ULONG ulMaxObjectCount

Definition at line 2196 of file yubihsm_pkcs11.c.

◆ ulMaxPinLen

pInfo ulMaxPinLen
Initial value:
=
YUBIHSM_PKCS11_MAX_PIN_LEN

Definition at line 648 of file yubihsm_pkcs11.c.

◆ ulMaxRwSessionCount

pInfo ulMaxRwSessionCount
Initial value:
=
CK_EFFECTIVELY_INFINITE
CK_EFFECTIVELY_INFINITE
#define CK_EFFECTIVELY_INFINITE
Definition pkcs11.h:266

Definition at line 641 of file yubihsm_pkcs11.c.

◆ ulMaxSessionCount

pInfo ulMaxSessionCount
Initial value:
=
CK_EFFECTIVELY_INFINITE

Definition at line 634 of file yubihsm_pkcs11.c.

◆ ulMinPinLen

pInfo ulMinPinLen
Initial value:
=
YUBIHSM_PKCS11_MIN_PIN_LEN

Definition at line 650 of file yubihsm_pkcs11.c.

◆ ulNewLen

CK_SESSION_HANDLE CK_UTF8CHAR_PTR CK_ULONG CK_UTF8CHAR_PTR CK_ULONG ulNewLen
Initial value:
{
DIN

Definition at line 794 of file yubihsm_pkcs11.c.

◆ ulOldLen

CK_SESSION_HANDLE CK_UTF8CHAR_PTR CK_ULONG ulOldLen

Definition at line 793 of file yubihsm_pkcs11.c.

◆ ulOperationStateLen

CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG ulOperationStateLen

Definition at line 1034 of file yubihsm_pkcs11.c.

◆ ulPartLen

CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG ulPartLen
Initial value:
{
DIN

Definition at line 2482 of file yubihsm_pkcs11.c.

◆ ulPinLen

CK_SESSION_HANDLE CK_USER_TYPE CK_UTF8CHAR_PTR CK_ULONG ulPinLen
Initial value:
{
DIN

Definition at line 765 of file yubihsm_pkcs11.c.

◆ ulPrivateKeyAttributeCount

CK_SESSION_HANDLE CK_MECHANISM_PTR CK_ATTRIBUTE_PTR CK_ULONG CK_ATTRIBUTE_PTR CK_ULONG ulPrivateKeyAttributeCount

Definition at line 4538 of file yubihsm_pkcs11.c.

◆ ulPublicKeyAttributeCount

CK_SESSION_HANDLE CK_MECHANISM_PTR CK_ATTRIBUTE_PTR CK_ULONG ulPublicKeyAttributeCount

Definition at line 4537 of file yubihsm_pkcs11.c.

◆ ulRandomLen

CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG ulRandomLen
Initial value:
{
DIN

Definition at line 5051 of file yubihsm_pkcs11.c.

◆ ulRwSessionCount

pInfo ulRwSessionCount
Initial value:
=
CK_UNAVAILABLE_INFORMATION
CK_UNAVAILABLE_INFORMATION
#define CK_UNAVAILABLE_INFORMATION
Definition pkcs11.h:265

Definition at line 645 of file yubihsm_pkcs11.c.

◆ ulSeedLen

CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG ulSeedLen
Initial value:
{
DIN

Definition at line 5038 of file yubihsm_pkcs11.c.

◆ ulSessionCount

pInfo ulSessionCount
Initial value:
=
CK_UNAVAILABLE_INFORMATION

Definition at line 638 of file yubihsm_pkcs11.c.

◆ ulSignatureLen

CK_SESSION_HANDLE CK_BYTE_PTR CK_ULONG ulSignatureLen
Initial value:
{
DIN

Definition at line 3997 of file yubihsm_pkcs11.c.

◆ ulTotalPrivateMemory

pInfo ulTotalPrivateMemory = CK_UNAVAILABLE_INFORMATION

Definition at line 654 of file yubihsm_pkcs11.c.

◆ ulTotalPublicMemory

pInfo ulTotalPublicMemory = CK_UNAVAILABLE_INFORMATION

Definition at line 652 of file yubihsm_pkcs11.c.

◆ ulWrappedKeyLen

CK_SESSION_HANDLE CK_MECHANISM_PTR CK_OBJECT_HANDLE CK_BYTE_PTR CK_ULONG ulWrappedKeyLen

Definition at line 4804 of file yubihsm_pkcs11.c.

◆ unknown

bool unknown = false

Definition at line 1930 of file yubihsm_pkcs11.c.

◆ unwrapping_key_type

int unwrapping_key_type = hUnwrappingKey >> 16

Definition at line 4838 of file yubihsm_pkcs11.c.

◆ userType

CK_SESSION_HANDLE CK_USER_TYPE userType

Definition at line 1080 of file yubihsm_pkcs11.c.

◆ ver

CK_VERSION ver = {major, (minor * 100) + patch}

Definition at line 657 of file yubihsm_pkcs11.c.

657{major, (minor * 100) + patch};
patch
uint8_t patch
Definition yubihsm_pkcs11.c:548
major
uint8_t major
Definition yubihsm_pkcs11.c:546
minor
uint8_t minor
Definition yubihsm_pkcs11.c:547

◆ wrapped_key_type

int wrapped_key_type = hKey >> 16

Definition at line 4709 of file yubihsm_pkcs11.c.

◆ wrapping_key_type

int wrapping_key_type = hWrappingKey >> 16

Definition at line 4710 of file yubihsm_pkcs11.c.

◆ yrc

yh_rc yrc
Initial value:
= yh_util_get_device_info(slot->connector, &major, &minor, &patch,
&serial, NULL, NULL, NULL, NULL)
yh_util_get_device_info
yh_rc yh_util_get_device_info(yh_connector *connector, uint8_t *major, uint8_t *minor, uint8_t *patch, uint32_t *serial, uint8_t *log_total, uint8_t *log_used, yh_algorithm *algorithms, size_t *n_algorithms)
Definition yubihsm.c:938
serial
uint32_t serial
Definition yubihsm_pkcs11.c:611

Definition at line 606 of file yubihsm_pkcs11.c.