[Fedora-directory-commits] esc/mac/Tokend-30557/CoolKey/pkcs11 compile.sh, NONE, 1.1 cryptoki.h, NONE, 1.1 mypkcs11.h, NONE, 1.1 pkcs11.h, NONE, 1.1 pkcs11f.h, NONE, 1.1 pkcs11t.h, NONE, 1.1
by Doctor Conrad
Author: jmagne
Update of /cvs/dirsec/esc/mac/Tokend-30557/CoolKey/pkcs11
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31436/CoolKey/pkcs11
Added Files:
compile.sh cryptoki.h mypkcs11.h pkcs11.h pkcs11f.h pkcs11t.h
Log Message:
Initial revision
--- NEW FILE compile.sh ---
#! /bin/csh
gcc -Ipkcs11 $argv[1]
--- NEW FILE cryptoki.h ---
/* cryptoki.h include file for PKCS #11. */
/* $Revision: 1.1 $ */
/* License to copy and use this software is granted provided that it is
* identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
* (Cryptoki)" in all material mentioning or referencing this software.
* License is also granted to make and use derivative works provided that
* such works are identified as "derived from the RSA Security Inc. PKCS #11
* Cryptographic Token Interface (Cryptoki)" in all material mentioning or
* referencing the derived work.
* RSA Security Inc. makes no representations concerning either the
* merchantability of this software or the suitability of this software for
* any particular purpose. It is provided "as is" without express or implied
* warranty of any kind.
*/
/* This is a sample file containing the top level include directives
* for building Win32 Cryptoki libraries and applications.
*/
#ifndef ___CRYPTOKI_H_INC___
#define ___CRYPTOKI_H_INC___
#pragma pack(push, cryptoki, 1)
/* Specifies that the function is a DLL entry point. */
#define CK_IMPORT_SPEC __declspec(dllimport)
/* Define CRYPTOKI_EXPORTS during the build of cryptoki libraries. Do
* not define it in applications.
*/
#ifdef CRYPTOKI_EXPORTS
/* Specified that the function is an exported DLL entry point. */
#define CK_EXPORT_SPEC __declspec(dllexport)
#else
#define CK_EXPORT_SPEC CK_IMPORT_SPEC
#endif
/* Ensures the calling convention for Win32 builds */
#define CK_CALL_SPEC __cdecl
#define CK_PTR *
#define CK_DEFINE_FUNCTION(returnType, name) \
returnType CK_EXPORT_SPEC CK_CALL_SPEC name
#define CK_DECLARE_FUNCTION(returnType, name) \
returnType CK_EXPORT_SPEC CK_CALL_SPEC name
#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
returnType CK_IMPORT_SPEC (CK_CALL_SPEC CK_PTR name)
#define CK_CALLBACK_FUNCTION(returnType, name) \
returnType (CK_CALL_SPEC CK_PTR name)
#ifndef NULL_PTR
#define NULL_PTR 0
#endif
#include "pkcs11.h"
#pragma pack(pop, cryptoki)
#endif /* ___CRYPTOKI_H_INC___ */
--- NEW FILE mypkcs11.h ---
// ****************************************************************************
//
// Copyright (c) 2003 America Online, Inc. All rights reserved.
// This software contains valuable confidential and proprietary information
// of America Online, Inc. and is subject to applicable licensing agreements.
// Unauthorized reproduction, transmission or distribution of this file and
// its contents is a violation of applicable laws.
//
// A M E R I C A O N L I N E C O N F I D E N T I A L
//
// ****************************************************************************
#ifndef AOL_NKEY_MYPKCS11_H
#define AOL_NKEY_MYPKCS11_H
#if defined(_WIN32)
#define CK_PTR *
#define CK_DECLARE_FUNCTION(rv,func) rv __declspec(dllexport) func
#define CK_DECLARE_FUNCTION_POINTER(rv,func) rv (* func)
#define CK_CALLBACK_FUNCTION(rv,func) rv (* func)
#define CK_NULL_PTR 0
#else
#define CK_PTR *
#define CK_DECLARE_FUNCTION(rv,func) rv func
#define CK_DECLARE_FUNCTION_POINTER(rv,func) rv (* func)
#define CK_CALLBACK_FUNCTION(rv,func) rv (* func)
#define CK_NULL_PTR 0
#endif
#if defined(_WIN32)
#pragma warning(disable:4103)
#pragma pack(push, cryptoki, 1)
#endif
#include "pkcs11.h"
//#include "pkcs11n.h"
#if defined (_WIN32)
#pragma warning(disable:4103)
#pragma pack(pop, cryptoki)
#endif
#endif
--- NEW FILE pkcs11.h ---
/* pkcs11.h include file for PKCS #11. */
/* $Revision: 1.1 $ */
/* License to copy and use this software is granted provided that it is
* identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
* (Cryptoki)" in all material mentioning or referencing this software.
* License is also granted to make and use derivative works provided that
* such works are identified as "derived from the RSA Security Inc. PKCS #11
* Cryptographic Token Interface (Cryptoki)" in all material mentioning or
* referencing the derived work.
* RSA Security Inc. makes no representations concerning either the
* merchantability of this software or the suitability of this software for
* any particular purpose. It is provided "as is" without express or implied
* warranty of any kind.
*/
#ifndef _PKCS11_H_
#define _PKCS11_H_ 1
#ifdef __cplusplus
extern "C" {
#endif
/* Before including this file (pkcs11.h) (or pkcs11t.h by
* itself), 6 platform-specific macros must be defined. These
* macros are described below, and typical definitions for them
* are also given. Be advised that these definitions can depend
* on both the platform and the compiler used (and possibly also
* on whether a Cryptoki library is linked statically or
* dynamically).
*
* In addition to defining these 6 macros, the packing convention
* for Cryptoki structures should be set. The Cryptoki
* convention on packing is that structures should be 1-byte
* aligned.
*
* If you're using Microsoft Developer Studio 5.0 to produce
* Win32 stuff, this might be done by using the following
* preprocessor directive before including pkcs11.h or pkcs11t.h:
*
* #pragma pack(push, cryptoki, 1)
*
* and using the following preprocessor directive after including
* pkcs11.h or pkcs11t.h:
*
* #pragma pack(pop, cryptoki)
*
* If you're using an earlier version of Microsoft Developer
* Studio to produce Win16 stuff, this might be done by using
* the following preprocessor directive before including
* pkcs11.h or pkcs11t.h:
*
* #pragma pack(1)
*
* In a UNIX environment, you're on your own for this. You might
* not need to do (or be able to do!) anything.
*
*
* Now for the macros:
*
*
* 1. CK_PTR: The indirection string for making a pointer to an
* object. It can be used like this:
*
* typedef CK_BYTE CK_PTR CK_BYTE_PTR;
*
* If you're using Microsoft Developer Studio 5.0 to produce
* Win32 stuff, it might be defined by:
*
* #define CK_PTR *
*
* If you're using an earlier version of Microsoft Developer
* Studio to produce Win16 stuff, it might be defined by:
*
* #define CK_PTR far *
*
* In a typical UNIX environment, it might be defined by:
*
* #define CK_PTR *
*
*
* 2. CK_DEFINE_FUNCTION(returnType, name): A macro which makes
* an exportable Cryptoki library function definition out of a
* return type and a function name. It should be used in the
* following fashion to define the exposed Cryptoki functions in
* a Cryptoki library:
*
* CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(
* CK_VOID_PTR pReserved
* )
* {
* ...
* }
*
* If you're using Microsoft Developer Studio 5.0 to define a
* function in a Win32 Cryptoki .dll, it might be defined by:
*
* #define CK_DEFINE_FUNCTION(returnType, name) \
* returnType __declspec(dllexport) name
*
* If you're using an earlier version of Microsoft Developer
* Studio to define a function in a Win16 Cryptoki .dll, it
* might be defined by:
*
* #define CK_DEFINE_FUNCTION(returnType, name) \
* returnType __export _far _pascal name
*
* In a UNIX environment, it might be defined by:
*
* #define CK_DEFINE_FUNCTION(returnType, name) \
* returnType name
*
*
* 3. CK_DECLARE_FUNCTION(returnType, name): A macro which makes
* an importable Cryptoki library function declaration out of a
* return type and a function name. It should be used in the
* following fashion:
*
* extern CK_DECLARE_FUNCTION(CK_RV, C_Initialize)(
* CK_VOID_PTR pReserved
* );
*
* If you're using Microsoft Developer Studio 5.0 to declare a
* function in a Win32 Cryptoki .dll, it might be defined by:
*
* #define CK_DECLARE_FUNCTION(returnType, name) \
* returnType __declspec(dllimport) name
*
* If you're using an earlier version of Microsoft Developer
* Studio to declare a function in a Win16 Cryptoki .dll, it
* might be defined by:
*
* #define CK_DECLARE_FUNCTION(returnType, name) \
* returnType __export _far _pascal name
*
* In a UNIX environment, it might be defined by:
*
* #define CK_DECLARE_FUNCTION(returnType, name) \
* returnType name
*
*
* 4. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro
* which makes a Cryptoki API function pointer declaration or
* function pointer type declaration out of a return type and a
* function name. It should be used in the following fashion:
*
* // Define funcPtr to be a pointer to a Cryptoki API function
* // taking arguments args and returning CK_RV.
* CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtr)(args);
*
* or
*
* // Define funcPtrType to be the type of a pointer to a
* // Cryptoki API function taking arguments args and returning
* // CK_RV, and then define funcPtr to be a variable of type
* // funcPtrType.
* typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtrType)(args);
* funcPtrType funcPtr;
*
* If you're using Microsoft Developer Studio 5.0 to access
* functions in a Win32 Cryptoki .dll, in might be defined by:
*
* #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
* returnType __declspec(dllimport) (* name)
*
* If you're using an earlier version of Microsoft Developer
* Studio to access functions in a Win16 Cryptoki .dll, it might
* be defined by:
*
* #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
* returnType __export _far _pascal (* name)
*
* In a UNIX environment, it might be defined by:
*
* #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
* returnType (* name)
*
*
* 5. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes
* a function pointer type for an application callback out of
* a return type for the callback and a name for the callback.
* It should be used in the following fashion:
*
* CK_CALLBACK_FUNCTION(CK_RV, myCallback)(args);
*
* to declare a function pointer, myCallback, to a callback
* which takes arguments args and returns a CK_RV. It can also
* be used like this:
*
* typedef CK_CALLBACK_FUNCTION(CK_RV, myCallbackType)(args);
* myCallbackType myCallback;
*
* If you're using Microsoft Developer Studio 5.0 to do Win32
* Cryptoki development, it might be defined by:
*
* #define CK_CALLBACK_FUNCTION(returnType, name) \
* returnType (* name)
*
* If you're using an earlier version of Microsoft Developer
* Studio to do Win16 development, it might be defined by:
*
* #define CK_CALLBACK_FUNCTION(returnType, name) \
* returnType _far _pascal (* name)
*
* In a UNIX environment, it might be defined by:
*
* #define CK_CALLBACK_FUNCTION(returnType, name) \
* returnType (* name)
*
*
* 6. NULL_PTR: This macro is the value of a NULL pointer.
*
* In any ANSI/ISO C environment (and in many others as well),
* this should best be defined by
*
* #ifndef NULL_PTR
* #define NULL_PTR 0
* #endif
*/
/* All the various Cryptoki types and #define'd values are in the
* file pkcs11t.h. */
#include "pkcs11t.h"
#define __PASTE(x,y) x##y
/* ==============================================================
* Define the "extern" form of all the entry points.
* ==============================================================
*/
#define CK_NEED_ARG_LIST 1
#define CK_PKCS11_FUNCTION_INFO(name) \
extern CK_DECLARE_FUNCTION(CK_RV, name)
/* pkcs11f.h has all the information about the Cryptoki
* function prototypes. */
#include "pkcs11f.h"
#undef CK_NEED_ARG_LIST
#undef CK_PKCS11_FUNCTION_INFO
/* ==============================================================
* Define the typedef form of all the entry points. That is, for
* each Cryptoki function C_XXX, define a type CK_C_XXX which is
* a pointer to that kind of function.
* ==============================================================
*/
#define CK_NEED_ARG_LIST 1
#define CK_PKCS11_FUNCTION_INFO(name) \
typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, __PASTE(CK_,name))
/* pkcs11f.h has all the information about the Cryptoki
* function prototypes. */
#include "pkcs11f.h"
#undef CK_NEED_ARG_LIST
#undef CK_PKCS11_FUNCTION_INFO
/* ==============================================================
* Define structed vector of entry points. A CK_FUNCTION_LIST
* contains a CK_VERSION indicating a library's Cryptoki version
* and then a whole slew of function pointers to the routines in
* the library. This type was declared, but not defined, in
* pkcs11t.h.
* ==============================================================
*/
#define CK_PKCS11_FUNCTION_INFO(name) \
__PASTE(CK_,name) name;
struct CK_FUNCTION_LIST {
CK_VERSION version; /* Cryptoki version */
/* Pile all the function pointers into the CK_FUNCTION_LIST. */
/* pkcs11f.h has all the information about the Cryptoki
* function prototypes. */
#include "pkcs11f.h"
};
#undef CK_PKCS11_FUNCTION_INFO
#undef __PASTE
#ifdef __cplusplus
}
#endif
#endif
--- NEW FILE pkcs11f.h ---
/* pkcs11f.h include file for PKCS #11. */
/* $Revision: 1.1 $ */
/* License to copy and use this software is granted provided that it is
* identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
* (Cryptoki)" in all material mentioning or referencing this software.
* License is also granted to make and use derivative works provided that
* such works are identified as "derived from the RSA Security Inc. PKCS #11
* Cryptographic Token Interface (Cryptoki)" in all material mentioning or
* referencing the derived work.
* RSA Security Inc. makes no representations concerning either the
* merchantability of this software or the suitability of this software for
* any particular purpose. It is provided "as is" without express or implied
* warranty of any kind.
*/
/* This header file contains pretty much everything about all the */
/* Cryptoki function prototypes. Because this information is */
/* used for more than just declaring function prototypes, the */
/* order of the functions appearing herein is important, and */
/* should not be altered. */
/* General-purpose */
/* C_Initialize initializes the Cryptoki library. */
CK_PKCS11_FUNCTION_INFO(C_Initialize)
#ifdef CK_NEED_ARG_LIST
(
CK_VOID_PTR pInitArgs /* if this is not NULL_PTR, it gets
* cast to CK_C_INITIALIZE_ARGS_PTR
* and dereferenced */
);
#endif
/* C_Finalize indicates that an application is done with the
* Cryptoki library. */
CK_PKCS11_FUNCTION_INFO(C_Finalize)
#ifdef CK_NEED_ARG_LIST
(
CK_VOID_PTR pReserved /* reserved. Should be NULL_PTR */
);
#endif
/* C_GetInfo returns general information about Cryptoki. */
CK_PKCS11_FUNCTION_INFO(C_GetInfo)
#ifdef CK_NEED_ARG_LIST
(
CK_INFO_PTR pInfo /* location that receives information */
);
#endif
/* C_GetFunctionList returns the function list. */
CK_PKCS11_FUNCTION_INFO(C_GetFunctionList)
#ifdef CK_NEED_ARG_LIST
(
CK_FUNCTION_LIST_PTR_PTR ppFunctionList /* receives pointer to
* function list */
);
#endif
/* Slot and token management */
/* C_GetSlotList obtains a list of slots in the system. */
CK_PKCS11_FUNCTION_INFO(C_GetSlotList)
#ifdef CK_NEED_ARG_LIST
(
CK_BBOOL tokenPresent, /* only slots with tokens? */
CK_SLOT_ID_PTR pSlotList, /* receives array of slot IDs */
CK_ULONG_PTR pulCount /* receives number of slots */
);
#endif
/* C_GetSlotInfo obtains information about a particular slot in
* the system. */
CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo)
#ifdef CK_NEED_ARG_LIST
(
CK_SLOT_ID slotID, /* the ID of the slot */
CK_SLOT_INFO_PTR pInfo /* receives the slot information */
);
#endif
/* C_GetTokenInfo obtains information about a particular token
* in the system. */
CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo)
#ifdef CK_NEED_ARG_LIST
(
CK_SLOT_ID slotID, /* ID of the token's slot */
CK_TOKEN_INFO_PTR pInfo /* receives the token information */
);
#endif
/* C_GetMechanismList obtains a list of mechanism types
* supported by a token. */
CK_PKCS11_FUNCTION_INFO(C_GetMechanismList)
#ifdef CK_NEED_ARG_LIST
(
CK_SLOT_ID slotID, /* ID of token's slot */
CK_MECHANISM_TYPE_PTR pMechanismList, /* gets mech. array */
CK_ULONG_PTR pulCount /* gets # of mechs. */
);
#endif
/* C_GetMechanismInfo obtains information about a particular
* mechanism possibly supported by a token. */
CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo)
#ifdef CK_NEED_ARG_LIST
(
CK_SLOT_ID slotID, /* ID of the token's slot */
CK_MECHANISM_TYPE type, /* type of mechanism */
CK_MECHANISM_INFO_PTR pInfo /* receives mechanism info */
);
#endif
/* C_InitToken initializes a token. */
CK_PKCS11_FUNCTION_INFO(C_InitToken)
#ifdef CK_NEED_ARG_LIST
/* pLabel changed from CK_CHAR_PTR to CK_UTF8CHAR_PTR for v2.10 */
(
CK_SLOT_ID slotID, /* ID of the token's slot */
CK_UTF8CHAR_PTR pPin, /* the SO's initial PIN */
CK_ULONG ulPinLen, /* length in bytes of the PIN */
CK_UTF8CHAR_PTR pLabel /* 32-byte token label (blank padded) */
);
#endif
/* C_InitPIN initializes the normal user's PIN. */
CK_PKCS11_FUNCTION_INFO(C_InitPIN)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_UTF8CHAR_PTR pPin, /* the normal user's PIN */
CK_ULONG ulPinLen /* length in bytes of the PIN */
);
#endif
/* C_SetPIN modifies the PIN of the user who is logged in. */
CK_PKCS11_FUNCTION_INFO(C_SetPIN)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_UTF8CHAR_PTR pOldPin, /* the old PIN */
CK_ULONG ulOldLen, /* length of the old PIN */
CK_UTF8CHAR_PTR pNewPin, /* the new PIN */
CK_ULONG ulNewLen /* length of the new PIN */
);
#endif
/* Session management */
/* C_OpenSession opens a session between an application and a
* token. */
CK_PKCS11_FUNCTION_INFO(C_OpenSession)
#ifdef CK_NEED_ARG_LIST
(
CK_SLOT_ID slotID, /* the slot's ID */
CK_FLAGS flags, /* from CK_SESSION_INFO */
CK_VOID_PTR pApplication, /* passed to callback */
CK_NOTIFY Notify, /* callback function */
CK_SESSION_HANDLE_PTR phSession /* gets session handle */
);
#endif
/* C_CloseSession closes a session between an application and a
* token. */
CK_PKCS11_FUNCTION_INFO(C_CloseSession)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession /* the session's handle */
);
#endif
/* C_CloseAllSessions closes all sessions with a token. */
CK_PKCS11_FUNCTION_INFO(C_CloseAllSessions)
#ifdef CK_NEED_ARG_LIST
(
CK_SLOT_ID slotID /* the token's slot */
);
#endif
/* C_GetSessionInfo obtains information about the session. */
CK_PKCS11_FUNCTION_INFO(C_GetSessionInfo)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_SESSION_INFO_PTR pInfo /* receives session info */
);
#endif
/* C_GetOperationState obtains the state of the cryptographic operation
* in a session. */
CK_PKCS11_FUNCTION_INFO(C_GetOperationState)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* session's handle */
CK_BYTE_PTR pOperationState, /* gets state */
CK_ULONG_PTR pulOperationStateLen /* gets state length */
);
#endif
/* C_SetOperationState restores the state of the cryptographic
* operation in a session. */
CK_PKCS11_FUNCTION_INFO(C_SetOperationState)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* session's handle */
CK_BYTE_PTR pOperationState, /* holds state */
CK_ULONG ulOperationStateLen, /* holds state length */
CK_OBJECT_HANDLE hEncryptionKey, /* en/decryption key */
CK_OBJECT_HANDLE hAuthenticationKey /* sign/verify key */
);
#endif
/* C_Login logs a user into a token. */
CK_PKCS11_FUNCTION_INFO(C_Login)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_USER_TYPE userType, /* the user type */
CK_UTF8CHAR_PTR pPin, /* the user's PIN */
CK_ULONG ulPinLen /* the length of the PIN */
);
#endif
/* C_Logout logs a user out from a token. */
CK_PKCS11_FUNCTION_INFO(C_Logout)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession /* the session's handle */
);
#endif
/* Object management */
/* C_CreateObject creates a new object. */
CK_PKCS11_FUNCTION_INFO(C_CreateObject)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_ATTRIBUTE_PTR pTemplate, /* the object's template */
CK_ULONG ulCount, /* attributes in template */
CK_OBJECT_HANDLE_PTR phObject /* gets new object's handle. */
);
#endif
/* C_CopyObject copies an object, creating a new object for the
* copy. */
CK_PKCS11_FUNCTION_INFO(C_CopyObject)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_OBJECT_HANDLE hObject, /* the object's handle */
CK_ATTRIBUTE_PTR pTemplate, /* template for new object */
CK_ULONG ulCount, /* attributes in template */
CK_OBJECT_HANDLE_PTR phNewObject /* receives handle of copy */
);
#endif
/* C_DestroyObject destroys an object. */
CK_PKCS11_FUNCTION_INFO(C_DestroyObject)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_OBJECT_HANDLE hObject /* the object's handle */
);
#endif
/* C_GetObjectSize gets the size of an object in bytes. */
CK_PKCS11_FUNCTION_INFO(C_GetObjectSize)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_OBJECT_HANDLE hObject, /* the object's handle */
CK_ULONG_PTR pulSize /* receives size of object */
);
#endif
/* C_GetAttributeValue obtains the value of one or more object
* attributes. */
CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_OBJECT_HANDLE hObject, /* the object's handle */
CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs; gets vals */
CK_ULONG ulCount /* attributes in template */
);
#endif
/* C_SetAttributeValue modifies the value of one or more object
* attributes */
CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_OBJECT_HANDLE hObject, /* the object's handle */
CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs and values */
CK_ULONG ulCount /* attributes in template */
);
#endif
/* C_FindObjectsInit initializes a search for token and session
* objects that match a template. */
CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_ATTRIBUTE_PTR pTemplate, /* attribute values to match */
CK_ULONG ulCount /* attrs in search template */
);
#endif
/* C_FindObjects continues a search for token and session
* objects that match a template, obtaining additional object
* handles. */
CK_PKCS11_FUNCTION_INFO(C_FindObjects)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* session's handle */
CK_OBJECT_HANDLE_PTR phObject, /* gets obj. handles */
CK_ULONG ulMaxObjectCount, /* max handles to get */
CK_ULONG_PTR pulObjectCount /* actual # returned */
);
#endif
/* C_FindObjectsFinal finishes a search for token and session
* objects. */
CK_PKCS11_FUNCTION_INFO(C_FindObjectsFinal)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession /* the session's handle */
);
#endif
/* Encryption and decryption */
/* C_EncryptInit initializes an encryption operation. */
CK_PKCS11_FUNCTION_INFO(C_EncryptInit)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_MECHANISM_PTR pMechanism, /* the encryption mechanism */
CK_OBJECT_HANDLE hKey /* handle of encryption key */
);
#endif
/* C_Encrypt encrypts single-part data. */
CK_PKCS11_FUNCTION_INFO(C_Encrypt)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* session's handle */
CK_BYTE_PTR pData, /* the plaintext data */
CK_ULONG ulDataLen, /* bytes of plaintext */
CK_BYTE_PTR pEncryptedData, /* gets ciphertext */
CK_ULONG_PTR pulEncryptedDataLen /* gets c-text size */
);
#endif
/* C_EncryptUpdate continues a multiple-part encryption
* operation. */
CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* session's handle */
CK_BYTE_PTR pPart, /* the plaintext data */
CK_ULONG ulPartLen, /* plaintext data len */
CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
CK_ULONG_PTR pulEncryptedPartLen /* gets c-text size */
);
#endif
/* C_EncryptFinal finishes a multiple-part encryption
* operation. */
CK_PKCS11_FUNCTION_INFO(C_EncryptFinal)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* session handle */
CK_BYTE_PTR pLastEncryptedPart, /* last c-text */
CK_ULONG_PTR pulLastEncryptedPartLen /* gets last size */
);
#endif
/* C_DecryptInit initializes a decryption operation. */
CK_PKCS11_FUNCTION_INFO(C_DecryptInit)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_MECHANISM_PTR pMechanism, /* the decryption mechanism */
CK_OBJECT_HANDLE hKey /* handle of decryption key */
);
#endif
/* C_Decrypt decrypts encrypted data in a single part. */
CK_PKCS11_FUNCTION_INFO(C_Decrypt)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* session's handle */
CK_BYTE_PTR pEncryptedData, /* ciphertext */
CK_ULONG ulEncryptedDataLen, /* ciphertext length */
CK_BYTE_PTR pData, /* gets plaintext */
CK_ULONG_PTR pulDataLen /* gets p-text size */
);
#endif
/* C_DecryptUpdate continues a multiple-part decryption
* operation. */
CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* session's handle */
CK_BYTE_PTR pEncryptedPart, /* encrypted data */
CK_ULONG ulEncryptedPartLen, /* input length */
CK_BYTE_PTR pPart, /* gets plaintext */
CK_ULONG_PTR pulPartLen /* p-text size */
);
#endif
/* C_DecryptFinal finishes a multiple-part decryption
* operation. */
CK_PKCS11_FUNCTION_INFO(C_DecryptFinal)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_BYTE_PTR pLastPart, /* gets plaintext */
CK_ULONG_PTR pulLastPartLen /* p-text size */
);
#endif
/* Message digesting */
/* C_DigestInit initializes a message-digesting operation. */
CK_PKCS11_FUNCTION_INFO(C_DigestInit)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_MECHANISM_PTR pMechanism /* the digesting mechanism */
);
#endif
/* C_Digest digests data in a single part. */
CK_PKCS11_FUNCTION_INFO(C_Digest)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_BYTE_PTR pData, /* data to be digested */
CK_ULONG ulDataLen, /* bytes of data to digest */
CK_BYTE_PTR pDigest, /* gets the message digest */
CK_ULONG_PTR pulDigestLen /* gets digest length */
);
#endif
/* C_DigestUpdate continues a multiple-part message-digesting
* operation. */
CK_PKCS11_FUNCTION_INFO(C_DigestUpdate)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_BYTE_PTR pPart, /* data to be digested */
CK_ULONG ulPartLen /* bytes of data to be digested */
);
#endif
/* C_DigestKey continues a multi-part message-digesting
* operation, by digesting the value of a secret key as part of
* the data already digested. */
CK_PKCS11_FUNCTION_INFO(C_DigestKey)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_OBJECT_HANDLE hKey /* secret key to digest */
);
#endif
/* C_DigestFinal finishes a multiple-part message-digesting
* operation. */
CK_PKCS11_FUNCTION_INFO(C_DigestFinal)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_BYTE_PTR pDigest, /* gets the message digest */
CK_ULONG_PTR pulDigestLen /* gets byte count of digest */
);
#endif
/* Signing and MACing */
/* C_SignInit initializes a signature (private key encryption)
* operation, where the signature is (will be) an appendix to
* the data, and plaintext cannot be recovered from the
*signature. */
CK_PKCS11_FUNCTION_INFO(C_SignInit)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_MECHANISM_PTR pMechanism, /* the signature mechanism */
CK_OBJECT_HANDLE hKey /* handle of signature key */
);
#endif
/* C_Sign signs (encrypts with private key) data in a single
* part, where the signature is (will be) an appendix to the
* data, and plaintext cannot be recovered from the signature. */
CK_PKCS11_FUNCTION_INFO(C_Sign)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_BYTE_PTR pData, /* the data to sign */
CK_ULONG ulDataLen, /* count of bytes to sign */
CK_BYTE_PTR pSignature, /* gets the signature */
CK_ULONG_PTR pulSignatureLen /* gets signature length */
);
#endif
/* C_SignUpdate continues a multiple-part signature operation,
* where the signature is (will be) an appendix to the data,
* and plaintext cannot be recovered from the signature. */
CK_PKCS11_FUNCTION_INFO(C_SignUpdate)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_BYTE_PTR pPart, /* the data to sign */
CK_ULONG ulPartLen /* count of bytes to sign */
);
#endif
/* C_SignFinal finishes a multiple-part signature operation,
* returning the signature. */
CK_PKCS11_FUNCTION_INFO(C_SignFinal)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_BYTE_PTR pSignature, /* gets the signature */
CK_ULONG_PTR pulSignatureLen /* gets signature length */
);
#endif
/* C_SignRecoverInit initializes a signature operation, where
* the data can be recovered from the signature. */
CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_MECHANISM_PTR pMechanism, /* the signature mechanism */
CK_OBJECT_HANDLE hKey /* handle of the signature key */
);
#endif
/* C_SignRecover signs data in a single operation, where the
* data can be recovered from the signature. */
CK_PKCS11_FUNCTION_INFO(C_SignRecover)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_BYTE_PTR pData, /* the data to sign */
CK_ULONG ulDataLen, /* count of bytes to sign */
CK_BYTE_PTR pSignature, /* gets the signature */
CK_ULONG_PTR pulSignatureLen /* gets signature length */
);
#endif
/* Verifying signatures and MACs */
/* C_VerifyInit initializes a verification operation, where the
* signature is an appendix to the data, and plaintext cannot
* cannot be recovered from the signature (e.g. DSA). */
CK_PKCS11_FUNCTION_INFO(C_VerifyInit)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_MECHANISM_PTR pMechanism, /* the verification mechanism */
CK_OBJECT_HANDLE hKey /* verification key */
);
#endif
/* C_Verify verifies a signature in a single-part operation,
* where the signature is an appendix to the data, and plaintext
* cannot be recovered from the signature. */
CK_PKCS11_FUNCTION_INFO(C_Verify)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_BYTE_PTR pData, /* signed data */
CK_ULONG ulDataLen, /* length of signed data */
CK_BYTE_PTR pSignature, /* signature */
CK_ULONG ulSignatureLen /* signature length*/
);
#endif
/* C_VerifyUpdate continues a multiple-part verification
* operation, where the signature is an appendix to the data,
* and plaintext cannot be recovered from the signature. */
CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_BYTE_PTR pPart, /* signed data */
CK_ULONG ulPartLen /* length of signed data */
);
#endif
/* C_VerifyFinal finishes a multiple-part verification
* operation, checking the signature. */
CK_PKCS11_FUNCTION_INFO(C_VerifyFinal)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_BYTE_PTR pSignature, /* signature to verify */
CK_ULONG ulSignatureLen /* signature length */
);
#endif
/* C_VerifyRecoverInit initializes a signature verification
* operation, where the data is recovered from the signature. */
CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_MECHANISM_PTR pMechanism, /* the verification mechanism */
CK_OBJECT_HANDLE hKey /* verification key */
);
#endif
/* C_VerifyRecover verifies a signature in a single-part
* operation, where the data is recovered from the signature. */
CK_PKCS11_FUNCTION_INFO(C_VerifyRecover)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_BYTE_PTR pSignature, /* signature to verify */
CK_ULONG ulSignatureLen, /* signature length */
CK_BYTE_PTR pData, /* gets signed data */
CK_ULONG_PTR pulDataLen /* gets signed data len */
);
#endif
/* Dual-function cryptographic operations */
/* C_DigestEncryptUpdate continues a multiple-part digesting
* and encryption operation. */
CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* session's handle */
CK_BYTE_PTR pPart, /* the plaintext data */
CK_ULONG ulPartLen, /* plaintext length */
CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */
);
#endif
/* C_DecryptDigestUpdate continues a multiple-part decryption and
* digesting operation. */
CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* session's handle */
CK_BYTE_PTR pEncryptedPart, /* ciphertext */
CK_ULONG ulEncryptedPartLen, /* ciphertext length */
CK_BYTE_PTR pPart, /* gets plaintext */
CK_ULONG_PTR pulPartLen /* gets plaintext len */
);
#endif
/* C_SignEncryptUpdate continues a multiple-part signing and
* encryption operation. */
CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* session's handle */
CK_BYTE_PTR pPart, /* the plaintext data */
CK_ULONG ulPartLen, /* plaintext length */
CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */
);
#endif
/* C_DecryptVerifyUpdate continues a multiple-part decryption and
* verify operation. */
CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* session's handle */
CK_BYTE_PTR pEncryptedPart, /* ciphertext */
CK_ULONG ulEncryptedPartLen, /* ciphertext length */
CK_BYTE_PTR pPart, /* gets plaintext */
CK_ULONG_PTR pulPartLen /* gets p-text length */
);
#endif
/* Key management */
/* C_GenerateKey generates a secret key, creating a new key
* object. */
CK_PKCS11_FUNCTION_INFO(C_GenerateKey)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_MECHANISM_PTR pMechanism, /* key generation mech. */
CK_ATTRIBUTE_PTR pTemplate, /* template for new key */
CK_ULONG ulCount, /* # of attrs in template */
CK_OBJECT_HANDLE_PTR phKey /* gets handle of new key */
);
#endif
/* C_GenerateKeyPair generates a public-key/private-key pair,
* creating new key objects. */
CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* session
* handle */
CK_MECHANISM_PTR pMechanism, /* key-gen
* mech. */
CK_ATTRIBUTE_PTR pPublicKeyTemplate, /* template
* for pub.
* key */
CK_ULONG ulPublicKeyAttributeCount, /* # pub.
* attrs. */
CK_ATTRIBUTE_PTR pPrivateKeyTemplate, /* template
* for priv.
* key */
CK_ULONG ulPrivateKeyAttributeCount, /* # priv.
* attrs. */
CK_OBJECT_HANDLE_PTR phPublicKey, /* gets pub.
* key
* handle */
CK_OBJECT_HANDLE_PTR phPrivateKey /* gets
* priv. key
* handle */
);
#endif
/* C_WrapKey wraps (i.e., encrypts) a key. */
CK_PKCS11_FUNCTION_INFO(C_WrapKey)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_MECHANISM_PTR pMechanism, /* the wrapping mechanism */
CK_OBJECT_HANDLE hWrappingKey, /* wrapping key */
CK_OBJECT_HANDLE hKey, /* key to be wrapped */
CK_BYTE_PTR pWrappedKey, /* gets wrapped key */
CK_ULONG_PTR pulWrappedKeyLen /* gets wrapped key size */
);
#endif
/* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new
* key object. */
CK_PKCS11_FUNCTION_INFO(C_UnwrapKey)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* session's handle */
CK_MECHANISM_PTR pMechanism, /* unwrapping mech. */
CK_OBJECT_HANDLE hUnwrappingKey, /* unwrapping key */
CK_BYTE_PTR pWrappedKey, /* the wrapped key */
CK_ULONG ulWrappedKeyLen, /* wrapped key len */
CK_ATTRIBUTE_PTR pTemplate, /* new key template */
CK_ULONG ulAttributeCount, /* template length */
CK_OBJECT_HANDLE_PTR phKey /* gets new handle */
);
#endif
/* C_DeriveKey derives a key from a base key, creating a new key
* object. */
CK_PKCS11_FUNCTION_INFO(C_DeriveKey)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* session's handle */
CK_MECHANISM_PTR pMechanism, /* key deriv. mech. */
CK_OBJECT_HANDLE hBaseKey, /* base key */
CK_ATTRIBUTE_PTR pTemplate, /* new key template */
CK_ULONG ulAttributeCount, /* template length */
CK_OBJECT_HANDLE_PTR phKey /* gets new handle */
);
#endif
/* Random number generation */
/* C_SeedRandom mixes additional seed material into the token's
* random number generator. */
CK_PKCS11_FUNCTION_INFO(C_SeedRandom)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_BYTE_PTR pSeed, /* the seed material */
CK_ULONG ulSeedLen /* length of seed material */
);
#endif
/* C_GenerateRandom generates random data. */
CK_PKCS11_FUNCTION_INFO(C_GenerateRandom)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_BYTE_PTR RandomData, /* receives the random data */
CK_ULONG ulRandomLen /* # of bytes to generate */
);
#endif
/* Parallel function management */
/* C_GetFunctionStatus is a legacy function; it obtains an
* updated status of a function running in parallel with an
* application. */
CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession /* the session's handle */
);
#endif
/* C_CancelFunction is a legacy function; it cancels a function
* running in parallel. */
CK_PKCS11_FUNCTION_INFO(C_CancelFunction)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession /* the session's handle */
);
#endif
/* Functions added in for Cryptoki Version 2.01 or later */
/* C_WaitForSlotEvent waits for a slot event (token insertion,
* removal, etc.) to occur. */
CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent)
#ifdef CK_NEED_ARG_LIST
(
CK_FLAGS flags, /* blocking/nonblocking flag */
CK_SLOT_ID_PTR pSlot, /* location that receives the slot ID */
CK_VOID_PTR pRserved /* reserved. Should be NULL_PTR */
);
#endif
--- NEW FILE pkcs11t.h ---
/* pkcs11t.h include file for PKCS #11. */
/* $Revision: 1.1 $ */
/* License to copy and use this software is granted provided that it is
* identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
* (Cryptoki)" in all material mentioning or referencing this software.
* License is also granted to make and use derivative works provided that
* such works are identified as "derived from the RSA Security Inc. PKCS #11
* Cryptographic Token Interface (Cryptoki)" in all material mentioning or
* referencing the derived work.
* RSA Security Inc. makes no representations concerning either the
* merchantability of this software or the suitability of this software for
* any particular purpose. It is provided "as is" without express or implied
* warranty of any kind.
*/
/* See top of pkcs11.h for information about the macros that
* must be defined and the structure-packing conventions that
* must be set before including this file. */
#ifndef _PKCS11T_H_
#define _PKCS11T_H_ 1
#define CK_TRUE 1
#define CK_FALSE 0
#ifndef CK_DISABLE_TRUE_FALSE
#ifndef FALSE
#define FALSE CK_FALSE
#endif
#ifndef TRUE
#define TRUE CK_TRUE
#endif
#endif
/* an unsigned 8-bit value */
typedef unsigned char CK_BYTE;
/* an unsigned 8-bit character */
typedef CK_BYTE CK_CHAR;
/* an 8-bit UTF-8 character */
typedef CK_BYTE CK_UTF8CHAR;
/* a BYTE-sized Boolean flag */
typedef CK_BYTE CK_BBOOL;
/* an unsigned value, at least 32 bits long */
typedef unsigned long int CK_ULONG;
/* a signed value, the same size as a CK_ULONG */
/* CK_LONG is new for v2.0 */
typedef long int CK_LONG;
/* at least 32 bits; each bit is a Boolean flag */
typedef CK_ULONG CK_FLAGS;
/* some special values for certain CK_ULONG variables */
#define CK_UNAVAILABLE_INFORMATION (~0UL)
#define CK_EFFECTIVELY_INFINITE 0
typedef CK_BYTE CK_PTR CK_BYTE_PTR;
typedef CK_CHAR CK_PTR CK_CHAR_PTR;
typedef CK_UTF8CHAR CK_PTR CK_UTF8CHAR_PTR;
typedef CK_ULONG CK_PTR CK_ULONG_PTR;
typedef void CK_PTR CK_VOID_PTR;
/* Pointer to a CK_VOID_PTR-- i.e., pointer to pointer to void */
typedef CK_VOID_PTR CK_PTR CK_VOID_PTR_PTR;
/* The following value is always invalid if used as a session */
/* handle or object handle */
#define CK_INVALID_HANDLE 0
typedef struct CK_VERSION {
CK_BYTE major; /* integer portion of version number */
CK_BYTE minor; /* 1/100ths portion of version number */
} CK_VERSION;
typedef CK_VERSION CK_PTR CK_VERSION_PTR;
typedef struct CK_INFO {
/* manufacturerID and libraryDecription have been changed from
* CK_CHAR to CK_UTF8CHAR for v2.10 */
CK_VERSION cryptokiVersion; /* Cryptoki interface ver */
CK_UTF8CHAR manufacturerID[32]; /* blank padded */
CK_FLAGS flags; /* must be zero */
/* libraryDescription and libraryVersion are new for v2.0 */
CK_UTF8CHAR libraryDescription[32]; /* blank padded */
CK_VERSION libraryVersion; /* version of library */
} CK_INFO;
typedef CK_INFO CK_PTR CK_INFO_PTR;
/* CK_NOTIFICATION enumerates the types of notifications that
* Cryptoki provides to an application */
/* CK_NOTIFICATION has been changed from an enum to a CK_ULONG
* for v2.0 */
typedef CK_ULONG CK_NOTIFICATION;
#define CKN_SURRENDER 0
typedef CK_ULONG CK_SLOT_ID;
typedef CK_SLOT_ID CK_PTR CK_SLOT_ID_PTR;
/* CK_SLOT_INFO provides information about a slot */
typedef struct CK_SLOT_INFO {
/* slotDescription and manufacturerID have been changed from
* CK_CHAR to CK_UTF8CHAR for v2.10 */
CK_UTF8CHAR slotDescription[64]; /* blank padded */
CK_UTF8CHAR manufacturerID[32]; /* blank padded */
CK_FLAGS flags;
/* hardwareVersion and firmwareVersion are new for v2.0 */
CK_VERSION hardwareVersion; /* version of hardware */
CK_VERSION firmwareVersion; /* version of firmware */
} CK_SLOT_INFO;
/* flags: bit flags that provide capabilities of the slot
* Bit Flag Mask Meaning
*/
#define CKF_TOKEN_PRESENT 0x00000001 /* a token is there */
#define CKF_REMOVABLE_DEVICE 0x00000002 /* removable devices*/
#define CKF_HW_SLOT 0x00000004 /* hardware slot */
typedef CK_SLOT_INFO CK_PTR CK_SLOT_INFO_PTR;
/* CK_TOKEN_INFO provides information about a token */
typedef struct CK_TOKEN_INFO {
/* label, manufacturerID, and model have been changed from
* CK_CHAR to CK_UTF8CHAR for v2.10 */
CK_UTF8CHAR label[32]; /* blank padded */
CK_UTF8CHAR manufacturerID[32]; /* blank padded */
CK_UTF8CHAR model[16]; /* blank padded */
CK_CHAR serialNumber[16]; /* blank padded */
CK_FLAGS flags; /* see below */
/* ulMaxSessionCount, ulSessionCount, ulMaxRwSessionCount,
* ulRwSessionCount, ulMaxPinLen, and ulMinPinLen have all been
* changed from CK_USHORT to CK_ULONG for v2.0 */
CK_ULONG ulMaxSessionCount; /* max open sessions */
CK_ULONG ulSessionCount; /* sess. now open */
CK_ULONG ulMaxRwSessionCount; /* max R/W sessions */
CK_ULONG ulRwSessionCount; /* R/W sess. now open */
CK_ULONG ulMaxPinLen; /* in bytes */
CK_ULONG ulMinPinLen; /* in bytes */
CK_ULONG ulTotalPublicMemory; /* in bytes */
CK_ULONG ulFreePublicMemory; /* in bytes */
CK_ULONG ulTotalPrivateMemory; /* in bytes */
CK_ULONG ulFreePrivateMemory; /* in bytes */
/* hardwareVersion, firmwareVersion, and time are new for
* v2.0 */
CK_VERSION hardwareVersion; /* version of hardware */
CK_VERSION firmwareVersion; /* version of firmware */
CK_CHAR utcTime[16]; /* time */
} CK_TOKEN_INFO;
/* The flags parameter is defined as follows:
* Bit Flag Mask Meaning
*/
#define CKF_RNG 0x00000001 /* has random #
* generator */
#define CKF_WRITE_PROTECTED 0x00000002 /* token is
* write-
* protected */
#define CKF_LOGIN_REQUIRED 0x00000004 /* user must
* login */
#define CKF_USER_PIN_INITIALIZED 0x00000008 /* normal user's
* PIN is set */
/* CKF_RESTORE_KEY_NOT_NEEDED is new for v2.0. If it is set,
* that means that *every* time the state of cryptographic
* operations of a session is successfully saved, all keys
* needed to continue those operations are stored in the state */
#define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020
/* CKF_CLOCK_ON_TOKEN is new for v2.0. If it is set, that means
* that the token has some sort of clock. The time on that
* clock is returned in the token info structure */
#define CKF_CLOCK_ON_TOKEN 0x00000040
/* CKF_PROTECTED_AUTHENTICATION_PATH is new for v2.0. If it is
* set, that means that there is some way for the user to login
* without sending a PIN through the Cryptoki library itself */
#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100
/* CKF_DUAL_CRYPTO_OPERATIONS is new for v2.0. If it is true,
* that means that a single session with the token can perform
* dual simultaneous cryptographic operations (digest and
* encrypt; decrypt and digest; sign and encrypt; and decrypt
* and sign) */
#define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200
/* CKF_TOKEN_INITIALIZED if new for v2.10. If it is true, the
* token has been initialized using C_InitializeToken or an
* equivalent mechanism outside the scope of PKCS #11.
* Calling C_InitializeToken when this flag is set will cause
* the token to be reinitialized. */
#define CKF_TOKEN_INITIALIZED 0x00000400
/* CKF_SECONDARY_AUTHENTICATION if new for v2.10. If it is
* true, the token supports secondary authentication for
* private key objects. This flag is deprecated in v2.11 and
onwards. */
#define CKF_SECONDARY_AUTHENTICATION 0x00000800
/* CKF_USER_PIN_COUNT_LOW if new for v2.10. If it is true, an
* incorrect user login PIN has been entered at least once
* since the last successful authentication. */
#define CKF_USER_PIN_COUNT_LOW 0x00010000
/* CKF_USER_PIN_FINAL_TRY if new for v2.10. If it is true,
* supplying an incorrect user PIN will it to become locked. */
#define CKF_USER_PIN_FINAL_TRY 0x00020000
/* CKF_USER_PIN_LOCKED if new for v2.10. If it is true, the
* user PIN has been locked. User login to the token is not
* possible. */
#define CKF_USER_PIN_LOCKED 0x00040000
/* CKF_USER_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
* the user PIN value is the default value set by token
* initialization or manufacturing, or the PIN has been
* expired by the card. */
#define CKF_USER_PIN_TO_BE_CHANGED 0x00080000
/* CKF_SO_PIN_COUNT_LOW if new for v2.10. If it is true, an
* incorrect SO login PIN has been entered at least once since
* the last successful authentication. */
#define CKF_SO_PIN_COUNT_LOW 0x00100000
/* CKF_SO_PIN_FINAL_TRY if new for v2.10. If it is true,
* supplying an incorrect SO PIN will it to become locked. */
#define CKF_SO_PIN_FINAL_TRY 0x00200000
/* CKF_SO_PIN_LOCKED if new for v2.10. If it is true, the SO
* PIN has been locked. SO login to the token is not possible.
*/
#define CKF_SO_PIN_LOCKED 0x00400000
/* CKF_SO_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
* the SO PIN value is the default value set by token
* initialization or manufacturing, or the PIN has been
* expired by the card. */
#define CKF_SO_PIN_TO_BE_CHANGED 0x00800000
typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR;
/* CK_SESSION_HANDLE is a Cryptoki-assigned value that
* identifies a session */
typedef CK_ULONG CK_SESSION_HANDLE;
typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR;
/* CK_USER_TYPE enumerates the types of Cryptoki users */
/* CK_USER_TYPE has been changed from an enum to a CK_ULONG for
* v2.0 */
typedef CK_ULONG CK_USER_TYPE;
/* Security Officer */
#define CKU_SO 0
/* Normal user */
#define CKU_USER 1
/* Context specific (added in v2.20) */
#define CKU_CONTEXT_SPECIFIC 2
/* CK_STATE enumerates the session states */
/* CK_STATE has been changed from an enum to a CK_ULONG for
* v2.0 */
typedef CK_ULONG CK_STATE;
#define CKS_RO_PUBLIC_SESSION 0
#define CKS_RO_USER_FUNCTIONS 1
#define CKS_RW_PUBLIC_SESSION 2
#define CKS_RW_USER_FUNCTIONS 3
#define CKS_RW_SO_FUNCTIONS 4
/* CK_SESSION_INFO provides information about a session */
typedef struct CK_SESSION_INFO {
CK_SLOT_ID slotID;
CK_STATE state;
CK_FLAGS flags; /* see below */
/* ulDeviceError was changed from CK_USHORT to CK_ULONG for
* v2.0 */
CK_ULONG ulDeviceError; /* device-dependent error code */
} CK_SESSION_INFO;
/* The flags are defined in the following table:
* Bit Flag Mask Meaning
*/
#define CKF_RW_SESSION 0x00000002 /* session is r/w */
#define CKF_SERIAL_SESSION 0x00000004 /* no parallel */
typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR;
/* CK_OBJECT_HANDLE is a token-specific identifier for an
* object */
typedef CK_ULONG CK_OBJECT_HANDLE;
typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR;
/* CK_OBJECT_CLASS is a value that identifies the classes (or
* types) of objects that Cryptoki recognizes. It is defined
* as follows: */
/* CK_OBJECT_CLASS was changed from CK_USHORT to CK_ULONG for
* v2.0 */
typedef CK_ULONG CK_OBJECT_CLASS;
/* The following classes of objects are defined: */
/* CKO_HW_FEATURE is new for v2.10 */
/* CKO_DOMAIN_PARAMETERS is new for v2.11 */
/* CKO_MECHANISM is new for v2.20 */
#define CKO_DATA 0x00000000
#define CKO_CERTIFICATE 0x00000001
#define CKO_PUBLIC_KEY 0x00000002
#define CKO_PRIVATE_KEY 0x00000003
#define CKO_SECRET_KEY 0x00000004
#define CKO_HW_FEATURE 0x00000005
#define CKO_DOMAIN_PARAMETERS 0x00000006
#define CKO_MECHANISM 0x00000007
#define CKO_VENDOR_DEFINED 0x80000000
typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR;
/* CK_HW_FEATURE_TYPE is new for v2.10. CK_HW_FEATURE_TYPE is a
* value that identifies the hardware feature type of an object
* with CK_OBJECT_CLASS equal to CKO_HW_FEATURE. */
typedef CK_ULONG CK_HW_FEATURE_TYPE;
/* The following hardware feature types are defined */
/* CKH_USER_INTERFACE is new for v2.20 */
#define CKH_MONOTONIC_COUNTER 0x00000001
#define CKH_CLOCK 0x00000002
#define CKH_USER_INTERFACE 0x00000003
#define CKH_VENDOR_DEFINED 0x80000000
/* CK_KEY_TYPE is a value that identifies a key type */
/* CK_KEY_TYPE was changed from CK_USHORT to CK_ULONG for v2.0 */
typedef CK_ULONG CK_KEY_TYPE;
/* the following key types are defined: */
#define CKK_RSA 0x00000000
#define CKK_DSA 0x00000001
#define CKK_DH 0x00000002
/* CKK_ECDSA and CKK_KEA are new for v2.0 */
/* CKK_ECDSA is deprecated in v2.11, CKK_EC is preferred. */
#define CKK_ECDSA 0x00000003
#define CKK_EC 0x00000003
#define CKK_X9_42_DH 0x00000004
#define CKK_KEA 0x00000005
#define CKK_GENERIC_SECRET 0x00000010
#define CKK_RC2 0x00000011
#define CKK_RC4 0x00000012
#define CKK_DES 0x00000013
#define CKK_DES2 0x00000014
#define CKK_DES3 0x00000015
/* all these key types are new for v2.0 */
#define CKK_CAST 0x00000016
#define CKK_CAST3 0x00000017
/* CKK_CAST5 is deprecated in v2.11, CKK_CAST128 is preferred. */
#define CKK_CAST5 0x00000018
#define CKK_CAST128 0x00000018
#define CKK_RC5 0x00000019
#define CKK_IDEA 0x0000001A
#define CKK_SKIPJACK 0x0000001B
#define CKK_BATON 0x0000001C
#define CKK_JUNIPER 0x0000001D
#define CKK_CDMF 0x0000001E
#define CKK_AES 0x0000001F
/* BlowFish and TwoFish are new for v2.20 */
#define CKK_BLOWFISH 0x00000020
#define CKK_TWOFISH 0x00000021
#define CKK_VENDOR_DEFINED 0x80000000
/* CK_CERTIFICATE_TYPE is a value that identifies a certificate
* type */
/* CK_CERTIFICATE_TYPE was changed from CK_USHORT to CK_ULONG
* for v2.0 */
typedef CK_ULONG CK_CERTIFICATE_TYPE;
/* The following certificate types are defined: */
/* CKC_X_509_ATTR_CERT is new for v2.10 */
/* CKC_WTLS is new for v2.20 */
#define CKC_X_509 0x00000000
#define CKC_X_509_ATTR_CERT 0x00000001
#define CKC_WTLS 0x00000002
#define CKC_VENDOR_DEFINED 0x80000000
/* CK_ATTRIBUTE_TYPE is a value that identifies an attribute
* type */
/* CK_ATTRIBUTE_TYPE was changed from CK_USHORT to CK_ULONG for
* v2.0 */
typedef CK_ULONG CK_ATTRIBUTE_TYPE;
/* The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which
consists of an array of values. */
#define CKF_ARRAY_ATTRIBUTE 0x40000000
/* The following attribute types are defined: */
#define CKA_CLASS 0x00000000
#define CKA_TOKEN 0x00000001
#define CKA_PRIVATE 0x00000002
#define CKA_LABEL 0x00000003
#define CKA_APPLICATION 0x00000010
#define CKA_VALUE 0x00000011
/* CKA_OBJECT_ID is new for v2.10 */
#define CKA_OBJECT_ID 0x00000012
#define CKA_CERTIFICATE_TYPE 0x00000080
#define CKA_ISSUER 0x00000081
#define CKA_SERIAL_NUMBER 0x00000082
/* CKA_AC_ISSUER, CKA_OWNER, and CKA_ATTR_TYPES are new
* for v2.10 */
#define CKA_AC_ISSUER 0x00000083
#define CKA_OWNER 0x00000084
#define CKA_ATTR_TYPES 0x00000085
/* CKA_TRUSTED is new for v2.11 */
#define CKA_TRUSTED 0x00000086
/* CKA_CERTIFICATE_CATEGORY ...
* CKA_CHECK_VALUE are new for v2.20 */
#define CKA_CERTIFICATE_CATEGORY 0x00000087
#define CKA_JAVA_MIDP_SECURITY_DOMAIN 0x00000088
#define CKA_URL 0x00000089
#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY 0x0000008A
#define CKA_HASH_OF_ISSUER_PUBLIC_KEY 0x0000008B
#define CKA_CHECK_VALUE 0x00000090
#define CKA_KEY_TYPE 0x00000100
#define CKA_SUBJECT 0x00000101
#define CKA_ID 0x00000102
#define CKA_SENSITIVE 0x00000103
#define CKA_ENCRYPT 0x00000104
#define CKA_DECRYPT 0x00000105
#define CKA_WRAP 0x00000106
#define CKA_UNWRAP 0x00000107
#define CKA_SIGN 0x00000108
#define CKA_SIGN_RECOVER 0x00000109
#define CKA_VERIFY 0x0000010A
#define CKA_VERIFY_RECOVER 0x0000010B
#define CKA_DERIVE 0x0000010C
#define CKA_START_DATE 0x00000110
#define CKA_END_DATE 0x00000111
#define CKA_MODULUS 0x00000120
#define CKA_MODULUS_BITS 0x00000121
#define CKA_PUBLIC_EXPONENT 0x00000122
#define CKA_PRIVATE_EXPONENT 0x00000123
#define CKA_PRIME_1 0x00000124
#define CKA_PRIME_2 0x00000125
#define CKA_EXPONENT_1 0x00000126
#define CKA_EXPONENT_2 0x00000127
#define CKA_COEFFICIENT 0x00000128
#define CKA_PRIME 0x00000130
#define CKA_SUBPRIME 0x00000131
#define CKA_BASE 0x00000132
/* CKA_PRIME_BITS and CKA_SUB_PRIME_BITS are new for v2.11 */
#define CKA_PRIME_BITS 0x00000133
#define CKA_SUBPRIME_BITS 0x00000134
#define CKA_SUB_PRIME_BITS CKA_SUBPRIME_BITS
/* (To retain backwards-compatibility) */
#define CKA_VALUE_BITS 0x00000160
#define CKA_VALUE_LEN 0x00000161
/* CKA_EXTRACTABLE, CKA_LOCAL, CKA_NEVER_EXTRACTABLE,
* CKA_ALWAYS_SENSITIVE, CKA_MODIFIABLE, CKA_ECDSA_PARAMS,
* and CKA_EC_POINT are new for v2.0 */
#define CKA_EXTRACTABLE 0x00000162
#define CKA_LOCAL 0x00000163
#define CKA_NEVER_EXTRACTABLE 0x00000164
#define CKA_ALWAYS_SENSITIVE 0x00000165
/* CKA_KEY_GEN_MECHANISM is new for v2.11 */
#define CKA_KEY_GEN_MECHANISM 0x00000166
#define CKA_MODIFIABLE 0x00000170
/* CKA_ECDSA_PARAMS is deprecated in v2.11,
* CKA_EC_PARAMS is preferred. */
#define CKA_ECDSA_PARAMS 0x00000180
#define CKA_EC_PARAMS 0x00000180
#define CKA_EC_POINT 0x00000181
/* CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS,
* are new for v2.10. Deprecated in v2.11 and onwards. */
#define CKA_SECONDARY_AUTH 0x00000200
#define CKA_AUTH_PIN_FLAGS 0x00000201
/* CKA_ALWAYS_AUTHENTICATE ...
* CKA_UNWRAP_TEMPLATE are new for v2.20 */
#define CKA_ALWAYS_AUTHENTICATE 0x00000202
#define CKA_WRAP_WITH_TRUSTED 0x00000210
#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000211)
#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000212)
/* CKA_HW_FEATURE_TYPE, CKA_RESET_ON_INIT, and CKA_HAS_RESET
* are new for v2.10 */
#define CKA_HW_FEATURE_TYPE 0x00000300
#define CKA_RESET_ON_INIT 0x00000301
#define CKA_HAS_RESET 0x00000302
/* The following attributes are new for v2.20 */
#define CKA_PIXEL_X 0x00000400
#define CKA_PIXEL_Y 0x00000401
#define CKA_RESOLUTION 0x00000402
#define CKA_CHAR_ROWS 0x00000403
#define CKA_CHAR_COLUMNS 0x00000404
#define CKA_COLOR 0x00000405
#define CKA_BITS_PER_PIXEL 0x00000406
#define CKA_CHAR_SETS 0x00000480
#define CKA_ENCODING_METHODS 0x00000481
#define CKA_MIME_TYPES 0x00000482
#define CKA_MECHANISM_TYPE 0x00000500
#define CKA_REQUIRED_CMS_ATTRIBUTES 0x00000501
#define CKA_DEFAULT_CMS_ATTRIBUTES 0x00000502
#define CKA_SUPPORTED_CMS_ATTRIBUTES 0x00000503
#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE|0x00000600)
#define CKA_VENDOR_DEFINED 0x80000000
/* CK_ATTRIBUTE is a structure that includes the type, length
* and value of an attribute */
typedef struct CK_ATTRIBUTE {
CK_ATTRIBUTE_TYPE type;
CK_VOID_PTR pValue;
/* ulValueLen went from CK_USHORT to CK_ULONG for v2.0 */
CK_ULONG ulValueLen; /* in bytes */
} CK_ATTRIBUTE;
typedef CK_ATTRIBUTE CK_PTR CK_ATTRIBUTE_PTR;
/* CK_DATE is a structure that defines a date */
typedef struct CK_DATE{
CK_CHAR year[4]; /* the year ("1900" - "9999") */
CK_CHAR month[2]; /* the month ("01" - "12") */
CK_CHAR day[2]; /* the day ("01" - "31") */
} CK_DATE;
/* CK_MECHANISM_TYPE is a value that identifies a mechanism
* type */
/* CK_MECHANISM_TYPE was changed from CK_USHORT to CK_ULONG for
* v2.0 */
typedef CK_ULONG CK_MECHANISM_TYPE;
/* the following mechanism types are defined: */
#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000
#define CKM_RSA_PKCS 0x00000001
#define CKM_RSA_9796 0x00000002
#define CKM_RSA_X_509 0x00000003
/* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS
* are new for v2.0. They are mechanisms which hash and sign */
#define CKM_MD2_RSA_PKCS 0x00000004
#define CKM_MD5_RSA_PKCS 0x00000005
#define CKM_SHA1_RSA_PKCS 0x00000006
/* CKM_RIPEMD128_RSA_PKCS, CKM_RIPEMD160_RSA_PKCS, and
* CKM_RSA_PKCS_OAEP are new for v2.10 */
#define CKM_RIPEMD128_RSA_PKCS 0x00000007
#define CKM_RIPEMD160_RSA_PKCS 0x00000008
#define CKM_RSA_PKCS_OAEP 0x00000009
/* CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_X9_31, CKM_SHA1_RSA_X9_31,
* CKM_RSA_PKCS_PSS, and CKM_SHA1_RSA_PKCS_PSS are new for v2.11 */
#define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000A
#define CKM_RSA_X9_31 0x0000000B
#define CKM_SHA1_RSA_X9_31 0x0000000C
#define CKM_RSA_PKCS_PSS 0x0000000D
#define CKM_SHA1_RSA_PKCS_PSS 0x0000000E
#define CKM_DSA_KEY_PAIR_GEN 0x00000010
#define CKM_DSA 0x00000011
#define CKM_DSA_SHA1 0x00000012
#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020
#define CKM_DH_PKCS_DERIVE 0x00000021
/* CKM_X9_42_DH_KEY_PAIR_GEN, CKM_X9_42_DH_DERIVE,
* CKM_X9_42_DH_HYBRID_DERIVE, and CKM_X9_42_MQV_DERIVE are new for
* v2.11 */
#define CKM_X9_42_DH_KEY_PAIR_GEN 0x00000030
#define CKM_X9_42_DH_DERIVE 0x00000031
#define CKM_X9_42_DH_HYBRID_DERIVE 0x00000032
#define CKM_X9_42_MQV_DERIVE 0x00000033
/* CKM_SHA256/384/512 are new for v2.20 */
#define CKM_SHA256_RSA_PKCS 0x00000040
#define CKM_SHA384_RSA_PKCS 0x00000041
#define CKM_SHA512_RSA_PKCS 0x00000042
#define CKM_SHA256_RSA_PKCS_PSS 0x00000043
#define CKM_SHA384_RSA_PKCS_PSS 0x00000044
#define CKM_SHA512_RSA_PKCS_PSS 0x00000045
#define CKM_RC2_KEY_GEN 0x00000100
#define CKM_RC2_ECB 0x00000101
#define CKM_RC2_CBC 0x00000102
#define CKM_RC2_MAC 0x00000103
/* CKM_RC2_MAC_GENERAL and CKM_RC2_CBC_PAD are new for v2.0 */
#define CKM_RC2_MAC_GENERAL 0x00000104
#define CKM_RC2_CBC_PAD 0x00000105
#define CKM_RC4_KEY_GEN 0x00000110
#define CKM_RC4 0x00000111
#define CKM_DES_KEY_GEN 0x00000120
#define CKM_DES_ECB 0x00000121
#define CKM_DES_CBC 0x00000122
#define CKM_DES_MAC 0x00000123
/* CKM_DES_MAC_GENERAL and CKM_DES_CBC_PAD are new for v2.0 */
#define CKM_DES_MAC_GENERAL 0x00000124
#define CKM_DES_CBC_PAD 0x00000125
#define CKM_DES2_KEY_GEN 0x00000130
#define CKM_DES3_KEY_GEN 0x00000131
#define CKM_DES3_ECB 0x00000132
#define CKM_DES3_CBC 0x00000133
#define CKM_DES3_MAC 0x00000134
/* CKM_DES3_MAC_GENERAL, CKM_DES3_CBC_PAD, CKM_CDMF_KEY_GEN,
* CKM_CDMF_ECB, CKM_CDMF_CBC, CKM_CDMF_MAC,
* CKM_CDMF_MAC_GENERAL, and CKM_CDMF_CBC_PAD are new for v2.0 */
#define CKM_DES3_MAC_GENERAL 0x00000135
#define CKM_DES3_CBC_PAD 0x00000136
#define CKM_CDMF_KEY_GEN 0x00000140
#define CKM_CDMF_ECB 0x00000141
#define CKM_CDMF_CBC 0x00000142
#define CKM_CDMF_MAC 0x00000143
#define CKM_CDMF_MAC_GENERAL 0x00000144
#define CKM_CDMF_CBC_PAD 0x00000145
/* the following four DES mechanisms are new for v2.20 */
#define CKM_DES_OFB64 0x00000150
#define CKM_DES_OFB8 0x00000151
#define CKM_DES_CFB64 0x00000152
#define CKM_DES_CFB8 0x00000153
#define CKM_MD2 0x00000200
/* CKM_MD2_HMAC and CKM_MD2_HMAC_GENERAL are new for v2.0 */
#define CKM_MD2_HMAC 0x00000201
#define CKM_MD2_HMAC_GENERAL 0x00000202
#define CKM_MD5 0x00000210
/* CKM_MD5_HMAC and CKM_MD5_HMAC_GENERAL are new for v2.0 */
#define CKM_MD5_HMAC 0x00000211
#define CKM_MD5_HMAC_GENERAL 0x00000212
#define CKM_SHA_1 0x00000220
/* CKM_SHA_1_HMAC and CKM_SHA_1_HMAC_GENERAL are new for v2.0 */
#define CKM_SHA_1_HMAC 0x00000221
#define CKM_SHA_1_HMAC_GENERAL 0x00000222
/* CKM_RIPEMD128, CKM_RIPEMD128_HMAC,
* CKM_RIPEMD128_HMAC_GENERAL, CKM_RIPEMD160, CKM_RIPEMD160_HMAC,
* and CKM_RIPEMD160_HMAC_GENERAL are new for v2.10 */
#define CKM_RIPEMD128 0x00000230
#define CKM_RIPEMD128_HMAC 0x00000231
#define CKM_RIPEMD128_HMAC_GENERAL 0x00000232
#define CKM_RIPEMD160 0x00000240
#define CKM_RIPEMD160_HMAC 0x00000241
#define CKM_RIPEMD160_HMAC_GENERAL 0x00000242
/* CKM_SHA256/384/512 are new for v2.20 */
#define CKM_SHA256 0x00000250
#define CKM_SHA256_HMAC 0x00000251
#define CKM_SHA256_HMAC_GENERAL 0x00000252
#define CKM_SHA384 0x00000260
#define CKM_SHA384_HMAC 0x00000261
#define CKM_SHA384_HMAC_GENERAL 0x00000262
#define CKM_SHA512 0x00000270
#define CKM_SHA512_HMAC 0x00000271
#define CKM_SHA512_HMAC_GENERAL 0x00000272
/* All of the following mechanisms are new for v2.0 */
/* Note that CAST128 and CAST5 are the same algorithm */
#define CKM_CAST_KEY_GEN 0x00000300
#define CKM_CAST_ECB 0x00000301
#define CKM_CAST_CBC 0x00000302
#define CKM_CAST_MAC 0x00000303
#define CKM_CAST_MAC_GENERAL 0x00000304
#define CKM_CAST_CBC_PAD 0x00000305
#define CKM_CAST3_KEY_GEN 0x00000310
#define CKM_CAST3_ECB 0x00000311
#define CKM_CAST3_CBC 0x00000312
#define CKM_CAST3_MAC 0x00000313
#define CKM_CAST3_MAC_GENERAL 0x00000314
#define CKM_CAST3_CBC_PAD 0x00000315
#define CKM_CAST5_KEY_GEN 0x00000320
#define CKM_CAST128_KEY_GEN 0x00000320
#define CKM_CAST5_ECB 0x00000321
#define CKM_CAST128_ECB 0x00000321
#define CKM_CAST5_CBC 0x00000322
#define CKM_CAST128_CBC 0x00000322
#define CKM_CAST5_MAC 0x00000323
#define CKM_CAST128_MAC 0x00000323
#define CKM_CAST5_MAC_GENERAL 0x00000324
#define CKM_CAST128_MAC_GENERAL 0x00000324
#define CKM_CAST5_CBC_PAD 0x00000325
#define CKM_CAST128_CBC_PAD 0x00000325
#define CKM_RC5_KEY_GEN 0x00000330
#define CKM_RC5_ECB 0x00000331
#define CKM_RC5_CBC 0x00000332
#define CKM_RC5_MAC 0x00000333
#define CKM_RC5_MAC_GENERAL 0x00000334
#define CKM_RC5_CBC_PAD 0x00000335
#define CKM_IDEA_KEY_GEN 0x00000340
#define CKM_IDEA_ECB 0x00000341
#define CKM_IDEA_CBC 0x00000342
#define CKM_IDEA_MAC 0x00000343
#define CKM_IDEA_MAC_GENERAL 0x00000344
#define CKM_IDEA_CBC_PAD 0x00000345
#define CKM_GENERIC_SECRET_KEY_GEN 0x00000350
#define CKM_CONCATENATE_BASE_AND_KEY 0x00000360
#define CKM_CONCATENATE_BASE_AND_DATA 0x00000362
#define CKM_CONCATENATE_DATA_AND_BASE 0x00000363
#define CKM_XOR_BASE_AND_DATA 0x00000364
#define CKM_EXTRACT_KEY_FROM_KEY 0x00000365
#define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370
#define CKM_SSL3_MASTER_KEY_DERIVE 0x00000371
#define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372
/* CKM_SSL3_MASTER_KEY_DERIVE_DH, CKM_TLS_PRE_MASTER_KEY_GEN,
* CKM_TLS_MASTER_KEY_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE, and
* CKM_TLS_MASTER_KEY_DERIVE_DH are new for v2.11 */
#define CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373
#define CKM_TLS_PRE_MASTER_KEY_GEN 0x00000374
#define CKM_TLS_MASTER_KEY_DERIVE 0x00000375
#define CKM_TLS_KEY_AND_MAC_DERIVE 0x00000376
#define CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377
/* CKM_TLS_PRF is new for v2.20 */
#define CKM_TLS_PRF 0x00000378
#define CKM_SSL3_MD5_MAC 0x00000380
#define CKM_SSL3_SHA1_MAC 0x00000381
#define CKM_MD5_KEY_DERIVATION 0x00000390
#define CKM_MD2_KEY_DERIVATION 0x00000391
#define CKM_SHA1_KEY_DERIVATION 0x00000392
/* CKM_SHA256/384/512 are new for v2.20 */
#define CKM_SHA256_KEY_DERIVATION 0x00000393
#define CKM_SHA384_KEY_DERIVATION 0x00000394
#define CKM_SHA512_KEY_DERIVATION 0x00000395
#define CKM_PBE_MD2_DES_CBC 0x000003A0
#define CKM_PBE_MD5_DES_CBC 0x000003A1
#define CKM_PBE_MD5_CAST_CBC 0x000003A2
#define CKM_PBE_MD5_CAST3_CBC 0x000003A3
#define CKM_PBE_MD5_CAST5_CBC 0x000003A4
#define CKM_PBE_MD5_CAST128_CBC 0x000003A4
#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5
#define CKM_PBE_SHA1_CAST128_CBC 0x000003A5
#define CKM_PBE_SHA1_RC4_128 0x000003A6
#define CKM_PBE_SHA1_RC4_40 0x000003A7
#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8
#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9
#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AA
#define CKM_PBE_SHA1_RC2_40_CBC 0x000003AB
/* CKM_PKCS5_PBKD2 is new for v2.10 */
#define CKM_PKCS5_PBKD2 0x000003B0
#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0
/* WTLS mechanisms are new for v2.20 */
#define CKM_WTLS_PRE_MASTER_KEY_GEN 0x000003D0
#define CKM_WTLS_MASTER_KEY_DERIVE 0x000003D1
#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC 0x000003D2
#define CKM_WTLS_PRF 0x000003D3
#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4
#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5
#define CKM_KEY_WRAP_LYNKS 0x00000400
#define CKM_KEY_WRAP_SET_OAEP 0x00000401
/* CKM_CMS_SIG is new for v2.20 */
#define CKM_CMS_SIG 0x00000500
/* Fortezza mechanisms */
#define CKM_SKIPJACK_KEY_GEN 0x00001000
#define CKM_SKIPJACK_ECB64 0x00001001
#define CKM_SKIPJACK_CBC64 0x00001002
#define CKM_SKIPJACK_OFB64 0x00001003
#define CKM_SKIPJACK_CFB64 0x00001004
#define CKM_SKIPJACK_CFB32 0x00001005
#define CKM_SKIPJACK_CFB16 0x00001006
#define CKM_SKIPJACK_CFB8 0x00001007
#define CKM_SKIPJACK_WRAP 0x00001008
#define CKM_SKIPJACK_PRIVATE_WRAP 0x00001009
#define CKM_SKIPJACK_RELAYX 0x0000100a
#define CKM_KEA_KEY_PAIR_GEN 0x00001010
#define CKM_KEA_KEY_DERIVE 0x00001011
#define CKM_FORTEZZA_TIMESTAMP 0x00001020
#define CKM_BATON_KEY_GEN 0x00001030
#define CKM_BATON_ECB128 0x00001031
#define CKM_BATON_ECB96 0x00001032
#define CKM_BATON_CBC128 0x00001033
#define CKM_BATON_COUNTER 0x00001034
#define CKM_BATON_SHUFFLE 0x00001035
#define CKM_BATON_WRAP 0x00001036
/* CKM_ECDSA_KEY_PAIR_GEN is deprecated in v2.11,
* CKM_EC_KEY_PAIR_GEN is preferred */
#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040
#define CKM_EC_KEY_PAIR_GEN 0x00001040
#define CKM_ECDSA 0x00001041
#define CKM_ECDSA_SHA1 0x00001042
/* CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE, and CKM_ECMQV_DERIVE
* are new for v2.11 */
#define CKM_ECDH1_DERIVE 0x00001050
#define CKM_ECDH1_COFACTOR_DERIVE 0x00001051
#define CKM_ECMQV_DERIVE 0x00001052
#define CKM_JUNIPER_KEY_GEN 0x00001060
#define CKM_JUNIPER_ECB128 0x00001061
#define CKM_JUNIPER_CBC128 0x00001062
#define CKM_JUNIPER_COUNTER 0x00001063
#define CKM_JUNIPER_SHUFFLE 0x00001064
#define CKM_JUNIPER_WRAP 0x00001065
#define CKM_FASTHASH 0x00001070
/* CKM_AES_KEY_GEN, CKM_AES_ECB, CKM_AES_CBC, CKM_AES_MAC,
* CKM_AES_MAC_GENERAL, CKM_AES_CBC_PAD, CKM_DSA_PARAMETER_GEN,
* CKM_DH_PKCS_PARAMETER_GEN, and CKM_X9_42_DH_PARAMETER_GEN are
* new for v2.11 */
#define CKM_AES_KEY_GEN 0x00001080
#define CKM_AES_ECB 0x00001081
#define CKM_AES_CBC 0x00001082
#define CKM_AES_MAC 0x00001083
#define CKM_AES_MAC_GENERAL 0x00001084
#define CKM_AES_CBC_PAD 0x00001085
/* BlowFish and TwoFish are new for v2.20 */
#define CKM_BLOWFISH_KEY_GEN 0x00001090
#define CKM_BLOWFISH_CBC 0x00001091
#define CKM_TWOFISH_KEY_GEN 0x00001092
#define CKM_TWOFISH_CBC 0x00001093
/* CKM_xxx_ENCRYPT_DATA mechanisms are new for v2.20 */
#define CKM_DES_ECB_ENCRYPT_DATA 0x00001100
#define CKM_DES_CBC_ENCRYPT_DATA 0x00001101
#define CKM_DES3_ECB_ENCRYPT_DATA 0x00001102
#define CKM_DES3_CBC_ENCRYPT_DATA 0x00001103
#define CKM_AES_ECB_ENCRYPT_DATA 0x00001104
#define CKM_AES_CBC_ENCRYPT_DATA 0x00001105
#define CKM_DSA_PARAMETER_GEN 0x00002000
#define CKM_DH_PKCS_PARAMETER_GEN 0x00002001
#define CKM_X9_42_DH_PARAMETER_GEN 0x00002002
#define CKM_VENDOR_DEFINED 0x80000000
typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR;
/* CK_MECHANISM is a structure that specifies a particular
* mechanism */
typedef struct CK_MECHANISM {
CK_MECHANISM_TYPE mechanism;
CK_VOID_PTR pParameter;
/* ulParameterLen was changed from CK_USHORT to CK_ULONG for
* v2.0 */
CK_ULONG ulParameterLen; /* in bytes */
} CK_MECHANISM;
typedef CK_MECHANISM CK_PTR CK_MECHANISM_PTR;
/* CK_MECHANISM_INFO provides information about a particular
* mechanism */
typedef struct CK_MECHANISM_INFO {
CK_ULONG ulMinKeySize;
CK_ULONG ulMaxKeySize;
CK_FLAGS flags;
} CK_MECHANISM_INFO;
/* The flags are defined as follows:
* Bit Flag Mask Meaning */
#define CKF_HW 0x00000001 /* performed by HW */
/* The flags CKF_ENCRYPT, CKF_DECRYPT, CKF_DIGEST, CKF_SIGN,
* CKG_SIGN_RECOVER, CKF_VERIFY, CKF_VERIFY_RECOVER,
* CKF_GENERATE, CKF_GENERATE_KEY_PAIR, CKF_WRAP, CKF_UNWRAP,
* and CKF_DERIVE are new for v2.0. They specify whether or not
* a mechanism can be used for a particular task */
#define CKF_ENCRYPT 0x00000100
#define CKF_DECRYPT 0x00000200
#define CKF_DIGEST 0x00000400
#define CKF_SIGN 0x00000800
#define CKF_SIGN_RECOVER 0x00001000
#define CKF_VERIFY 0x00002000
#define CKF_VERIFY_RECOVER 0x00004000
#define CKF_GENERATE 0x00008000
#define CKF_GENERATE_KEY_PAIR 0x00010000
#define CKF_WRAP 0x00020000
#define CKF_UNWRAP 0x00040000
#define CKF_DERIVE 0x00080000
/* CKF_EC_F_P, CKF_EC_F_2M, CKF_EC_ECPARAMETERS, CKF_EC_NAMEDCURVE,
* CKF_EC_UNCOMPRESS, and CKF_EC_COMPRESS are new for v2.11. They
* describe a token's EC capabilities not available in mechanism
* information. */
#define CKF_EC_F_P 0x00100000
#define CKF_EC_F_2M 0x00200000
#define CKF_EC_ECPARAMETERS 0x00400000
#define CKF_EC_NAMEDCURVE 0x00800000
#define CKF_EC_UNCOMPRESS 0x01000000
#define CKF_EC_COMPRESS 0x02000000
#define CKF_EXTENSION 0x80000000 /* FALSE for this version */
typedef CK_MECHANISM_INFO CK_PTR CK_MECHANISM_INFO_PTR;
/* CK_RV is a value that identifies the return value of a
* Cryptoki function */
/* CK_RV was changed from CK_USHORT to CK_ULONG for v2.0 */
typedef CK_ULONG CK_RV;
#define CKR_OK 0x00000000
#define CKR_CANCEL 0x00000001
#define CKR_HOST_MEMORY 0x00000002
#define CKR_SLOT_ID_INVALID 0x00000003
/* CKR_FLAGS_INVALID was removed for v2.0 */
/* CKR_GENERAL_ERROR and CKR_FUNCTION_FAILED are new for v2.0 */
#define CKR_GENERAL_ERROR 0x00000005
#define CKR_FUNCTION_FAILED 0x00000006
/* CKR_ARGUMENTS_BAD, CKR_NO_EVENT, CKR_NEED_TO_CREATE_THREADS,
* and CKR_CANT_LOCK are new for v2.01 */
#define CKR_ARGUMENTS_BAD 0x00000007
#define CKR_NO_EVENT 0x00000008
#define CKR_NEED_TO_CREATE_THREADS 0x00000009
#define CKR_CANT_LOCK 0x0000000A
#define CKR_ATTRIBUTE_READ_ONLY 0x00000010
#define CKR_ATTRIBUTE_SENSITIVE 0x00000011
#define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012
#define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013
#define CKR_DATA_INVALID 0x00000020
#define CKR_DATA_LEN_RANGE 0x00000021
#define CKR_DEVICE_ERROR 0x00000030
#define CKR_DEVICE_MEMORY 0x00000031
#define CKR_DEVICE_REMOVED 0x00000032
#define CKR_ENCRYPTED_DATA_INVALID 0x00000040
#define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041
#define CKR_FUNCTION_CANCELED 0x00000050
#define CKR_FUNCTION_NOT_PARALLEL 0x00000051
/* CKR_FUNCTION_NOT_SUPPORTED is new for v2.0 */
#define CKR_FUNCTION_NOT_SUPPORTED 0x00000054
#define CKR_KEY_HANDLE_INVALID 0x00000060
/* CKR_KEY_SENSITIVE was removed for v2.0 */
#define CKR_KEY_SIZE_RANGE 0x00000062
#define CKR_KEY_TYPE_INCONSISTENT 0x00000063
/* CKR_KEY_NOT_NEEDED, CKR_KEY_CHANGED, CKR_KEY_NEEDED,
* CKR_KEY_INDIGESTIBLE, CKR_KEY_FUNCTION_NOT_PERMITTED,
* CKR_KEY_NOT_WRAPPABLE, and CKR_KEY_UNEXTRACTABLE are new for
* v2.0 */
#define CKR_KEY_NOT_NEEDED 0x00000064
#define CKR_KEY_CHANGED 0x00000065
#define CKR_KEY_NEEDED 0x00000066
#define CKR_KEY_INDIGESTIBLE 0x00000067
#define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068
#define CKR_KEY_NOT_WRAPPABLE 0x00000069
#define CKR_KEY_UNEXTRACTABLE 0x0000006A
#define CKR_MECHANISM_INVALID 0x00000070
#define CKR_MECHANISM_PARAM_INVALID 0x00000071
/* CKR_OBJECT_CLASS_INCONSISTENT and CKR_OBJECT_CLASS_INVALID
* were removed for v2.0 */
#define CKR_OBJECT_HANDLE_INVALID 0x00000082
#define CKR_OPERATION_ACTIVE 0x00000090
#define CKR_OPERATION_NOT_INITIALIZED 0x00000091
#define CKR_PIN_INCORRECT 0x000000A0
#define CKR_PIN_INVALID 0x000000A1
#define CKR_PIN_LEN_RANGE 0x000000A2
/* CKR_PIN_EXPIRED and CKR_PIN_LOCKED are new for v2.0 */
#define CKR_PIN_EXPIRED 0x000000A3
#define CKR_PIN_LOCKED 0x000000A4
#define CKR_SESSION_CLOSED 0x000000B0
#define CKR_SESSION_COUNT 0x000000B1
#define CKR_SESSION_HANDLE_INVALID 0x000000B3
#define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4
#define CKR_SESSION_READ_ONLY 0x000000B5
#define CKR_SESSION_EXISTS 0x000000B6
/* CKR_SESSION_READ_ONLY_EXISTS and
* CKR_SESSION_READ_WRITE_SO_EXISTS are new for v2.0 */
#define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7
#define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8
#define CKR_SIGNATURE_INVALID 0x000000C0
#define CKR_SIGNATURE_LEN_RANGE 0x000000C1
#define CKR_TEMPLATE_INCOMPLETE 0x000000D0
#define CKR_TEMPLATE_INCONSISTENT 0x000000D1
#define CKR_TOKEN_NOT_PRESENT 0x000000E0
#define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1
#define CKR_TOKEN_WRITE_PROTECTED 0x000000E2
#define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0
#define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1
#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2
#define CKR_USER_ALREADY_LOGGED_IN 0x00000100
#define CKR_USER_NOT_LOGGED_IN 0x00000101
#define CKR_USER_PIN_NOT_INITIALIZED 0x00000102
#define CKR_USER_TYPE_INVALID 0x00000103
/* CKR_USER_ANOTHER_ALREADY_LOGGED_IN and CKR_USER_TOO_MANY_TYPES
* are new to v2.01 */
#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104
#define CKR_USER_TOO_MANY_TYPES 0x00000105
#define CKR_WRAPPED_KEY_INVALID 0x00000110
#define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112
#define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113
#define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114
#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115
#define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120
/* These are new to v2.0 */
#define CKR_RANDOM_NO_RNG 0x00000121
/* These are new to v2.11 */
#define CKR_DOMAIN_PARAMS_INVALID 0x00000130
/* These are new to v2.0 */
#define CKR_BUFFER_TOO_SMALL 0x00000150
#define CKR_SAVED_STATE_INVALID 0x00000160
#define CKR_INFORMATION_SENSITIVE 0x00000170
#define CKR_STATE_UNSAVEABLE 0x00000180
/* These are new to v2.01 */
#define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190
#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191
#define CKR_MUTEX_BAD 0x000001A0
#define CKR_MUTEX_NOT_LOCKED 0x000001A1
/* This is new to v2.20 */
#define CKR_FUNCTION_REJECTED 0x00000200
#define CKR_VENDOR_DEFINED 0x80000000
/* CK_NOTIFY is an application callback that processes events */
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_NOTIFY)(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_NOTIFICATION event,
CK_VOID_PTR pApplication /* passed to C_OpenSession */
);
/* CK_FUNCTION_LIST is a structure holding a Cryptoki spec
* version and pointers of appropriate types to all the
* Cryptoki functions */
/* CK_FUNCTION_LIST is new for v2.0 */
typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST;
typedef CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR;
typedef CK_FUNCTION_LIST_PTR CK_PTR CK_FUNCTION_LIST_PTR_PTR;
/* CK_CREATEMUTEX is an application callback for creating a
* mutex object */
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_CREATEMUTEX)(
CK_VOID_PTR_PTR ppMutex /* location to receive ptr to mutex */
);
/* CK_DESTROYMUTEX is an application callback for destroying a
* mutex object */
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_DESTROYMUTEX)(
CK_VOID_PTR pMutex /* pointer to mutex */
);
/* CK_LOCKMUTEX is an application callback for locking a mutex */
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_LOCKMUTEX)(
CK_VOID_PTR pMutex /* pointer to mutex */
);
/* CK_UNLOCKMUTEX is an application callback for unlocking a
* mutex */
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_UNLOCKMUTEX)(
CK_VOID_PTR pMutex /* pointer to mutex */
);
/* CK_C_INITIALIZE_ARGS provides the optional arguments to
* C_Initialize */
typedef struct CK_C_INITIALIZE_ARGS {
CK_CREATEMUTEX CreateMutex;
CK_DESTROYMUTEX DestroyMutex;
CK_LOCKMUTEX LockMutex;
CK_UNLOCKMUTEX UnlockMutex;
CK_FLAGS flags;
CK_VOID_PTR pReserved;
} CK_C_INITIALIZE_ARGS;
/* flags: bit flags that provide capabilities of the slot
* Bit Flag Mask Meaning
*/
#define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001
#define CKF_OS_LOCKING_OK 0x00000002
typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR;
/* additional flags for parameters to functions */
/* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */
#define CKF_DONT_BLOCK 1
/* CK_RSA_PKCS_OAEP_MGF_TYPE is new for v2.10.
* CK_RSA_PKCS_OAEP_MGF_TYPE is used to indicate the Message
* Generation Function (MGF) applied to a message block when
* formatting a message block for the PKCS #1 OAEP encryption
* scheme. */
typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE;
typedef CK_RSA_PKCS_MGF_TYPE CK_PTR CK_RSA_PKCS_MGF_TYPE_PTR;
/* The following MGFs are defined */
/* CKG_MGF1_SHA256, CKG_MGF1_SHA384, and CKG_MGF1_SHA512
* are new for v2.20 */
#define CKG_MGF1_SHA1 0x00000001
#define CKG_MGF1_SHA256 0x00000002
#define CKG_MGF1_SHA384 0x00000003
#define CKG_MGF1_SHA512 0x00000004
/* CK_RSA_PKCS_OAEP_SOURCE_TYPE is new for v2.10.
* CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source
* of the encoding parameter when formatting a message block
* for the PKCS #1 OAEP encryption scheme. */
typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE;
typedef CK_RSA_PKCS_OAEP_SOURCE_TYPE CK_PTR CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR;
/* The following encoding parameter sources are defined */
#define CKZ_DATA_SPECIFIED 0x00000001
/* CK_RSA_PKCS_OAEP_PARAMS is new for v2.10.
* CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the
* CKM_RSA_PKCS_OAEP mechanism. */
typedef struct CK_RSA_PKCS_OAEP_PARAMS {
CK_MECHANISM_TYPE hashAlg;
CK_RSA_PKCS_MGF_TYPE mgf;
CK_RSA_PKCS_OAEP_SOURCE_TYPE source;
CK_VOID_PTR pSourceData;
CK_ULONG ulSourceDataLen;
} CK_RSA_PKCS_OAEP_PARAMS;
typedef CK_RSA_PKCS_OAEP_PARAMS CK_PTR CK_RSA_PKCS_OAEP_PARAMS_PTR;
/* CK_RSA_PKCS_PSS_PARAMS is new for v2.11.
* CK_RSA_PKCS_PSS_PARAMS provides the parameters to the
* CKM_RSA_PKCS_PSS mechanism(s). */
typedef struct CK_RSA_PKCS_PSS_PARAMS {
CK_MECHANISM_TYPE hashAlg;
CK_RSA_PKCS_MGF_TYPE mgf;
CK_ULONG sLen;
} CK_RSA_PKCS_PSS_PARAMS;
typedef CK_RSA_PKCS_PSS_PARAMS CK_PTR CK_RSA_PKCS_PSS_PARAMS_PTR;
/* CK_EC_KDF_TYPE is new for v2.11. */
typedef CK_ULONG CK_EC_KDF_TYPE;
/* The following EC Key Derivation Functions are defined */
#define CKD_NULL 0x00000001
#define CKD_SHA1_KDF 0x00000002
/* CK_ECDH1_DERIVE_PARAMS is new for v2.11.
* CK_ECDH1_DERIVE_PARAMS provides the parameters to the
* CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms,
* where each party contributes one key pair.
*/
typedef struct CK_ECDH1_DERIVE_PARAMS {
CK_EC_KDF_TYPE kdf;
CK_ULONG ulSharedDataLen;
CK_BYTE_PTR pSharedData;
CK_ULONG ulPublicDataLen;
CK_BYTE_PTR pPublicData;
} CK_ECDH1_DERIVE_PARAMS;
typedef CK_ECDH1_DERIVE_PARAMS CK_PTR CK_ECDH1_DERIVE_PARAMS_PTR;
/* CK_ECDH2_DERIVE_PARAMS is new for v2.11.
* CK_ECDH2_DERIVE_PARAMS provides the parameters to the
* CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs. */
typedef struct CK_ECDH2_DERIVE_PARAMS {
CK_EC_KDF_TYPE kdf;
CK_ULONG ulSharedDataLen;
CK_BYTE_PTR pSharedData;
CK_ULONG ulPublicDataLen;
CK_BYTE_PTR pPublicData;
CK_ULONG ulPrivateDataLen;
CK_OBJECT_HANDLE hPrivateData;
CK_ULONG ulPublicDataLen2;
CK_BYTE_PTR pPublicData2;
} CK_ECDH2_DERIVE_PARAMS;
typedef CK_ECDH2_DERIVE_PARAMS CK_PTR CK_ECDH2_DERIVE_PARAMS_PTR;
typedef struct CK_ECMQV_DERIVE_PARAMS {
CK_EC_KDF_TYPE kdf;
CK_ULONG ulSharedDataLen;
CK_BYTE_PTR pSharedData;
CK_ULONG ulPublicDataLen;
CK_BYTE_PTR pPublicData;
CK_ULONG ulPrivateDataLen;
CK_OBJECT_HANDLE hPrivateData;
CK_ULONG ulPublicDataLen2;
CK_BYTE_PTR pPublicData2;
CK_OBJECT_HANDLE publicKey;
} CK_ECMQV_DERIVE_PARAMS;
typedef CK_ECMQV_DERIVE_PARAMS CK_PTR CK_ECMQV_DERIVE_PARAMS_PTR;
/* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the
* CKM_X9_42_DH_PARAMETER_GEN mechanisms (new for PKCS #11 v2.11) */
typedef CK_ULONG CK_X9_42_DH_KDF_TYPE;
typedef CK_X9_42_DH_KDF_TYPE CK_PTR CK_X9_42_DH_KDF_TYPE_PTR;
/* The following X9.42 DH key derivation functions are defined
(besides CKD_NULL already defined : */
#define CKD_SHA1_KDF_ASN1 0x00000003
#define CKD_SHA1_KDF_CONCATENATE 0x00000004
/* CK_X9_42_DH1_DERIVE_PARAMS is new for v2.11.
* CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the
* CKM_X9_42_DH_DERIVE key derivation mechanism, where each party
* contributes one key pair */
typedef struct CK_X9_42_DH1_DERIVE_PARAMS {
CK_X9_42_DH_KDF_TYPE kdf;
CK_ULONG ulOtherInfoLen;
CK_BYTE_PTR pOtherInfo;
CK_ULONG ulPublicDataLen;
CK_BYTE_PTR pPublicData;
} CK_X9_42_DH1_DERIVE_PARAMS;
typedef struct CK_X9_42_DH1_DERIVE_PARAMS CK_PTR CK_X9_42_DH1_DERIVE_PARAMS_PTR;
/* CK_X9_42_DH2_DERIVE_PARAMS is new for v2.11.
* CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the
* CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation
* mechanisms, where each party contributes two key pairs */
typedef struct CK_X9_42_DH2_DERIVE_PARAMS {
CK_X9_42_DH_KDF_TYPE kdf;
CK_ULONG ulOtherInfoLen;
CK_BYTE_PTR pOtherInfo;
CK_ULONG ulPublicDataLen;
CK_BYTE_PTR pPublicData;
CK_ULONG ulPrivateDataLen;
CK_OBJECT_HANDLE hPrivateData;
CK_ULONG ulPublicDataLen2;
CK_BYTE_PTR pPublicData2;
} CK_X9_42_DH2_DERIVE_PARAMS;
typedef CK_X9_42_DH2_DERIVE_PARAMS CK_PTR CK_X9_42_DH2_DERIVE_PARAMS_PTR;
typedef struct CK_X9_42_MQV_DERIVE_PARAMS {
CK_X9_42_DH_KDF_TYPE kdf;
CK_ULONG ulOtherInfoLen;
CK_BYTE_PTR pOtherInfo;
CK_ULONG ulPublicDataLen;
CK_BYTE_PTR pPublicData;
CK_ULONG ulPrivateDataLen;
CK_OBJECT_HANDLE hPrivateData;
CK_ULONG ulPublicDataLen2;
CK_BYTE_PTR pPublicData2;
CK_OBJECT_HANDLE publicKey;
} CK_X9_42_MQV_DERIVE_PARAMS;
typedef CK_X9_42_MQV_DERIVE_PARAMS CK_PTR CK_X9_42_MQV_DERIVE_PARAMS_PTR;
/* CK_KEA_DERIVE_PARAMS provides the parameters to the
* CKM_KEA_DERIVE mechanism */
/* CK_KEA_DERIVE_PARAMS is new for v2.0 */
typedef struct CK_KEA_DERIVE_PARAMS {
CK_BBOOL isSender;
CK_ULONG ulRandomLen;
CK_BYTE_PTR pRandomA;
CK_BYTE_PTR pRandomB;
CK_ULONG ulPublicDataLen;
CK_BYTE_PTR pPublicData;
} CK_KEA_DERIVE_PARAMS;
typedef CK_KEA_DERIVE_PARAMS CK_PTR CK_KEA_DERIVE_PARAMS_PTR;
/* CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and
* CKM_RC2_MAC mechanisms. An instance of CK_RC2_PARAMS just
* holds the effective keysize */
typedef CK_ULONG CK_RC2_PARAMS;
typedef CK_RC2_PARAMS CK_PTR CK_RC2_PARAMS_PTR;
/* CK_RC2_CBC_PARAMS provides the parameters to the CKM_RC2_CBC
* mechanism */
typedef struct CK_RC2_CBC_PARAMS {
/* ulEffectiveBits was changed from CK_USHORT to CK_ULONG for
* v2.0 */
CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
CK_BYTE iv[8]; /* IV for CBC mode */
} CK_RC2_CBC_PARAMS;
typedef CK_RC2_CBC_PARAMS CK_PTR CK_RC2_CBC_PARAMS_PTR;
/* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the
* CKM_RC2_MAC_GENERAL mechanism */
/* CK_RC2_MAC_GENERAL_PARAMS is new for v2.0 */
typedef struct CK_RC2_MAC_GENERAL_PARAMS {
CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
CK_ULONG ulMacLength; /* Length of MAC in bytes */
} CK_RC2_MAC_GENERAL_PARAMS;
typedef CK_RC2_MAC_GENERAL_PARAMS CK_PTR \
CK_RC2_MAC_GENERAL_PARAMS_PTR;
/* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and
* CKM_RC5_MAC mechanisms */
/* CK_RC5_PARAMS is new for v2.0 */
typedef struct CK_RC5_PARAMS {
CK_ULONG ulWordsize; /* wordsize in bits */
CK_ULONG ulRounds; /* number of rounds */
} CK_RC5_PARAMS;
typedef CK_RC5_PARAMS CK_PTR CK_RC5_PARAMS_PTR;
/* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC
* mechanism */
/* CK_RC5_CBC_PARAMS is new for v2.0 */
typedef struct CK_RC5_CBC_PARAMS {
CK_ULONG ulWordsize; /* wordsize in bits */
CK_ULONG ulRounds; /* number of rounds */
CK_BYTE_PTR pIv; /* pointer to IV */
CK_ULONG ulIvLen; /* length of IV in bytes */
} CK_RC5_CBC_PARAMS;
typedef CK_RC5_CBC_PARAMS CK_PTR CK_RC5_CBC_PARAMS_PTR;
/* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the
* CKM_RC5_MAC_GENERAL mechanism */
/* CK_RC5_MAC_GENERAL_PARAMS is new for v2.0 */
typedef struct CK_RC5_MAC_GENERAL_PARAMS {
CK_ULONG ulWordsize; /* wordsize in bits */
CK_ULONG ulRounds; /* number of rounds */
CK_ULONG ulMacLength; /* Length of MAC in bytes */
} CK_RC5_MAC_GENERAL_PARAMS;
typedef CK_RC5_MAC_GENERAL_PARAMS CK_PTR \
CK_RC5_MAC_GENERAL_PARAMS_PTR;
/* CK_MAC_GENERAL_PARAMS provides the parameters to most block
* ciphers' MAC_GENERAL mechanisms. Its value is the length of
* the MAC */
/* CK_MAC_GENERAL_PARAMS is new for v2.0 */
typedef CK_ULONG CK_MAC_GENERAL_PARAMS;
typedef CK_MAC_GENERAL_PARAMS CK_PTR CK_MAC_GENERAL_PARAMS_PTR;
/* CK_DES/AES_ECB/CBC_ENCRYPT_DATA_PARAMS are new for v2.20 */
typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS {
CK_BYTE iv[8];
CK_BYTE_PTR pData;
CK_ULONG length;
} CK_DES_CBC_ENCRYPT_DATA_PARAMS;
typedef CK_DES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR;
typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS {
CK_BYTE iv[16];
CK_BYTE_PTR pData;
CK_ULONG length;
} CK_AES_CBC_ENCRYPT_DATA_PARAMS;
typedef CK_AES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR;
/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the
* CKM_SKIPJACK_PRIVATE_WRAP mechanism */
/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS is new for v2.0 */
typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS {
CK_ULONG ulPasswordLen;
CK_BYTE_PTR pPassword;
CK_ULONG ulPublicDataLen;
CK_BYTE_PTR pPublicData;
CK_ULONG ulPAndGLen;
CK_ULONG ulQLen;
CK_ULONG ulRandomLen;
CK_BYTE_PTR pRandomA;
CK_BYTE_PTR pPrimeP;
CK_BYTE_PTR pBaseG;
CK_BYTE_PTR pSubprimeQ;
} CK_SKIPJACK_PRIVATE_WRAP_PARAMS;
typedef CK_SKIPJACK_PRIVATE_WRAP_PARAMS CK_PTR \
CK_SKIPJACK_PRIVATE_WRAP_PTR;
/* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the
* CKM_SKIPJACK_RELAYX mechanism */
/* CK_SKIPJACK_RELAYX_PARAMS is new for v2.0 */
typedef struct CK_SKIPJACK_RELAYX_PARAMS {
CK_ULONG ulOldWrappedXLen;
CK_BYTE_PTR pOldWrappedX;
CK_ULONG ulOldPasswordLen;
CK_BYTE_PTR pOldPassword;
CK_ULONG ulOldPublicDataLen;
CK_BYTE_PTR pOldPublicData;
CK_ULONG ulOldRandomLen;
CK_BYTE_PTR pOldRandomA;
CK_ULONG ulNewPasswordLen;
CK_BYTE_PTR pNewPassword;
CK_ULONG ulNewPublicDataLen;
CK_BYTE_PTR pNewPublicData;
CK_ULONG ulNewRandomLen;
CK_BYTE_PTR pNewRandomA;
} CK_SKIPJACK_RELAYX_PARAMS;
typedef CK_SKIPJACK_RELAYX_PARAMS CK_PTR \
CK_SKIPJACK_RELAYX_PARAMS_PTR;
typedef struct CK_PBE_PARAMS {
CK_BYTE_PTR pInitVector;
CK_UTF8CHAR_PTR pPassword;
CK_ULONG ulPasswordLen;
CK_BYTE_PTR pSalt;
CK_ULONG ulSaltLen;
CK_ULONG ulIteration;
} CK_PBE_PARAMS;
typedef CK_PBE_PARAMS CK_PTR CK_PBE_PARAMS_PTR;
/* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the
* CKM_KEY_WRAP_SET_OAEP mechanism */
/* CK_KEY_WRAP_SET_OAEP_PARAMS is new for v2.0 */
typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS {
CK_BYTE bBC; /* block contents byte */
CK_BYTE_PTR pX; /* extra data */
CK_ULONG ulXLen; /* length of extra data in bytes */
} CK_KEY_WRAP_SET_OAEP_PARAMS;
typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR \
CK_KEY_WRAP_SET_OAEP_PARAMS_PTR;
typedef struct CK_SSL3_RANDOM_DATA {
CK_BYTE_PTR pClientRandom;
CK_ULONG ulClientRandomLen;
CK_BYTE_PTR pServerRandom;
CK_ULONG ulServerRandomLen;
} CK_SSL3_RANDOM_DATA;
typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS {
CK_SSL3_RANDOM_DATA RandomInfo;
CK_VERSION_PTR pVersion;
} CK_SSL3_MASTER_KEY_DERIVE_PARAMS;
typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR \
CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR;
typedef struct CK_SSL3_KEY_MAT_OUT {
CK_OBJECT_HANDLE hClientMacSecret;
CK_OBJECT_HANDLE hServerMacSecret;
CK_OBJECT_HANDLE hClientKey;
CK_OBJECT_HANDLE hServerKey;
CK_BYTE_PTR pIVClient;
CK_BYTE_PTR pIVServer;
} CK_SSL3_KEY_MAT_OUT;
typedef CK_SSL3_KEY_MAT_OUT CK_PTR CK_SSL3_KEY_MAT_OUT_PTR;
typedef struct CK_SSL3_KEY_MAT_PARAMS {
CK_ULONG ulMacSizeInBits;
CK_ULONG ulKeySizeInBits;
CK_ULONG ulIVSizeInBits;
CK_BBOOL bIsExport;
CK_SSL3_RANDOM_DATA RandomInfo;
CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
} CK_SSL3_KEY_MAT_PARAMS;
typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR;
/* CK_TLS_PRF_PARAMS is new for version 2.20 */
typedef struct CK_TLS_PRF_PARAMS {
CK_BYTE_PTR pSeed;
CK_ULONG ulSeedLen;
CK_BYTE_PTR pLabel;
CK_ULONG ulLabelLen;
CK_BYTE_PTR pOutput;
CK_ULONG_PTR pulOutputLen;
} CK_TLS_PRF_PARAMS;
typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR;
/* WTLS is new for version 2.20 */
typedef struct CK_WTLS_RANDOM_DATA {
CK_BYTE_PTR pClientRandom;
CK_ULONG ulClientRandomLen;
CK_BYTE_PTR pServerRandom;
CK_ULONG ulServerRandomLen;
} CK_WTLS_RANDOM_DATA;
typedef CK_WTLS_RANDOM_DATA CK_PTR CK_WTLS_RANDOM_DATA_PTR;
typedef struct CK_WTLS_MASTER_KEY_DERIVE_PARAMS {
CK_MECHANISM_TYPE DigestMechanism;
CK_WTLS_RANDOM_DATA RandomInfo;
CK_BYTE_PTR pVersion;
} CK_WTLS_MASTER_KEY_DERIVE_PARAMS;
typedef CK_WTLS_MASTER_KEY_DERIVE_PARAMS CK_PTR \
CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR;
typedef struct CK_WTLS_PRF_PARAMS {
CK_MECHANISM_TYPE DigestMechanism;
CK_BYTE_PTR pSeed;
CK_ULONG ulSeedLen;
CK_BYTE_PTR pLabel;
CK_ULONG ulLabelLen;
CK_BYTE_PTR pOutput;
CK_ULONG_PTR pulOutputLen;
} CK_WTLS_PRF_PARAMS;
typedef CK_WTLS_PRF_PARAMS CK_PTR CK_WTLS_PRF_PARAMS_PTR;
typedef struct CK_WTLS_KEY_MAT_OUT {
CK_OBJECT_HANDLE hMacSecret;
CK_OBJECT_HANDLE hKey;
CK_BYTE_PTR pIV;
} CK_WTLS_KEY_MAT_OUT;
typedef CK_WTLS_KEY_MAT_OUT CK_PTR CK_WTLS_KEY_MAT_OUT_PTR;
typedef struct CK_WTLS_KEY_MAT_PARAMS {
CK_MECHANISM_TYPE DigestMechanism;
CK_ULONG ulMacSizeInBits;
CK_ULONG ulKeySizeInBits;
CK_ULONG ulIVSizeInBits;
CK_ULONG ulSequenceNumber;
CK_BBOOL bIsExport;
CK_WTLS_RANDOM_DATA RandomInfo;
CK_WTLS_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
} CK_WTLS_KEY_MAT_PARAMS;
typedef CK_WTLS_KEY_MAT_PARAMS CK_PTR CK_WTLS_KEY_MAT_PARAMS_PTR;
/* CMS is new for version 2.20 */
typedef struct CK_CMS_SIG_PARAMS {
CK_OBJECT_HANDLE certificateHandle;
CK_MECHANISM_PTR pSigningMechanism;
CK_MECHANISM_PTR pDigestMechanism;
CK_UTF8CHAR_PTR pContentType;
CK_BYTE_PTR pRequestedAttributes;
CK_ULONG ulRequestedAttributesLen;
CK_BYTE_PTR pRequiredAttributes;
CK_ULONG ulRequiredAttributesLen;
} CK_CMS_SIG_PARAMS;
typedef CK_CMS_SIG_PARAMS CK_PTR CK_CMS_SIG_PARAMS_PTR;
typedef struct CK_KEY_DERIVATION_STRING_DATA {
CK_BYTE_PTR pData;
CK_ULONG ulLen;
} CK_KEY_DERIVATION_STRING_DATA;
typedef CK_KEY_DERIVATION_STRING_DATA CK_PTR \
CK_KEY_DERIVATION_STRING_DATA_PTR;
/* The CK_EXTRACT_PARAMS is used for the
* CKM_EXTRACT_KEY_FROM_KEY mechanism. It specifies which bit
* of the base key should be used as the first bit of the
* derived key */
/* CK_EXTRACT_PARAMS is new for v2.0 */
typedef CK_ULONG CK_EXTRACT_PARAMS;
typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR;
/* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is new for v2.10.
* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to
* indicate the Pseudo-Random Function (PRF) used to generate
* key bits using PKCS #5 PBKDF2. */
typedef CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE;
typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR;
/* The following PRFs are defined in PKCS #5 v2.0. */
#define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001
/* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is new for v2.10.
* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the
* source of the salt value when deriving a key using PKCS #5
* PBKDF2. */
typedef CK_ULONG CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE;
typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR;
/* The following salt value sources are defined in PKCS #5 v2.0. */
#define CKZ_SALT_SPECIFIED 0x00000001
/* CK_PKCS5_PBKD2_PARAMS is new for v2.10.
* CK_PKCS5_PBKD2_PARAMS is a structure that provides the
* parameters to the CKM_PKCS5_PBKD2 mechanism. */
typedef struct CK_PKCS5_PBKD2_PARAMS {
CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource;
CK_VOID_PTR pSaltSourceData;
CK_ULONG ulSaltSourceDataLen;
CK_ULONG iterations;
CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf;
CK_VOID_PTR pPrfData;
CK_ULONG ulPrfDataLen;
CK_UTF8CHAR_PTR pPassword;
CK_ULONG_PTR ulPasswordLen;
} CK_PKCS5_PBKD2_PARAMS;
typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR;
#endif
16 years, 3 months
[Fedora-directory-commits] esc/mac/Tokend-30557/Tokend.xcodeproj project.pbxproj, NONE, 1.1
by Doctor Conrad
Author: jmagne
Update of /cvs/dirsec/esc/mac/Tokend-30557/Tokend.xcodeproj
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31436/Tokend.xcodeproj
Added Files:
project.pbxproj
Log Message:
Initial revision
--- NEW FILE project.pbxproj ---
// !$*UTF8*$!
{
archiveVersion = 1;
classes = {
};
objectVersion = 42;
objects = {
/* Begin PBXAggregateTarget section */
4C771E7F070A39590035E04F /* world */ = {
isa = PBXAggregateTarget;
buildConfigurationList = 53EE0C2E0C92291C0095AC7D /* Build configuration list for PBXAggregateTarget "world" */;
buildPhases = (
);
buildSettings = {
PRODUCT_NAME = world;
SECTORDER_FLAGS = "";
};
dependencies = (
53B1FC540C972DD30031928B /* PBXTargetDependency */,
);
name = world;
productName = world;
};
/* End PBXAggregateTarget section */
/* Begin PBXBuildFile section */
4C273A220708CE2C00CCB0FA /* CACError.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C273A200708CE2C00CCB0FA /* CACError.cpp */; };
4C414FE207305D34004C9490 /* Adornment.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C1B9B6406DBF99F00014414 /* Adornment.cpp */; };
4C414FE307305D34004C9490 /* Adornment.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C1B9B6306DBF99F00014414 /* Adornment.h */; };
4C414FE407305D34004C9490 /* Attribute.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134A9606DBF81800FA17D9 /* Attribute.cpp */; };
4C414FE507305D34004C9490 /* Attribute.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C134A9706DBF81800FA17D9 /* Attribute.h */; };
4C414FE607305D34004C9490 /* AttributeCoder.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134A8A06DBF81800FA17D9 /* AttributeCoder.cpp */; };
4C414FE707305D34004C9490 /* AttributeCoder.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C134A8B06DBF81800FA17D9 /* AttributeCoder.h */; };
4C414FE807305D34004C9490 /* Cursor.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134A9806DBF81800FA17D9 /* Cursor.cpp */; };
4C414FE907305D34004C9490 /* Cursor.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C134A9906DBF81800FA17D9 /* Cursor.h */; };
4C414FEA07305D34004C9490 /* DbValue.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134A9A06DBF81800FA17D9 /* DbValue.cpp */; };
4C414FEB07305D34004C9490 /* DbValue.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C134A9B06DBF81800FA17D9 /* DbValue.h */; };
4C414FEC07305D34004C9490 /* KeyHandle.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C3C166E06F61D6F00FC8AAC /* KeyHandle.cpp */; };
4C414FED07305D34004C9490 /* KeyHandle.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C3C166D06F61D6F00FC8AAC /* KeyHandle.h */; };
4C414FEE07305D34004C9490 /* MetaAttribute.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134A9C06DBF81800FA17D9 /* MetaAttribute.cpp */; };
4C414FEF07305D34004C9490 /* MetaAttribute.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C134A9D06DBF81800FA17D9 /* MetaAttribute.h */; };
4C414FF007305D34004C9490 /* MetaRecord.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134A9E06DBF81800FA17D9 /* MetaRecord.cpp */; };
4C414FF107305D34004C9490 /* MetaRecord.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C134A9F06DBF81800FA17D9 /* MetaRecord.h */; };
4C414FF407305D34004C9490 /* Record.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134AA006DBF81800FA17D9 /* Record.cpp */; };
4C414FF507305D34004C9490 /* Record.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C134AA106DBF81800FA17D9 /* Record.h */; };
4C414FF607305D34004C9490 /* RecordHandle.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C55BAFC06DEABE500E4200A /* RecordHandle.cpp */; };
4C414FF707305D34004C9490 /* RecordHandle.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C55BAFB06DEABE500E4200A /* RecordHandle.h */; };
4C414FF807305D34004C9490 /* Relation.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134A8E06DBF81800FA17D9 /* Relation.cpp */; };
4C414FF907305D34004C9490 /* Relation.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C134A8F06DBF81800FA17D9 /* Relation.h */; };
4C414FFA07305D34004C9490 /* Schema.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134AA206DBF81800FA17D9 /* Schema.cpp */; };
4C414FFB07305D34004C9490 /* Schema.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C134AA306DBF81800FA17D9 /* Schema.h */; };
4C414FFC07305D34004C9490 /* SelectionPredicate.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134AA406DBF81800FA17D9 /* SelectionPredicate.cpp */; };
4C414FFD07305D34004C9490 /* SelectionPredicate.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C134AA506DBF81800FA17D9 /* SelectionPredicate.h */; };
4C414FFE07305D34004C9490 /* Token.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134A9006DBF81800FA17D9 /* Token.cpp */; };
4C414FFF07305D34004C9490 /* Token.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C134A9106DBF81800FA17D9 /* Token.h */; };
4C41500007305D34004C9490 /* TokenContext.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134A9206DBF81800FA17D9 /* TokenContext.cpp */; };
4C41500107305D34004C9490 /* TokenContext.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C134A9306DBF81800FA17D9 /* TokenContext.h */; };
4C41500807305DA5004C9490 /* KeyRecord.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CE2E6A406DC06AB00E21469 /* KeyRecord.cpp */; };
4C41500A07305DA5004C9490 /* musclecard.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C3FACAD06DBF84400D18D5F /* musclecard.cpp */; };
4C41500B07305DA5004C9490 /* MuscleCardAttributeCoder.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C1B9B5C06DBF96E00014414 /* MuscleCardAttributeCoder.cpp */; };
4C41500D07305DA5004C9490 /* MuscleCardKeyHandle.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C253C0E06F66A6100B5CED6 /* MuscleCardKeyHandle.cpp */; };
4C41500F07305DA5004C9490 /* MuscleCardSchema.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C1B9B8906DBFEE200014414 /* MuscleCardSchema.cpp */; };
4C41501107305DA5004C9490 /* MuscleCardToken.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C3FACAE06DBF84400D18D5F /* MuscleCardToken.cpp */; };
4C41501307305DA5004C9490 /* TokenRecord.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C63F7A506DC052A00CB6F22 /* TokenRecord.cpp */; };
4C41501507305DB4004C9490 /* MscACL.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134AAB06DBF81800FA17D9 /* MscACL.cpp */; };
4C41501707305DB4004C9490 /* MscError.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134AA906DBF81800FA17D9 /* MscError.cpp */; };
4C41501907305DB4004C9490 /* MscKey.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134AAF06DBF81800FA17D9 /* MscKey.cpp */; };
4C41501B07305DB4004C9490 /* MscObject.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134AB106DBF81800FA17D9 /* MscObject.cpp */; };
4C41501D07305DB4004C9490 /* MscPIN.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134AB306DBF81800FA17D9 /* MscPIN.cpp */; };
4C41501F07305DB4004C9490 /* MscToken.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134AB506DBF81800FA17D9 /* MscToken.cpp */; };
4C41502107305DB4004C9490 /* MscTokenConnection.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134AB706DBF81800FA17D9 /* MscTokenConnection.cpp */; };
4C41502307305DB4004C9490 /* MscWrappers.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134AB906DBF81800FA17D9 /* MscWrappers.cpp */; };
4C5C1CF3073065EA00AECB7F /* belpic_csp_capabilities.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 4C5C1CE8073065EA00AECB7F /* belpic_csp_capabilities.mdsinfo */; };
4C5C1CF4073065EA00AECB7F /* belpic_csp_capabilities_common.mds in Resources */ = {isa = PBXBuildFile; fileRef = 4C5C1CE9073065EA00AECB7F /* belpic_csp_capabilities_common.mds */; };
4C5C1CF5073065EA00AECB7F /* belpic_csp_primary.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 4C5C1CEA073065EA00AECB7F /* belpic_csp_primary.mdsinfo */; };
4C5C1CF6073065EA00AECB7F /* belpic_dl_primary.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 4C5C1CEB073065EA00AECB7F /* belpic_dl_primary.mdsinfo */; };
4C5C1CF7073065EA00AECB7F /* belpic_smartcard.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 4C5C1CEC073065EA00AECB7F /* belpic_smartcard.mdsinfo */; };
4C5C1D0B0730661500AECB7F /* cac_csp_capabilities.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 4C5C1D000730661500AECB7F /* cac_csp_capabilities.mdsinfo */; };
4C5C1D0C0730661500AECB7F /* cac_csp_capabilities_common.mds in Resources */ = {isa = PBXBuildFile; fileRef = 4C5C1D010730661500AECB7F /* cac_csp_capabilities_common.mds */; };
4C5C1D0D0730661500AECB7F /* cac_csp_primary.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 4C5C1D020730661500AECB7F /* cac_csp_primary.mdsinfo */; };
4C5C1D0E0730661500AECB7F /* cac_dl_primary.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 4C5C1D030730661500AECB7F /* cac_dl_primary.mdsinfo */; };
4C5C1D0F0730661500AECB7F /* cac_smartcard.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 4C5C1D040730661500AECB7F /* cac_smartcard.mdsinfo */; };
4C5C1D3B0730664E00AECB7F /* musclecard_csp_capabilities.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 4C5C1D300730664E00AECB7F /* musclecard_csp_capabilities.mdsinfo */; };
4C5C1D3C0730664E00AECB7F /* musclecard_csp_capabilities_common.mds in Resources */ = {isa = PBXBuildFile; fileRef = 4C5C1D310730664E00AECB7F /* musclecard_csp_capabilities_common.mds */; };
4C5C1D3D0730664E00AECB7F /* musclecard_csp_primary.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 4C5C1D320730664E00AECB7F /* musclecard_csp_primary.mdsinfo */; };
4C5C1D3E0730664E00AECB7F /* musclecard_dl_primary.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 4C5C1D330730664E00AECB7F /* musclecard_dl_primary.mdsinfo */; };
4C5C1D3F0730664E00AECB7F /* musclecard_smartcard.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 4C5C1D340730664E00AECB7F /* musclecard_smartcard.mdsinfo */; };
4C6C13980730791D00514500 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CA8C4D606D6D19400F1BCC8 /* CoreFoundation.framework */; };
4C7BA7540703990100E5719F /* CACAttributeCoder.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C7BA7490703990100E5719F /* CACAttributeCoder.cpp */; };
4C7BA7550703990100E5719F /* CACKeyHandle.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C7BA74B0703990100E5719F /* CACKeyHandle.cpp */; };
4C7BA7560703990100E5719F /* CACSchema.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C7BA74D0703990100E5719F /* CACSchema.cpp */; };
4C7BA7570703990100E5719F /* CACToken.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C7BA74F0703990100E5719F /* CACToken.cpp */; };
4C7BA7580703990100E5719F /* cac.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C7BA7510703990100E5719F /* cac.cpp */; };
4C7BA79D07039B3000E5719F /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CA8C4D606D6D19400F1BCC8 /* CoreFoundation.framework */; };
4C86D3AE070B4122006A0C7F /* belpic.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C86D3A0070B4122006A0C7F /* belpic.cpp */; };
4C86D3B0070B4122006A0C7F /* BELPICError.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C86D3A3070B4122006A0C7F /* BELPICError.cpp */; };
4C86D3B1070B4122006A0C7F /* BELPICKeyHandle.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C86D3A5070B4122006A0C7F /* BELPICKeyHandle.cpp */; };
4C86D3B2070B4122006A0C7F /* BELPICRecord.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C86D3A7070B4122006A0C7F /* BELPICRecord.cpp */; };
4C86D3B3070B4122006A0C7F /* BELPICSchema.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C86D3A9070B4122006A0C7F /* BELPICSchema.cpp */; };
4C86D3B4070B4122006A0C7F /* BELPICToken.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C86D3AB070B4122006A0C7F /* BELPICToken.cpp */; };
4CA8C4D706D6D19400F1BCC8 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CA8C4D606D6D19400F1BCC8 /* CoreFoundation.framework */; };
4CBF5C3A0704CDBF00EEADC2 /* CACRecord.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CBF5C390704CDBF00EEADC2 /* CACRecord.cpp */; };
4CBF5CBF0704E76200EEADC2 /* libz.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CBF5CBE0704E76200EEADC2 /* libz.dylib */; };
4CC3947B0731A4DD00761DEE /* SCardError.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CC394790731A4DD00761DEE /* SCardError.h */; };
4CC3947C0731A4DD00761DEE /* SCardError.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CC3947A0731A4DD00761DEE /* SCardError.cpp */; };
5391D2B60C973E1400A44E90 /* coolkey.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 53B1FC2F0C972D510031928B /* coolkey.cpp */; };
5391D2B70C973E3100A44E90 /* CoolKeyAttributeCoder.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 53B1FC300C972D510031928B /* CoolKeyAttributeCoder.cpp */; };
5391D2B80C973E3900A44E90 /* CoolKeyError.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 53B1FC320C972D510031928B /* CoolKeyError.cpp */; };
5391D2B90C973E4600A44E90 /* CoolKeyHandle.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 53B1FC340C972D510031928B /* CoolKeyHandle.cpp */; };
5391D2BA0C973E5000A44E90 /* CoolKeyPK11.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 53B1FC360C972D510031928B /* CoolKeyPK11.cpp */; };
5391D2BB0C973E5800A44E90 /* CoolKeyRecord.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 53B1FC380C972D510031928B /* CoolKeyRecord.cpp */; };
5391D2BC0C973E5F00A44E90 /* CoolKeySchema.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 53B1FC3A0C972D510031928B /* CoolKeySchema.cpp */; };
5391D2BD0C973E6600A44E90 /* CoolKeyToken.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 53B1FC3C0C972D510031928B /* CoolKeyToken.cpp */; };
5391D2DC0C973F5100A44E90 /* coolkey_csp_capabilities_common.mds in Resources */ = {isa = PBXBuildFile; fileRef = 5391D2D70C973F5100A44E90 /* coolkey_csp_capabilities_common.mds */; };
5391D2DD0C973F5100A44E90 /* coolkey_csp_capabilities.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 5391D2D80C973F5100A44E90 /* coolkey_csp_capabilities.mdsinfo */; };
5391D2DE0C973F5100A44E90 /* coolkey_csp_primary.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 5391D2D90C973F5100A44E90 /* coolkey_csp_primary.mdsinfo */; };
5391D2DF0C973F5100A44E90 /* coolkey_dl_primary.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 5391D2DA0C973F5100A44E90 /* coolkey_dl_primary.mdsinfo */; };
5391D2E00C973F5100A44E90 /* coolkey_smartcard.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 5391D2DB0C973F5100A44E90 /* coolkey_smartcard.mdsinfo */; };
53B1FBE20C97193A0031928B /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CA8C4D606D6D19400F1BCC8 /* CoreFoundation.framework */; };
/* End PBXBuildFile section */
/* Begin PBXBuildStyle section */
014CEA520018CE5811CA2923 /* Development */ = {
isa = PBXBuildStyle;
buildSettings = {
BUILD_VARIANTS = debug;
COPY_PHASE_STRIP = NO;
GCC_DYNAMIC_NO_PIC = NO;
GCC_ENABLE_FIX_AND_CONTINUE = YES;
GCC_GENERATE_DEBUGGING_SYMBOLS = YES;
GCC_OPTIMIZATION_LEVEL = 0;
GCC_WARN_ABOUT_MISSING_PROTOTYPES = YES;
GCC_WARN_CHECK_SWITCH_STATEMENTS = YES;
GCC_WARN_HIDDEN_VIRTUAL_FUNCTIONS = YES;
GCC_WARN_INHIBIT_ALL_WARNINGS = NO;
GCC_WARN_INITIALIZER_NOT_FULLY_BRACKETED = YES;
GCC_WARN_MISSING_PARENTHESES = YES;
GCC_WARN_NON_VIRTUAL_DESTRUCTOR = YES;
GCC_WARN_PEDANTIC = NO;
GCC_WARN_SHADOW = NO;
GCC_WARN_SIGN_COMPARE = YES;
GCC_WARN_TYPECHECK_CALLS_TO_PRINTF = YES;
GCC_WARN_UNINITIALIZED_AUTOS = NO;
GCC_WARN_UNKNOWN_PRAGMAS = YES;
GCC_WARN_UNUSED_FUNCTION = YES;
GCC_WARN_UNUSED_LABEL = YES;
GCC_WARN_UNUSED_PARAMETER = YES;
GCC_WARN_UNUSED_VALUE = YES;
GCC_WARN_UNUSED_VARIABLE = YES;
ZERO_LINK = NO;
};
name = Development;
};
014CEA530018CE5811CA2923 /* Deployment */ = {
isa = PBXBuildStyle;
buildSettings = {
GCC_ENABLE_FIX_AND_CONTINUE = NO;
ZERO_LINK = NO;
};
name = Deployment;
};
4CABFE4C06DD4AD6002AA6F9 /* normal with debug from build folder */ = {
isa = PBXBuildStyle;
buildSettings = {
BUILD_VARIANTS = normal;
OPT_LDFLAGS = "";
OPT_LDXFLAGS = "";
OPT_LDXNOPIC = "";
OTHER_ASFLAGS_normal = "$(OTHER_CFLAGS) -UNDEBUG";
OTHER_CFLAGS_normal = "$(OTHER_CFLAGS) -UNDEBUG -O0 -fno-inline";
OTHER_CPLUSPLUSFLAGS_normal = "$(OTHER_CFLAGS) -UNDEBUG -O0 -fno-inline";
PREBINDING = NO;
SECTORDER_FLAGS = "";
};
name = "normal with debug from build folder";
};
/* End PBXBuildStyle section */
/* Begin PBXContainerItemProxy section */
4C41506E07305E0F004C9490 /* PBXContainerItemProxy */ = {
isa = PBXContainerItemProxy;
containerPortal = 08FB7793FE84155DC02AAC07 /* Project object */;
proxyType = 1;
remoteGlobalIDString = 4C414FAA07305C57004C9490;
remoteInfo = tokend;
};
4C41507007305E17004C9490 /* PBXContainerItemProxy */ = {
isa = PBXContainerItemProxy;
containerPortal = 08FB7793FE84155DC02AAC07 /* Project object */;
proxyType = 1;
remoteGlobalIDString = 4C414FAA07305C57004C9490;
remoteInfo = tokend;
};
4C41507407305E1C004C9490 /* PBXContainerItemProxy */ = {
isa = PBXContainerItemProxy;
containerPortal = 08FB7793FE84155DC02AAC07 /* Project object */;
proxyType = 1;
remoteGlobalIDString = 4C414FAA07305C57004C9490;
[...1967 lines suppressed...]
ZERO_LINK = NO;
};
name = Deployment;
};
53EE0C360C92291C0095AC7D /* normal with debug from build folder */ = {
isa = XCBuildConfiguration;
buildSettings = {
BUILD_VARIANTS = normal;
CURRENT_PROJECT_VERSION = 30557;
FRAMEWORK_SEARCH_PATHS = (
/usr/local/SecurityPieces/Frameworks,
"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks",
);
GCC_DYNAMIC_NO_PIC = YES;
GCC_MODEL_TUNING = G5;
INFOPLIST_FILE = MuscleCard/Info.plist;
INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Security/tokend";
OPT_CPPXFLAGS = "$(OPT_CXFLAGS) -fno-enforce-eh-specs -fno-implement-inlines";
OPT_CXFLAGS = "-DNDEBUG $(OPT_INLINEXFLAGS)";
OPT_INLINEXFLAGS = " -finline-functions";
OPT_LDFLAGS = "";
OPT_LDXFLAGS = "";
OPT_LDXNOPIC = "";
OTHER_ASFLAGS_debug = "$(OTHER_CFLAGS)";
OTHER_ASFLAGS_normal = "$(OTHER_CFLAGS) -UNDEBUG";
OTHER_ASFLAGS_profile = "-DNDEBUG $(OTHER_CFLAGS) -pg";
OTHER_CFLAGS_debug = "$(OTHER_CFLAGS) -O0 -fno-inline";
OTHER_CFLAGS_normal = "$(OTHER_CFLAGS) -UNDEBUG -O0 -fno-inline";
OTHER_CFLAGS_profile = "$(OPT_CXFLAGS) $(OTHER_CFLAGS) -pg";
OTHER_CPLUSPLUSFLAGS_debug = "$(OTHER_CPLUSPLUSFLAGS) -O0 -fno-inline";
OTHER_CPLUSPLUSFLAGS_normal = "$(OTHER_CFLAGS) -UNDEBUG -O0 -fno-inline";
OTHER_CPLUSPLUSFLAGS_profile = "$(OPT_CPPXFLAGS) $(OTHER_CPLUSPLUSFLAGS) -pg";
OTHER_LDFLAGS_debug = "$(OTHER_LDFLAGS) -ltokend_debug -framework PCSC,_debug -framework SecurityTokend,_debug -framework Security,_debug -framework security_cdsa_client,_debug -framework security_cdsa_utilities,_debug -framework security_utilities,_debug";
OTHER_LDFLAGS_normal = "$(OPT_LDXFLAGS) $(OTHER_LDFLAGS) -ltokend -framework PCSC -framework SecurityTokend -framework Security -framework security_cdsa_client$(OPT_LDXNOPIC) -framework security_cdsa_utilities$(OPT_LDXNOPIC) -framework security_utilities$(OPT_LDXNOPIC)";
OTHER_LDFLAGS_profile = "$(OPT_LDXFLAGS) $(OTHER_LDFLAGS) -pg -ltokend_profile -framework PCSC,_profile -framework SecurityTokend,_profile -framework Security,_profile -framework security_cdsa_client,_profile -framework security_cdsa_utilities,_profile -framework security_utilities,_profile";
PREBINDING = NO;
PRODUCT_NAME = MuscleCard;
SECTORDER_FLAGS = "";
VERSIONING_SYSTEM = "apple-generic";
WARNING_CFLAGS = (
"-Wmost",
"-Wno-four-char-constants",
"-Wno-unknown-pragmas",
);
WRAPPER_EXTENSION = tokend;
};
name = "normal with debug from build folder";
};
53EE0C370C92291C0095AC7D /* Default */ = {
isa = XCBuildConfiguration;
buildSettings = {
BUILD_VARIANTS = (
normal,
debug,
);
CURRENT_PROJECT_VERSION = 30557;
FRAMEWORK_SEARCH_PATHS = (
/usr/local/SecurityPieces/Frameworks,
"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks",
);
GCC_DYNAMIC_NO_PIC = YES;
GCC_MODEL_TUNING = G5;
INFOPLIST_FILE = MuscleCard/Info.plist;
INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Security/tokend";
OPT_CPPXFLAGS = "$(OPT_CXFLAGS) -fno-enforce-eh-specs -fno-implement-inlines";
OPT_CXFLAGS = "-DNDEBUG $(OPT_INLINEXFLAGS)";
OPT_INLINEXFLAGS = " -finline-functions";
OPT_LDXFLAGS = "-dead_strip";
OPT_LDXNOPIC = ",_nopic";
OTHER_ASFLAGS_debug = "$(OTHER_CFLAGS)";
OTHER_ASFLAGS_normal = "$(OTHER_CFLAGS) -DNDEBUG";
OTHER_ASFLAGS_profile = "-DNDEBUG $(OTHER_CFLAGS) -pg";
OTHER_CFLAGS_debug = "$(OTHER_CFLAGS) -O0 -fno-inline";
OTHER_CFLAGS_normal = "$(OPT_CXFLAGS) $(OTHER_CFLAGS)";
OTHER_CFLAGS_profile = "$(OPT_CXFLAGS) $(OTHER_CFLAGS) -pg";
OTHER_CPLUSPLUSFLAGS_debug = "$(OTHER_CPLUSPLUSFLAGS) -O0 -fno-inline";
OTHER_CPLUSPLUSFLAGS_normal = "$(OPT_CPPXFLAGS) $(OTHER_CPLUSPLUSFLAGS)";
OTHER_CPLUSPLUSFLAGS_profile = "$(OPT_CPPXFLAGS) $(OTHER_CPLUSPLUSFLAGS) -pg";
OTHER_LDFLAGS_debug = "$(OTHER_LDFLAGS) -ltokend_debug -framework PCSC,_debug -framework SecurityTokend,_debug -framework Security,_debug -framework security_cdsa_client,_debug -framework security_cdsa_utilities,_debug -framework security_utilities,_debug";
OTHER_LDFLAGS_normal = "$(OPT_LDXFLAGS) $(OTHER_LDFLAGS) -ltokend -framework PCSC -framework SecurityTokend -framework Security -framework security_cdsa_client$(OPT_LDXNOPIC) -framework security_cdsa_utilities$(OPT_LDXNOPIC) -framework security_utilities$(OPT_LDXNOPIC)";
OTHER_LDFLAGS_profile = "$(OPT_LDXFLAGS) $(OTHER_LDFLAGS) -pg -ltokend_profile -framework PCSC,_profile -framework SecurityTokend,_profile -framework Security,_profile -framework security_cdsa_client,_profile -framework security_cdsa_utilities,_profile -framework security_utilities,_profile";
PRODUCT_NAME = MuscleCard;
VERSIONING_SYSTEM = "apple-generic";
WARNING_CFLAGS = (
"-Wmost",
"-Wno-four-char-constants",
"-Wno-unknown-pragmas",
);
WRAPPER_EXTENSION = tokend;
};
name = Default;
};
53EE0C390C92291C0095AC7D /* Development */ = {
isa = XCBuildConfiguration;
buildSettings = {
};
name = Development;
};
53EE0C3A0C92291C0095AC7D /* Deployment */ = {
isa = XCBuildConfiguration;
buildSettings = {
};
name = Deployment;
};
53EE0C3B0C92291C0095AC7D /* normal with debug from build folder */ = {
isa = XCBuildConfiguration;
buildSettings = {
};
name = "normal with debug from build folder";
};
53EE0C3C0C92291C0095AC7D /* Default */ = {
isa = XCBuildConfiguration;
buildSettings = {
};
name = Default;
};
/* End XCBuildConfiguration section */
/* Begin XCConfigurationList section */
53B1FBE30C97193A0031928B /* Build configuration list for PBXNativeTarget "COOLKEY" */ = {
isa = XCConfigurationList;
buildConfigurations = (
53B1FBE40C97193A0031928B /* Development */,
53B1FBE50C97193A0031928B /* Deployment */,
53B1FBE60C97193A0031928B /* normal with debug from build folder */,
53B1FBE70C97193A0031928B /* Default */,
);
defaultConfigurationIsVisible = 0;
defaultConfigurationName = Default;
};
53EE0C1F0C92291C0095AC7D /* Build configuration list for PBXNativeTarget "tokend" */ = {
isa = XCConfigurationList;
buildConfigurations = (
53EE0C200C92291C0095AC7D /* Development */,
53EE0C210C92291C0095AC7D /* Deployment */,
53EE0C220C92291C0095AC7D /* normal with debug from build folder */,
53EE0C230C92291C0095AC7D /* Default */,
);
defaultConfigurationIsVisible = 0;
defaultConfigurationName = Default;
};
53EE0C240C92291C0095AC7D /* Build configuration list for PBXNativeTarget "BELPIC" */ = {
isa = XCConfigurationList;
buildConfigurations = (
53EE0C250C92291C0095AC7D /* Development */,
53EE0C260C92291C0095AC7D /* Deployment */,
53EE0C270C92291C0095AC7D /* normal with debug from build folder */,
53EE0C280C92291C0095AC7D /* Default */,
);
defaultConfigurationIsVisible = 0;
defaultConfigurationName = Default;
};
53EE0C290C92291C0095AC7D /* Build configuration list for PBXNativeTarget "CAC" */ = {
isa = XCConfigurationList;
buildConfigurations = (
53EE0C2A0C92291C0095AC7D /* Development */,
53EE0C2B0C92291C0095AC7D /* Deployment */,
53EE0C2C0C92291C0095AC7D /* normal with debug from build folder */,
53EE0C2D0C92291C0095AC7D /* Default */,
);
defaultConfigurationIsVisible = 0;
defaultConfigurationName = Default;
};
53EE0C2E0C92291C0095AC7D /* Build configuration list for PBXAggregateTarget "world" */ = {
isa = XCConfigurationList;
buildConfigurations = (
53EE0C2F0C92291C0095AC7D /* Development */,
53EE0C300C92291C0095AC7D /* Deployment */,
53EE0C310C92291C0095AC7D /* normal with debug from build folder */,
53EE0C320C92291C0095AC7D /* Default */,
);
defaultConfigurationIsVisible = 0;
defaultConfigurationName = Default;
};
53EE0C330C92291C0095AC7D /* Build configuration list for PBXNativeTarget "MuscleCard" */ = {
isa = XCConfigurationList;
buildConfigurations = (
53EE0C340C92291C0095AC7D /* Development */,
53EE0C350C92291C0095AC7D /* Deployment */,
53EE0C360C92291C0095AC7D /* normal with debug from build folder */,
53EE0C370C92291C0095AC7D /* Default */,
);
defaultConfigurationIsVisible = 0;
defaultConfigurationName = Default;
};
53EE0C380C92291C0095AC7D /* Build configuration list for PBXProject "Tokend" */ = {
isa = XCConfigurationList;
buildConfigurations = (
53EE0C390C92291C0095AC7D /* Development */,
53EE0C3A0C92291C0095AC7D /* Deployment */,
53EE0C3B0C92291C0095AC7D /* normal with debug from build folder */,
53EE0C3C0C92291C0095AC7D /* Default */,
);
defaultConfigurationIsVisible = 0;
defaultConfigurationName = Default;
};
/* End XCConfigurationList section */
};
rootObject = 08FB7793FE84155DC02AAC07 /* Project object */;
}
16 years, 3 months
[Fedora-directory-commits] esc/mac/Tokend-30557/CoolKey CoolKeyAttributeCoder.cpp, NONE, 1.1 CoolKeyAttributeCoder.h, NONE, 1.1 CoolKeyError.cpp, NONE, 1.1 CoolKeyError.h, NONE, 1.1 CoolKeyHandle.cpp, NONE, 1.1 CoolKeyHandle.h, NONE, 1.1 CoolKeyPK11.cpp, NONE, 1.1 CoolKeyPK11.h, NONE, 1.1 CoolKeyRecord.cpp, NONE, 1.1 CoolKeyRecord.h, NONE, 1.1 CoolKeySchema.cpp, NONE, 1.1 CoolKeySchema.h, NONE, 1.1 CoolKeyToken.cpp, NONE, 1.1 CoolKeyToken.h, NONE, 1.1 Info.plist, NONE, 1.1 coolkey.cpp, NONE, 1.1
by Doctor Conrad
Author: jmagne
Update of /cvs/dirsec/esc/mac/Tokend-30557/CoolKey
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31436/CoolKey
Added Files:
CoolKeyAttributeCoder.cpp CoolKeyAttributeCoder.h
CoolKeyError.cpp CoolKeyError.h CoolKeyHandle.cpp
CoolKeyHandle.h CoolKeyPK11.cpp CoolKeyPK11.h
CoolKeyRecord.cpp CoolKeyRecord.h CoolKeySchema.cpp
CoolKeySchema.h CoolKeyToken.cpp CoolKeyToken.h Info.plist
coolkey.cpp
Log Message:
Initial revision
--- NEW FILE CoolKeyAttributeCoder.cpp ---
/*CoolKey
* Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
* Portions Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
* Contributor(s):
* Jack Magne,jmagne(a)redhat.com
* CoolKey AttributeCoder implementation.
*
* @APPLE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*/
/*
* CoolKeyAttributeCoder.cpp
* Tokend CoolKey
*/
#include "CoolKeyAttributeCoder.h"
#include "Adornment.h"
#include "MetaAttribute.h"
#include "MetaRecord.h"
#include "Attribute.h"
#include <security_utilities/logging.h>
#include "CoolKeyRecord.h"
#include "CoolKeyToken.h"
#include "CoolKeyPK11.h"
#include <Security/cssmtype.h>
#include <Security/SecKeychainItem.h>
#include <security_cdsa_utilities/cssmkey.h>
#include <Security/SecCertificate.h>
#include <Security/SecKey.h>
using namespace Tokend;
//
// CoolKeyDataAttributeCoder
//
CoolKeyDataAttributeCoder::~CoolKeyDataAttributeCoder()
{
}
void CoolKeyDataAttributeCoder::decode(TokenContext *tokenContext,
const MetaAttribute &metaAttribute, Record &record)
{
Syslog::notice("CoolKeyDataAttributeCoder::decode");
}
CoolKeyCertAttributeCoder:: ~CoolKeyCertAttributeCoder()
{
}
void CoolKeyCertAttributeCoder::decode(Tokend::TokenContext *tokenContext,
const Tokend::MetaAttribute &metaAttribute, Tokend::Record &record)
{
uint32 id = metaAttribute.attributeId();
MetaAttribute::Format format = metaAttribute.attributeFormat();
CoolKeyToken *token = (CoolKeyToken *) tokenContext;
if(!token)
return;
CoolKeyRecord &coolRec = dynamic_cast<CoolKeyRecord &> (record);
CoolKeyCertObject *cert = (CoolKeyCertObject *) coolRec.getCoolKeyObject();
Syslog::notice("CertAttributeCoder::decode coder %p cert object %p id %lu format %lu record %p",this,cert,id,format,&record);
if(!cert)
return;
CK_BYTE tData[2048];
CK_ULONG dataLen = 2048;
CK_ULONG type = 0;
switch(id)
{
case kSecAlias:
Syslog::notice("kSecAlias");
cert->getLabel(tData,&dataLen);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((const void *)tData,dataLen));
break;
case kSecSubjectItemAttr:
cert->getSubject(tData,&dataLen);
Syslog::notice("kSecSubjectItemAttr retrieved data %p datalen %lu",tData,dataLen);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((const void *)tData,dataLen));
break;
case kSecIssuerItemAttr:
cert->getIssuer(tData,&dataLen);
Syslog::notice("kSecIssuertItemAttr retrieved data %p datalen %lu",tData,dataLen);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((const void *)tData,dataLen));
break;
case kSecSerialNumberItemAttr:
cert->getSerialNo(tData,&dataLen);
Syslog::notice("kSecSerialNumnberItemAttr retrieved data %p datalen %lu",tData,dataLen);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((const void *)tData,dataLen));
break;
case kSecPublicKeyHashItemAttr:
Syslog::notice("kSecPublicKeyHashItemAttr");
getCertAttributeFromData(cert,kSecPublicKeyHashItemAttr, tData, &dataLen);
record.attributeAtIndex(metaAttribute.attributeIndex(),
new Attribute((const void *)tData, dataLen));
break;
case kSecSubjectKeyIdentifierItemAttr:
Syslog::notice("kSecSubjectKeyIdentifierItemAttr");
break;
case kSecCertTypeItemAttr:
type = cert->getType();
Syslog::notice("kSecCertTypeItemAttr type %lu",type);
if(type == CKC_X_509)
type = CSSM_CERT_X_509v3;
else
if(type == CKC_X_509_ATTR_CERT)
type = CSSM_CERT_X_509_ATTRIBUTE;
else
type = CSSM_CERT_UNKNOWN;
Syslog::notice("kSecCertTypeItemAttr final type %lu",type);
record.attributeAtIndex(metaAttribute.attributeIndex(),new Attribute((uint32)type));
break;
case kSecCertEncodingItemAttr:
Syslog::notice("kSecCertEncodingItemAttr");
type = CSSM_CERT_ENCODING_BER;
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)type));
break;
case kSecLabelItemAttr:
cert->getLabel(tData,&dataLen);
Syslog::notice("kSecLabelItemAttr retrieved data %p datalen %lu",tData,dataLen);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((const void *)tData,dataLen));
break;
default:
Syslog::notice("missed one");
break;
};
}
void CoolKeyCertAttributeCoder::getCertAttributeFromData(CoolKeyCertObject *aCert,CK_ULONG aAttribute, CK_BYTE *aData, CK_ULONG *aDataLen)
{
CSSM_DATA csData;
CK_BYTE certData[2048];
CK_ULONG certDataLen = 2048;
OSStatus status = 0;
if(!aCert || !aData || *aDataLen <= 0)
return;
CK_ULONG size_in = *aDataLen;
*aDataLen = 0;
Syslog::notice("CoolKeyCertAttributeCoder::getCertAttributeFromData");
aCert->getData(certData,&certDataLen);
SecCertificateRef theCertificate;
csData.Data = certData;
csData.Length = certDataLen;
status = SecCertificateCreateFromData((CSSM_DATA * )&csData, CSSM_CERT_X_509v3,
CSSM_CERT_ENCODING_BER, &theCertificate);
if(status)
return;
Syslog::notice("CoolKeyCertAttributeCoder::getCertAttributeFromData done created cert");
SecKeychainAttribute ska = { kSecPublicKeyHashItemAttr };
SecKeychainItemRef tRef = (SecKeychainItemRef) theCertificate;
SecKeychainAttributeList skal = { 1, &ska };
status = SecKeychainItemCopyContent(tRef, NULL, &skal,
NULL, NULL);
Syslog::notice("CoolKeyCertAttributeCoder::getCertAttributeFromData done got attribute");
if(!status)
return;
if(ska.length < size_in)
{
memcpy(aData,ska.data,ska.length);
*aDataLen = ska.length;
}
SecKeychainItemFreeContent(&skal, NULL);
}
CoolKeyKeyAttributeCoder:: ~CoolKeyKeyAttributeCoder()
{
}
void CoolKeyKeyAttributeCoder::decode(Tokend::TokenContext *tokenContext,
const Tokend::MetaAttribute &metaAttribute, Tokend::Record &record)
{
Syslog::notice("CoolKeyKeyAttributeCoder::decode");
uint32 id = metaAttribute.attributeId();
MetaAttribute::Format format = metaAttribute.attributeFormat();
CoolKeyRecord &coolRec = dynamic_cast<CoolKeyRecord &> (record);
CoolKeyKeyObject *key = (CoolKeyKeyObject *) coolRec.getCoolKeyObject();
if(!key)
return;
CK_BYTE tData[2048];
CK_ULONG dataLen = 2048;
CK_ULONG value = 0;
CK_BYTE attrib = 0;
Syslog::notice("CoolKeyKeyAttributeCoder::decode coder %p id %d format %d record %p",this,id,format,&record);
switch(id)
{
case kSecKeyKeyClass:
Syslog::notice("kSecKeyKeyClass");
break;
case kSecKeyPrintName:
Syslog::notice("kSecKeyPrintName");
key->getLabel(tData,&dataLen);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((const void *)tData,dataLen));
break;
case kSecKeyAlias:
Syslog::notice("kSecKeyAlias");
break;
case kSecKeyPermanent:
Syslog::notice("kSecKeyPermanent");
break;
case kSecKeyPrivate:
Syslog::notice("kSecKeyKeyPrivate");
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)1));
break;
case kSecKeyModifiable:
Syslog::notice("kSecKeyKeyModifiable");
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)0));
break;
case kSecKeyApplicationTag:
Syslog::notice("kSecKeyApplicationTag");
break;
case kSecKeyKeyCreator:
Syslog::notice("kSecKeyKeyCreator");
break;
case kSecKeyKeyType:
Syslog::notice("kSecKeyType");
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)CSSM_ALGID_RSA));
break;
case kSecKeyKeySizeInBits:
Syslog::notice("kSecKeyKeySizeInBits");
value = key->getKeySize();
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)value));
Syslog::notice("kSecKeyKeySizeInBits %d",value);
break;
case kSecKeyEffectiveKeySize:
Syslog::notice("kSecKeyEffectiveKeySize");
value = key->getKeySize();;
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)value));
Syslog::notice("kSecKeyEffectiveKeySizeInBits %d",value);
break;
case kSecKeyStartDate:
Syslog::notice("kSecKeyKeyStartDate");
break;
case kSecKeyEndDate:
Syslog::notice("kSecKeyKeyEndDate");
break;
case kSecKeySensitive:
attrib = key->getSensitive();
Syslog::notice("kSecKeySensitive %d",attrib);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)attrib));
break;
case kSecKeyAlwaysSensitive:
attrib = key->getAlwaysSensitive();
Syslog::notice("kSecKeyAlwaysSensitive %d", attrib);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)attrib));
break;
case kSecKeyExtractable:
Syslog::notice("kSecKeyExtractable");
attrib = key->getKeyExtractable();
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)attrib));
break;
case kSecKeyNeverExtractable:
Syslog::notice("kSecKeyNeverExtractable");
attrib = key->getKeyNeverExtractable();
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)attrib));
break;
case kSecKeyEncrypt:
Syslog::notice("kSecKeyKeyEncrypt");
attrib = key->getKeyEncrypt();
Syslog::notice("kSecKeyEncrypt value %d",attrib);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)attrib));
break;
case kSecKeyDecrypt:
attrib = key->getKeyDecrypt();
Syslog::notice("kSecKeyDecrypt value %d",attrib);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)attrib));
break;
case kSecKeyDerive:
attrib = key->getKeyDerive();
Syslog::notice("kSecKeyKeyDerive %d", attrib);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)attrib));
break;
case kSecKeySign:
attrib = key->getKeySign();
Syslog::notice("kSecKeyKeySign value %d",attrib);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)attrib));
break;
case kSecKeyVerify:
attrib = key->getKeyVerify();
Syslog::notice("kSecKeyKeyVerify value %d",attrib);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)attrib));
break;
case kSecKeySignRecover:
attrib = key->getKeySignRecover();
Syslog::notice("kSecKeyKeySignRecover %d", attrib);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)attrib));
break;
case kSecKeyVerifyRecover:
attrib = key->getKeyVerifyRecover();
Syslog::notice("kSecKeyKeyVerifyRecover %d", attrib);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)attrib));
break;
case kSecKeyWrap:
attrib = key->getKeyWrap();
Syslog::notice("kSecKeyKeyWrap %d", attrib);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)attrib));
break;
case kSecKeyUnwrap:
attrib = key->getKeyUnwrap();
Syslog::notice("kSecKeyKeyUnwrap %d", attrib);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)attrib));
break;
case kSecKeyLabel:
Syslog::notice("kSecKeyLabel");
key->getLabel(tData,&dataLen);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((const void *)tData,dataLen));
break;
};
}
/* arch-tag: 36510900-0DBC-11D9-9CFC-000A9595DEEE */
--- NEW FILE CoolKeyAttributeCoder.h ---
/*
* Copyright (c) 2004 Apple Computer, ICoolKeync. All Rights Reserved.
* Portions Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
* Contributor(s):
* Jack Magne,jmagne(a)redhat.com
* CoolKey AttributeCoder implementation.
*
* @APPLE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*/
/*
* CoolKeyAttributeCoder.h
* Tokend CoolKey
*/
#ifndef _COOLKEY_ATTRIBUTECODER_H_
#define _COOLKEY_ATTRIBUTECODER_H_
#include "AttributeCoder.h"
#include <string>
#include <PCSC/musclecard.h>
#include "CoolKeyPK11.h"
//
// A coder that reads the data of an object
//
class CoolKeyDataAttributeCoder : public Tokend::AttributeCoder
{
NOCOPY(CoolKeyDataAttributeCoder)
public:
CoolKeyDataAttributeCoder() {}
virtual ~CoolKeyDataAttributeCoder();
virtual void decode(Tokend::TokenContext *tokenContext,
const Tokend::MetaAttribute &metaAttribute, Tokend::Record &record);
};
class CoolKeyCertAttributeCoder : public Tokend::AttributeCoder
{
NOCOPY(CoolKeyCertAttributeCoder)
public:
CoolKeyCertAttributeCoder() {}
virtual ~CoolKeyCertAttributeCoder();
virtual void decode(Tokend::TokenContext *tokenContext,
const Tokend::MetaAttribute &metaAttribute, Tokend::Record &record);
protected:
void getCertAttributeFromData(CoolKeyCertObject *aCert,CK_ULONG aAttribute, CK_BYTE *aData, CK_ULONG *aDataLen);
};
class CoolKeyKeyAttributeCoder : public Tokend::AttributeCoder
{
NOCOPY(CoolKeyKeyAttributeCoder)
public:
CoolKeyKeyAttributeCoder() {}
virtual ~CoolKeyKeyAttributeCoder();
virtual void decode(Tokend::TokenContext *tokenContext,
const Tokend::MetaAttribute &metaAttribute, Tokend::Record &record);
};
#endif /* !_CoolKeyATTRIBUTECODER_H_ */
/* arch-tag: 366E16D4-0DBC-11D9-B030-000A9595DEEE */
--- NEW FILE CoolKeyError.cpp ---
/*
* Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
* Portions Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
* Contributor(s):
* Jack Magne,jmagne(a)redhat.com
* CoolKey Error implementation.
* @APPLE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*/
/*
* CoolKeyError.cpp
* TokendMuscle
*/
#include "CoolKeyError.h"
#include <Security/cssmerr.h>
//
// CoolKeyError exceptions
//
CoolKeyError::CoolKeyError(uint16_t sw) : SCardError(sw)
{
IFDEBUG(debugDiagnose(this));
}
const char *CoolKeyError::what() const throw ()
{ return "CoolKey Error"; }
OSStatus CoolKeyError::osStatus() const
{
switch (statusWord)
{
case COOLKEY_AUTHENTICATION_FAILED_0:
case COOLKEY_AUTHENTICATION_FAILED_1:
case COOLKEY_AUTHENTICATION_FAILED_2:
case COOLKEY_AUTHENTICATION_FAILED_3:
return CSSM_ERRCODE_OPERATION_AUTH_DENIED;
default:
return SCardError::osStatus();
}
}
void CoolKeyError::throwMe(uint16_t sw)
{ throw CoolKeyError(sw); }
#if !defined(NDEBUG)
void CoolKeyError::debugDiagnose(const void *id) const
{
secdebug("exception", "%p CoolKeyError %s (%04hX)",
id, errorstr(statusWord), statusWord);
}
const char *CoolKeyError::errorstr(uint16_t sw) const
{
switch (sw)
{
case COOLKEY_AUTHENTICATION_FAILED_0:
return "Authentication failed, 0 retries left.";
case COOLKEY_AUTHENTICATION_FAILED_1:
return "Authentication failed, 1 retry left.";
case COOLKEY_AUTHENTICATION_FAILED_2:
return "Authentication failed, 2 retries left.";
case COOLKEY_AUTHENTICATION_FAILED_3:
return "Authentication failed, 3 retries left.";
default:
return SCardError::errorstr(sw);
}
}
#endif //NDEBUG
/* arch-tag: 0D984528-10D9-11D9-84A3-000393D5F80A */
--- NEW FILE CoolKeyError.h ---
/*
* Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
* Portions Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
* Contributor(s):
* Jack Magne,jmagne(a)redhat.com
* CoolKey Error implementation.
*
* @APPLE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*/
/*
* CoolKeyError.h
* TokendMuscle
*/
#ifndef _COOLKEY_ERROR_H_
#define _COOLKEY_ERROR_H_
/** Entered PIN is not correct and pin was blocked. */
#define COOLKEY_AUTHENTICATION_FAILED_0 0x6300
/** Entered PIN is not correct, 1 try left. */
#define COOLKEY_AUTHENTICATION_FAILED_1 0x6301
/** Entered PIN is not correct, 2 tries left. */
#define COOLKEY_AUTHENTICATION_FAILED_2 0x6302
/** Entered PIN is not correct, 3 tries left. */
#define COOLKEY_AUTHENTICATION_FAILED_3 0x6303
#include "SCardError.h"
class CoolKeyError : public Tokend::SCardError
{
protected:
CoolKeyError(uint16_t sw);
public:
OSStatus osStatus() const;
virtual const char *what () const throw ();
static void check(uint16_t sw) { if (sw != SCARD_SUCCESS) throwMe(sw); }
static void throwMe(uint16_t sw) __attribute__((noreturn));
protected:
IFDEBUG(void debugDiagnose(const void *id) const;)
IFDEBUG(const char *errorstr(uint16_t sw) const;)
};
#endif /* !_CoolKeyERROR_H_ */
/* arch-tag: 0EB9B81B-10D9-11D9-BA83-000393D5F80A */
--- NEW FILE CoolKeyHandle.cpp ---
/*
* Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
* Portions Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
* Contributor(s):
* Jack Magne,jmagne(a)redhat.com
* CoolKey KeyHandle implementation.
*
* @APPLE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*/
/*
* CoolKeyKeyHandle.cpp
* Tokend CoolKey
*/
#include "CoolKeyHandle.h"
#include "CoolKeyRecord.h"
#include "CoolKeyToken.h"
#include <security_utilities/debugging.h>
#include <security_utilities/utilities.h>
#include <security_cdsa_utilities/cssmerrors.h>
#include <security_cdsa_client/aclclient.h>
#include <Security/cssmerr.h>
#include <security_utilities/logging.h>
static const unsigned char sha1sigheader[] =
{
0x30, // SEQUENCE
0x21, // LENGTH
0x30, // SEQUENCE
0x09, // LENGTH
0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1a, // SHA1 OID (1 4 14 3 2 26)
0x05, 0x00, // OPTIONAL ANY algorithm params (NULL)
0x04, 0x14 // OCTECT STRING (20 bytes)
};
static const unsigned char md5sigheader[] =
{
0x30, // SEQUENCE
0x20, // LENGTH
0x30, // SEQUENCE
0x0C, // LENGTH
// MD5 OID (1 2 840 113549 2 5)
0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05,
0x05, 0x00, // OPTIONAL ANY algorithm params (NULL)
0x04, 0x10 // OCTECT STRING (16 bytes)
};
using CssmClient::AclFactory;
//
// CoolKeyKeyHandle
//
CoolKeyKeyHandle::CoolKeyKeyHandle(CoolKeyToken &coolToken,
const Tokend::MetaRecord &metaRecord, CoolKeyRecord &coolKey) :
Tokend::KeyHandle(metaRecord, &coolKey),
mToken(coolToken),mRecord(coolKey)
{
}
CoolKeyKeyHandle::~CoolKeyKeyHandle()
{
}
void CoolKeyKeyHandle::getKeySize(CSSM_KEY_SIZE &keySize)
{
Syslog::notice("CoolKeyHandle::getKeySize");
CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
}
uint32 CoolKeyKeyHandle::getOutputSize(const Context &context, uint32 inputSize,
bool encrypting)
{
Syslog::notice("CoolKeyHandle::getOutputSize");
CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
return 0;
}
void CoolKeyKeyHandle::generateSignature(const Context &context,
CSSM_ALGORITHMS signOnly, const CssmData &input, CssmData &signature)
{
Syslog::notice("CoolKeyHandle::generateSignature Input length %d context.type %d context.alg %d",input.length(),context.type(),context.algorithm());
CoolKeyObject * coolObj = mRecord.getCoolKeyObject();
if(!coolObj || coolObj->getClass() != CKO_PRIVATE_KEY)
{
Syslog::notice("Can't find object for record %p or incorrect object type", &mRecord);
CssmError::throwMe(CSSM_ERRCODE_INVALID_DATA);
}
CoolKeyKeyObject * keyObj = (CoolKeyKeyObject *) coolObj;
CK_ULONG keyLength = keyObj->getKeySize() / 8;
Syslog::notice("keyLength %d",keyLength);
if (context.type() != CSSM_ALGCLASS_SIGNATURE)
CssmError::throwMe(CSSMERR_CSP_INVALID_CONTEXT);
if (context.algorithm() != CSSM_ALGID_RSA)
CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
// Find out if we are doing a SHA1 or MD5 signature and setup header to
// point to the right asn1 blob.
const unsigned char *header = NULL;
size_t headerLength = 0;
if (signOnly == CSSM_ALGID_SHA1)
{
Syslog::notice("Asking for SHA1");
header = sha1sigheader;
headerLength = sizeof(sha1sigheader);
Syslog::notice("header is sha1sigheader, len %d", headerLength);
if (input.Length != 20)
CssmError::throwMe(CSSMERR_CSP_BLOCK_SIZE_MISMATCH);
}
else if (signOnly == CSSM_ALGID_MD5)
{
Syslog::notice("Asking for MD5");
header = md5sigheader;
headerLength = sizeof(md5sigheader);
Syslog::notice("header is md5sigheader, len %d", headerLength);
if (input.Length != 16)
CssmError::throwMe(CSSMERR_CSP_BLOCK_SIZE_MISMATCH);
}
else if (signOnly == CSSM_ALGID_NONE)
{
header = NULL;
headerLength = 0;
Syslog::notice("Asking for CSSM_ALGID_NONE");
// Special case used by SSL it's an RSA signature, without the ASN1 stuff
}
else
CssmError::throwMe(CSSMERR_CSP_INVALID_DIGEST_ALGORITHM);
CoolKeyPK11 pk11Manager = mToken.getPK11Manager();
int loggedIn = pk11Manager.isTokenLoggedIn();
if(!loggedIn)
{
Syslog::error("Can't sign , not logged in.");
CssmError::throwMe(CSSM_ERRCODE_OPERATION_AUTH_DENIED);
}
signature.Data =( uint8*) malloc(keyLength);
// Create an input buffer in which we construct the data we will send to
// the token.
size_t inputDataSize = headerLength + input.Length;
Syslog::notice("inputDataSize %d", inputDataSize);
auto_array<unsigned char> inputData(keyLength);
unsigned char *to = inputData.get();
// Get padding, but default to pkcs1 style padding
uint32 padding = CSSM_PADDING_NONE;
context.getInt(CSSM_ATTRIBUTE_PADDING, padding);
Syslog::notice("padding value %d",padding);
if (padding == CSSM_PADDING_PKCS1)
{
Syslog::notice("CSSM_PADDING_PKCS1.");
// Add PKCS1 style padding
*(to++) = 0;
*(to++) = 1; /* Private Key Block Type. */
size_t padLength = keyLength - 3 - inputDataSize;
Syslog::notice("padlength %d",padLength);
memset(to, 0xff, padLength);
to += padLength;
*(to++) = 0;
inputDataSize = keyLength;
}
else if (padding == CSSM_PADDING_NONE)
{
Syslog::notice("CSSM_PADDING_NONE");
// Token will fail if the input data isn't exactly keysize / 8 octects
// long
}
else
CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_PADDING);
if (headerLength)
{
memcpy(to, header, headerLength);
to += headerLength;
}
// Finally copy the passed in data to the input buffer.
memcpy(to, input.Data, input.Length);
if(!signature.Data)
{
Syslog::error("Can't allocate memory for signature operation.");
CssmError::throwMe(CSSM_ERRCODE_INVALID_DATA);
}
signature.Length = (size_t) keyLength;
int result = pk11Manager.generateSignature(coolObj,inputData.get(),inputDataSize,signature.Data,&signature.Length);
if(!result)
{
Syslog::notice("Problem generating signature");
if(signature.Data)
free(signature.Data);
CssmError::throwMe(CSSMERR_CSP_FUNCTION_FAILED);
}
Syslog::notice("generateSignature returned %d data lenght %d", result, signature.Length);
}
void CoolKeyKeyHandle::verifySignature(const Context &context,
CSSM_ALGORITHMS signOnly, const CssmData &input, const CssmData &signature)
{
Syslog::notice("CoolKeyHandle::verifySignature");
CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
}
void CoolKeyKeyHandle::generateMac(const Context &context,
const CssmData &input, CssmData &output)
{
Syslog::notice("CoolKeyHandle::generateMac");
CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
}
void CoolKeyKeyHandle::verifyMac(const Context &context,
const CssmData &input, const CssmData &compare)
{
Syslog::notice("CoolKeyHandle::verifyMac");
CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
}
void CoolKeyKeyHandle::encrypt(const Context &context,
const CssmData &clear, CssmData &cipher)
{
Syslog::notice("CoolKeyHandle::encrypt");
CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
}
void CoolKeyKeyHandle::decrypt(const Context &context,
const CssmData &cipher, CssmData &clear)
{
Syslog::notice("CoolKeyHandle::decrypt type %d alg %d length %d",context.type(), context.algorithm(),cipher.length());
CoolKeyObject * coolObj = mRecord.getCoolKeyObject();
if(!coolObj || coolObj->getClass() != CKO_PRIVATE_KEY )
{
Syslog::notice("Can't find object for record or incorrect object %p", &mRecord);
CssmError::throwMe(CSSM_ERRCODE_INVALID_DATA);
}
CoolKeyKeyObject * keyObj = (CoolKeyKeyObject *) coolObj;
CK_ULONG keyLength = keyObj->getKeySize() / 8;
Syslog::notice("keyLength %d",keyLength);
if (context.type() != CSSM_ALGCLASS_ASYMMETRIC)
{
Syslog::error("In decrypt wrong key type, not asymmetric");
CssmError::throwMe(CSSMERR_CSP_INVALID_CONTEXT);
}
if (context.algorithm() != CSSM_ALGID_RSA)
{
Syslog::error("In decrypt wrong algorithm, not RSA");
CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
}
CoolKeyPK11 pk11Manager = mToken.getPK11Manager();
int loggedIn = pk11Manager.isTokenLoggedIn();
if(!loggedIn)
{
Syslog::error("Can't decrypt , not logged in.");
CssmError::throwMe(CSSM_ERRCODE_OPERATION_AUTH_DENIED);
}
clear.Data = (uint8 *) malloc((size_t) keyLength);
clear.Length = keyLength;
if(!clear.Data)
{
Syslog::error("Can't allocate data for decrype operation.");
CssmError::throwMe(CSSM_ERRCODE_INVALID_DATA);
}
int result = pk11Manager.decryptData(coolObj,cipher.Data,cipher.Length,clear.Data,&clear.Length);
if(!result)
{
Syslog::error("Problem with decrypt operation");
if(clear.Data)
{
free(clear.Data);
}
CssmError::throwMe(CSSMERR_CSP_FUNCTION_FAILED);
}
Syslog::notice("decryptData returned %d data lenght %d", result, clear.Length);
}
void CoolKeyKeyHandle::exportKey(const Context &context,
const AccessCredentials *cred, CssmKey &wrappedKey)
{
Syslog::notice("CoolKeyHandle::exportKey");
CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
}
void CoolKeyKeyHandle::getOwner(AclOwnerPrototype &owner)
{
Syslog::notice("CoolKeyKeyHandle::getOwner");
if (!mAclOwner) {
Allocator &alloc = Allocator::standard();
mAclOwner.allocator(alloc);
mAclOwner = AclFactory::AnySubject(alloc);
}
owner = mAclOwner;
}
void CoolKeyKeyHandle::getAcl(const char *tag, uint32 &count, AclEntryInfo *&aclList)
{
Syslog::notice("CoolKeyKeyHandle::getAcl tag %s",tag);
// we don't (yet) support queries by tag
if (tag)
CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_ENTRY_TAG);
if(!mAclEntries) {
mAclEntries.allocator(Allocator::standard());
// Anyone can read the DB record for this key (which is a reference
// CSSM_KEY)
mAclEntries.add(CssmClient::AclFactory::AnySubject(
mAclEntries.allocator()),
AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_DB_READ, 0));
CssmData prompt;
CoolKeyPK11 pk11Manager = mToken.getPK11Manager();
int loggedIn = pk11Manager.isTokenLoggedIn();
if(!loggedIn)
{
Syslog::notice("CoolKeyKeyHandle:getAcl token NOT logged in already");
mAclEntries.add(CssmClient::AclFactory::PromptPWSubject(
mAclEntries.allocator(), prompt),
AclAuthorizationSet(
CSSM_ACL_AUTHORIZATION_SIGN
, CSSM_ACL_AUTHORIZATION_DECRYPT,CSSM_ACL_AUTHORIZATION_ENCRYPT, 0));
}
else
{
Syslog::notice("CoolKeyKeyHandle:getAcl token logged in already");
mAclEntries.add(CssmClient::AclFactory::AnySubject(
mAclEntries.allocator()),
AclAuthorizationSet(
CSSM_ACL_AUTHORIZATION_SIGN
, CSSM_ACL_AUTHORIZATION_DECRYPT,CSSM_ACL_AUTHORIZATION_ENCRYPT, 0));
}
}
count = mAclEntries.size();
aclList = mAclEntries.entries();
}
//
// CoolKeyKeyHandleFactory
//
CoolKeyKeyHandleFactory::~CoolKeyKeyHandleFactory()
{
}
Tokend::KeyHandle *CoolKeyKeyHandleFactory::keyHandle(
Tokend::TokenContext *tokenContext, const Tokend::MetaRecord &metaRecord,
Tokend::Record &record) const
{
Syslog::notice("CoolKeyKeyHandleFactory::keyHandle record %p ",&record);
CoolKeyToken &theToken = static_cast<CoolKeyToken& >(*tokenContext);
CoolKeyRecord &keyRecord = dynamic_cast<CoolKeyRecord &>(record);
return new CoolKeyKeyHandle(theToken, metaRecord, keyRecord);
}
/* arch-tag: 3685A262-0DBC-11D9-BC66-000A9595DEEE */
--- NEW FILE CoolKeyHandle.h ---
/*
* Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
* Portions Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
* Contributor(s):
* Jack Magne,jmagne(a)redhat.com
* CoolKey KeyHandle implementation.
*
* @APPLE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*/
/*
* CoolKeyKeyHandle.h
* Tokend CoolKey
*/
#ifndef _COOLKEY_KEYHANDLE_H_
#define _COOLKEY_KEYHANDLE_H_
#include "KeyHandle.h"
class CoolKeyToken;
class CoolKeyRecord;
//
// A KeyHandle object which implements the crypto interface to muscle.
//
class CoolKeyKeyHandle: public Tokend::KeyHandle
{
NOCOPY(CoolKeyKeyHandle)
public:
CoolKeyKeyHandle(CoolKeyToken &cacToken, const Tokend::MetaRecord &metaRecord,
CoolKeyRecord &cacKey);
~CoolKeyKeyHandle();
virtual void getKeySize(CSSM_KEY_SIZE &keySize);
virtual uint32 getOutputSize(const Context &context, uint32 inputSize,
bool encrypting);
virtual void generateSignature(const Context &context,
CSSM_ALGORITHMS signOnly, const CssmData &input, CssmData &signature);
virtual void verifySignature(const Context &context,
CSSM_ALGORITHMS signOnly, const CssmData &input,
const CssmData &signature);
virtual void generateMac(const Context &context, const CssmData &input,
CssmData &output);
virtual void verifyMac(const Context &context, const CssmData &input,
const CssmData &compare);
virtual void encrypt(const Context &context, const CssmData &clear,
CssmData &cipher);
virtual void decrypt(const Context &context, const CssmData &cipher,
CssmData &clear);
virtual void exportKey(const Context &context,
const AccessCredentials *cred, CssmKey &wrappedKey);
virtual void getOwner(AclOwnerPrototype &owner);
virtual void getAcl(const char *tag, uint32 &count, AclEntryInfo *&aclList);
private:
AutoAclOwnerPrototype mAclOwner;
AutoAclEntryInfoList mAclEntries;
CoolKeyToken &mToken;
CoolKeyRecord &mRecord;
};
//
// A factory that creates CoolKeyKeyHandle objects.
//
class CoolKeyKeyHandleFactory : public Tokend::KeyHandleFactory
{
NOCOPY(CoolKeyKeyHandleFactory)
public:
CoolKeyKeyHandleFactory() {}
virtual ~CoolKeyKeyHandleFactory();
virtual Tokend::KeyHandle *keyHandle(Tokend::TokenContext *tokenContext,
const Tokend::MetaRecord &metaRecord, Tokend::Record &record) const;
};
#endif /* !_CoolKeyKEYHANDLE_H_ */
/* arch-tag: 36A35766-0DBC-11D9-BB4D-000A9595DEEE */
--- NEW FILE CoolKeyPK11.cpp ---
/*
* Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
* Portions Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
* Contributor(s):
* Jack Magne,jmagne(a)redhat.com
* CoolKey CoolKeyPK11 interface.
* @APPLE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*/
/*
* CoolKeyPK11.cpp - CoolKey.tokend PKCS11 helper class
*/
#include "CoolKeyPK11.h"
#include <security_utilities/logging.h>
#include <dlfcn.h>
CK_ATTRIBUTE obj_classTemplate[] = {
{CKA_CLASS,NULL,0}
};
CK_ATTRIBUTE certTemplate[] = {
{CKA_CERTIFICATE_TYPE,NULL,0},{CKA_LABEL,NULL,0},
{CKA_SUBJECT,NULL,0},{CKA_ID,NULL,0},{CKA_ISSUER,NULL,0},
{CKA_SERIAL_NUMBER,NULL,0}, {CKA_VALUE,NULL,0}
};
CK_ATTRIBUTE public_keyTemplate[] = {
{CKA_KEY_TYPE,NULL,0},{CKA_ID,NULL,0},{CKA_LABEL,NULL,0},{CKA_MODULUS,NULL,0},
{CKA_PUBLIC_EXPONENT,NULL,0},{CKA_START_DATE,NULL,0},
{CKA_END_DATE,NULL,0},
{CKA_ENCRYPT,NULL,0},{CKA_VERIFY,NULL,0},{CKA_VERIFY_RECOVER,NULL,0},
{CKA_WRAP,NULL,0}
};
CK_ATTRIBUTE private_keyTemplate[] = {
{CKA_KEY_TYPE,NULL,0},{CKA_ID,NULL,0},{CKA_MODULUS,NULL,0},
{CKA_LABEL,NULL,0},{CKA_START_DATE,NULL,0},
{CKA_END_DATE,NULL,0}, {CKA_SENSITIVE,NULL,0},
{CKA_DECRYPT,NULL,0}, {CKA_SIGN,NULL,0}, {CKA_SIGN_RECOVER,NULL,0},
{CKA_UNWRAP,NULL,0}, {CKA_EXTRACTABLE,NULL,0}, {CKA_ALWAYS_SENSITIVE,NULL,0},
{CKA_NEVER_EXTRACTABLE,NULL,0},
{CKA_UNWRAP_TEMPLATE,NULL,0},{CKA_ALWAYS_AUTHENTICATE}
};
CK_ATTRIBUTE secret_keyTemplate[] = {
{CKA_KEY_TYPE,NULL,0},{CKA_ID,NULL,0},{CKA_LABEL,NULL,0},
{CKA_SENSITIVE,NULL,0},{CKA_ENCRYPT,NULL,0},{CKA_DECRYPT,NULL,0},
{CKA_SIGN,NULL,0},{CKA_VERIFY,NULL,0},{CKA_WRAP,NULL,0},{CKA_UNWRAP,NULL,0},
{CKA_EXTRACTABLE,NULL,0},{CKA_ALWAYS_SENSITIVE,NULL,0},{CKA_NEVER_EXTRACTABLE,NULL,0},
{CKA_CHECK_VALUE,NULL,0},{CKA_WRAP_WITH_TRUSTED,NULL,0},{CKA_TRUSTED,NULL,0},
{CKA_WRAP_TEMPLATE,NULL,0}
};
int CoolKeyPK11::loginToken(char *aPIN)
{
if(!mInitialized)
return 0;
if(!aPIN)
return 0;
CK_RV ck_rv = mEpv->C_Login(mSessHandle,CKU_USER,(CK_UTF8CHAR_PTR ) aPIN,(CK_ULONG) strlen(aPIN));
Syslog::notice("CoolKeyPK11::loginToken result %d aPin %s ",ck_rv,"****");
if(ck_rv == CKR_OK && !mCachedPIN.size())
{
//Syslog::notice("CoolKeyPK11::loginToken setting cached PIN");
mCachedPIN = aPIN;
}
return ck_rv;
}
void CoolKeyPK11::logoutToken()
{
if(!mInitialized)
return;
CK_RV ck_rv = mEpv->C_Logout(mSessHandle);
//clear cached pin
mCachedPIN = "";
Syslog::notice("CoolKeyPK11::logout result %d ",ck_rv);
}
int CoolKeyPK11::verifyCachedPIN(char *aPIN)
{
if(!aPIN || !mInitialized)
return CKR_PIN_INCORRECT;
if(!strcmp(aPIN,(char *) mCachedPIN.c_str()))
{
Syslog::notice("PIN OK!");
return CKR_OK;
}
Syslog::notice("PIN not OK!");
return CKR_PIN_INCORRECT;
}
int CoolKeyPK11::isTokenLoggedIn()
{
CK_RV ck_rv;
if(!mInitialized)
return 0;
CK_SESSION_INFO sinfo;
CK_SESSION_HANDLE h = (CK_SESSION_HANDLE)0;
ck_rv = mEpv->C_GetSessionInfo(mSessHandle, &sinfo);
if( CKR_OK != ck_rv ) {
Syslog::notice("isTokenLoggedIn C_GetSessionInfo(0x%08x) returned %lu ulDeviceError %lu", mSessHandle, ck_rv,sinfo.ulDeviceError);
ck_rv = mEpv->C_OpenSession(mSlots[mOurSlotIndex], CKF_SERIAL_SESSION, (CK_VOID_PTR)CK_NULL_PTR, (CK_NOTIFY)CK_NULL_PTR, &h);
if( CKR_OK != ck_rv ) {
Syslog::error("C_OpenSession(%lu, CKF_SERIAL_SESSION, , ) returned 0x%08x", mSlots[mOurSlotIndex], ck_rv);
return 0;
}
ck_rv = mEpv->C_GetSessionInfo(h, &sinfo);
if( CKR_OK != ck_rv) {
Syslog::error("Failed second chance to get session info!!");
return 0;
}
else
{
Syslog::notice("Created new session handle, old one is invalid! 0x%08x ",h);
mSessHandle = h;
}
}
int loggedIn = 0;
Syslog::notice("isTokenLoggedIn token state %d", sinfo.state);
if(sinfo.state == CKS_RO_USER_FUNCTIONS || sinfo.state == CKS_RW_USER_FUNCTIONS)
{
Syslog::notice("isTokenLoggedIn Token IS logged in");
loggedIn = 1;
}
else
{
Syslog::notice("isTokenLoggedIn Token IS NOT logged in");
}
return loggedIn;
}
int CoolKeyPK11::loadModule()
{
CK_RV ck_rv;
CK_FUNCTION_LIST_PTR epv = (CK_FUNCTION_LIST_PTR) NULL;
CK_C_GetFunctionList gfl;
CK_C_INITIALIZE_ARGS InitArgs;
InitArgs.CreateMutex=0; //CK_CREATEMUTEX
InitArgs.DestroyMutex=0; //CK_DESTROYMUTEX
InitArgs.LockMutex=0; //CK_LOCKMUTEX
InitArgs.UnlockMutex=0; //CK_UNLOCKMUTEX
InitArgs.flags=0; //CK_FLAGS
InitArgs.pReserved=0; //CK_C_INITIALIZE_ARGS
mTokenUid[0] = 0;
mPk11Driver = dlopen(PKCS11_PATH_NAME,RTLD_LAZY);
if(!mPk11Driver)
{
Syslog::error("Can't load pkcs11 driver error: %d ",dlerror());
return 0;
}
else
{
Syslog::debug("In CoolKeyToken::loadPKCS11() . past load lib %p ",mPk11Driver);
}
// Now try to load the functions
gfl =(CK_C_GetFunctionList) dlsym(mPk11Driver,"C_GetFunctionList");
if(gfl == NULL)
{
Syslog::error("In CoolKeyToken::loadPKCS11() Can't load symbol C_GetFunctionList error: $d ",dlerror());
dlclose(mPk11Driver);
mPk11Driver = NULL;
return 0;
}
//Syslog::debug("Found C_GetFunctionList : %p " , gfl);
ck_rv = (*gfl)(&epv);
if(ck_rv != CKR_OK)
{
Syslog::error("Can't get actual function list ");
dlclose(mPk11Driver);
mPk11Driver = NULL;
return 0;
}
//Syslog::debug("Function list found %p ", epv);
mEpv = epv;
//Now try to actually initialize the module
ck_rv = mEpv->C_Initialize(&InitArgs);
if(ck_rv != CKR_OK)
{
Syslog::error("Error initializing PKCS11 module result: %d ",ck_rv);
dlclose(mPk11Driver);
mPk11Driver = NULL;
mEpv = NULL;
return 0;
}
//Syslog::debug("Successfully Initialized PKCS11 module. ");
mInitialized = 1;
int res = loadSlotList();
if(res)
{
mIsOurToken = 1;
}
else
mInitialized = 0;
return res;
}
int CoolKeyPK11::freeModule()
{
if(!mInitialized)
{
return 1;
}
if(mEpv)
{
mEpv->C_Finalize(NULL);
mInitialized = NULL;
}
return 1;
}
int CoolKeyPK11::freeObjects()
{
return 1;
}
int CoolKeyPK11::loadObjects()
{
CK_RV ck_rv;
if(!mInitialized)
return 0;
CK_SESSION_HANDLE h = (CK_SESSION_HANDLE)0;
CK_SESSION_INFO sinfo;
CK_ULONG tnObjects = 0;
mSessHandle = 0;
ck_rv = mEpv->C_OpenSession(mSlots[mOurSlotIndex], CKF_SERIAL_SESSION, (CK_VOID_PTR)CK_NULL_PTR, (CK_NOTIFY)CK_NULL_PTR, &h);
if( CKR_OK != ck_rv ) {
Syslog::error("C_OpenSession(%lu, CKF_SERIAL_SESSION, , ) returned 0x%08x", mSlots[mOurSlotIndex], ck_rv);
return 0;
}
Syslog::notice(" Opened a session: handle = 0x%08x", h);
mSessHandle = h;
ck_rv = mEpv->C_GetSessionInfo(h, &sinfo);
if( CKR_OK != ck_rv ) {
Syslog::notice("C_GetSessionInfo(%lu, ) returned 0x%08x", h, ck_rv);
return 0;
}
Syslog::notice(" SESSION INFO:");
Syslog::notice(" slotID = %lu", sinfo.slotID);
Syslog::notice(" state = %lu", sinfo.state);
Syslog::notice(" flags = 0x%08x", sinfo.flags);
Syslog::notice(" ulDeviceError = %lu", sinfo.ulDeviceError);
ck_rv = mEpv->C_FindObjectsInit(h, (CK_ATTRIBUTE_PTR)CK_NULL_PTR, 0);
if( CKR_OK != ck_rv ) {
Syslog::error("C_FindObjectsInit(%lu, NULL_PTR, 0) returned 0x%08x", h, ck_rv);
return 0;
}
Syslog::notice(" All objects:");
while(1) {
CK_OBJECT_HANDLE o = (CK_OBJECT_HANDLE)0;
CK_ULONG nObjects = 0;
ck_rv = mEpv->C_FindObjects(h, &o, 1, &nObjects);
if( CKR_OK != ck_rv ) {
Syslog::notice("C_FindObjects(%lu, , 1, ) returned 0x%08x", h, ck_rv);
return 0;
}
if( 0 == nObjects ) {
break;
}
tnObjects++;
Syslog::notice(" OBJECT HANDLE %lu", o);
ck_rv = mEpv->C_GetAttributeValue(h, o, obj_classTemplate, 1);
//Syslog::notice("ck_rv %d",ck_rv);
switch( ck_rv ) {
case CKR_OK:
case CKR_ATTRIBUTE_SENSITIVE:
case CKR_ATTRIBUTE_TYPE_INVALID:
case CKR_BUFFER_TOO_SMALL:
break;
default:
Syslog::notice("C_GetAtributeValue(%lu, %lu, {one attribute type}, %lu) returned 0x%08x",
h, o, 1, ck_rv);
return 0;
}
if( 1 ) {
if( -1 != (CK_LONG)obj_classTemplate[0].ulValueLen ) {
obj_classTemplate[0].pValue = (CK_VOID_PTR) new char[obj_classTemplate[0].ulValueLen];
if(!obj_classTemplate[0].pValue)
{
Syslog::notice("Can't allocate memory for attribute of size %d",(int) obj_classTemplate[0].ulValueLen);
continue;
}
ck_rv = mEpv->C_GetAttributeValue(h, o, obj_classTemplate, 1);
if(ck_rv == CKR_OK)
{
CK_LONG obj_class = (CK_LONG) *((CK_LONG *) obj_classTemplate[0].pValue);
Syslog::notice("objclass: %lu",obj_class);
CoolKeyObject *newObject = NULL;
switch(obj_class)
{
case CKO_CERTIFICATE:
Syslog::notice("Found certificate:-----------------");
newObject = (CoolKeyObject *) new CoolKeyCertObject(o,h,obj_class,this);
break;
case CKO_PUBLIC_KEY:
Syslog::notice("Found public key:----------------");
newObject = (CoolKeyObject *) new CoolKeyKeyObject(o,h,obj_class,this);
Syslog::notice("Found public key:");
break;
case CKO_PRIVATE_KEY:
Syslog::notice("Found private key:-------------------");
newObject = (CoolKeyObject *) new CoolKeyKeyObject(o,h,obj_class,this);
break;
default:
Syslog::notice("Found something else:");
break;
};
if(newObject)
{
mObjects[o] = newObject;
}
}
if(obj_classTemplate[0].pValue)
delete [] (char *) obj_classTemplate[0].pValue;
obj_classTemplate[0].pValue = NULL;
}
}
} /* while(1) */
ck_rv = mEpv->C_FindObjectsFinal(h);
if( CKR_OK != ck_rv ) {
Syslog::notice("C_FindObjectsFinal(%lu) returned 0x%08x", h, ck_rv);
return 0;
}
Syslog::notice(" (%lu objects total)", tnObjects);
ck_rv = mEpv->C_CloseSession(h);
if( CKR_OK != ck_rv ) {
Syslog::notice( "C_CloseSession(%lu) returned 0x%08x", h, ck_rv);
return 0;
}
return 1;
}
int CoolKeyPK11::loadSlotList()
{
mTokenUid[0] = 0;
int result = 0;
if(!mInitialized)
{
return result;
}
CK_RV ck_rv = 0;
CK_ULONG nSlots = 0;
ck_rv = mEpv->C_GetSlotList(CK_FALSE,(CK_SLOT_ID) CK_NULL_PTR,&nSlots);
if(ck_rv == CKR_OK)
{
Syslog::notice("In CoolKeyPK11:loadSlotList() GetSlotList found %d slot(s) ",nSlots);
}
else
{
Syslog::notice("In CoolKeyToken::probe() GetSlotList error: %d ",ck_rv);
}
if(nSlots > COOLKEY_MAX_SLOTS)
{
return result;
}
if(nSlots > 0)
{
ck_rv = mEpv->C_GetSlotList(CK_FALSE,mSlots, &nSlots);
if(ck_rv != CKR_OK)
{
Syslog::debug("In CoolKeyToken::probe() GetSlotList error: %d ",ck_rv);
}
mOurSlotIndex = nSlots - 1;
for(CK_ULONG i = 0; i < nSlots ; i++)
{
CK_SLOT_INFO sinfo;
int j = 0;
while( j++ < 5)
{
ck_rv = mEpv->C_GetSlotInfo(mSlots[i],&sinfo);
if(ck_rv != CKR_OK)
{
Syslog::error("In CoolKeyPK11::loadSlotListe() GetSlotInfo error: %d ",ck_rv);
break;
//continue;
}
Syslog::notice(" Slot Info: Slot: %d" ,i);
Syslog::notice(" slotDescription = \"%.64s\"", sinfo.slotDescription);
Syslog::notice(" manufacturerID = \"%.32s\"", sinfo.manufacturerID);
Syslog::notice(" flags = 0x%08lx", sinfo.flags);
Syslog::notice(" -> TOKEN PRESENT = %s",
sinfo.flags & CKF_TOKEN_PRESENT ? "TRUE" : "FALSE");
Syslog::notice(" -> REMOVABLE DEVICE = %s",
sinfo.flags & CKF_REMOVABLE_DEVICE ? "TRUE" : "FALSE");
Syslog::notice(" -> HW SLOT = %s",
sinfo.flags & CKF_HW_SLOT ? "TRUE" : "FALSE");
Syslog::notice(" hardwareVersion = %lu.%02lu",
(uint32)sinfo.hardwareVersion.major, (uint32)sinfo.hardwareVersion.minor);
Syslog::notice(" firmwareVersion = %lu.%02lu",
(uint32)sinfo.firmwareVersion.major, (uint32)sinfo.firmwareVersion.minor);
Syslog::notice(" See if token is present in reader");
if(!(sinfo.flags & CKF_TOKEN_PRESENT))
{
Syslog::notice(" Failed to connect to the token try again.");
usleep(100000);
continue;
}
Syslog::notice(" Token is really present!");
break;
}
if(sinfo.flags & CKF_TOKEN_PRESENT )
{
CK_TOKEN_INFO tinfo;
(void)memset(&tinfo, 0, sizeof(CK_TOKEN_INFO));
ck_rv = mEpv->C_GetTokenInfo(mSlots[i], &tinfo);
if( CKR_OK != ck_rv ) {
Syslog::debug("C_GetTokenInfo(%lu, ) returned 0x%08x", mSlots[i], ck_rv);
return result;
}
Syslog::notice(" Token Info:");
Syslog::notice(" label = \"%.32s\"", tinfo.label);
Syslog::notice(" manufacturerID = \"%.32s\"", tinfo.manufacturerID);
Syslog::notice(" model = \"%.16s\"", tinfo.model);
Syslog::notice(" serialNumber = \"%.16s\"", tinfo.serialNumber);
Syslog::notice(" flags = 0x%08lx", tinfo.flags);
/*
Syslog::notice(" -> RNG = %s",
tinfo.flags & CKF_RNG ? "TRUE" : "FALSE");
Syslog::notice(" -> WRITE PROTECTED = %s",
tinfo.flags & CKF_WRITE_PROTECTED ? "TRUE" : "FALSE");
Syslog::notice(" -> LOGIN REQUIRED = %s",
tinfo.flags & CKF_LOGIN_REQUIRED ? "TRUE" : "FALSE");
Syslog::notice(" -> USER PIN INITIALIZED = %s",
tinfo.flags & CKF_USER_PIN_INITIALIZED ? "TRUE" : "FALSE");
Syslog::notice(" -> RESTORE KEY NOT NEEDED = %s",
tinfo.flags & CKF_RESTORE_KEY_NOT_NEEDED ? "TRUE" : "FALSE");
Syslog::debug(" -> CLOCK ON TOKEN = %s",
tinfo.flags & CKF_CLOCK_ON_TOKEN ? "TRUE" : "FALSE");
Syslog::notice( " ulMaxSessionCount = %lu", tinfo.ulMaxSessionCount);
Syslog::notice( " ulSessionCount = %lu", tinfo.ulSessionCount);
Syslog::notice( " ulMaxRwSessionCount = %lu", tinfo.ulMaxRwSessionCount);
Syslog::notice(" ulRwSessionCount = %lu", tinfo.ulRwSessionCount);
Syslog::notice( " ulMaxPinLen = %lu", tinfo.ulMaxPinLen);
Syslog::notice(" ulMinPinLen = %lu", tinfo.ulMinPinLen);
Syslog::notice(" ulTotalPublicMemory = %lu", tinfo.ulTotalPublicMemory);
Syslog::notice(" ulFreePublicMemory = %lu", tinfo.ulFreePublicMemory);
Syslog::notice(" ulTotalPrivateMemory = %lu", tinfo.ulTotalPrivateMemory);
Syslog::notice(" ulFreePrivateMemory = %lu", tinfo.ulFreePrivateMemory);
Syslog::notice(" hardwareVersion = %lu.%02lu",
(uint32)tinfo.hardwareVersion.major, (uint32)tinfo.hardwareVersion.minor);
Syslog::notice(" firmwareVersion = %lu.%02lu",
(uint32)tinfo.firmwareVersion.major, (uint32)tinfo.firmwareVersion.minor);
Syslog::notice(" utcTime = \"%.16s\"", tinfo.utcTime);
*/
Syslog::notice(" Token is present uid %s",tinfo.label);
int label_size = 32;
memcpy((void *) mTokenUid, (void *) tinfo.label,label_size);
mTokenUid[label_size -1] = 0;
}
else
{
Syslog::error(" Token not present in slot ");
return result;
}
}
}else
{
return result;
}
return 1;
}
//Actual crypto ops
int CoolKeyPK11::decryptData(CoolKeyObject *aObj,CK_BYTE *aEncData, CK_ULONG aEncDataLen, CK_BYTE *aData, CK_ULONG *aDataLen)
{
int result = 0;
if( !mEpv || !aObj || !aEncData || !aEncDataLen || !aData || !aDataLen
|| aDataLen <=0 || *aDataLen <= 0)
{
Syslog::error(" CoolKeyPK11::decryptData bad input data");
return result;
}
CK_OBJECT_HANDLE objHandle = aObj->getHandle();
CK_RV ck_rv = mEpv->C_DecryptInit(mSessHandle,NULL,objHandle);
Syslog::notice("decryptData C_DecryptInit Init result %d", ck_rv);
if(ck_rv != CKR_OK)
{
Syslog::notice("decryptData error calling C_DecryptInit");
return result;
}
ck_rv = mEpv->C_Decrypt(mSessHandle,aEncData,aEncDataLen,aData,aDataLen);
Syslog::notice("C_Decrypt result %d", ck_rv);
if(ck_rv != CKR_OK)
{
Syslog::notice("C_Decrypt result in error");
return 0;
}
Syslog::notice("decryptData return success");
return 1;
}
int CoolKeyPK11::generateSignature(CoolKeyObject *aObj,CK_BYTE *aData, CK_ULONG aDataLen, CK_BYTE *aSignature, CK_ULONG *aSignatureLen)
{
int result = 0;
if( !mEpv || !aObj || !aData || !aDataLen || !aSignature || !aSignatureLen
|| aDataLen <=0 || *aSignatureLen <= 0)
{
Syslog::error(" CoolKeyPK11::generateSignature bad input data");
return result;
}
CK_OBJECT_HANDLE objHandle = aObj->getHandle();
CK_RV ck_rv = mEpv->C_SignInit(mSessHandle,NULL,objHandle);
Syslog::notice("generateSignature C_SignInit result %d", ck_rv);
if(ck_rv != CKR_OK)
{
Syslog::notice("generatSignature error calling C_SignInit");
return result;
}
ck_rv = mEpv->C_Sign(mSessHandle,aData,aDataLen,aSignature,aSignatureLen);
Syslog::notice("C_Sign result %d", ck_rv);
if(ck_rv != CKR_OK)
{
Syslog::notice("C_Sign result in error");
return 0;
}
Syslog::notice("generateSignature return success");
return 1;
}
void CoolKeyObject::dumpData(CK_CHAR *aData, CK_ULONG aDataLen)
{
char line[256];
Syslog::notice("dumping data %p len %lu",aData,aDataLen);
CK_ULONG max = 8;
for(CK_ULONG i = 0 ; i < aDataLen; i ++)
{
if(i > max)
break;
sprintf(line," val[%lu]= %X",i,aData[i]);
Syslog::notice(line);
}
}
void CoolKeyObject::loadAttributes(CK_ATTRIBUTE *aTemplate,int aTemplateSize)
{
CK_RV ck_rv;
Syslog::notice("CoolKeyObject::loadAttributes with args template size %d",aTemplateSize);
if(!aTemplate || aTemplateSize <= 0 || mAttributesLoaded)
return;
CK_FUNCTION_LIST_PTR funcPtr = NULL;
if(mParent && (funcPtr = mParent->getFunctionPointer()))
{
Syslog::notice("CoolKeyObject::loadAttributes got function pointer");
ck_rv = funcPtr->C_GetAttributeValue(mSessHandle, mObjHandle, aTemplate, aTemplateSize);
switch(ck_rv)
{
case CKR_OK:
case CKR_ATTRIBUTE_SENSITIVE:
case CKR_ATTRIBUTE_TYPE_INVALID:
case CKR_BUFFER_TOO_SMALL:
break;
default:
Syslog::notice("CoolKeyObject::loadAttributes failed ck_rv %d",ck_rv);
return;
break;
};
for(int i = 0 ; i < aTemplateSize ; i++)
{
Syslog::notice("Object attribute: name % stype 0x%lx , size %d",
attributeName(aTemplate[i].type),aTemplate[i].type,
aTemplate[i].ulValueLen);
}
//Do it again to get actual data
for(int i = 0; i < aTemplateSize ; i++)
{
int size = (int)aTemplate[i].ulValueLen;
if(size && size != -1)
{
char *objData = new char [aTemplate[i].ulValueLen];
if(!objData)
{
continue;
}
aTemplate[i].pValue = objData;
}
}
//Now have the data alocated go get it.
ck_rv = funcPtr->C_GetAttributeValue(mSessHandle, mObjHandle, aTemplate, aTemplateSize);
switch(ck_rv)
{
case CKR_OK:
case CKR_ATTRIBUTE_SENSITIVE:
case CKR_ATTRIBUTE_TYPE_INVALID:
case CKR_BUFFER_TOO_SMALL:
break;
default:
Syslog::notice("CoolKeyObject::loadAttributes failed ck_rv %d",ck_rv);
return;
break;
};
//print out results of actually getting the data
for(int i = 0 ; i < aTemplateSize ; i++)
{
int size = aTemplate[i].ulValueLen;
char *data = (char *) aTemplate[i].pValue;
if(size && size != -1 && data)
{
Syslog::notice("Legitimate Object attribute saving.... Name: %s : type 0x%lx , size %d",
attributeName(aTemplate[i].type),aTemplate[i].type,
aTemplate[i].ulValueLen);
CK_ATTRIBUTE * newAttr = new CK_ATTRIBUTE ;
//Check for CAC data, we want to let the Apple CAC TokenD take care of these.
if(strstr(data,"CAC"))
{
Syslog::notice("CAC related item found, exiting... \n");
exit(0);
}
if(!newAttr)
{
Syslog::notice("Can't allocate memory for new attribute");
continue;
}
newAttr->ulValueLen = aTemplate[i].ulValueLen;
newAttr->type = aTemplate[i].type;
newAttr->pValue = aTemplate[i].pValue;
//CoolKeyObject::dumpData((CK_BYTE *)newAttr->pValue,newAttr->ulValueLen);
// put the attribute in our local map
aTemplate[i].ulValueLen = 0;
aTemplate[i].pValue = NULL;
mAttributes[newAttr->type] = newAttr;
}
}
}
}
void CoolKeyKeyObject::loadAttributes()
{
Syslog::notice("CoolKeyKeyObject::loadAttributes no args");
if(mAttributesLoaded)
return;
int templateSize = 0;
if(mObjClass == CKO_PRIVATE_KEY)
{
templateSize = sizeof(private_keyTemplate)/sizeof(CK_ATTRIBUTE);
CoolKeyObject::loadAttributes((CK_ATTRIBUTE *)private_keyTemplate,templateSize);
}
else
{
templateSize = sizeof(public_keyTemplate)/sizeof(CK_ATTRIBUTE);
CoolKeyObject::loadAttributes((CK_ATTRIBUTE *)public_keyTemplate, templateSize);
}
}
CK_BYTE CoolKeyKeyObject::getSensitive()
{
CK_BYTE result = 0;
result = getByteAttribute(CKA_SENSITIVE);
Syslog::notice("In CoolKeyObject::getID type %c",result);
return result;
}
CK_BYTE CoolKeyKeyObject::getKeyEncrypt()
{
CK_BYTE result = 0;
result = getByteAttribute(CKA_ENCRYPT);
Syslog::notice("In CoolKeyObject::getKeyEncrypt result %d",result);
return result;
}
CK_BYTE CoolKeyKeyObject::getKeyDecrypt()
{
CK_BYTE result = 0;
result = getByteAttribute(CKA_DECRYPT);
Syslog::notice("In CoolKeyObject::getKeyDecrypt type %d",result);
return result;
}
CK_BYTE CoolKeyKeyObject::getKeySign()
{
CK_BYTE result = 0;
result = getByteAttribute(CKA_SIGN);
Syslog::notice("In CoolKeyKeyObject::getKeySign type %d",result);
return result;
}
CK_BYTE CoolKeyKeyObject::getKeyWrap()
{
CK_BYTE result = 0;
result = getByteAttribute(CKA_WRAP);
Syslog::notice("In CoolKeyKeyObject::getKeyWrap type %d",result);
return result;
}
CK_BYTE CoolKeyKeyObject::getKeyVerify()
{
CK_BYTE result = 0;
result = getByteAttribute(CKA_VERIFY);
Syslog::notice("In CoolKeyKeyObject::getKeyVerify type %d",result);
return result;
}
CK_BYTE CoolKeyKeyObject::getKeyDerive()
{
CK_BYTE result = 0;
result = getByteAttribute(CKA_DERIVE);
Syslog::notice("In CoolKeyKeyObject::getKeyDerive type %d",result);
return result;
}
CK_BYTE CoolKeyKeyObject::getKeyUnwrap()
{
CK_BYTE result = 0;
result = getByteAttribute(CKA_UNWRAP);
Syslog::notice("In CoolKeyKeyObject::getKeyUnwrap type %d",result);
return result;
}
CK_BYTE CoolKeyKeyObject::getKeySignRecover()
{
CK_BYTE result = 0;
result = getByteAttribute(CKA_SIGN_RECOVER);
Syslog::notice("In CoolKeyKeyObject::getKeySignRecover type %d",result);
return result;
}
CK_BYTE CoolKeyKeyObject::getKeyVerifyRecover()
{
CK_BYTE result = 0;
result = getByteAttribute(CKA_VERIFY_RECOVER);
Syslog::notice("In CoolKeyObject::getKeyKeyVerifyRecover type %d",result);
return result;
}
CK_BYTE CoolKeyKeyObject::getKeyExtractable()
{
CK_BYTE result = 0;
result = getByteAttribute(CKA_EXTRACTABLE);
Syslog::notice("In CoolKeyKeyObject::getExtractable type %d",result);
return result;
}
CK_BYTE CoolKeyKeyObject::getKeyNeverExtractable()
{
CK_BYTE result = 0;
result = getByteAttribute(CKA_NEVER_EXTRACTABLE);
Syslog::notice("In CoolKeyKeyObject::getNeverExtractable type %d",result);
return result;
}
CK_BYTE CoolKeyKeyObject::getAlwaysSensitive()
{
CK_BYTE result = 0;
result = getByteAttribute(CKA_ALWAYS_SENSITIVE);
Syslog::notice("In CoolKeyKeyObject::getAlwaysSensitive type %d",result);
return result;
}
void CoolKeyKeyObject::getLabel(CK_BYTE *aData, CK_ULONG *aDataLen)
{
if(!aData || !aDataLen || *aDataLen < 1)
return;
aData[0] = 0;
getByteDataAttribute(CKA_LABEL,aData,aDataLen);
Syslog::notice("In CoolKeyKeyObject::getLabel %s",aData);
}
CK_BYTE CoolKeyObject::getID()
{
CK_BYTE result = 0;
result = getByteAttribute(CKA_ID);
Syslog::notice("In CoolKeyObject::getID type %c",result);
return result;
}
void CoolKeyObject::freeAttributes()
{
Syslog::notice("CoolKeyObject::freeAttributes");
map< CK_ATTRIBUTE_TYPE, CK_ATTRIBUTE * >::iterator i;
CK_ATTRIBUTE *cur = NULL;
for(i = mAttributes.begin(); i!= mAttributes.end(); i++)
{
cur = (*i).second;
if(cur)
{
if(cur->pValue)
delete [] (char *) cur->pValue;
delete cur;
}
}
}
void CoolKeyObject::loadAttributes()
{
//Syslog::notice("CoolKeyObject::loadAttributes no args");
}
void CoolKeyCertObject::loadAttributes()
{
//Syslog::notice("In CoolKeyCertObject::loadAttributes no args");
if(mAttributesLoaded)
return;
int templateSize = sizeof(certTemplate)/sizeof(CK_ATTRIBUTE);
if(!templateSize)
return;
CoolKeyObject::loadAttributes(certTemplate,templateSize);
}
CoolKeyKeyObject::CoolKeyKeyObject(CK_OBJECT_HANDLE aObjHandle, CK_SESSION_HANDLE aSessHandle,CK_LONG aObjClass,CoolKeyPK11 *aParent) : CoolKeyObject(aObjHandle,aSessHandle,aObjClass,aParent)
{
//Syslog::notice("CoolKeyKeyObject::CoolKeyKeyObject");
loadAttributes();
}
CK_ULONG CoolKeyKeyObject::getKeySize()
{
CK_ULONG size = 0;
CK_ATTRIBUTE *theMod = getAttribute(CKA_MODULUS);
if(theMod)
{
size = (theMod->ulValueLen - 1 ) * 8;
}
return size;
}
CoolKeyCertObject::CoolKeyCertObject(CK_OBJECT_HANDLE aObjHandle, CK_SESSION_HANDLE aSessHandle,CK_LONG aObjClass,CoolKeyPK11 *aParent) : CoolKeyObject(aObjHandle,aSessHandle,aObjClass,aParent)
{
loadAttributes();
}
void CoolKeyCertObject::getIssuer(CK_BYTE *aData, CK_ULONG *aDataLen)
{
if(!aData || !aDataLen || *aDataLen < 1)
return;
aData[0] = 0;
getByteDataAttribute(CKA_ISSUER,aData,aDataLen);
}
void CoolKeyCertObject::getSerialNo(CK_BYTE *aData,CK_ULONG *aDataLen)
{
if(!aData || !aDataLen || *aDataLen < 1)
return;
aData[0] = 0;
getByteDataAttribute(CKA_SERIAL_NUMBER,aData,aDataLen);
}
void CoolKeyCertObject::getLabel(CK_BYTE *aData, CK_ULONG *aDataLen)
{
if(!aData || !aDataLen || *aDataLen < 1)
return;
aData[0] = 0;
getByteDataAttribute(CKA_LABEL,aData,aDataLen);
}
void CoolKeyCertObject::getPublicKeyHash(CK_BYTE *aData,CK_ULONG *aDataLen)
{
if(!aData || !aDataLen || *aDataLen < 1)
return;
aData[0] = 0;
}
void CoolKeyCertObject::getData(CK_BYTE *aData, CK_ULONG *aDataLen)
{
if(!aData || !aDataLen || *aDataLen < 1)
return;
aData[0] = 0;
getByteDataAttribute(CKA_VALUE,aData,aDataLen);
}
void CoolKeyCertObject::getSubject(CK_BYTE *aData, CK_ULONG *aDataLen)
{
if(!aData || !aDataLen || *aDataLen < 1)
return;
aData[0] = 0;
getByteDataAttribute(CKA_SUBJECT,aData,aDataLen);
}
CK_ULONG CoolKeyCertObject::getType()
{
CK_ULONG result = 0;
result = getULongAttribute(CKA_CERTIFICATE_TYPE);
Syslog::notice("In CoolKeyCertObject::getType type %lu",result);
return result;
}
CoolKeyObject::CoolKeyObject(CK_OBJECT_HANDLE aObjHandle, CK_SESSION_HANDLE aSessHandle,CK_LONG aObjClass,CoolKeyPK11 *aParent) : mObjHandle(aObjHandle),mSessHandle(aSessHandle),mAttributesLoaded(0),mObjClass(aObjClass),mParent(aParent)
{
Syslog::notice("In CoolKeyObject::CoolKeyObject mObjClass %d",mObjClass);
}
CK_ATTRIBUTE * CoolKeyObject::getAttribute(CK_ATTRIBUTE_TYPE aAttr)
{
CK_ATTRIBUTE *theAttr = mAttributes[aAttr];
return theAttr;
}
CK_LONG CoolKeyObject::getLongAttribute(CK_ATTRIBUTE_TYPE aAttr)
{
CK_ATTRIBUTE *theAttr = getAttribute(aAttr);
if(!theAttr)
return 0;
CK_ULONG size = theAttr->ulValueLen ;
if(size != sizeof(CK_LONG))
return 0;
if(!theAttr->pValue)
return 0;
return (CK_LONG) *((CK_LONG *) theAttr->pValue);
}
CK_ULONG CoolKeyObject::getULongAttribute(CK_ATTRIBUTE_TYPE aAttr)
{
CK_ATTRIBUTE *theAttr = getAttribute(aAttr);
Syslog::notice("In CoolKeyObject::getULongAttr attr %p size %d value %p",theAttr,theAttr->ulValueLen,theAttr->pValue);
if(!theAttr)
return 0;
CK_ULONG size = theAttr->ulValueLen ;
if(size != sizeof(CK_ULONG))
return 0;
if(!theAttr->pValue)
return 0;
return (CK_ULONG) *((CK_ULONG *) theAttr->pValue);
}
CK_BYTE CoolKeyObject::getByteAttribute(CK_ATTRIBUTE_TYPE aAttr)
{
CK_ATTRIBUTE *theAttr = getAttribute(aAttr);
if(!theAttr)
return 0;
CK_ULONG size = theAttr->ulValueLen ;
if(size != sizeof(CK_BYTE))
return 0;
if(!theAttr->pValue)
return 0;
return (CK_BYTE) *((CK_BYTE *) theAttr->pValue);
}
void CoolKeyObject::getByteDataAttribute(CK_ATTRIBUTE_TYPE aAttr,CK_BYTE *aData, CK_ULONG *aDataLen)
{
if(!aData || !aDataLen || *aDataLen <= 0 )
return;
CK_ATTRIBUTE *theAttr = getAttribute(aAttr);
Syslog::notice("In CoolKeyObject::getByteData attr %p attr size %d ",theAttr,theAttr->ulValueLen);
if(!theAttr)
return ;
CK_ULONG size = theAttr->ulValueLen ;
if(size < 1 || size >= *aDataLen)
return;
*aDataLen = 0;
aData[0] = 0;
if(!theAttr->pValue)
return;
memcpy( aData, theAttr->pValue,size);
*aDataLen = size;
}
char *CoolKeyObject::attributeName(uint32_t attributeId)
{
static char buffer[20];
switch (attributeId)
{
case CKA_CLASS: return "CLASS";
case CKA_TOKEN: return "TOKEN";
case CKA_PRIVATE: return "PRIVATE";
case CKA_LABEL: return "LABEL";
case CKA_APPLICATION: return "APPLICATION";
case CKA_VALUE: return "VALUE";
case CKA_OBJECT_ID: return "OBJECT_ID";
case CKA_CERTIFICATE_TYPE: return "CERTIFICATE_TYPE";
case CKA_ISSUER: return "ISSUER";
case CKA_SERIAL_NUMBER: return "SERIAL_NUMBER";
case CKA_AC_ISSUER: return "AC_ISSUER";
case CKA_OWNER: return "OWNER";
case CKA_ATTR_TYPES: return "ATTR_TYPES";
case CKA_TRUSTED: return "TRUSTED";
case CKA_KEY_TYPE: return "KEY_TYPE";
case CKA_SUBJECT: return "SUBJECT";
case CKA_ID: return "ID";
case CKA_SENSITIVE: return "SENSITIVE";
case CKA_ENCRYPT: return "ENCRYPT";
case CKA_DECRYPT: return "DECRYPT";
case CKA_WRAP: return "WRAP";
case CKA_WRAP_TEMPLATE: return "WRAP_TEMPLATE";
case CKA_UNWRAP: return "UNWRAP";
case CKA_SIGN: return "SIGN";
case CKA_SIGN_RECOVER: return "SIGN_RECOVER";
case CKA_VERIFY: return "VERIFY";
case CKA_VERIFY_RECOVER: return "VERIFY_RECOVER";
case CKA_DERIVE: return "DERIVE";
case CKA_START_DATE: return "START_DATE";
case CKA_END_DATE: return "END_DATE";
case CKA_MODULUS: return "MODULUS";
case CKA_MODULUS_BITS: return "MODULUS_BITS";
case CKA_PUBLIC_EXPONENT: return "PUBLIC_EXPONENT";
case CKA_PRIVATE_EXPONENT: return "PRIVATE_EXPONENT";
case CKA_PRIME_1: return "PRIME_1";
case CKA_PRIME_2: return "PRIME_2";
case CKA_EXPONENT_1: return "EXPONENT_1";
case CKA_EXPONENT_2: return "EXPONENT_2";
case CKA_COEFFICIENT: return "COEFFICIENT";
case CKA_PRIME: return "PRIME";
case CKA_SUBPRIME: return "SUBPRIME";
case CKA_BASE: return "BASE";
case CKA_PRIME_BITS: return "PRIME_BITS";
case CKA_SUB_PRIME_BITS: return "SUB_PRIME_BITS";
case CKA_VALUE_BITS: return "VALUE_BITS";
case CKA_VALUE_LEN: return "VALUE_LEN";
case CKA_EXTRACTABLE: return "EXTRACTABLE";
case CKA_LOCAL: return "LOCAL";
case CKA_NEVER_EXTRACTABLE: return "NEVER_EXTRACTABLE";
case CKA_ALWAYS_SENSITIVE: return "ALWAYS_SENSITIVE";
case CKA_KEY_GEN_MECHANISM: return "KEY_GEN_MECHANISM";
case CKA_MODIFIABLE: return "MODIFIABLE";
case CKA_EC_PARAMS: return "EC_PARAMS";
case CKA_EC_POINT: return "EC_POINT";
case CKA_SECONDARY_AUTH: return "SECONDARY_AUTH";
case CKA_AUTH_PIN_FLAGS: return "AUTH_PIN_FLAGS";
case CKA_HW_FEATURE_TYPE: return "HW_FEATURE_TYPE";
case CKA_RESET_ON_INIT: return "RESET_ON_INIT";
case CKA_HAS_RESET: return "HAS_RESET";
case CKA_VENDOR_DEFINED: return "VENDOR_DEFINED";
case CKA_ALWAYS_AUTHENTICATE: return "ALWAYS_AUTHENTICATE";
case CKA_WRAP_WITH_TRUSTED: return "WRAP_WITH_TRUSTED";
case CKA_UNWRAP_TEMPLATE: return "UNWRAP_TEMPLATE";
case CKA_HASH_OF_SUBJECT_PUBLIC_KEY: return "HASH_OF_SUBJECT_PUBLIC_KEY";
case CKA_HASH_OF_ISSUER_PUBLIC_KEY: return "HASH_OF_ISSUER_PUBLIC_KEY";
default:
snprintf(buffer, sizeof(buffer), "unknown(%0x08X)", attributeId);
return buffer;
}
}
--- NEW FILE CoolKeyPK11.h ---
/*
* Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
* Portions Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
* Contributor(s):
* Jack Magne,jmagne(a)redhat.com
* CoolKey CoolKeyPK11 interface.
* @APPLE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*/
/*
* CoolKeyPK11.h
* Tokend CoolKey
*/
#ifndef _COOLKEYPK11_H_
#define _COOLKEYPK11_H_
#include "mypkcs11.h"
#include <Security/SecKey.h>
#include <map>
#include <string>
#define COOLKEY_MAX_SLOTS 20
#define PKCS11_PATH_NAME "/Library/Application Support/CoolKey/PKCS11/libcoolkeypk11.dylib"
class CoolKeyPK11;
class CoolKeyObject
{
public:
CoolKeyObject(CK_OBJECT_HANDLE aObjHandle, CK_SESSION_HANDLE aSessHandle,CK_LONG aObjClass,CoolKeyPK11 *aParent);
virtual ~CoolKeyObject() { freeAttributes();};
virtual void loadAttributes() ;
char *CoolKeyObject::attributeName(uint32_t attributeId);
CK_ATTRIBUTE * getAttribute(CK_ATTRIBUTE_TYPE aAttr);
CK_LONG getLongAttribute(CK_ATTRIBUTE_TYPE aAttr);
CK_ULONG getULongAttribute(CK_ATTRIBUTE_TYPE aAttr);
CK_BYTE getByteAttribute(CK_ATTRIBUTE_TYPE aAttr);
CK_BYTE getID();
void getByteDataAttribute(CK_ATTRIBUTE_TYPE aAttr,CK_BYTE *aData, CK_ULONG *aDataLen);
CK_OBJECT_CLASS getClass() {return mObjClass;}
static void dumpData(CK_BYTE *aData, CK_ULONG aDataLen);
CK_OBJECT_HANDLE getHandle() { return mObjHandle;}
CK_SESSION_HANDLE getSessHandle() { return mSessHandle; }
protected:
void loadAttributes(CK_ATTRIBUTE *aTemplate,int aTemplateSize);
void freeAttributes();
CK_OBJECT_HANDLE mObjHandle;
CK_SESSION_HANDLE mSessHandle;
int mAttributesLoaded;
CK_LONG mObjClass;
std::map< CK_ATTRIBUTE_TYPE, CK_ATTRIBUTE* > mAttributes;
private:
CoolKeyPK11 *mParent;
public:
};
class CoolKeyKeyObject : public CoolKeyObject
{
public:
CoolKeyKeyObject(CK_OBJECT_HANDLE aObjHandle, CK_SESSION_HANDLE aSessionHandle,CK_LONG aObjClass,CoolKeyPK11 *aParent) ;
CK_ULONG getKeySize();
void getLabel(CK_BYTE *aData, CK_ULONG *aDataLen);
CK_BYTE getSensitive();
CK_BYTE getAlwaysSensitive();
CK_BYTE getKeyEncrypt();
CK_BYTE getKeyDecrypt();
CK_BYTE getKeySign();
CK_BYTE getKeyWrap();
CK_BYTE getKeyExtractable();
CK_BYTE getKeyNeverExtractable();
CK_BYTE getKeyVerify();
CK_BYTE getKeyDerive();
CK_BYTE getKeyUnwrap();
CK_BYTE getKeySignRecover();
CK_BYTE getKeyVerifyRecover();
void loadAttributes();
~CoolKeyKeyObject() {};
};
class CoolKeyCertObject : public CoolKeyObject
{
public:
CoolKeyCertObject(CK_OBJECT_HANDLE aObjHandle, CK_SESSION_HANDLE aSessionHandle,CK_LONG aObjClass,CoolKeyPK11 *aParent) ;
void loadAttributes();
void getSubject(CK_BYTE *aData, CK_ULONG *aDataLen);
void getIssuer(CK_BYTE *aData, CK_ULONG *aDataLen);
void getSerialNo(CK_BYTE *aData,CK_ULONG *aDataLen);
void getLabel(CK_BYTE *aData, CK_ULONG *aDataLen);
void getData(CK_BYTE *aData, CK_ULONG *aDataLen);
void getPublicKeyHash(CK_BYTE *aData,CK_ULONG *aDataLen);
CK_ULONG getType();
~CoolKeyCertObject() {};
};
class CoolKeyPK11
{
public:
typedef std::map< CK_OBJECT_HANDLE, CoolKeyObject * >::iterator ObjIterator;
CoolKeyPK11(): mPk11Driver(NULL),mEpv(NULL),mInitialized(0),mOurSlotIndex(0),mIsOurToken(0),mCachedPIN("") {} ;
virtual ~CoolKeyPK11() {};
int loadModule();
int freeModule();
int loginToken(char *aPIN);
void logoutToken();
int isTokenLoggedIn();
int loadObjects();
int freeObjects();
int getIsOurToken() { return mIsOurToken;}
char *getTokenId() {
if(mTokenUid[0] != 0)
return mTokenUid;
else
return NULL;
};
CK_FUNCTION_LIST_PTR getFunctionPointer() { return mEpv;}
int getInitialized() { return mInitialized; }
int verifyCachedPIN(char *aPIN);
//Actual cryto operations
int generateSignature(CoolKeyObject *aObj,CK_BYTE *aData, CK_ULONG aDataLen, CK_BYTE *aSignature, CK_ULONG *aSignatureLen);
int decryptData(CoolKeyObject *aObj,CK_BYTE *aEncData, CK_ULONG aEncDataLen, CK_BYTE *aData, CK_ULONG *aDataLen);
protected:
private:
int loadSlotList();
void * mPk11Driver;
CK_FUNCTION_LIST_PTR mEpv;
int mInitialized;
CK_SLOT_ID mSlots[COOLKEY_MAX_SLOTS];
int mOurSlotIndex;
CK_SLOT_INFO mOurSlotInfo;
char mTokenUid[32];
int mIsOurToken;
CK_SESSION_HANDLE mSessHandle;
std::map<CK_OBJECT_HANDLE , CoolKeyObject * > mObjects;
std::string mCachedPIN;
public:
ObjIterator begin() { return ObjIterator(mObjects.begin()); }
ObjIterator end() { return ObjIterator(mObjects.end()); }
};
#endif /* !_COOLKEYPK11_H_ */
--- NEW FILE CoolKeyRecord.cpp ---
/*
* Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
* Portions Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
* Contributor(s):
* Jack Magne,jmagne(a)redhat.com
* CoolKey Record implementation.
*
* @APPLE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source LicenseCoolKey
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*/
/*
* CoolKeyRecord.cpp
* Tokend CoolKey
*/
#include "CoolKeyPK11.h"
#include "CoolKeyRecord.h"
#include "CoolKeyError.h"
#include "CoolKeyToken.h"
//#include "Attribute.h"
#include "MetaAttribute.h"
#include "MetaRecord.h"
#include <security_cdsa_client/aclclient.h>
#include <Security/SecKey.h>
#include <security_utilities/logging.h>
//
// CoolKeyRecord
//
CoolKeyRecord::~CoolKeyRecord()
{
}
Tokend::Attribute *CoolKeyRecord::getDataAttribute(Tokend::TokenContext *tokenContext)
{
Syslog::notice("CoolKeyRecord::getDataAttribute");
CoolKeyObject *obj = (CoolKeyObject *) getCoolKeyObject();
CK_OBJECT_CLASS theClass = 0;
if(obj)
{
theClass = obj->getClass();
}
if(!obj)
return NULL;
CK_BYTE tData[2048];
CK_ULONG dataLen = 2048;
CoolKeyCertObject *theCert = NULL;
switch(theClass)
{
case CKO_CERTIFICATE:
Syslog::notice("getDataAttribute: Found certificate:-----------------");
theCert = (CoolKeyCertObject *) obj;
if(theCert)
{
theCert->getData((CK_BYTE *)tData,&dataLen);
}
return new Tokend::Attribute((const void *)tData,dataLen);
break;
case CKO_PUBLIC_KEY:
Syslog::notice("getDataAttribute:Found public key:----------------");
break;
case CKO_PRIVATE_KEY:
Syslog::notice("getDataAttribute:Found private key:-------------------");
break;
default:
Syslog::notice("getDataAttribute:Found something else:");
break;
};
return NULL;
}
void CoolKeyRecord::getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls)
{
Syslog::notice("CoolKeyRecord::getAcl ----------------");
if (!mAclEntries) {
mAclEntries.allocator(Allocator::standard());
// Anyone can read the DB record for this key (which is a reference
// CSSM_KEY)
mAclEntries.add(CssmClient::AclFactory::AnySubject(
mAclEntries.allocator()),
AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_DB_READ, 0));
}
count = mAclEntries.size();
acls = mAclEntries.entries();
}
/* arch-tag: 9703BFF8-0E73-11D9-ACDD-000A9595DEEE */
--- NEW FILE CoolKeyRecord.h ---
/*
* Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
* Portions Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
* Contributor(s):
* Jack Magne,jmagne(a)redhat.com
* CoolKey Record.
*
* @APPLE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*/
/*
* CoolKeyRecord.h
* TokendMuscle
*/
#ifndef _COOLKEYRECORD_H_
#define _COOLKEYRECORD_H_
#include "Record.h"
#include "CoolKeyPK11.h"
//class CoolKeyObject;
class CoolKeyRecord : public Tokend::Record
{
NOCOPY(CoolKeyRecord)
public:
CoolKeyRecord(CoolKeyObject *aObject) :
mObject(aObject) {}
virtual ~CoolKeyRecord();
CoolKeyObject *getCoolKeyObject() { return mObject; }
virtual Tokend::Attribute *getDataAttribute(Tokend::TokenContext *tokenContext);
virtual void getAcl(const char *tag, uint32 &count,
AclEntryInfo *&aclList);
private:
AutoAclEntryInfoList mAclEntries;
protected:
CoolKeyObject *mObject;
};
#endif /* !_CACRECORD_H_ */
/* arch-tag: 96BC854C-0E73-11D9-B9B1-000A9595DEEE */
--- NEW FILE CoolKeySchema.cpp ---
/*
* Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
* Portions Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
* Contributor(s):
* Jack Magne,jmagne(a)redhat.com
* CoolKey Schema implementation.
*
* @APPLE_LICENSE_HEADER_START@
* CoolKey
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*/
/*
* CoolKeySchema.cpp
* Tokend CoolKey
*/
#include "CoolKeySchema.h"
#include "MetaAttribute.h"
#include "MetaRecord.h"
#include <Security/SecCertificate.h>
#include <Security/SecKeychainItem.h>
#include <Security/SecKey.h>
#include <Security/SecKeychainItemPriv.h>
#include <security_utilities/logging.h>
#include <Security/cssmapple.h>
using namespace Tokend;
CoolKeySchema::CoolKeySchema()
{
}
CoolKeySchema::~CoolKeySchema()
{
}
Tokend::Relation *CoolKeySchema::createKeyRelation(CSSM_DB_RECORDTYPE keyType)
{
Relation *rn = createStandardRelation(keyType);
Syslog::info("createKeyRelation coder %p",&mCoolKeyKeyAttributeCoder);
// Set up coders for key records.
MetaRecord &mr = rn->metaRecord();
mr.keyHandleFactory(&mCoolKeyKeyHandleFactory);
mr.attributeCoder(kSecKeyPrintName, &mCoolKeyKeyAttributeCoder);
// Other key valuess
mr.attributeCoder(kSecKeyKeyType, &mCoolKeyKeyAttributeCoder);
mr.attributeCoder(kSecKeyKeySizeInBits, &mCoolKeyKeyAttributeCoder);
mr.attributeCoder(kSecKeyEffectiveKeySize, &mCoolKeyKeyAttributeCoder);
// Key attributes
mr.attributeCoder(kSecKeyExtractable, &mCoolKeyKeyAttributeCoder);
mr.attributeCoder(kSecKeySensitive, &mCoolKeyKeyAttributeCoder);
mr.attributeCoder(kSecKeyModifiable, &mCoolKeyKeyAttributeCoder);
mr.attributeCoder(kSecKeyPrivate, &mCoolKeyKeyAttributeCoder);
mr.attributeCoder(kSecKeyNeverExtractable, &mCoolKeyKeyAttributeCoder);
mr.attributeCoder(kSecKeyAlwaysSensitive, &mCoolKeyKeyAttributeCoder);
// Key usage
mr.attributeCoder(kSecKeyEncrypt, &mCoolKeyKeyAttributeCoder);
mr.attributeCoder(kSecKeyDecrypt, &mCoolKeyKeyAttributeCoder);
mr.attributeCoder(kSecKeyWrap, &mCoolKeyKeyAttributeCoder);
mr.attributeCoder(kSecKeyUnwrap,&mCoolKeyKeyAttributeCoder);
mr.attributeCoder(kSecKeyVerify, &mCoolKeyKeyAttributeCoder);
mr.attributeCoder(kSecKeyDerive, &mCoolKeyKeyAttributeCoder);
mr.attributeCoder(kSecKeySignRecover, &mCoolKeyKeyAttributeCoder);
mr.attributeCoder(kSecKeyVerifyRecover, &mCoolKeyKeyAttributeCoder);
mr.attributeCoder(kSecKeyLabel, &mPublicKeyHashCoder);
mr.attributeCoder(kSecKeySign, &mCoolKeyKeyAttributeCoder);
return rn;
}
Tokend::Relation *CoolKeySchema::createCertRelation(CSSM_DB_RECORDTYPE certType)
{
Relation *rn = createStandardRelation(certType);
// Set up coders for key records.
MetaRecord &mr = rn->metaRecord();
Syslog::info("createCertRelation coder %p",&mCoolKeyCertAttributeCoder);
// cert attributes
mr.attributeCoder(kSecAlias,&mCoolKeyCertAttributeCoder);
mr.attributeCoder(kSecSubjectItemAttr, &mCoolKeyCertAttributeCoder);
mr.attributeCoder(kSecLabelItemAttr,&mCoolKeyCertAttributeCoder);
mr.attributeCoder(kSecIssuerItemAttr, &mCoolKeyCertAttributeCoder);
mr.attributeCoder(kSecSerialNumberItemAttr, &mCoolKeyCertAttributeCoder);
mr.attributeCoder(kSecPublicKeyHashItemAttr, &mCoolKeyCertAttributeCoder);
mr.attributeCoder(kSecSubjectKeyIdentifierItemAttr, &mCoolKeyCertAttributeCoder);
mr.attributeCoder(kSecCertTypeItemAttr, &mCoolKeyCertAttributeCoder);
mr.attributeCoder(kSecCertEncodingItemAttr, &mCoolKeyCertAttributeCoder);
return rn;
}
void CoolKeySchema::create()
{
Schema::create();
createStandardRelation(CSSM_DL_DB_RECORD_X509_CERTIFICATE);
createKeyRelation(CSSM_DL_DB_RECORD_PRIVATE_KEY);
Relation *rn_publ = createKeyRelation(CSSM_DL_DB_RECORD_PUBLIC_KEY);
// @@@ We need a coder that calculates the public key hash of a public key
rn_publ->metaRecord().attributeCoder(kSecKeyLabel, &mPublicKeyHashCoder);
}
/* arch-tag: 36BF1864-0DBC-11D9-8518-000A9595DEEE */
--- NEW FILE CoolKeySchema.h ---
/*
* Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
* Portions Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
* Contributor(s):
* Jack Magne,jmagne(a)redhat.com
* CoolKey Schema implementation.
*
* @APPLE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*/
/*
* CoolKeySchema.h
* TokendMuscle
*/
#ifndef _COOLKEYCHEMA_H_
#define _COOLKEYSCHEMA_H_
#include "Schema.h"
#include "CoolKeyAttributeCoder.h"
#include "CoolKeyHandle.h"
namespace Tokend
{
class Relation;
class MetaRecord;
class AttributeCoder;
}
class CoolKeySchema : public Tokend::Schema
{
NOCOPY(CoolKeySchema)
public:
CoolKeySchema();
virtual ~CoolKeySchema();
virtual void create();
protected:
Tokend::Relation *createKeyRelation(CSSM_DB_RECORDTYPE keyType);
Tokend::Relation *createCertRelation(CSSM_DB_RECORDTYPE certType);
private:
// Coders we need.
CoolKeyDataAttributeCoder mCoolKeyDataAttributeCoder;
CoolKeyCertAttributeCoder mCoolKeyCertAttributeCoder;
CoolKeyKeyAttributeCoder mCoolKeyKeyAttributeCoder;
CoolKeyKeyHandleFactory mCoolKeyKeyHandleFactory;
};
#endif /* !_CACSCHEMA_H_ */
/* arch-tag: 36DB400E-0DBC-11D9-A9F5-000A9595DEEE */
--- NEW FILE CoolKeyToken.cpp ---
/*
* Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
* Portions Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
* Contributor(s):
* Jack Magne,jmagne(a)redhat.com
* CoolKey Token implementation.
* CoolKey
* @APPLE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*/
/*
* CoolKeyToken.cpp
* Tokend CoolKey
*/
#include "CoolKeyToken.h"
#include "Adornment.h"
#include "AttributeCoder.h"
#include "CoolKeyError.h"
#include "CoolKeyRecord.h"
#include "CoolKeySchema.h"
#include <security_cdsa_client/aclclient.h>
#include <security_cdsa_utilities/cssmerrors.h>
#include <security_utilities/logging.h>
#include <security_utilities/refcount.h>
#include <map>
#include <vector>
#include <dlfcn.h>
#include <csignal>
using CssmClient::AclFactory;
static CoolKeyPK11 *coolKeyModule = NULL;
CoolKeyToken::CoolKeyToken() :
mCurrentApplet(NULL),
mPinStatus(1)
{
mTokenContext = this;
}
CoolKeyToken::~CoolKeyToken()
{
Syslog::notice("CoolKeyToken::~CoolKeyToken");
delete mSchema;
}
// Here is where we initialize our PKCS11 module
void CoolKeyToken::initial()
{
Syslog::notice("In CoolKeyToken::initial() . " );
}
bool CoolKeyToken::identify()
{
Syslog::notice("In CoolKeyToken::identify");
return true;
}
void CoolKeyToken::select(const unsigned char *applet)
{
Syslog::debug("In CoolKeyToken::select");
}
uint32_t CoolKeyToken::exchangeAPDU(const unsigned char *apdu, size_t apduLength,
unsigned char *result, size_t &resultLength)
{
return 0;
}
void CoolKeyToken::didDisconnect()
{
Syslog::debug("In CoolKeyToken::didDisconnect");
}
void CoolKeyToken::didEnd()
{
mCurrentApplet = NULL;
}
void CoolKeyToken::changePIN(int pinNum,
const unsigned char *oldPin, size_t oldPinLength,
const unsigned char *newPin, size_t newPinLength)
{
Syslog::debug("In CoolKeyToken::changePIN");
}
uint32_t CoolKeyToken::pinStatus(int pinNum)
{
Syslog::notice("In CoolKeyToken::pinStatus num %d",pinNum);
CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
}
bool CoolKeyToken::isLocked()
{
int result = mCoolKey.isTokenLoggedIn();
mPinStatus = 1 - result;
Syslog::notice("In CoolKeyToken::isLocked mPinStatus %d",mPinStatus);
return mPinStatus;
}
void CoolKeyToken::verifyPIN(int pinNum,
const unsigned char *pin, size_t pinLength)
{
Syslog::notice("In CoolKeyToken::verifyPIN");
int result = 0;
if(mCoolKey.isTokenLoggedIn())
{
result = mCoolKey.verifyCachedPIN((char *) pin);
}
else
{
result = mCoolKey.loginToken((char *) pin);
}
Syslog::notice("Result of loginToken %d",result);
if(result == CKR_OK)
return;
//logout because we failed
mCoolKey.logoutToken();
//any other error complain
CssmError::throwMe(CSSM_ERRCODE_OPERATION_AUTH_DENIED);
}
void CoolKeyToken::unverifyPIN(int pinNum)
{
Syslog::notice("In CoolKeyToken::unverifyPIN");
mPinStatus = 1;
}
uint32_t CoolKeyToken::getData(unsigned char *result, size_t &resultLength)
{
Syslog::notice("In CoolKeyToken::getData");
return NULL;
}
uint32 CoolKeyToken::probe(SecTokendProbeFlags flags,
char tokenUid[TOKEND_MAX_UID])
{
uint32 score = 0; //Tokend::ISO7816Token::probe(flags, tokenUid);
uint32 max_uid = TOKEND_MAX_UID;
const SCARD_READERSTATE &readerState = *(*startupReaderInfo)();
Syslog::notice("TOKEND_MAX_UID %d",max_uid);
Syslog::notice("READER_STATE -> szReader %s", (char *) readerState.szReader);
Syslog::notice ("READER_STATE -> dwCurrentState %u",readerState.dwCurrentState);
Syslog::notice ("READER_STATE -> dwEventState %u",readerState.dwEventState);
Syslog::notice ("READER_STATE -> cbAtr %u",readerState.cbAtr);
Syslog::notice("READER_STATE -> rgbAtr %32x",(char *) readerState.rgbAtr);
int res = mCoolKey.loadModule();
/* if(res)
res = mCoolKey.loadObjects();
*/
if(!res || ! mCoolKey.getIsOurToken())
{
Syslog::error(" Can't load CoolKey pkcs11 module. ");
return score;
}
if(coolKeyModule == NULL)
coolKeyModule = &mCoolKey;
char *tUid = mCoolKey.getTokenId();
if(tUid)
{
sprintf((char *) tokenUid,"%s",(char *)tUid);
Syslog::notice("tokenUid %s",(char *) tokenUid);
}
score = 199;
signal(SIGTERM, cleanup); // register a SIGTERM handler
return score;
}
void CoolKeyToken::establish(const CSSM_GUID *guid, uint32 subserviceId,
SecTokendEstablishFlags flags, const char *cacheDirectory,
const char *workDirectory, char mdsDirectory[PATH_MAX],
char printName[PATH_MAX])
{
char *mCuid = mCoolKey.getTokenId();
int pathSize = PATH_MAX;
if(mCuid)
{
Syslog::notice("printName size %d", pathSize);
int predictedSize = strlen(mCuid);
if(predictedSize < pathSize)
{
sprintf((char *) printName, (char *) "%s",mCuid);
}
}
Syslog::notice("In CoolKeyToken::establish setting printName to: %s subserviceId: %d",printName,subserviceId);
int res = mCoolKey.loadObjects();
if(!res)
return;
mSchema = new CoolKeySchema();
mSchema->create();
populate();
}
//
// Authenticate to the token
//
void CoolKeyToken::authenticate(CSSM_DB_ACCESS_TYPE mode, const AccessCredentials *cred)
{
Syslog::notice("In CoolKeyToken::authenticate cred %p tag %s size %d",cred,cred->tag(),cred->size());
if (cred) {
if(mode == CSSM_DB_ACCESS_RESET)
{
Syslog::notice("authenticate CSSM_DB_ACCESS_RESET");
return;
}
const TypedList &sample = (*cred)[0];
switch (sample.type()) {
case CSSM_SAMPLE_TYPE_PASSWORD:
case CSSM_SAMPLE_TYPE_PROMPTED_PASSWORD:
case CSSM_SAMPLE_TYPE_PROTECTED_PASSWORD:
{
Syslog::notice("sample type %d",sample.type());
CssmData &pin = sample[1].data();
verifyPIN(1, pin.Data,pin.Length);
}
break;
default:
Syslog::notice("sample type %ld not supported", sample.type());
CssmError::throwMe(CSSM_ERRCODE_ACL_SUBJECT_TYPE_NOT_SUPPORTED);
}
} else
Syslog::notice("authenticate without credentials ignored");
}
//
// Database-level ACLs
//
void CoolKeyToken::getOwner(AclOwnerPrototype &owner)
{
Syslog::notice("In CoolKeyToken::getOwner");
// we don't really know (right now), so claim we're owned by PIN #0
if (!mAclOwner)
{
mAclOwner.allocator(Allocator::standard());
mAclOwner = AclFactory::PinSubject(Allocator::standard(), 0);
}
owner = mAclOwner;
}
void CoolKeyToken::getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls)
{
Syslog::notice("In CoolKeyToken::getAcl.");
Allocator &alloc = Allocator::standard();
// mAclEntries sets the handle of each AclEntryInfo to the
// offset in the array.
if (!mAclEntries) {
mAclEntries.allocator(alloc);
// Anyone can read the attributes and data of any record on this token
// (it's further limited by the object itself).
mAclEntries.add(CssmClient::AclFactory::AnySubject(
mAclEntries.allocator()),
AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_DB_READ, 0));
// We support PIN1 with either a passed in password
// subject or a prompted password subject.
mAclEntries.addPin(AclFactory::PWSubject(alloc),1);
mAclEntries.addPin(AclFactory::PromptPWSubject(alloc,CssmData()), CssmData());
}
count = mAclEntries.size();
acls = mAclEntries.entries();
}
#pragma mark ---------------- CoolKey Specific --------------
void CoolKeyToken::populate()
{
Syslog::notice("In CoolKeyToken::populate");
Tokend::Relation &certRelation = mSchema->findRelation(CSSM_DL_DB_RECORD_X509_CERTIFICATE);
Tokend::Relation &privateKeyRelation = mSchema->findRelation(CSSM_DL_DB_RECORD_PRIVATE_KEY);
Tokend::Relation &publicKeyRelation = mSchema->findRelation(CSSM_DL_DB_RECORD_PUBLIC_KEY);
std::map<int, CoolKeyObject *> certs;
std::map< CoolKeyObject *, RefPointer<CoolKeyRecord> > keys;
std::map< CoolKeyObject *, RefPointer<CoolKeyRecord> > certRecs;
for(CoolKeyPK11::ObjIterator i = mCoolKey.begin(); i != mCoolKey.end() ; i++)
{
CoolKeyObject *obj =(*i).second;
CK_OBJECT_CLASS oClass;
if(obj)
{
CK_BYTE id = obj->getID();
oClass = obj->getClass();
Syslog::notice("Retrieved object %p class %lu id %d",obj,oClass,id);
CoolKeyRecord *newRecord = new CoolKeyRecord(obj);
RefPointer<CoolKeyRecord> theRecord( newRecord);
if(!theRecord)
continue;
switch(oClass)
{
case CKO_PRIVATE_KEY:
privateKeyRelation.insertRecord(theRecord);
Syslog::notice("Inserting private key record %p",newRecord);
keys[obj] = theRecord;
break;
case CKO_PUBLIC_KEY:
Syslog::notice("Inserting public key record %p theRefRecord %p",newRecord,theRecord.get());
publicKeyRelation.insertRecord(theRecord);
keys[obj] = theRecord;
break;
case CKO_CERTIFICATE:
certs[id] = obj;
certRecs[obj] = theRecord;
Syslog::notice("Inserting cert record %p",newRecord);
certRelation.insertRecord(theRecord);
break;
default:
break;
};
}
}
for(CoolKeyPK11::ObjIterator i = mCoolKey.begin(); i != mCoolKey.end() ; i++)
{
CoolKeyObject *obj =(*i).second;
CoolKeyObject *cert = NULL;
CK_OBJECT_CLASS oClass;
if(obj)
{
CK_BYTE id = obj->getID();
oClass = obj->getClass();
switch(oClass)
{
case CKO_PRIVATE_KEY:
case CKO_PUBLIC_KEY:
cert = certs[id];
if(cert)
{
RefPointer<CoolKeyRecord> coolKeyRecRef = keys[obj];
CoolKeyRecord * coolKeyRec = coolKeyRecRef.get();
Syslog::notice("Key %p linked to cert %p",obj,cert);
if(coolKeyRec)
{
Syslog::notice("Found record to create adornment record: %p",coolKeyRec);
if(certRecs[cert])
{
Tokend::LinkedRecordAdornment * lra = new Tokend::LinkedRecordAdornment(certRecs[cert]);
Syslog::notice("lra %p",lra);
if(lra)
{
coolKeyRec->setAdornment(mSchema->publicKeyHashCoder().certificateKey(),
lra);
Syslog::notice("certificateKey %p certRecs[cert] %p",mSchema->publicKeyHashCoder().certificateKey(),certRecs[cert].get());
}
}
}
}
else
Syslog::notice("Key %p not linked to found cert");
break;
default:
break;
};
}
}
}
void CoolKeyToken::cleanup(int aSig)
{
Syslog::notice("We are going away!");
if(coolKeyModule)
{
coolKeyModule->logoutToken();
coolKeyModule->freeModule();
}
}
/* arch-tag: 36F733B4-0DBC-11D9-914C-000A9595DEEE */
--- NEW FILE CoolKeyToken.h ---
/*
* Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
* Portions Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
* Contributor(s):
* Jack Magne,jmagne(a)redhat.com
* CoolKey Schema implementation.
*
* @APPLE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this filCoolKeye except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*/
/*
* CoolKeyToken.h
* Tokend CoolKey
*/
#ifndef _COOLKEY_TOKEN_H_
#define _COOLKEY_TOKEN_H_
#include "mypkcs11.h"
#include <Token.h>
#include "TokenContext.h"
#include "CoolKeyPK11.h"
#include <security_utilities/pcsc++.h>
class CoolKeySchema;
#define PKCS11_PATH_NAME "/Library/Application Support/CoolKey/PKCS11/libcoolkeypk11.dylib"
#define COOLKEY_PRESENT_SCORE 10000000
//
// "The" token
//
class CoolKeyToken : public Tokend::ISO7816Token
{
NOCOPY(CoolKeyToken)
public:
CoolKeyToken() ;
~CoolKeyToken();
virtual void didDisconnect();
virtual void didEnd();
virtual void initial();
virtual uint32 probe(SecTokendProbeFlags flags,
char tokenUid[TOKEND_MAX_UID]);
virtual void establish(const CSSM_GUID *guid, uint32 subserviceId,
SecTokendEstablishFlags flags, const char *cacheDirectory,
const char *workDirectory, char mdsDirectory[PATH_MAX],
char printName[PATH_MAX]);
virtual void getOwner(AclOwnerPrototype &owner);
virtual void getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls);
virtual void changePIN(int pinNum,
const unsigned char *oldPin, size_t oldPinLength,
const unsigned char *newPin, size_t newPinLength);
virtual uint32_t pinStatus(int pinNum);
virtual void verifyPIN(int pinNum, const unsigned char *pin, size_t pinLength);
virtual void unverifyPIN(int pinNum);
virtual void authenticate(CSSM_DB_ACCESS_TYPE mode, const AccessCredentials *cred);
virtual bool isLocked();
bool identify();
void select(const unsigned char *applet);
uint32_t exchangeAPDU(const unsigned char *apdu, size_t apduLength,
unsigned char *result, size_t &resultLength);
uint32_t getData(unsigned char *result, size_t &resultLength);
CoolKeyPK11 &getPK11Manager() { return mCoolKey; }
protected:
void populate();
CoolKeyPK11 mCoolKey;
public:
const unsigned char *mCurrentApplet;
uint32_t mPinStatus;
// temporary ACL cache hack - to be removed
AutoAclOwnerPrototype mAclOwner;
AutoAclEntryInfoList mAclEntries;
private:
static void cleanup(int aSig);
};
#endif /* !_CACTOKEN_H_ */
/* arch-tag: 3714259E-0DBC-11D9-8D58-000A9595DEEE */
--- NEW FILE Info.plist ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleDevelopmentRegion</key>
<string>English</string>
<key>CFBundleExecutable</key>
<string>COOLKEY</string>
<key>CFBundleIdentifier</key>
<string>com.apple.tokend.coolkey</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundleName</key>
<string>COOLKEY</string>
<key>CFBundlePackageType</key>
<string>????</string>
<key>CFBundleShortVersionString</key>
<string>1.1.1</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleVersion</key>
<string>30557</string>
</dict>
</plist>
--- NEW FILE coolkey.cpp ---
/*
* Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
* Portions Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
* Contributor(s):
* Jack Magne,jmagne(a)redhat.com
* CoolKey main program implementation.
* @APPLE_LICENSE_HEADER_START@CoolKey
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*/
/*
* CoolKey.cpp - CoolKey.tokend main program
*/
#include "CoolKeyToken.h"
#include <security_utilities/logging.h>
int main(int argc, const char *argv[])
{
secdebug("CoolKey.tokend", "main starting with %d arguments", argc);
secdelay("/tmp/delay/CoolKey");
Syslog::notice("argc %d",argc);
for(int i = 0; i < argc ; i++)
{
Syslog::notice("coolkey arg[%d]: %s",i,argv[i]);
}
token = new CoolKeyToken();
return SecTokendMain(argc, argv, token->callbacks(), token->support());
Syslog::notice("CoolKey.tokend exiting.... ");
}
/* arch-tag: 372EB7FE-0DBC-11D9-9A28-000A9595DEEE */
16 years, 3 months
[Fedora-directory-commits] esc/mac/Tokend-30557 APPLE_LICENSE, NONE, 1.1 testcms.sh, NONE, 1.1 testssl.sh, NONE, 1.1
by Doctor Conrad
Author: jmagne
Update of /cvs/dirsec/esc/mac/Tokend-30557
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31436
Added Files:
APPLE_LICENSE testcms.sh testssl.sh
Log Message:
Initial revision
--- NEW FILE APPLE_LICENSE ---
APPLE PUBLIC SOURCE LICENSE
Version 2.0 - August 6, 2003
Please read this License carefully before downloading this software.
By downloading or using this software, you are agreeing to be bound by
the terms of this License. If you do not or cannot agree to the terms
of this License, please do not download or use the software.
1. General; Definitions. This License applies to any program or other
work which Apple Computer, Inc. ("Apple") makes publicly available and
which contains a notice placed by Apple identifying such program or
work as "Original Code" and stating that it is subject to the terms of
this Apple Public Source License version 2.0 ("License"). As used in
this License:
1.1 "Applicable Patent Rights" mean: (a) in the case where Apple is
the grantor of rights, (i) claims of patents that are now or hereafter
acquired, owned by or assigned to Apple and (ii) that cover subject
matter contained in the Original Code, but only to the extent
necessary to use, reproduce and/or distribute the Original Code
without infringement; and (b) in the case where You are the grantor of
rights, (i) claims of patents that are now or hereafter acquired,
owned by or assigned to You and (ii) that cover subject matter in Your
Modifications, taken alone or in combination with Original Code.
1.2 "Contributor" means any person or entity that creates or
contributes to the creation of Modifications.
1.3 "Covered Code" means the Original Code, Modifications, the
combination of Original Code and any Modifications, and/or any
respective portions thereof.
1.4 "Externally Deploy" means: (a) to sublicense, distribute or
otherwise make Covered Code available, directly or indirectly, to
anyone other than You; and/or (b) to use Covered Code, alone or as
part of a Larger Work, in any way to provide a service, including but
not limited to delivery of content, through electronic communication
with a client other than You.
1.5 "Larger Work" means a work which combines Covered Code or portions
thereof with code not governed by the terms of this License.
1.6 "Modifications" mean any addition to, deletion from, and/or change
to, the substance and/or structure of the Original Code, any previous
Modifications, the combination of Original Code and any previous
Modifications, and/or any respective portions thereof. When code is
released as a series of files, a Modification is: (a) any addition to
or deletion from the contents of a file containing Covered Code;
and/or (b) any new file or other representation of computer program
statements that contains any part of Covered Code.
1.7 "Original Code" means (a) the Source Code of a program or other
work as originally made available by Apple under this License,
including the Source Code of any updates or upgrades to such programs
or works made available by Apple under this License, and that has been
expressly identified by Apple as such in the header file(s) of such
work; and (b) the object code compiled from such Source Code and
originally made available by Apple under this License.
1.8 "Source Code" means the human readable form of a program or other
work that is suitable for making modifications to it, including all
modules it contains, plus any associated interface definition files,
scripts used to control compilation and installation of an executable
(object code).
1.9 "You" or "Your" means an individual or a legal entity exercising
rights under this License. For legal entities, "You" or "Your"
includes any entity which controls, is controlled by, or is under
common control with, You, where "control" means (a) the power, direct
or indirect, to cause the direction or management of such entity,
whether by contract or otherwise, or (b) ownership of fifty percent
(50%) or more of the outstanding shares or beneficial ownership of
such entity.
2. Permitted Uses; Conditions & Restrictions. Subject to the terms
and conditions of this License, Apple hereby grants You, effective on
the date You accept this License and download the Original Code, a
world-wide, royalty-free, non-exclusive license, to the extent of
Apple's Applicable Patent Rights and copyrights covering the Original
Code, to do the following:
2.1 Unmodified Code. You may use, reproduce, display, perform,
internally distribute within Your organization, and Externally Deploy
verbatim, unmodified copies of the Original Code, for commercial or
non-commercial purposes, provided that in each instance:
(a) You must retain and reproduce in all copies of Original Code the
copyright and other proprietary notices and disclaimers of Apple as
they appear in the Original Code, and keep intact all notices in the
Original Code that refer to this License; and
(b) You must include a copy of this License with every copy of Source
Code of Covered Code and documentation You distribute or Externally
Deploy, and You may not offer or impose any terms on such Source Code
that alter or restrict this License or the recipients' rights
hereunder, except as permitted under Section 6.
2.2 Modified Code. You may modify Covered Code and use, reproduce,
display, perform, internally distribute within Your organization, and
Externally Deploy Your Modifications and Covered Code, for commercial
or non-commercial purposes, provided that in each instance You also
meet all of these conditions:
(a) You must satisfy all the conditions of Section 2.1 with respect to
the Source Code of the Covered Code;
(b) You must duplicate, to the extent it does not already exist, the
notice in Exhibit A in each file of the Source Code of all Your
Modifications, and cause the modified files to carry prominent notices
stating that You changed the files and the date of any change; and
(c) If You Externally Deploy Your Modifications, You must make
Source Code of all Your Externally Deployed Modifications either
available to those to whom You have Externally Deployed Your
Modifications, or publicly available. Source Code of Your Externally
Deployed Modifications must be released under the terms set forth in
this License, including the license grants set forth in Section 3
below, for as long as you Externally Deploy the Covered Code or twelve
(12) months from the date of initial External Deployment, whichever is
longer. You should preferably distribute the Source Code of Your
Externally Deployed Modifications electronically (e.g. download from a
web site).
2.3 Distribution of Executable Versions. In addition, if You
Externally Deploy Covered Code (Original Code and/or Modifications) in
object code, executable form only, You must include a prominent
notice, in the code itself as well as in related documentation,
stating that Source Code of the Covered Code is available under the
terms of this License with information on how and where to obtain such
Source Code.
2.4 Third Party Rights. You expressly acknowledge and agree that
although Apple and each Contributor grants the licenses to their
respective portions of the Covered Code set forth herein, no
assurances are provided by Apple or any Contributor that the Covered
Code does not infringe the patent or other intellectual property
rights of any other entity. Apple and each Contributor disclaim any
liability to You for claims brought by any other entity based on
infringement of intellectual property rights or otherwise. As a
condition to exercising the rights and licenses granted hereunder, You
hereby assume sole responsibility to secure any other intellectual
property rights needed, if any. For example, if a third party patent
license is required to allow You to distribute the Covered Code, it is
Your responsibility to acquire that license before distributing the
Covered Code.
3. Your Grants. In consideration of, and as a condition to, the
licenses granted to You under this License, You hereby grant to any
person or entity receiving or distributing Covered Code under this
License a non-exclusive, royalty-free, perpetual, irrevocable license,
under Your Applicable Patent Rights and other intellectual property
rights (other than patent) owned or controlled by You, to use,
reproduce, display, perform, modify, sublicense, distribute and
Externally Deploy Your Modifications of the same scope and extent as
Apple's licenses under Sections 2.1 and 2.2 above.
4. Larger Works. You may create a Larger Work by combining Covered
Code with other code not governed by the terms of this License and
distribute the Larger Work as a single product. In each such instance,
You must make sure the requirements of this License are fulfilled for
the Covered Code or any portion thereof.
5. Limitations on Patent License. Except as expressly stated in
Section 2, no other patent rights, express or implied, are granted by
Apple herein. Modifications and/or Larger Works may require additional
patent licenses from Apple which Apple may grant in its sole
discretion.
6. Additional Terms. You may choose to offer, and to charge a fee for,
warranty, support, indemnity or liability obligations and/or other
rights consistent with the scope of the license granted herein
("Additional Terms") to one or more recipients of Covered Code.
However, You may do so only on Your own behalf and as Your sole
responsibility, and not on behalf of Apple or any Contributor. You
must obtain the recipient's agreement that any such Additional Terms
are offered by You alone, and You hereby agree to indemnify, defend
and hold Apple and every Contributor harmless for any liability
incurred by or claims asserted against Apple or such Contributor by
reason of any such Additional Terms.
7. Versions of the License. Apple may publish revised and/or new
versions of this License from time to time. Each version will be given
a distinguishing version number. Once Original Code has been published
under a particular version of this License, You may continue to use it
under the terms of that version. You may also choose to use such
Original Code under the terms of any subsequent version of this
License published by Apple. No one other than Apple has the right to
modify the terms applicable to Covered Code created under this
License.
8. NO WARRANTY OR SUPPORT. The Covered Code may contain in whole or in
part pre-release, untested, or not fully tested works. The Covered
Code may contain errors that could cause failures or loss of data, and
may be incomplete or contain inaccuracies. You expressly acknowledge
and agree that use of the Covered Code, or any portion thereof, is at
Your sole and entire risk. THE COVERED CODE IS PROVIDED "AS IS" AND
WITHOUT WARRANTY, UPGRADES OR SUPPORT OF ANY KIND AND APPLE AND
APPLE'S LICENSOR(S) (COLLECTIVELY REFERRED TO AS "APPLE" FOR THE
PURPOSES OF SECTIONS 8 AND 9) AND ALL CONTRIBUTORS EXPRESSLY DISCLAIM
ALL WARRANTIES AND/OR CONDITIONS, EXPRESS OR IMPLIED, INCLUDING, BUT
NOT LIMITED TO, THE IMPLIED WARRANTIES AND/OR CONDITIONS OF
MERCHANTABILITY, OF SATISFACTORY QUALITY, OF FITNESS FOR A PARTICULAR
PURPOSE, OF ACCURACY, OF QUIET ENJOYMENT, AND NONINFRINGEMENT OF THIRD
PARTY RIGHTS. APPLE AND EACH CONTRIBUTOR DOES NOT WARRANT AGAINST
INTERFERENCE WITH YOUR ENJOYMENT OF THE COVERED CODE, THAT THE
FUNCTIONS CONTAINED IN THE COVERED CODE WILL MEET YOUR REQUIREMENTS,
THAT THE OPERATION OF THE COVERED CODE WILL BE UNINTERRUPTED OR
ERROR-FREE, OR THAT DEFECTS IN THE COVERED CODE WILL BE CORRECTED. NO
ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY APPLE, AN APPLE
AUTHORIZED REPRESENTATIVE OR ANY CONTRIBUTOR SHALL CREATE A WARRANTY.
You acknowledge that the Covered Code is not intended for use in the
operation of nuclear facilities, aircraft navigation, communication
systems, or air traffic control machines in which case the failure of
the Covered Code could lead to death, personal injury, or severe
physical or environmental damage.
9. LIMITATION OF LIABILITY. TO THE EXTENT NOT PROHIBITED BY LAW, IN NO
EVENT SHALL APPLE OR ANY CONTRIBUTOR BE LIABLE FOR ANY INCIDENTAL,
SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR RELATING
TO THIS LICENSE OR YOUR USE OR INABILITY TO USE THE COVERED CODE, OR
ANY PORTION THEREOF, WHETHER UNDER A THEORY OF CONTRACT, WARRANTY,
TORT (INCLUDING NEGLIGENCE), PRODUCTS LIABILITY OR OTHERWISE, EVEN IF
APPLE OR SUCH CONTRIBUTOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES AND NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY
REMEDY. SOME JURISDICTIONS DO NOT ALLOW THE LIMITATION OF LIABILITY OF
INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS LIMITATION MAY NOT APPLY
TO YOU. In no event shall Apple's total liability to You for all
damages (other than as may be required by applicable law) under this
License exceed the amount of fifty dollars ($50.00).
10. Trademarks. This License does not grant any rights to use the
trademarks or trade names "Apple", "Apple Computer", "Mac", "Mac OS",
"QuickTime", "QuickTime Streaming Server" or any other trademarks,
service marks, logos or trade names belonging to Apple (collectively
"Apple Marks") or to any trademark, service mark, logo or trade name
belonging to any Contributor. You agree not to use any Apple Marks in
or as part of the name of products derived from the Original Code or
to endorse or promote products derived from the Original Code other
than as expressly permitted by and in strict compliance at all times
with Apple's third party trademark usage guidelines which are posted
at http://www.apple.com/legal/guidelinesfor3rdparties.html.
11. Ownership. Subject to the licenses granted under this License,
each Contributor retains all rights, title and interest in and to any
Modifications made by such Contributor. Apple retains all rights,
title and interest in and to the Original Code and any Modifications
made by or on behalf of Apple ("Apple Modifications"), and such Apple
Modifications will not be automatically subject to this License. Apple
may, at its sole discretion, choose to license such Apple
Modifications under this License, or on different terms from those
contained in this License or may choose not to license them at all.
12. Termination.
12.1 Termination. This License and the rights granted hereunder will
terminate:
(a) automatically without notice from Apple if You fail to comply with
any term(s) of this License and fail to cure such breach within 30
days of becoming aware of such breach;
(b) immediately in the event of the circumstances described in Section
13.5(b); or
(c) automatically without notice from Apple if You, at any time during
the term of this License, commence an action for patent infringement
against Apple; provided that Apple did not first commence
an action for patent infringement against You in that instance.
12.2 Effect of Termination. Upon termination, You agree to immediately
stop any further use, reproduction, modification, sublicensing and
distribution of the Covered Code. All sublicenses to the Covered Code
which have been properly granted prior to termination shall survive
any termination of this License. Provisions which, by their nature,
should remain in effect beyond the termination of this License shall
survive, including but not limited to Sections 3, 5, 8, 9, 10, 11,
12.2 and 13. No party will be liable to any other for compensation,
indemnity or damages of any sort solely as a result of terminating
this License in accordance with its terms, and termination of this
License will be without prejudice to any other right or remedy of
any party.
13. Miscellaneous.
13.1 Government End Users. The Covered Code is a "commercial item" as
defined in FAR 2.101. Government software and technical data rights in
the Covered Code include only those rights customarily provided to the
public as defined in this License. This customary commercial license
in technical data and software is provided in accordance with FAR
12.211 (Technical Data) and 12.212 (Computer Software) and, for
Department of Defense purchases, DFAR 252.227-7015 (Technical Data --
Commercial Items) and 227.7202-3 (Rights in Commercial Computer
Software or Computer Software Documentation). Accordingly, all U.S.
Government End Users acquire Covered Code with only those rights set
forth herein.
13.2 Relationship of Parties. This License will not be construed as
creating an agency, partnership, joint venture or any other form of
legal association between or among You, Apple or any Contributor, and
You will not represent to the contrary, whether expressly, by
implication, appearance or otherwise.
13.3 Independent Development. Nothing in this License will impair
Apple's right to acquire, license, develop, have others develop for
it, market and/or distribute technology or products that perform the
same or similar functions as, or otherwise compete with,
Modifications, Larger Works, technology or products that You may
develop, produce, market or distribute.
13.4 Waiver; Construction. Failure by Apple or any Contributor to
enforce any provision of this License will not be deemed a waiver of
future enforcement of that or any other provision. Any law or
regulation which provides that the language of a contract shall be
construed against the drafter will not apply to this License.
13.5 Severability. (a) If for any reason a court of competent
jurisdiction finds any provision of this License, or portion thereof,
to be unenforceable, that provision of the License will be enforced to
the maximum extent permissible so as to effect the economic benefits
and intent of the parties, and the remainder of this License will
continue in full force and effect. (b) Notwithstanding the foregoing,
if applicable law prohibits or restricts You from fully and/or
specifically complying with Sections 2 and/or 3 or prevents the
enforceability of either of those Sections, this License will
immediately terminate and You must immediately discontinue any use of
the Covered Code and destroy all copies of it that are in your
possession or control.
13.6 Dispute Resolution. Any litigation or other dispute resolution
between You and Apple relating to this License shall take place in the
Northern District of California, and You and Apple hereby consent to
the personal jurisdiction of, and venue in, the state and federal
courts within that District with respect to this License. The
application of the United Nations Convention on Contracts for the
International Sale of Goods is expressly excluded.
13.7 Entire Agreement; Governing Law. This License constitutes the
entire agreement between the parties with respect to the subject
matter hereof. This License shall be governed by the laws of the
United States and the State of California, except that body of
California law concerning conflicts of law.
Where You are located in the province of Quebec, Canada, the following
clause applies: The parties hereby confirm that they have requested
that this License and all related documents be drafted in English. Les
parties ont exige que le present contrat et tous les documents
connexes soient rediges en anglais.
EXHIBIT A.
"Portions Copyright (c) 1999-2003 Apple Computer, Inc. All Rights
Reserved.
This file contains Original Code and/or Modifications of Original Code
as defined in and that are subject to the Apple Public Source License
Version 2.0 (the 'License'). You may not use this file except in
compliance with the License. Please obtain a copy of the License at
http://www.opensource.apple.com/apsl/ and read it before using this
file.
The Original Code and all software distributed under the License are
distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
Please see the License for the specific language governing rights and
limitations under the License."
--- NEW FILE testcms.sh ---
#!/bin/sh
# usage: point LOCAL_BUILD_DIR to your build folder, insert a card
# and run this script
echo $PATH | fgrep -q "${LOCAL_BUILD_DIR}:" || PATH=${LOCAL_BUILD_DIR}:$PATH
SECURITY=`which security`
HOME=/tmp/test$$
export HOME
mkdir $HOME
cd $HOME
mkdir Library
mkdir Library/Preferences
mkdir Library/Keychains
echo Creating a login.keychain
$SECURITY create -p login login.keychain
echo "listing keychains"
$SECURITY list-keychains
echo "listing default keychain"
$SECURITY default-keychain
echo "Looking for the email address of the first certificate on the card"
if [ "x$EMAIL" == "x" ]; then
EMAIL=`$SECURITY find-certificate | awk -F = '/\"alis\"<blob>/ { addr=$2; gsub(/\"/, "", addr); print addr }'`
if [ "x$EMAIL" == "x" ]; then
echo "No certificate with an email address found."
exit 1
fi
fi
echo "Email addres found: <$EMAIL>"
echo "CONTENT: The secret and possibly signed content." > content.txt
echo "Creating a signed cms message."
$SECURITY cms -S -N "$EMAIL" -i content.txt -o signed.cms
echo "Verifying the signed cms message."
$SECURITY cms -D -i signed.cms -h0
echo "Creating an encrypted cms message."
$SECURITY cms -E -r "$EMAIL" -i content.txt -o encrypted.cms
echo "Decrypting the message."
$SECURITY cms -D -i encrypted.cms
#echo "Exporting the identity to pkcs12."
#$SECURITY export -f pkcs12 -t identities -p -P testcms -o identity.p12
# arch-tag: D00EE88A-08E5-11D9-B1C3-000A9595DEEE
--- NEW FILE testssl.sh ---
#!/bin/sh
SECURITY=${SECURITY:=security}
EMAIL=${EMAIL:=$USER@apple.com}
SSLVIEW=${SSLVIEW:=sslViewer}
SERVER=${SERVER:=hurljo3.apple.com}
HOME=/tmp/test$$
mkdir $HOME
cd $HOME
mkdir Library
mkdir Library/Preferences
mkdir Library/Keychains
echo Creating a login.keychain
$SECURITY create -p login login.keychain
echo "listing keychains"
$SECURITY list-keychains
echo "listing default keychain"
$SECURITY default-keychain
echo "CONTENT: The secret and possibly signed content." > content.txt
echo "Connecting to SSL Test server " $SERVER
$SSLVIEW $SERVER r c P=4443 V 3 a
# arch-tag: 51571215-09B6-11D9-8D4F-000A95C4302E
16 years, 3 months
[Fedora-directory-commits] esc/mac/Tokend-30557/CoolKey/mds coolkey_csp_capabilities.mdsinfo, NONE, 1.1 coolkey_csp_capabilities_common.mds, NONE, 1.1 coolkey_csp_primary.mdsinfo, NONE, 1.1 coolkey_dl_primary.mdsinfo, NONE, 1.1 coolkey_smartcard.mdsinfo, NONE, 1.1
by Doctor Conrad
Author: jmagne
Update of /cvs/dirsec/esc/mac/Tokend-30557/CoolKey/mds
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31436/CoolKey/mds
Added Files:
coolkey_csp_capabilities.mdsinfo
coolkey_csp_capabilities_common.mds
coolkey_csp_primary.mdsinfo coolkey_dl_primary.mdsinfo
coolkey_smartcard.mdsinfo
Log Message:
Initial revision
--- NEW FILE coolkey_csp_capabilities.mdsinfo ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
<plist version="0.9">
<dict>
<key>Capabilities</key>
<string>file:coolkey_csp_capabilities_common.mds</string>
<key>MdsFileDescription</key>
<string>CoolKey Token CSPDL CSP Capabilities</string>
<key>MdsFileType</key>
<string>PluginSpecific</string>
<key>MdsRecordType</key>
<string>MDS_CDSADIR_CSP_CAPABILITY_RECORDTYPE</string>
</dict>
</plist>
--- NEW FILE coolkey_csp_capabilities_common.mds ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<array>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_SHA1</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_OUTPUT_SIZE</string>
<key>AttributeValue</key>
<integer>20</integer>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_DIGEST</string>
<key>Description</key>
<string>SHA1 Digest</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_MD5</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_OUTPUT_SIZE</string>
<key>AttributeValue</key>
<integer>16</integer>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_DIGEST</string>
<key>Description</key>
<string>MD5 Digest</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_MD2</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_OUTPUT_SIZE</string>
<key>AttributeValue</key>
<integer>16</integer>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_DIGEST</string>
<key>Description</key>
<string>MD2 Digest</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_RSA</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_NONE</string>
<key>AttributeValue</key>
<array/>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_KEYGEN</string>
<key>Description</key>
<string>RSA Key Pair Generation</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_DES</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_KEY_LENGTH</string>
<key>AttributeValue</key>
<integer>64</integer>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_KEYGEN</string>
<key>Description</key>
<string>DES Key Generation</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_3DES_3KEY</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_KEY_LENGTH</string>
<key>AttributeValue</key>
<integer>192</integer>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_KEYGEN</string>
<key>Description</key>
<string>3DES Key Generation</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_RC2</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_NONE</string>
<key>AttributeValue</key>
<array/>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_KEYGEN</string>
<key>Description</key>
<string>RC2 Key Generation</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_RC4</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_NONE</string>
<key>AttributeValue</key>
<array/>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_KEYGEN</string>
<key>Description</key>
<string>RC4 Key Generation</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_RC5</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_NONE</string>
<key>AttributeValue</key>
<array/>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_KEYGEN</string>
<key>Description</key>
<string>RC5 Key Generation</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_CAST</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_NONE</string>
<key>New item</key>
<array/>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_KEYGEN</string>
<key>Description</key>
<string>CAST Key Generation</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_BLOWFISH</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_NONE</string>
<key>AttributeValue</key>
<array/>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_KEYGEN</string>
<key>Description</key>
<string>Blowfish Key Generation</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_SHA1HMAC</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_NONE</string>
<key>AttributeValue</key>
<array/>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_KEYGEN</string>
<key>Description</key>
<string>SHA1HMAC Key Generation</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_MD5HMAC</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_NONE</string>
<key>AttributeValue</key>
<array/>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_KEYGEN</string>
<key>Description</key>
<string>MD5HMAC Key Generation</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_AES</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_KEY_LENGTH</string>
<key>AttributeValue</key>
<array>
<integer>128</integer>
<integer>192</integer>
<integer>256</integer>
</array>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_KEYGEN</string>
<key>Description</key>
<string>AES Key Generation</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_ASC</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_NONE</string>
<key>AttributeValue</key>
<array/>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_KEYGEN</string>
<key>Description</key>
<string>ASC Key Generation</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_FEE</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_KEY_LENGTH</string>
<key>AttributeValue</key>
<array>
<integer>31</integer>
<integer>127</integer>
<integer>128</integer>
<integer>161</integer>
<integer>192</integer>
</array>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_KEYGEN</string>
<key>Description</key>
<string>FEE Key Pair Generation</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_DSA</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_NONE</string>
<key>AttributeValue</key>
<array/>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_KEYGEN</string>
<key>Description</key>
<string>DSA Key Pair Generation</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_PKCS5_PBKDF2</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_NONE</string>
<key>AttributeValue</key>
<array/>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_DERIVEKEY</string>
<key>Description</key>
<string>PKCS5 Key Derivation</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_PKCS5_PBKDF1_MD5</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_NONE</string>
<key>AttributeValue</key>
<array/>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_DERIVEKEY</string>
<key>Description</key>
<string>PKCS5 PBKDF1 MD5 Key Derivation</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_PKCS5_PBKDF1_MD2</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_NONE</string>
<key>AttributeValue</key>
<array/>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_DERIVEKEY</string>
<key>Description</key>
<string>PKCS5 PBKDF1 MD2 Key Derivation</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_PKCS5_PBKDF1_SHA1</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_NONE</string>
<key>AttributeValue</key>
<array/>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_DERIVEKEY</string>
<key>Description</key>
<string>PKCS5 PBKDF1 SHA1 Key Derivation</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_DES</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_MODE</string>
<key>AttributeValue</key>
<array>
<integer>2</integer>
<integer>3</integer>
<integer>5</integer>
<integer>6</integer>
</array>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_SYMMETRIC</string>
<key>Description</key>
<string>DES Encryption</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_3DES_3KEY_EDE</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_MODE</string>
<key>AttributeValue</key>
<array>
<integer>2</integer>
<integer>3</integer>
<integer>5</integer>
<integer>6</integer>
</array>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_SYMMETRIC</string>
<key>Description</key>
<string>3DES EDE Encryption</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_AES</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_MODE</string>
<key>AttributeValue</key>
<array>
<integer>2</integer>
<integer>3</integer>
<integer>5</integer>
<integer>6</integer>
</array>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_SYMMETRIC</string>
<key>Description</key>
<string>AES Encryption</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_RC4</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_MODE</string>
<key>AttributeValue</key>
<array>
<integer>0</integer>
</array>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_SYMMETRIC</string>
<key>Description</key>
<string>RC4 Encryption</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_RC5</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_MODE</string>
<key>AttributeValue</key>
<array>
<integer>2</integer>
<integer>3</integer>
<integer>5</integer>
<integer>6</integer>
</array>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_SYMMETRIC</string>
<key>Description</key>
<string>RC5 Encryption</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_BLOWFISH</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_MODE</string>
<key>AttributeValue</key>
<array>
<integer>2</integer>
<integer>3</integer>
<integer>5</integer>
<integer>6</integer>
</array>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_SYMMETRIC</string>
<key>Description</key>
<string>Blowfish Encryption</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_CAST</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_MODE</string>
<key>AttributeValue</key>
<array>
<integer>2</integer>
<integer>3</integer>
<integer>5</integer>
<integer>6</integer>
</array>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_SYMMETRIC</string>
<key>Description</key>
<string>CAST Encryption</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_RSA</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_NONE</string>
<key>AttributeValue</key>
<array/>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_ASYMMETRIC</string>
<key>Description</key>
<string>RSA Encryption</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_FEEDEXP</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_NONE</string>
<key>AttributeValue</key>
<array/>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_ASYMMETRIC</string>
<key>Description</key>
<string>FEEDExp Encryption</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_FEED</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_NONE</string>
<key>AttributeValue</key>
<array/>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_ASYMMETRIC</string>
<key>Description</key>
<string>FEED Encryption</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_SHA1WithRSA</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_NONE</string>
<key>AttributeValue</key>
<array/>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_SIGNATURE</string>
<key>Description</key>
<string>SHA1 With RSA Signature</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_MD5WithRSA</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_NONE</string>
<key>AttributeValue</key>
<array/>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_SIGNATURE</string>
<key>Description</key>
<string>MD5 With RSA Signature</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_MD2WithRSA</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_NONE</string>
<key>AttributeValue</key>
<array/>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_SIGNATURE</string>
<key>Description</key>
<string>MD2 With RSA Signature</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_RSA</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_NONE</string>
<key>AttributeValue</key>
<array/>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_SIGNATURE</string>
<key>Description</key>
<string>Raw RSA Signature</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_SHA1WithDSA</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_NONE</string>
<key>AttributeValue</key>
<array/>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_SIGNATURE</string>
<key>Description</key>
<string>SHA1 With DSA Signature</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_DSA</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_NONE</string>
<key>AttributeValue</key>
<array/>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_SIGNATURE</string>
<key>Description</key>
<string>Raw DSA Signature</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_FEE_MD5</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_NONE</string>
<key>AttributeValue</key>
<array/>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_SIGNATURE</string>
<key>Description</key>
<string>MD5 with FEE Signature</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_FEE_SHA1</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_NONE</string>
<key>AttributeValue</key>
<array/>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_SIGNATURE</string>
<key>Description</key>
<string>SHA1 with FEE Signature</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_FEE</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_NONE</string>
<key>AttributeValue</key>
<array/>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_SIGNATURE</string>
<key>Description</key>
<string>Raw FEE Signature</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_SHA1WithECDSA</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_NONE</string>
<key>AttributeValue</key>
<array/>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_SIGNATURE</string>
<key>Description</key>
<string>SHA1 with ECDSA Signature</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_ECDSA</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_NONE</string>
<key>AttributeValue</key>
<array/>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_SIGNATURE</string>
<key>Description</key>
<string>Raw ECDSA Signature</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_SHA1HMAC</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_OUTPUT_SIZE</string>
<key>AttributeValue</key>
<integer>20</integer>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_MAC</string>
<key>Description</key>
<string>SHA1HMAC MAC</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_SHA1HMAC_LEGACY</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_OUTPUT_SIZE</string>
<key>AttributeValue</key>
<integer>20</integer>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_MAC</string>
<key>Description</key>
<string>SHA1HMAC MAC Legacy</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
<dict>
<key>AlgType</key>
<string>CSSM_ALGID_APPLE_YARROW</string>
<key>Attributes</key>
<array>
<dict>
<key>AttributeType</key>
<string>CSSM_ATTRIBUTE_NONE</string>
<key>AttributeValue</key>
<array/>
</dict>
</array>
<key>ContextType</key>
<string>CSSM_ALGCLASS_RANDOMGEN</string>
<key>Description</key>
<string>Yarrow PRNG</string>
<key>UseeTag</key>
<string>CSSM_USEE_NONE</string>
</dict>
</array>
</plist>
--- NEW FILE coolkey_csp_primary.mdsinfo ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
<plist version="0.9">
<dict>
<key>AclSubjectTypes</key>
<array>
<string>CSSM_ACL_SUBJECT_TYPE_PASSWORD</string>
<string>CSSM_ACL_SUBJECT_TYPE_PROMPTED_PASSWORD</string>
<string>CSSM_ACL_SUBJECT_TYPE_PROTECTED_PASSWORD</string>
</array>
<key>AuthTags</key>
<!-- @@@ complete this -->
<array>
<string>CSSM_ACL_AUTHORIZATION_ANY</string>
</array>
<key>CspCustomFlags</key>
<integer>0</integer>
<key>CspFlags</key>
<!-- @@@ dynamic -->
<string>CSSM_CSP_STORES_PRIVATE_KEYS | CSSM_CSP_STORES_PUBLIC_KEYS | CSSM_CSP_STORES_CERTIFICATES | CSSM_CSP_STORES_GENERIC</string>
<key>CspType</key>
<string>CSSM_CSP_HARDWARE</string>
<key>MdsFileDescription</key>
<string>Token CSPDL CSP Primary info</string>
<key>MdsFileType</key>
<string>PluginSpecific</string>
<key>MdsRecordType</key>
<string>MDS_CDSADIR_CSP_PRIMARY_RECORDTYPE</string>
<key>ModuleName</key>
<string>AppleSDCSPDL</string>
<key>ProductVersion</key>
<string>0.1</string>
<key>SampleTypes</key>
<array>
<string>CSSM_SAMPLE_TYPE_PASSWORD</string>
<string>CSSM_SAMPLE_TYPE_PROMPTED_PASSWORD</string>
<string>CSSM_SAMPLE_TYPE_PROTECTED_PASSWORD</string>
</array>
<key>UseeTags</key>
<array/>
<key>Vendor</key>
<string>Apple Computer, Inc.</string>
</dict>
</plist>
--- NEW FILE coolkey_dl_primary.mdsinfo ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
<plist version="0.9">
<dict>
<key>AclSubjectTypes</key>
<array>
<string>CSSM_ACL_SUBJECT_TYPE_PASSWORD</string>
<string>CSSM_ACL_SUBJECT_TYPE_PROMPTED_PASSWORD</string>
<string>CSSM_ACL_SUBJECT_TYPE_PROTECTED_PASSWORD</string>
</array>
<key>AuthTags</key>
<array>
<!-- @@@ complete this -->
<string>CSSM_ACL_AUTHORIZATION_ANY</string>
</array>
<key>ConjunctiveOps</key>
<array>
<string>CSSM_DB_NONE</string>
<string>CSSM_DB_AND</string>
<string>CSSM_DB_OR</string>
</array>
<key>DLType</key>
<string>CSSM_DL_FFS</string>
<key>MdsFileDescription</key>
<string>Token CSPDL DL Primary info</string>
<key>MdsFileType</key>
<string>PluginSpecific</string>
<key>MdsRecordType</key>
<string>MDS_CDSADIR_DL_PRIMARY_RECORDTYPE</string>
<key>ModuleName</key>
<string>AppleSDCSPDL</string>
<key>ProductVersion</key>
<string>0.1</string>
<key>QueryLimitsFlag</key>
<integer>0</integer>
<key>RelationalOps</key>
<array>
<string>CSSM_DB_EQUAL</string>
<string>CSSM_DB_LESS_THAN</string>
<string>CSSM_DB_GREATER_THAN</string>
<string>CSSM_DB_CONTAINS_FINAL_SUBSTRING</string>
<string>CSSM_DB_CONTAINS_INITIAL_SUBSTRING</string>
<string>CSSM_DB_CONTAINS</string>
<string></string>
</array>
<key>SampleTypes</key>
<array>
<string>CSSM_SAMPLE_TYPE_PASSWORD</string>
<string>CSSM_SAMPLE_TYPE_PROMPTED_PASSWORD</string>
<string>CSSM_SAMPLE_TYPE_PROTECTED_PASSWORD</string>
</array>
<key>Vendor</key>
<string>Apple Computer, Inc.</string>
</dict>
</plist>
--- NEW FILE coolkey_smartcard.mdsinfo ---
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
<plist version="0.9">
<dict>
<key>MdsFileDescription</key>
<string>SD/CSPDL Generic Smartcard Information</string>
<key>MdsRecordType</key>
<string>MDS_CDSADIR_CSP_SC_INFO_RECORDTYPE</string>
<key>MdsFileType</key>
<string>PluginSpecific</string>
<key>ScVendor</key>
<string>Generic</string>
<key>ScVersion</key>
<string>unknown</string>
<key>ScFirmwareVersion</key>
<string>unknown</string>
<key>ScFlags</key> <!-- @@@ dynamic -->
<integer>0</integer>
<key>ScCustomFlags</key>
<integer>0</integer>
</dict>
</plist>
16 years, 3 months