9876 Move crypto2pkcs11_error_number to libcryptoutil
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Igor Kozhukhov <igor@dilos.org>
Reviewed by: Andy Fiddaman <omnios@citrus-it.co.uk>
Reviewed by: C Fraire <cfraire@me.com>
Approved by: Richard Lowe <richlowe@richlowe.net>
diff --git a/usr/src/lib/libcryptoutil/common/cryptoutil.h b/usr/src/lib/libcryptoutil/common/cryptoutil.h
index 63a3df6..7142055 100644
--- a/usr/src/lib/libcryptoutil/common/cryptoutil.h
+++ b/usr/src/lib/libcryptoutil/common/cryptoutil.h
@@ -23,6 +23,7 @@
/*
* Copyright 2010 Nexenta Systems, Inc. All rights reserved.
* Copyright 2014, OmniTI Computer Consulting, Inc. All rights reserved.
+ * Copyright 2018, Joyent, Inc.
*/
#ifndef _CRYPTOUTIL_H
@@ -107,7 +108,7 @@
boolean_t flag_metaslot_auto_key_migrate;
CK_UTF8CHAR metaslot_ks_slot[SLOT_DESCRIPTION_SIZE + 1];
CK_UTF8CHAR metaslot_ks_token[TOKEN_LABEL_SIZE + 1];
- int count;
+ int count;
boolean_t flag_fips_enabled;
} uentry_t;
@@ -227,6 +228,8 @@
extern int pkcs11_parse_uri(const char *str, pkcs11_uri_t *uri);
extern void pkcs11_free_uri(pkcs11_uri_t *uri);
+extern CK_RV crypto2pkcs11_error_number(uint_t);
+
#ifdef __cplusplus
}
#endif
diff --git a/usr/src/lib/libcryptoutil/common/mapfile-vers b/usr/src/lib/libcryptoutil/common/mapfile-vers
index c7f2576..1b7d788 100644
--- a/usr/src/lib/libcryptoutil/common/mapfile-vers
+++ b/usr/src/lib/libcryptoutil/common/mapfile-vers
@@ -20,6 +20,7 @@
#
# Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
# Copyright 2014, OmniTI Computer Consulting Inc. All rights reserved.
+# Copyright 2018, Joyent, Inc.
#
#
@@ -41,6 +42,7 @@
SYMBOL_VERSION SUNWprivate {
global:
create_umech;
+ crypto2pkcs11_error_number;
cryptodebug;
cryptodebug_init;
cryptoerror;
diff --git a/usr/src/lib/libcryptoutil/common/util.c b/usr/src/lib/libcryptoutil/common/util.c
index 6fbf175..e7368dc 100644
--- a/usr/src/lib/libcryptoutil/common/util.c
+++ b/usr/src/lib/libcryptoutil/common/util.c
@@ -21,14 +21,111 @@
/*
* Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
+ * Copyright 2018, Joyent, Inc.
*/
-#pragma ident "%Z%%M% %I% %E% SMI"
-
#include <cryptoutil.h>
#include <strings.h>
#include <stdio.h>
#include <tzfile.h>
+#include <sys/crypto/common.h>
+
+/*
+ * In order to fit everything on one line, the 'CRYPTO_' prefix
+ * has been dropped from the KCF #defines, e.g.
+ * CRYPTO_SUCCESS becomes SUCCESS.
+ */
+
+static CK_RV error_number_table[CRYPTO_LAST_ERROR + 1] = {
+CKR_OK, /* SUCCESS */
+CKR_CANCEL, /* CANCEL */
+CKR_HOST_MEMORY, /* HOST_MEMORY */
+CKR_GENERAL_ERROR, /* GENERAL_ERROR */
+CKR_FUNCTION_FAILED, /* FAILED */
+CKR_ARGUMENTS_BAD, /* ARGUMENTS_BAD */
+CKR_ATTRIBUTE_READ_ONLY, /* ATTRIBUTE_READ_ONLY */
+CKR_ATTRIBUTE_SENSITIVE, /* ATTRIBUTE_SENSITIVE */
+CKR_ATTRIBUTE_TYPE_INVALID, /* ATTRIBUTE_TYPE_INVALID */
+CKR_ATTRIBUTE_VALUE_INVALID, /* ATTRIBUTE_VALUE_INVALID */
+CKR_FUNCTION_FAILED, /* CANCELED */
+CKR_DATA_INVALID, /* DATA_INVALID */
+CKR_DATA_LEN_RANGE, /* DATA_LEN_RANGE */
+CKR_DEVICE_ERROR, /* DEVICE_ERROR */
+CKR_DEVICE_MEMORY, /* DEVICE_MEMORY */
+CKR_DEVICE_REMOVED, /* DEVICE_REMOVED */
+CKR_ENCRYPTED_DATA_INVALID, /* ENCRYPTED_DATA_INVALID */
+CKR_ENCRYPTED_DATA_LEN_RANGE, /* ENCRYPTED_DATA_LEN_RANGE */
+CKR_KEY_HANDLE_INVALID, /* KEY_HANDLE_INVALID */
+CKR_KEY_SIZE_RANGE, /* KEY_SIZE_RANGE */
+CKR_KEY_TYPE_INCONSISTENT, /* KEY_TYPE_INCONSISTENT */
+CKR_KEY_NOT_NEEDED, /* KEY_NOT_NEEDED */
+CKR_KEY_CHANGED, /* KEY_CHANGED */
+CKR_KEY_NEEDED, /* KEY_NEEDED */
+CKR_KEY_INDIGESTIBLE, /* KEY_INDIGESTIBLE */
+CKR_KEY_FUNCTION_NOT_PERMITTED, /* KEY_FUNCTION_NOT_PERMITTED */
+CKR_KEY_NOT_WRAPPABLE, /* KEY_NOT_WRAPPABLE */
+CKR_KEY_UNEXTRACTABLE, /* KEY_UNEXTRACTABLE */
+CKR_MECHANISM_INVALID, /* MECHANISM_INVALID */
+CKR_MECHANISM_PARAM_INVALID, /* MECHANISM_PARAM_INVALID */
+CKR_OBJECT_HANDLE_INVALID, /* OBJECT_HANDLE_INVALID */
+CKR_OPERATION_ACTIVE, /* OPERATION_ACTIVE */
+CKR_OPERATION_NOT_INITIALIZED, /* OPERATION_NOT_INITIALIZED */
+CKR_PIN_INCORRECT, /* PIN_INCORRECT */
+CKR_PIN_INVALID, /* PIN_INVALID */
+CKR_PIN_LEN_RANGE, /* PIN_LEN_RANGE */
+CKR_PIN_EXPIRED, /* PIN_EXPIRED */
+CKR_PIN_LOCKED, /* PIN_LOCKED */
+CKR_SESSION_CLOSED, /* SESSION_CLOSED */
+CKR_SESSION_COUNT, /* SESSION_COUNT */
+CKR_SESSION_HANDLE_INVALID, /* SESSION_HANDLE_INVALID */
+CKR_SESSION_READ_ONLY, /* SESSION_READ_ONLY */
+CKR_SESSION_EXISTS, /* SESSION_EXISTS */
+CKR_SESSION_READ_ONLY_EXISTS, /* SESSION_READ_ONLY_EXISTS */
+CKR_SESSION_READ_WRITE_SO_EXISTS, /* SESSION_READ_WRITE_SO_EXISTS */
+CKR_SIGNATURE_INVALID, /* SIGNATURE_INVALID */
+CKR_SIGNATURE_LEN_RANGE, /* SIGNATURE_LEN_RANGE */
+CKR_TEMPLATE_INCOMPLETE, /* TEMPLATE_INCOMPLETE */
+CKR_TEMPLATE_INCONSISTENT, /* TEMPLATE_INCONSISTENT */
+CKR_UNWRAPPING_KEY_HANDLE_INVALID, /* UNWRAPPING_KEY_HANDLE_INVALID */
+CKR_UNWRAPPING_KEY_SIZE_RANGE, /* UNWRAPPING_KEY_SIZE_RANGE */
+CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, /* UNWRAPPING_KEY_TYPE_INCONSISTENT */
+CKR_USER_ALREADY_LOGGED_IN, /* USER_ALREADY_LOGGED_IN */
+CKR_USER_NOT_LOGGED_IN, /* USER_NOT_LOGGED_IN */
+CKR_USER_PIN_NOT_INITIALIZED, /* USER_PIN_NOT_INITIALIZED */
+CKR_USER_TYPE_INVALID, /* USER_TYPE_INVALID */
+CKR_USER_ANOTHER_ALREADY_LOGGED_IN, /* USER_ANOTHER_ALREADY_LOGGED_IN */
+CKR_USER_TOO_MANY_TYPES, /* USER_TOO_MANY_TYPES */
+CKR_WRAPPED_KEY_INVALID, /* WRAPPED_KEY_INVALID */
+CKR_WRAPPED_KEY_LEN_RANGE, /* WRAPPED_KEY_LEN_RANGE */
+CKR_WRAPPING_KEY_HANDLE_INVALID, /* WRAPPING_KEY_HANDLE_INVALID */
+CKR_WRAPPING_KEY_SIZE_RANGE, /* WRAPPING_KEY_SIZE_RANGE */
+CKR_WRAPPING_KEY_TYPE_INCONSISTENT, /* WRAPPING_KEY_TYPE_INCONSISTENT */
+CKR_RANDOM_SEED_NOT_SUPPORTED, /* RANDOM_SEED_NOT_SUPPORTED */
+CKR_RANDOM_NO_RNG, /* RANDOM_NO_RNG */
+CKR_DOMAIN_PARAMS_INVALID, /* DOMAIN_PARAMS_INVALID */
+CKR_BUFFER_TOO_SMALL, /* BUFFER_TOO_SMALL */
+CKR_INFORMATION_SENSITIVE, /* INFORMATION_SENSITIVE */
+CKR_FUNCTION_NOT_SUPPORTED, /* NOT_SUPPORTED */
+CKR_GENERAL_ERROR, /* QUEUED */
+CKR_GENERAL_ERROR, /* BUFFER_TOO_BIG */
+CKR_OPERATION_NOT_INITIALIZED, /* INVALID_CONTEXT */
+CKR_GENERAL_ERROR, /* INVALID_MAC */
+CKR_GENERAL_ERROR, /* MECH_NOT_SUPPORTED */
+CKR_GENERAL_ERROR, /* INCONSISTENT_ATTRIBUTE */
+CKR_GENERAL_ERROR, /* NO_PERMISSION */
+CKR_SLOT_ID_INVALID, /* INVALID_PROVIDER_ID */
+CKR_GENERAL_ERROR, /* VERSION_MISMATCH */
+CKR_GENERAL_ERROR, /* BUSY */
+CKR_GENERAL_ERROR, /* UNKNOWN_PROVIDER */
+CKR_GENERAL_ERROR, /* MODVERIFICATION_FAILED */
+CKR_GENERAL_ERROR, /* OLD_CTX_TEMPLATE */
+CKR_GENERAL_ERROR, /* WEAK_KEY */
+CKR_GENERAL_ERROR /* FIPS140_ERROR */
+};
+
+#if CRYPTO_LAST_ERROR != CRYPTO_FIPS140_ERROR
+#error "Crypto to PKCS11 error mapping table needs to be updated!"
+#endif
/*
* This function returns a fullpath based on the "dir" and "filepath" input
@@ -96,16 +193,16 @@
return (-1);
if (!strcasecmp(timetok, "second") ||
- !strcasecmp(timetok, "seconds")) {
+ !strcasecmp(timetok, "seconds")) {
*ltime = num;
} else if (!strcasecmp(timetok, "minute") ||
- !strcasecmp(timetok, "minutes")) {
+ !strcasecmp(timetok, "minutes")) {
*ltime = num * SECSPERMIN;
} else if (!strcasecmp(timetok, "day") ||
!strcasecmp(timetok, "days")) {
*ltime = num * SECSPERDAY;
} else if (!strcasecmp(timetok, "hour") ||
- !strcasecmp(timetok, "hours")) {
+ !strcasecmp(timetok, "hours")) {
*ltime = num * SECSPERHOUR;
} else {
*ltime = 0;
@@ -114,3 +211,15 @@
return (0);
}
+
+/*
+ * Map KCF error codes into PKCS11 error codes.
+ */
+CK_RV
+crypto2pkcs11_error_number(uint_t n)
+{
+ if (n >= sizeof (error_number_table) / sizeof (error_number_table[0]))
+ return (CKR_GENERAL_ERROR);
+
+ return (error_number_table[n]);
+}
diff --git a/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelGlobal.h b/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelGlobal.h
index 3211018..8cad200 100644
--- a/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelGlobal.h
+++ b/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelGlobal.h
@@ -21,6 +21,7 @@
/*
* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
+ * Copyright 2018, Joyent, Inc.
*/
#ifndef _KERNELGLOBAL_H
@@ -33,6 +34,7 @@
#include <sys/crypto/common.h>
#include <security/cryptoki.h>
#include <security/pkcs11t.h>
+#include <cryptoutil.h>
#include "kernelObject.h"
typedef struct kmh_elem {
@@ -70,7 +72,6 @@
(m) == CKM_DES3_ECB || (m) == CKM_DES3_CBC || (m) == CKM_AES_ECB || \
(m) == CKM_AES_CBC || (m) == CKM_RC4 || (m) == CKM_BLOWFISH_CBC)
-CK_RV crypto2pkcs11_error_number(uint_t);
CK_RV kernel_mech(CK_MECHANISM_TYPE, crypto_mech_type_t *);
unsigned char *get_symmetric_key_value(kernel_object_t *);
CK_RV get_rsa_public_key(kernel_object_t *, crypto_key_t *);
diff --git a/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelUtil.c b/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelUtil.c
index b9921e6..670a6c7 100644
--- a/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelUtil.c
+++ b/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelUtil.c
@@ -44,115 +44,6 @@
cur_attr++; \
}
-/*
- * In order to fit everything on one line, the 'CRYPTO_' prefix
- * has been dropped from the KCF #defines, e.g.
- * CRYPTO_SUCCESS becomes SUCCESS.
- */
-
-static CK_RV error_number_table[CRYPTO_LAST_ERROR+1] = {
-CKR_OK, /* SUCCESS */
-CKR_CANCEL, /* CANCEL */
-CKR_HOST_MEMORY, /* HOST_MEMORY */
-CKR_GENERAL_ERROR, /* GENERAL_ERROR */
-CKR_FUNCTION_FAILED, /* FAILED */
-CKR_ARGUMENTS_BAD, /* ARGUMENTS_BAD */
-CKR_ATTRIBUTE_READ_ONLY, /* ATTRIBUTE_READ_ONLY */
-CKR_ATTRIBUTE_SENSITIVE, /* ATTRIBUTE_SENSITIVE */
-CKR_ATTRIBUTE_TYPE_INVALID, /* ATTRIBUTE_TYPE_INVALID */
-CKR_ATTRIBUTE_VALUE_INVALID, /* ATTRIBUTE_VALUE_INVALID */
-CKR_FUNCTION_FAILED, /* CANCELED */
-CKR_DATA_INVALID, /* DATA_INVALID */
-CKR_DATA_LEN_RANGE, /* DATA_LEN_RANGE */
-CKR_DEVICE_ERROR, /* DEVICE_ERROR */
-CKR_DEVICE_MEMORY, /* DEVICE_MEMORY */
-CKR_DEVICE_REMOVED, /* DEVICE_REMOVED */
-CKR_ENCRYPTED_DATA_INVALID, /* ENCRYPTED_DATA_INVALID */
-CKR_ENCRYPTED_DATA_LEN_RANGE, /* ENCRYPTED_DATA_LEN_RANGE */
-CKR_KEY_HANDLE_INVALID, /* KEY_HANDLE_INVALID */
-CKR_KEY_SIZE_RANGE, /* KEY_SIZE_RANGE */
-CKR_KEY_TYPE_INCONSISTENT, /* KEY_TYPE_INCONSISTENT */
-CKR_KEY_NOT_NEEDED, /* KEY_NOT_NEEDED */
-CKR_KEY_CHANGED, /* KEY_CHANGED */
-CKR_KEY_NEEDED, /* KEY_NEEDED */
-CKR_KEY_INDIGESTIBLE, /* KEY_INDIGESTIBLE */
-CKR_KEY_FUNCTION_NOT_PERMITTED, /* KEY_FUNCTION_NOT_PERMITTED */
-CKR_KEY_NOT_WRAPPABLE, /* KEY_NOT_WRAPPABLE */
-CKR_KEY_UNEXTRACTABLE, /* KEY_UNEXTRACTABLE */
-CKR_MECHANISM_INVALID, /* MECHANISM_INVALID */
-CKR_MECHANISM_PARAM_INVALID, /* MECHANISM_PARAM_INVALID */
-CKR_OBJECT_HANDLE_INVALID, /* OBJECT_HANDLE_INVALID */
-CKR_OPERATION_ACTIVE, /* OPERATION_ACTIVE */
-CKR_OPERATION_NOT_INITIALIZED, /* OPERATION_NOT_INITIALIZED */
-CKR_PIN_INCORRECT, /* PIN_INCORRECT */
-CKR_PIN_INVALID, /* PIN_INVALID */
-CKR_PIN_LEN_RANGE, /* PIN_LEN_RANGE */
-CKR_PIN_EXPIRED, /* PIN_EXPIRED */
-CKR_PIN_LOCKED, /* PIN_LOCKED */
-CKR_SESSION_CLOSED, /* SESSION_CLOSED */
-CKR_SESSION_COUNT, /* SESSION_COUNT */
-CKR_SESSION_HANDLE_INVALID, /* SESSION_HANDLE_INVALID */
-CKR_SESSION_READ_ONLY, /* SESSION_READ_ONLY */
-CKR_SESSION_EXISTS, /* SESSION_EXISTS */
-CKR_SESSION_READ_ONLY_EXISTS, /* SESSION_READ_ONLY_EXISTS */
-CKR_SESSION_READ_WRITE_SO_EXISTS, /* SESSION_READ_WRITE_SO_EXISTS */
-CKR_SIGNATURE_INVALID, /* SIGNATURE_INVALID */
-CKR_SIGNATURE_LEN_RANGE, /* SIGNATURE_LEN_RANGE */
-CKR_TEMPLATE_INCOMPLETE, /* TEMPLATE_INCOMPLETE */
-CKR_TEMPLATE_INCONSISTENT, /* TEMPLATE_INCONSISTENT */
-CKR_UNWRAPPING_KEY_HANDLE_INVALID, /* UNWRAPPING_KEY_HANDLE_INVALID */
-CKR_UNWRAPPING_KEY_SIZE_RANGE, /* UNWRAPPING_KEY_SIZE_RANGE */
-CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, /* UNWRAPPING_KEY_TYPE_INCONSISTENT */
-CKR_USER_ALREADY_LOGGED_IN, /* USER_ALREADY_LOGGED_IN */
-CKR_USER_NOT_LOGGED_IN, /* USER_NOT_LOGGED_IN */
-CKR_USER_PIN_NOT_INITIALIZED, /* USER_PIN_NOT_INITIALIZED */
-CKR_USER_TYPE_INVALID, /* USER_TYPE_INVALID */
-CKR_USER_ANOTHER_ALREADY_LOGGED_IN, /* USER_ANOTHER_ALREADY_LOGGED_IN */
-CKR_USER_TOO_MANY_TYPES, /* USER_TOO_MANY_TYPES */
-CKR_WRAPPED_KEY_INVALID, /* WRAPPED_KEY_INVALID */
-CKR_WRAPPED_KEY_LEN_RANGE, /* WRAPPED_KEY_LEN_RANGE */
-CKR_WRAPPING_KEY_HANDLE_INVALID, /* WRAPPING_KEY_HANDLE_INVALID */
-CKR_WRAPPING_KEY_SIZE_RANGE, /* WRAPPING_KEY_SIZE_RANGE */
-CKR_WRAPPING_KEY_TYPE_INCONSISTENT, /* WRAPPING_KEY_TYPE_INCONSISTENT */
-CKR_RANDOM_SEED_NOT_SUPPORTED, /* RANDOM_SEED_NOT_SUPPORTED */
-CKR_RANDOM_NO_RNG, /* RANDOM_NO_RNG */
-CKR_DOMAIN_PARAMS_INVALID, /* DOMAIN_PARAMS_INVALID */
-CKR_BUFFER_TOO_SMALL, /* BUFFER_TOO_SMALL */
-CKR_INFORMATION_SENSITIVE, /* INFORMATION_SENSITIVE */
-CKR_FUNCTION_NOT_SUPPORTED, /* NOT_SUPPORTED */
-CKR_GENERAL_ERROR, /* QUEUED */
-CKR_GENERAL_ERROR, /* BUFFER_TOO_BIG */
-CKR_OPERATION_NOT_INITIALIZED, /* INVALID_CONTEXT */
-CKR_GENERAL_ERROR, /* INVALID_MAC */
-CKR_GENERAL_ERROR, /* MECH_NOT_SUPPORTED */
-CKR_GENERAL_ERROR, /* INCONSISTENT_ATTRIBUTE */
-CKR_GENERAL_ERROR, /* NO_PERMISSION */
-CKR_SLOT_ID_INVALID, /* INVALID_PROVIDER_ID */
-CKR_GENERAL_ERROR, /* VERSION_MISMATCH */
-CKR_GENERAL_ERROR, /* BUSY */
-CKR_GENERAL_ERROR, /* UNKNOWN_PROVIDER */
-CKR_GENERAL_ERROR, /* MODVERIFICATION_FAILED */
-CKR_GENERAL_ERROR, /* OLD_CTX_TEMPLATE */
-CKR_GENERAL_ERROR, /* WEAK_KEY */
-CKR_GENERAL_ERROR /* FIPS140_ERROR */
-};
-
-#if CRYPTO_LAST_ERROR != CRYPTO_FIPS140_ERROR
-#error "Crypto to PKCS11 error mapping table needs to be updated!"
-#endif
-
-/*
- * Map KCF error codes into PKCS11 error codes.
- */
-CK_RV
-crypto2pkcs11_error_number(uint_t n)
-{
- if (n >= sizeof (error_number_table) / sizeof (error_number_table[0]))
- return (CKR_GENERAL_ERROR);
-
- return (error_number_table[n]);
-}
-
#define MECH_HASH(type) (((uintptr_t)type) % KMECH_HASHTABLE_SIZE)
/*
* Serialize writes to the hash table. We don't need a per bucket lock as