9876 Move crypto2pkcs11_error_number to libcryptoutil
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Igor Kozhukhov <igor@dilos.org>
Reviewed by: Andy Fiddaman <omnios@citrus-it.co.uk>
Reviewed by: C Fraire <cfraire@me.com>
Approved by: Richard Lowe <richlowe@richlowe.net>
diff --git a/usr/src/lib/libcryptoutil/common/cryptoutil.h b/usr/src/lib/libcryptoutil/common/cryptoutil.h
index 63a3df6..7142055 100644
--- a/usr/src/lib/libcryptoutil/common/cryptoutil.h
+++ b/usr/src/lib/libcryptoutil/common/cryptoutil.h
@@ -23,6 +23,7 @@
 /*
  * Copyright 2010 Nexenta Systems, Inc.  All rights reserved.
  * Copyright 2014, OmniTI Computer Consulting, Inc. All rights reserved.
+ * Copyright 2018, Joyent, Inc.
  */
 
 #ifndef _CRYPTOUTIL_H
@@ -107,7 +108,7 @@
 	boolean_t	flag_metaslot_auto_key_migrate;
 	CK_UTF8CHAR	metaslot_ks_slot[SLOT_DESCRIPTION_SIZE + 1];
 	CK_UTF8CHAR	metaslot_ks_token[TOKEN_LABEL_SIZE + 1];
-	int 		count;
+	int		count;
 	boolean_t	flag_fips_enabled;
 } uentry_t;
 
@@ -227,6 +228,8 @@
 extern int pkcs11_parse_uri(const char *str, pkcs11_uri_t *uri);
 extern void pkcs11_free_uri(pkcs11_uri_t *uri);
 
+extern CK_RV crypto2pkcs11_error_number(uint_t);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/usr/src/lib/libcryptoutil/common/mapfile-vers b/usr/src/lib/libcryptoutil/common/mapfile-vers
index c7f2576..1b7d788 100644
--- a/usr/src/lib/libcryptoutil/common/mapfile-vers
+++ b/usr/src/lib/libcryptoutil/common/mapfile-vers
@@ -20,6 +20,7 @@
 #
 # Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
 # Copyright 2014, OmniTI Computer Consulting Inc. All rights reserved.
+# Copyright 2018, Joyent, Inc.
 #
 
 #
@@ -41,6 +42,7 @@
 SYMBOL_VERSION SUNWprivate {
     global:
 	create_umech;
+	crypto2pkcs11_error_number;
 	cryptodebug;
 	cryptodebug_init;
 	cryptoerror;
diff --git a/usr/src/lib/libcryptoutil/common/util.c b/usr/src/lib/libcryptoutil/common/util.c
index 6fbf175..e7368dc 100644
--- a/usr/src/lib/libcryptoutil/common/util.c
+++ b/usr/src/lib/libcryptoutil/common/util.c
@@ -21,14 +21,111 @@
 /*
  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
+ * Copyright 2018, Joyent, Inc.
  */
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #include <cryptoutil.h>
 #include <strings.h>
 #include <stdio.h>
 #include <tzfile.h>
+#include <sys/crypto/common.h>
+
+/*
+ * In order to fit everything on one line, the 'CRYPTO_' prefix
+ * has been dropped from the KCF #defines, e.g.
+ * CRYPTO_SUCCESS becomes SUCCESS.
+ */
+
+static CK_RV error_number_table[CRYPTO_LAST_ERROR + 1] = {
+CKR_OK,					/* SUCCESS */
+CKR_CANCEL,				/* CANCEL */
+CKR_HOST_MEMORY,			/* HOST_MEMORY */
+CKR_GENERAL_ERROR,			/* GENERAL_ERROR */
+CKR_FUNCTION_FAILED,			/* FAILED */
+CKR_ARGUMENTS_BAD,			/* ARGUMENTS_BAD */
+CKR_ATTRIBUTE_READ_ONLY,		/* ATTRIBUTE_READ_ONLY */
+CKR_ATTRIBUTE_SENSITIVE,		/* ATTRIBUTE_SENSITIVE */
+CKR_ATTRIBUTE_TYPE_INVALID,		/* ATTRIBUTE_TYPE_INVALID */
+CKR_ATTRIBUTE_VALUE_INVALID,		/* ATTRIBUTE_VALUE_INVALID */
+CKR_FUNCTION_FAILED,			/* CANCELED */
+CKR_DATA_INVALID,			/* DATA_INVALID */
+CKR_DATA_LEN_RANGE,			/* DATA_LEN_RANGE */
+CKR_DEVICE_ERROR,			/* DEVICE_ERROR */
+CKR_DEVICE_MEMORY,			/* DEVICE_MEMORY */
+CKR_DEVICE_REMOVED,			/* DEVICE_REMOVED */
+CKR_ENCRYPTED_DATA_INVALID,		/* ENCRYPTED_DATA_INVALID */
+CKR_ENCRYPTED_DATA_LEN_RANGE,		/* ENCRYPTED_DATA_LEN_RANGE */
+CKR_KEY_HANDLE_INVALID,			/* KEY_HANDLE_INVALID */
+CKR_KEY_SIZE_RANGE,			/* KEY_SIZE_RANGE */
+CKR_KEY_TYPE_INCONSISTENT,		/* KEY_TYPE_INCONSISTENT */
+CKR_KEY_NOT_NEEDED,			/* KEY_NOT_NEEDED */
+CKR_KEY_CHANGED,			/* KEY_CHANGED */
+CKR_KEY_NEEDED,				/* KEY_NEEDED */
+CKR_KEY_INDIGESTIBLE,			/* KEY_INDIGESTIBLE */
+CKR_KEY_FUNCTION_NOT_PERMITTED,		/* KEY_FUNCTION_NOT_PERMITTED */
+CKR_KEY_NOT_WRAPPABLE,			/* KEY_NOT_WRAPPABLE */
+CKR_KEY_UNEXTRACTABLE,			/* KEY_UNEXTRACTABLE */
+CKR_MECHANISM_INVALID,			/* MECHANISM_INVALID */
+CKR_MECHANISM_PARAM_INVALID,		/* MECHANISM_PARAM_INVALID */
+CKR_OBJECT_HANDLE_INVALID,		/* OBJECT_HANDLE_INVALID */
+CKR_OPERATION_ACTIVE,			/* OPERATION_ACTIVE */
+CKR_OPERATION_NOT_INITIALIZED,		/* OPERATION_NOT_INITIALIZED */
+CKR_PIN_INCORRECT,			/* PIN_INCORRECT */
+CKR_PIN_INVALID,			/* PIN_INVALID */
+CKR_PIN_LEN_RANGE,			/* PIN_LEN_RANGE */
+CKR_PIN_EXPIRED,			/* PIN_EXPIRED */
+CKR_PIN_LOCKED,				/* PIN_LOCKED */
+CKR_SESSION_CLOSED,			/* SESSION_CLOSED */
+CKR_SESSION_COUNT,			/* SESSION_COUNT */
+CKR_SESSION_HANDLE_INVALID,		/* SESSION_HANDLE_INVALID */
+CKR_SESSION_READ_ONLY,			/* SESSION_READ_ONLY */
+CKR_SESSION_EXISTS,			/* SESSION_EXISTS */
+CKR_SESSION_READ_ONLY_EXISTS,		/* SESSION_READ_ONLY_EXISTS */
+CKR_SESSION_READ_WRITE_SO_EXISTS,	/* SESSION_READ_WRITE_SO_EXISTS */
+CKR_SIGNATURE_INVALID,			/* SIGNATURE_INVALID */
+CKR_SIGNATURE_LEN_RANGE,		/* SIGNATURE_LEN_RANGE */
+CKR_TEMPLATE_INCOMPLETE,		/* TEMPLATE_INCOMPLETE */
+CKR_TEMPLATE_INCONSISTENT,		/* TEMPLATE_INCONSISTENT */
+CKR_UNWRAPPING_KEY_HANDLE_INVALID,	/* UNWRAPPING_KEY_HANDLE_INVALID */
+CKR_UNWRAPPING_KEY_SIZE_RANGE,		/* UNWRAPPING_KEY_SIZE_RANGE */
+CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT,	/* UNWRAPPING_KEY_TYPE_INCONSISTENT */
+CKR_USER_ALREADY_LOGGED_IN,		/* USER_ALREADY_LOGGED_IN */
+CKR_USER_NOT_LOGGED_IN,			/* USER_NOT_LOGGED_IN */
+CKR_USER_PIN_NOT_INITIALIZED,		/* USER_PIN_NOT_INITIALIZED */
+CKR_USER_TYPE_INVALID,			/* USER_TYPE_INVALID */
+CKR_USER_ANOTHER_ALREADY_LOGGED_IN,	/* USER_ANOTHER_ALREADY_LOGGED_IN */
+CKR_USER_TOO_MANY_TYPES,		/* USER_TOO_MANY_TYPES */
+CKR_WRAPPED_KEY_INVALID,		/* WRAPPED_KEY_INVALID */
+CKR_WRAPPED_KEY_LEN_RANGE,		/* WRAPPED_KEY_LEN_RANGE */
+CKR_WRAPPING_KEY_HANDLE_INVALID,	/* WRAPPING_KEY_HANDLE_INVALID */
+CKR_WRAPPING_KEY_SIZE_RANGE,		/* WRAPPING_KEY_SIZE_RANGE */
+CKR_WRAPPING_KEY_TYPE_INCONSISTENT,	/* WRAPPING_KEY_TYPE_INCONSISTENT */
+CKR_RANDOM_SEED_NOT_SUPPORTED,		/* RANDOM_SEED_NOT_SUPPORTED */
+CKR_RANDOM_NO_RNG,			/* RANDOM_NO_RNG */
+CKR_DOMAIN_PARAMS_INVALID,		/* DOMAIN_PARAMS_INVALID */
+CKR_BUFFER_TOO_SMALL,			/* BUFFER_TOO_SMALL */
+CKR_INFORMATION_SENSITIVE,		/* INFORMATION_SENSITIVE */
+CKR_FUNCTION_NOT_SUPPORTED,		/* NOT_SUPPORTED */
+CKR_GENERAL_ERROR,			/* QUEUED */
+CKR_GENERAL_ERROR,			/* BUFFER_TOO_BIG */
+CKR_OPERATION_NOT_INITIALIZED,		/* INVALID_CONTEXT */
+CKR_GENERAL_ERROR,			/* INVALID_MAC */
+CKR_GENERAL_ERROR,			/* MECH_NOT_SUPPORTED */
+CKR_GENERAL_ERROR,			/* INCONSISTENT_ATTRIBUTE */
+CKR_GENERAL_ERROR,			/* NO_PERMISSION */
+CKR_SLOT_ID_INVALID,			/* INVALID_PROVIDER_ID */
+CKR_GENERAL_ERROR,			/* VERSION_MISMATCH */
+CKR_GENERAL_ERROR,			/* BUSY */
+CKR_GENERAL_ERROR,			/* UNKNOWN_PROVIDER */
+CKR_GENERAL_ERROR,			/* MODVERIFICATION_FAILED */
+CKR_GENERAL_ERROR,			/* OLD_CTX_TEMPLATE */
+CKR_GENERAL_ERROR,			/* WEAK_KEY */
+CKR_GENERAL_ERROR			/* FIPS140_ERROR */
+};
+
+#if CRYPTO_LAST_ERROR != CRYPTO_FIPS140_ERROR
+#error "Crypto to PKCS11 error mapping table needs to be updated!"
+#endif
 
 /*
  * This function returns a fullpath based on the "dir" and "filepath" input
@@ -96,16 +193,16 @@
 		return (-1);
 
 	if (!strcasecmp(timetok, "second") ||
-		!strcasecmp(timetok, "seconds")) {
+	    !strcasecmp(timetok, "seconds")) {
 		*ltime = num;
 	} else if (!strcasecmp(timetok, "minute") ||
-		!strcasecmp(timetok, "minutes")) {
+	    !strcasecmp(timetok, "minutes")) {
 		*ltime = num * SECSPERMIN;
 	} else if (!strcasecmp(timetok, "day") ||
 	    !strcasecmp(timetok, "days")) {
 		*ltime = num * SECSPERDAY;
 	} else if (!strcasecmp(timetok, "hour") ||
-		!strcasecmp(timetok, "hours")) {
+	    !strcasecmp(timetok, "hours")) {
 		*ltime = num * SECSPERHOUR;
 	} else {
 		*ltime = 0;
@@ -114,3 +211,15 @@
 
 	return (0);
 }
+
+/*
+ * Map KCF error codes into PKCS11 error codes.
+ */
+CK_RV
+crypto2pkcs11_error_number(uint_t n)
+{
+	if (n >= sizeof (error_number_table) / sizeof (error_number_table[0]))
+		return (CKR_GENERAL_ERROR);
+
+	return (error_number_table[n]);
+}
diff --git a/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelGlobal.h b/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelGlobal.h
index 3211018..8cad200 100644
--- a/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelGlobal.h
+++ b/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelGlobal.h
@@ -21,6 +21,7 @@
 /*
  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
+ * Copyright 2018, Joyent, Inc.
  */
 
 #ifndef _KERNELGLOBAL_H
@@ -33,6 +34,7 @@
 #include <sys/crypto/common.h>
 #include <security/cryptoki.h>
 #include <security/pkcs11t.h>
+#include <cryptoutil.h>
 #include "kernelObject.h"
 
 typedef struct kmh_elem {
@@ -70,7 +72,6 @@
 	(m) == CKM_DES3_ECB || (m) == CKM_DES3_CBC || (m) == CKM_AES_ECB || \
 	(m) == CKM_AES_CBC || (m) == CKM_RC4 || (m) == CKM_BLOWFISH_CBC)
 
-CK_RV crypto2pkcs11_error_number(uint_t);
 CK_RV kernel_mech(CK_MECHANISM_TYPE, crypto_mech_type_t *);
 unsigned char *get_symmetric_key_value(kernel_object_t *);
 CK_RV get_rsa_public_key(kernel_object_t *, crypto_key_t *);
diff --git a/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelUtil.c b/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelUtil.c
index b9921e6..670a6c7 100644
--- a/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelUtil.c
+++ b/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelUtil.c
@@ -44,115 +44,6 @@
 	cur_attr++;				\
 }
 
-/*
- * In order to fit everything on one line, the 'CRYPTO_' prefix
- * has been dropped from the KCF #defines, e.g.
- * CRYPTO_SUCCESS becomes SUCCESS.
- */
-
-static CK_RV error_number_table[CRYPTO_LAST_ERROR+1] = {
-CKR_OK,					/* SUCCESS */
-CKR_CANCEL,				/* CANCEL */
-CKR_HOST_MEMORY,			/* HOST_MEMORY */
-CKR_GENERAL_ERROR,			/* GENERAL_ERROR */
-CKR_FUNCTION_FAILED,			/* FAILED */
-CKR_ARGUMENTS_BAD,			/* ARGUMENTS_BAD */
-CKR_ATTRIBUTE_READ_ONLY,		/* ATTRIBUTE_READ_ONLY */
-CKR_ATTRIBUTE_SENSITIVE,		/* ATTRIBUTE_SENSITIVE */
-CKR_ATTRIBUTE_TYPE_INVALID,		/* ATTRIBUTE_TYPE_INVALID */
-CKR_ATTRIBUTE_VALUE_INVALID,		/* ATTRIBUTE_VALUE_INVALID */
-CKR_FUNCTION_FAILED,			/* CANCELED */
-CKR_DATA_INVALID,			/* DATA_INVALID */
-CKR_DATA_LEN_RANGE,			/* DATA_LEN_RANGE */
-CKR_DEVICE_ERROR,			/* DEVICE_ERROR */
-CKR_DEVICE_MEMORY,			/* DEVICE_MEMORY */
-CKR_DEVICE_REMOVED,			/* DEVICE_REMOVED */
-CKR_ENCRYPTED_DATA_INVALID,		/* ENCRYPTED_DATA_INVALID */
-CKR_ENCRYPTED_DATA_LEN_RANGE,		/* ENCRYPTED_DATA_LEN_RANGE */
-CKR_KEY_HANDLE_INVALID,			/* KEY_HANDLE_INVALID */
-CKR_KEY_SIZE_RANGE,			/* KEY_SIZE_RANGE */
-CKR_KEY_TYPE_INCONSISTENT,		/* KEY_TYPE_INCONSISTENT */
-CKR_KEY_NOT_NEEDED,			/* KEY_NOT_NEEDED */
-CKR_KEY_CHANGED,			/* KEY_CHANGED */
-CKR_KEY_NEEDED,				/* KEY_NEEDED */
-CKR_KEY_INDIGESTIBLE,			/* KEY_INDIGESTIBLE */
-CKR_KEY_FUNCTION_NOT_PERMITTED,		/* KEY_FUNCTION_NOT_PERMITTED */
-CKR_KEY_NOT_WRAPPABLE,			/* KEY_NOT_WRAPPABLE */
-CKR_KEY_UNEXTRACTABLE,			/* KEY_UNEXTRACTABLE */
-CKR_MECHANISM_INVALID,			/* MECHANISM_INVALID */
-CKR_MECHANISM_PARAM_INVALID,		/* MECHANISM_PARAM_INVALID */
-CKR_OBJECT_HANDLE_INVALID,		/* OBJECT_HANDLE_INVALID */
-CKR_OPERATION_ACTIVE,			/* OPERATION_ACTIVE */
-CKR_OPERATION_NOT_INITIALIZED,		/* OPERATION_NOT_INITIALIZED */
-CKR_PIN_INCORRECT,			/* PIN_INCORRECT */
-CKR_PIN_INVALID,			/* PIN_INVALID */
-CKR_PIN_LEN_RANGE,			/* PIN_LEN_RANGE */
-CKR_PIN_EXPIRED,			/* PIN_EXPIRED */
-CKR_PIN_LOCKED,				/* PIN_LOCKED */
-CKR_SESSION_CLOSED,			/* SESSION_CLOSED */
-CKR_SESSION_COUNT,			/* SESSION_COUNT */
-CKR_SESSION_HANDLE_INVALID,		/* SESSION_HANDLE_INVALID */
-CKR_SESSION_READ_ONLY,			/* SESSION_READ_ONLY */
-CKR_SESSION_EXISTS,			/* SESSION_EXISTS */
-CKR_SESSION_READ_ONLY_EXISTS,		/* SESSION_READ_ONLY_EXISTS */
-CKR_SESSION_READ_WRITE_SO_EXISTS,	/* SESSION_READ_WRITE_SO_EXISTS */
-CKR_SIGNATURE_INVALID,			/* SIGNATURE_INVALID */
-CKR_SIGNATURE_LEN_RANGE,		/* SIGNATURE_LEN_RANGE */
-CKR_TEMPLATE_INCOMPLETE,		/* TEMPLATE_INCOMPLETE */
-CKR_TEMPLATE_INCONSISTENT,		/* TEMPLATE_INCONSISTENT */
-CKR_UNWRAPPING_KEY_HANDLE_INVALID,	/* UNWRAPPING_KEY_HANDLE_INVALID */
-CKR_UNWRAPPING_KEY_SIZE_RANGE,		/* UNWRAPPING_KEY_SIZE_RANGE */
-CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT,	/* UNWRAPPING_KEY_TYPE_INCONSISTENT */
-CKR_USER_ALREADY_LOGGED_IN,		/* USER_ALREADY_LOGGED_IN */
-CKR_USER_NOT_LOGGED_IN,			/* USER_NOT_LOGGED_IN */
-CKR_USER_PIN_NOT_INITIALIZED,		/* USER_PIN_NOT_INITIALIZED */
-CKR_USER_TYPE_INVALID,			/* USER_TYPE_INVALID */
-CKR_USER_ANOTHER_ALREADY_LOGGED_IN,	/* USER_ANOTHER_ALREADY_LOGGED_IN */
-CKR_USER_TOO_MANY_TYPES,		/* USER_TOO_MANY_TYPES */
-CKR_WRAPPED_KEY_INVALID,		/* WRAPPED_KEY_INVALID */
-CKR_WRAPPED_KEY_LEN_RANGE,		/* WRAPPED_KEY_LEN_RANGE */
-CKR_WRAPPING_KEY_HANDLE_INVALID,	/* WRAPPING_KEY_HANDLE_INVALID */
-CKR_WRAPPING_KEY_SIZE_RANGE,		/* WRAPPING_KEY_SIZE_RANGE */
-CKR_WRAPPING_KEY_TYPE_INCONSISTENT,	/* WRAPPING_KEY_TYPE_INCONSISTENT */
-CKR_RANDOM_SEED_NOT_SUPPORTED,		/* RANDOM_SEED_NOT_SUPPORTED */
-CKR_RANDOM_NO_RNG,			/* RANDOM_NO_RNG */
-CKR_DOMAIN_PARAMS_INVALID,		/* DOMAIN_PARAMS_INVALID */
-CKR_BUFFER_TOO_SMALL,			/* BUFFER_TOO_SMALL */
-CKR_INFORMATION_SENSITIVE,		/* INFORMATION_SENSITIVE */
-CKR_FUNCTION_NOT_SUPPORTED,		/* NOT_SUPPORTED */
-CKR_GENERAL_ERROR,			/* QUEUED */
-CKR_GENERAL_ERROR,			/* BUFFER_TOO_BIG */
-CKR_OPERATION_NOT_INITIALIZED,		/* INVALID_CONTEXT */
-CKR_GENERAL_ERROR,			/* INVALID_MAC */
-CKR_GENERAL_ERROR,			/* MECH_NOT_SUPPORTED */
-CKR_GENERAL_ERROR,			/* INCONSISTENT_ATTRIBUTE */
-CKR_GENERAL_ERROR,			/* NO_PERMISSION */
-CKR_SLOT_ID_INVALID,			/* INVALID_PROVIDER_ID */
-CKR_GENERAL_ERROR,			/* VERSION_MISMATCH */
-CKR_GENERAL_ERROR,			/* BUSY */
-CKR_GENERAL_ERROR,			/* UNKNOWN_PROVIDER */
-CKR_GENERAL_ERROR,			/* MODVERIFICATION_FAILED */
-CKR_GENERAL_ERROR,			/* OLD_CTX_TEMPLATE */
-CKR_GENERAL_ERROR,			/* WEAK_KEY */
-CKR_GENERAL_ERROR			/* FIPS140_ERROR */
-};
-
-#if CRYPTO_LAST_ERROR != CRYPTO_FIPS140_ERROR
-#error "Crypto to PKCS11 error mapping table needs to be updated!"
-#endif
-
-/*
- * Map KCF error codes into PKCS11 error codes.
- */
-CK_RV
-crypto2pkcs11_error_number(uint_t n)
-{
-	if (n >= sizeof (error_number_table) / sizeof (error_number_table[0]))
-		return (CKR_GENERAL_ERROR);
-
-	return (error_number_table[n]);
-}
-
 #define	MECH_HASH(type)	(((uintptr_t)type) % KMECH_HASHTABLE_SIZE)
 /*
  * Serialize writes to the hash table. We don't need a per bucket lock as